Links...
 
Tighten Pro
C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation

Tighten Pro - in the Mac App Store

Tighten Pro is now available in the Mac App Store. Simply click on the icon to the left to purchase directly from Apple. Or choose PKCS#7Viewer.app by clicking the image to the right.

10.30.2015
Mac Developer: Unpatched browser weaknesses can be exploited to track millions of Web users | Ars Technica

Unpatched browser weaknesses can be exploited to track millions of Web users | Ars Technica Over the weekend, a researcher demonstrated two unpatched weaknesses that Web masters can exploit to track millions of people who visit their sites. Taken together, the attacks allow websites to compile a list of previously visited domains, even when users have flushed their browsing history, and to tag visitors with a tracking cookie that will persist even after users have deleted all normal cookies.
Meanwhile back in reality, what even normal techies can do, forget about what the capabilities of the NSA might be...

Labels:

By : Tighten Unpatched browser weaknesses can be exploited to track millions of Web users | Ars Technica 0 comments

 
Mac Developer: European Parliament votes to shield Snowden from extradition to US | Ars Technica

European Parliament votes to shield Snowden from extradition to US | Ars Technica By a vote of 285 to 281, the European Parliament passed a nonbinding resolution today calling on member states to "drop any criminal charges against Edward Snowden, grant him protection, and consequently prevent extradition or rendition by third parties." The move is a "recognition of his status as whistle-blower and international human rights defender."
A narrow margin of four.

Labels:

By : Tighten European Parliament votes to shield Snowden from extradition to US | Ars Technica 0 comments

 
10.27.2015
Mac Developer: Unpatched browser weaknesses can be exploited to track millions of Web users | Ars Technica

Unpatched browser weaknesses can be exploited to track millions of Web users | Ars Technica Over the past decade, there's been a privacy arms race between unscrupulous website operators and browser makers. The former wield an ever-changing lineup of so-called zombie cookies that can't be easily deleted and attacks that sniff thousands of previously visited sites, while browser makers aim to prevent such privacy invasions by closing the design weaknesses that make them possible. Almost as soon as one hole is closed, hackers find a new one.
And of course, the writers of typical desktop software are made to suffer for the ill-behaved at the hand of partially tested security features that don't stop real hackers.

Labels: ,

By : Tighten Unpatched browser weaknesses can be exploited to track millions of Web users | Ars Technica 0 comments

 
10.26.2015
Mac Developer: Support scams that plagued Windows users for years now target Mac customers | Ars Technica

Support scams that plagued Windows users for years now target Mac customers | Ars Technica For years, scammers claiming that they're "calling from Windows" have dialed up Microsoft customers and done their best to trick them into parting with their money or installing malicious wares. Now, the swindlers are turning their sights on Mac users.
Sometimes, it's not a benefit to be the big target.

Labels: ,

By : Tighten Support scams that plagued Windows users for years now target Mac customers | Ars Technica 0 comments

 
10.25.2015
Mac Developer: NSA advisory sparks concern of secret advance ushering in cryptoapocalypse | Ars Technica

NSA advisory sparks concern of secret advance ushering in cryptoapocalypse | Ars Technica The advisory recommended backing away from plans to deploy elliptic curve cryptography, a form of public key cryptography that the NSA spent the previous 20 years promoting as more secure than the older RSA cryptosystem.
Keep away! Keep away! Keep away! Please use a format we can backdoor.

Labels:

By : Tighten NSA advisory sparks concern of secret advance ushering in cryptoapocalypse | Ars Technica 0 comments

 
10.24.2015
Mac Developer: Microsoft Edge extensions won't arrive until 2016 | VentureBeat | Business | by Jordan Novet

Microsoft Edge extensions won't arrive until 2016 | VentureBeat | Business | by Jordan Novet Microsoft now says extensions for its new Edge browser, which ships with Windows 10, will not become available this year. You’ll have to keep waiting.
Let's defer them permanently and call it a more secure browser.

Labels:

By : Tighten Microsoft Edge extensions won't arrive until 2016 | VentureBeat | Business | by Jordan Novet 0 comments

 
10.21.2015
Mac Developer: Breaking 512-bit RSA with Amazon EC2 is a cinch. So why all the weak keys? | Ars Technica

Breaking 512-bit RSA with Amazon EC2 is a cinch. So why all the weak keys? | Ars Technica The cost and time required to break 512-bit RSA encryption keys has plummeted to an all-time low of just $75 and four hours using a recently published recipe that even computing novices can follow. But despite the ease and low cost, reliance on the weak keys to secure e-mails, secure-shell transactions, and other sensitive communications remains alarmingly high.
Uh oh!

Labels: ,

By : Tighten Breaking 512-bit RSA with Amazon EC2 is a cinch. So why all the weak keys? | Ars Technica 0 comments

 
10.20.2015
Mac Developer: Apple blocks old, unsafe Adobe Flash plug-in versions in OS X Safari

Apple blocks old, unsafe Adobe Flash plug-in versions in OS X Safari Following the discovery — and subsequent fix — of yet another critical Adobe Flash vulnerability last week, Apple activated its Web plug-in blocking capability for OS X Safari to protect Mac users from what Adobe describes as "limited, targeted attacks."
Hmmmm.

Labels:

By : Tighten Apple blocks old, unsafe Adobe Flash plug-in versions in OS X Safari 0 comments

 
10.19.2015
Mac Developer: 3rd-party ad APIs from China illegally collected data from hundreds of App Store titles

3rd-party ad APIs from China illegally collected data from hundreds of App Store titles The APIs found in affected apps were gathering data like email addresses and device identifiers, and funneling them to a Youmi-run server, Apple confirmed to code analytics firm SourceDNA. Any future apps employing the SDK will be rejected outright.
Busted. Been caught stealing!

Labels:

By : Tighten 3rd-party ad APIs from China illegally collected data from hundreds of App Store titles 0 comments

 
10.16.2015
Mac Developer: How the NSA can break trillions of encrypted Web and VPN connections | Ars Technica

How the NSA can break trillions of encrypted Web and VPN connections | Ars Technica
"Breaking a single, common 1024-bit prime would allow NSA to passively decrypt connections to two-thirds of VPNs and a quarter of all SSH servers globally. Breaking a second 1024-bit prime would allow passive eavesdropping on connections to nearly 20% of the top million HTTPS websites. In other words, a one-time investment in massive computation would make it possible to eavesdrop on trillions of encrypted connections."
Ah, it's so difficult to get software to work exactly as you intended it. Pay no attention to the man behind the curtain...

Labels:

By : Tighten How the NSA can break trillions of encrypted Web and VPN connections | Ars Technica 0 comments

 
10.13.2015
Mac Developer: Judge looks to jumpstart public encryption debate with Apple iPhone unlocking case

Judge looks to jumpstart public encryption debate with Apple iPhone unlocking case Orenstein's ruling came a day after the public learned the Obama administration won't pursue regulations mandating backdoors in encrypted communications. Instead, however, the administration is continuing to pressure corporations on the matter, and talks have allegedly become "increasingly productive."
It would seem citizens with a clear conscience have nothing to worry about.

Labels:

By : Tighten Judge looks to jumpstart public encryption debate with Apple iPhone unlocking case 0 comments

 
10.11.2015
Mac Developer: Apple removes several apps that could spy on encrypted traffic | Ars Technica

Apple removes several apps that could spy on encrypted traffic | Ars Technica Remember Superfish?
LENOVO PCS SHIP WITH MAN-IN-THE-MIDDLE ADWARE THAT BREAKS HTTPS CONNECTIONS [UPDATED] Superfish may make it trivial for attackers to spoof any HTTPS website. In any event, third-party root certificates installed on any device—whether it's a computer or phone—can have an extremely powerful effect on security and privacy. A case in point is Lenovo's former practice of selling computers that were preloaded with a self-signed root HTTPS certificate that intercepted and decrypted encrypted traffic for every website a user visited. When users visited an HTTPS-protected site, the adware known as Superfish used the self-signed certificate to encrypt the traffic and bypass the trusted key provided by the visited site.
Remember SUPERFISH? No, I don't remember it.

Labels: , ,

By : Tighten Apple removes several apps that could spy on encrypted traffic | Ars Technica 0 comments

 
10.08.2015
Mac Developer: Drop-dead simple exploit completely bypasses Mac’s malware Gatekeeper | Ars Technica

Drop-dead simple exploit completely bypasses Mac’s malware Gatekeeper | Ars Technica Since its introduction in 2012, an OS X feature known as Gatekeeper has gone a long way to protecting the Macs of security novices and experts alike. Not only does it help neutralize social engineering attacks that trick less experienced users into installing trojans, code-signing requirements ensure even seasoned users that an installer app hasn't been maliciously modified as it was downloaded over an unencrypted connection.
Extra hoops for legitimate developers that apparently do not retard the activities of elite hackers.

Labels: ,

By : Tighten Drop-dead simple exploit completely bypasses Mac’s malware Gatekeeper | Ars Technica 0 comments

 
Mac Developer: SHA1 algorithm securing e-commerce and software could break by year’s end | Ars Technica

SHA1 algorithm securing e-commerce and software could break by year’s end | Ars Technica SHA1, one of the Internet's most crucial cryptographic algorithms, is so weak to a newly refined attack that it may be broken by real-world hackers in the next three months, an international team of researchers warned Thursday.
Dang, SHA1, we hardly knew ye.

Labels: , ,

By : Tighten SHA1 algorithm securing e-commerce and software could break by year’s end | Ars Technica 0 comments

 
10.05.2015
Mac Developer: Tor browser co-creator: Experian breach shows encryption may not be security panacea | VentureBeat | Security | by Mark Sullivan

Tor browser co-creator: Experian breach shows encryption may not be security panacea | VentureBeat | Security | by Mark Sullivan “Experian had a reason to have the credit card info, perhaps to check account balances, and that means that Experian has systems and applications that decrypt the encrypted information. If the hackers stole information using those systems, then the hackers would see the decrypted credit card numbers.”
It's a difficult problem. Experian probably has some karma coming.

Labels: ,

By : Tighten Tor browser co-creator: Experian breach shows encryption may not be security panacea | VentureBeat | Security | by Mark Sullivan 0 comments

 

 

 
 
 

 Tighten    
 Generate    
 Secure    
 Inspect    
 Quarantino    
 Downloads    
 Support    
 Documentation    
 Tighten App.app    
 Tighten Pro.app    
 PKCS#7Viewer.app    
 About    
 Hire    
 Contact    
 Blogger    
 FaceBook    
 iTunes Direct Link    
 Hollywood CA    
 spctl --assess -vvv    
 spctl --master-enable    
 spctl --master-disable    
 Mac App Store Receipt Validation    
 Apple Code Signing Certificates    
 Gatekeeper Developer ID Apple    
 Xcode codesign tutorial    
 [Site Map]    
 


Copyright © 2005-2015
All Rights Reserved
Tighten Pro