Links...
 
Tighten Pro
C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation

Tighten Pro - in the Mac App Store

Tighten Pro is now available in the Mac App Store. Simply click on the icon to the left to purchase directly from Apple. Or choose PKCS#7Viewer.app by clicking the image to the right.

11.30.2015
Mac Developer: The 15 must-read Clinton emails - POLITICO

The 15 must-read Clinton emails - POLITICO Chelsea wrote back, under her Secret Service code name "Energy."
Good to know we're publishing secret service codenamed on the internet.

Labels:

By : Tighten The 15 must-read Clinton emails - POLITICO 0 comments

 
11.28.2015
Mac Developer: Edward Snowden Explains How To Reclaim Your Privacy

Edward Snowden Explains How To Reclaim Your PrivacyLast month... I met Edward Snowden in a hotel in central Moscow, just blocks away from Red Square.
Not me, someone else met him.

Labels:

By : Tighten Edward Snowden Explains How To Reclaim Your Privacy 0 comments

 
11.24.2015
Mac Developer: Researchers poke hole in custom crypto built for Amazon Web Services | Ars Technica

Researchers poke hole in custom crypto built for Amazon Web Services | Ars Technica Underscoring just how hard it is to design secure cryptographic software, academic researchers recently uncovered a potentially serious weakness in an early version of the code library protecting Amazon Web Services.
Might be a little paranoid. Although the NSA already cracked it. And if quantum computing is here, your 2048-bit RSA is tasty morsel for that 3 letter agency.

Labels: ,

By : Tighten Researchers poke hole in custom crypto built for Amazon Web Services | Ars Technica 0 comments

 
11.23.2015
Mac Developer: Two Dell laptop models are shipping with a Superfish-style certificate hack | The Verge

Two Dell laptop models are shipping with a Superfish-style certificate hack | The Verge The certificate is called eDellRoot, first discovered by a programmer named Joe Nord, and because of Dell's pre-installed permissions, affected computers are set to trust any SSL certificate it signs.
Ah, public-key infrastructure, so difficult to get right with ultimately only one point of failure which takes down the entire scaffolding...

Labels: ,

By : Tighten Two Dell laptop models are shipping with a Superfish-style certificate hack | The Verge 0 comments

 
Mac Developer: TrueCrypt is safer than previously reported, detailed analysis concludes | Ars Technica

TrueCrypt is safer than previously reported, detailed analysis concludes | Ars Technica The TrueCrypt whole-disk encryption tool used by millions of privacy and security enthusiasts is safer than some studies have suggested, according to a comprehensive security analysis conducted by the prestigious Fraunhofer Institute for Secure Information Technology.
The rumors of my death have been greatly exaggerated.

Labels:

By : Tighten TrueCrypt is safer than previously reported, detailed analysis concludes | Ars Technica 0 comments

 
11.19.2015
Mac Developer: Half of data connections by top 500 Android apps are 'covert' with no effect on user experience

Half of data connections by top 500 Android apps are 'covert' with no effect on user experience The new study, summarized on Thursday by MIT News, looked at data transferred to and from the 500 most popular applications available on Android. Specifically, MIT was interested in so-called "covert" communications being silently sent by the top apps.
I highly doubt that iOS is any different at all. The only truly free applications are the ones that don't require network entitlements to function.

Labels:

By : Tighten Half of data connections by top 500 Android apps are 'covert' with no effect on user experience 0 comments

 
11.17.2015
Mac Developer: New Free Version of Tighten now available FREE DOWNLOAD MAC

A new version of TightenFREE is now available for download in the downloads area of this web site.

CHANGES IN THIS UPDATE
  • Fixes for handling app bundles containing receipts signed with "Mac App Store Receipt Signing" certificate which expired on 2015.11.11
  • Updated to verify receipts signed with "Mac App Store and iTunes Store Receipt Signing" certificate expires 2017.10.23 or 2023.02.07.
  • Fixes for 10.8.5 and higher (exception thrown when App bundle opened).
  • Light dusting and cleaning for (32/64) standard binary.

Labels: , ,

By : Tighten New Free Version of Tighten now available FREE DOWNLOAD MAC 0 comments

 
Mac Developer: New Free Version of PKCS7Viewer.app FREE DOWNLOAD

With the increasing restrictions on sandboxed applications in the Mac App Store, I found it problematic to ship the dumpasn1 command line tool as an update to the version in the Mac App Store. As an alternative, I created a 'free version' of PKCS7Viewer that is signed as a DeveloperID binary and available for download here on the Tighten web site.

DIRECT DOWNLOAD LINK: http://tightenapp.com/dmg/GKPKCS7MAC_esd.dmg.

Labels: , , ,

By : Tighten New Free Version of PKCS7Viewer.app FREE DOWNLOAD 0 comments

 
Mac Developer: Tighten Pro V2 Generated Receipt Validation Code Patch for Recent Mac App Store Update

On November 11, 2015, the certificate (CN "Mac App Store Receipt Signing") the Mac App Store was using to sign receipts expired. It was replaced by an intermediate certificate (expires: 2017.10.23) which has subsequently been replaced by another certificate ("Mac App Store and iTunes Store Receipt Signing" - expires 2023.02.07).

Code generated by Tighten.app (standard edition) is not affected by the change.

Code generated using the V2 Mac App Store receipt signing template in Tighten Pro must be patched to properly validate the new certificate. In particular, the SHA1 fingerprint of the signing certificate has changed. The new 24-byte value must be updated in two locations:

IN FUNCTION ___MAS_VerifySigningCertificate
static const unsigned char kMASReceiptSigning_CA_SHA1_Bytes[] = {
0x27,0xE2,0x53,0xE3,0x28,0x97,0xD6,0x77,0xB9,0xC9,0xFF,0xCB,0xC2,0xE4,0x8B,0xCD,0xC3,0xFB,0x11,0x01
};

IN FUNCTION: ___MAS_VerifyTrustCertificates
static const unsigned char kLEAFFingerprintBytes[] = { 0x27,0xE2,0x53,0xE3,0x28,0x97,0xD6,0x77,0xB9,0xC9,0xFF,0xCB,0xC2,0xE4,0x8B,0xCD,0xC3,0xFB,0x11,0x01 };

The changes are straightforward and should function correctly through 2023.02.07.

I've also submitted updates to TightenPro and Tighten to the Mac App Store, but apparently the ingest pipeline is like a Rube Goldberg machine and the updates are currently stuck in a dreaded "processing" state which is code language for: don't expect it ever to make it to the next stage of the submission pipe.

Labels: ,

By : Tighten Tighten Pro V2 Generated Receipt Validation Code Patch for Recent Mac App Store Update 0 comments

 
Mac Developer: Mac App Store and iTunes Store Receipt Signing - NEW CERTIFICATE ATTRIBUTES

The following is the OpenSSL information dump of the current (and presumably canonical until 2023) certificate used to sign receipts in the Mac App Store. I've extracted the three known certificates that have been historically used to sign Mac App Store bundle receipts and placed them in a disk image (password: 'macappstore') for regression testing and debugging purposes.
openssl x509 -fingerprint -sha1
SHA1 Fingerprint=27:E2:53:E3:28:97:D6:77:B9:C9:FF:CB:C2:E4:8B:CD:C3:FB:11:01
--
--openssl x509 -noout -text -in '10.8.5-20230207.darwin.12.6.0.pem'
--
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:eb:57:87:e7:9e:09:8d
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, O=Apple Inc., OU=Apple Worldwide Developer Relations,
                CN=Apple Worldwide Developer Relations Certification Authority
        Validity
            Not Before: Nov 13 02:15:09 2015 GMT
            Not After : Feb  7 21:48:47 2023 GMT
        Subject: CN=Mac App Store and iTunes Store Receipt Signing,
                 OU=Apple Worldwide Developer Relations, O=Apple Inc., C=US
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:a5:cf:81:fd:25:a2:81:5b:d6:87:ed:23:da:33:
                    1c:8e:e2:23:c0:a5:c4:26:cb:3d:c6:9f:ec:4a:0d:
                    55:86:ff:a4:02:d7:97:ca:39:54:6d:7d:7f:b2:54:
                    18:9d:c4:2c:52:71:8e:64:7b:82:ce:89:ba:49:d6:
                    08:e5:b4:88:71:cf:3f:5b:46:2e:c6:c4:1d:b8:03:
                    a9:58:a2:04:3e:21:78:d5:db:b7:d0:8e:12:8d:83:
                    4c:5b:2a:68:37:93:c2:f2:bd:1e:c4:d2:a1:0c:4a:
                    58:52:ab:12:e3:ed:dd:1f:98:15:90:35:2d:c2:cc:
                    12:ca:8d:48:81:f7:58:78:54:6b:e8:8c:31:36:1f:
                    4a:06:0c:47:54:f3:37:90:b8:b2:92:89:7d:5f:a4:
                    85:4a:e1:c0:9c:e0:ba:a4:bb:82:97:63:f4:2b:93:
                    c1:fd:3e:6f:ca:c1:f5:3c:a9:8f:52:1a:c0:25:0a:
                    76:0e:de:fe:99:fe:ff:c2:6b:f5:5b:5e:ac:73:51:
                    49:08:56:89:cc:43:90:cc:8e:81:02:d0:a0:97:b6:
                    5c:b1:a1:69:69:87:90:10:68:26:26:39:b8:1d:10:
                    73:b0:0a:5d:c5:73:d0:df:76:3b:d8:2d:d9:88:1e:
                    e3:ec:07:cf:e2:8e:d0:d3:fa:26:55:81:ef:e2:03:
                    49:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            Authority Information Access: 
                OCSP - URI:http://ocsp.apple.com/ocsp03-wwdr04

            X509v3 Subject Key Identifier: 
                91:A4:9C:FC:C4:76:B7:9F:A0:8A:F4:4D:F5:8F:36:5D:ED:2B:04:85
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Authority Key Identifier: 
                keyid:88:27:17:09:A9:B6:18:60:8B:EC:EB:BA:F6:47:59:C5:52:54:A3:B7

            X509v3 Certificate Policies: 
                Policy: 1.2.840.113635.100.5.6.1
                  User Notice:
                    Explicit Text: Reliance on this certificate by any party assumes acceptance
                                   of the then applicable standard terms and conditions of use, 
                                   certificate policy and certification practice statements.
                  CPS: http://www.apple.com/certificateauthority/

            X509v3 Key Usage: critical
                Digital Signature
            1.2.840.113635.100.6.11.1: 
                ..
    Signature Algorithm: sha1WithRSAEncryption
        0d:a6:1b:d3:2e:3d:e3:5b:2b:07:6e:42:96:6c:d3:e8:8c:43:
        30:82:5f:e0:5c:d1:8d:be:bd:0f:bd:1a:fc:25:92:db:8c:85:
        c3:80:59:df:e3:e2:d7:2e:05:14:ac:0d:db:b6:b8:fe:fc:35:
        2e:7c:cb:ad:17:6b:8e:7f:1f:e4:77:b9:b1:67:95:b4:13:5e:
        a6:19:86:76:f8:5a:20:95:e7:63:8c:0f:73:fc:e8:ed:c6:1f:
        ae:99:f8:65:48:5c:a0:e0:28:3a:c0:10:37:2d:b9:a0:04:39:
        1f:73:b9:c8:05:fd:f2:de:7f:1a:2a:2a:6e:2b:01:fc:a0:20:
        5c:d9:eb:7d:27:a6:33:f8:f5:98:e0:be:44:db:b1:4c:67:fc:
        6e:0a:4f:c9:e2:06:a8:d2:97:f3:a7:8e:6b:51:a2:5a:84:75:
        65:d1:16:04:62:e3:c1:5f:f5:08:a9:cf:68:d9:92:00:c9:c1:
        8c:b3:f8:8d:00:64:ba:58:60:c0:7c:af:8f:75:ca:69:b9:5b:
        2a:d6:1d:68:6e:98:42:f5:4c:a7:37:19:9b:cc:3b:1c:7a:19:
        43:f3:a3:6d:bf:48:60:06:0c:36:92:2b:ec:de:18:b5:11:da:
        2d:23:d0:8e:fc:a0:69:9c:17:1b:9e:80:7b:39:47:45:30:61:
        2f:c7:13:a8

Labels: ,

By : Tighten Mac App Store and iTunes Store Receipt Signing - NEW CERTIFICATE ATTRIBUTES 0 comments

 
Mac Developer: Apple apologizes to developers for Mac App Store certificate flap, explains fix

Apple apologizes to developers for Mac App Store certificate flap, explains fix The caching issue was compounded by apps running receipt validation code containing "very old versions" of OpenSSL not compatible with SHA-2 certificates. Apple replaced the SHA-2 certificate with a SHA-1 certificate last Thursday.
Well, the recommendations from the Apple Developer site were to use a static version of OpenSLL compiled into the application binary. And that would be whatever was available at the time the binary was uploaded. Not everyone yearns to rabidly update their applications every 2 weeks. Some of us have a software engineering ethic. Just keep that in mind next time you call strstr() which was first specified in the 60s.

Labels:

By : Tighten Apple apologizes to developers for Mac App Store certificate flap, explains fix 0 comments

 
Mac Developer: Mac App Store Receipt Signing - Certificate Expiration and Replacement

As described in many blogs and news outlets, the certificate that Apple servers were using to sign receipts for apps downloaded from the Mac App Store expired on 2015.11.11. There was an interim certificate that was used briefly for a few days. Ultimately, Apple issued a third certificate (expires 2023.02.27) which we can assume is going to be valid going forward.

For your testing purposes, I have extracted all three certificates, dumped their primary attributes with OpenSSL and bundled them into a disk image (password: 'macappstore') for your inspection and testing.

The original (SHA1) certificate:

CN=Mac App Store Receipt Signing
EXPIRES=Nov 11 21:58:01 2015 GMT
SHA1 Fingerprint=4A:7B:3A:17:00:A4:DA:4A:D4:EA:43:3A:83:61:43:2E:CF:1C:A1:AF

The interim and deprecated (SHA256) certificate:

CN=Mac App Store and iTunes Store Receipt Signing
EXPIRES: Oct 23 19:09:31 2017 GMT
SHA1 Fingerprint=15:0C:E7:C4:1F:13:8F:ED:97:3E:94:78:BD:60:29:7A:A8:CB:BC:3F

The current (SHA1) certificate:

CN=Mac App Store and iTunes Store Receipt Signing
EXPIRES= Feb 7 21:48:47 2023 GMT
SHA1 Fingerprint=27:E2:53:E3:28:97:D6:77:B9:C9:FF:CB:C2:E4:8B:CD:C3:FB:11:01

Labels: ,

By : Tighten Mac App Store Receipt Signing - Certificate Expiration and Replacement 0 comments

 
11.16.2015
Mac Developer: Here's what's happening with the Mac App Store and 'damaged' apps | iMore

Here's what's happening with the Mac App Store and 'damaged' apps | iMore In order to fix the current problem, Apple will need to roll back the MAS certificate to SHA-1 or developers will need to update their receipt validation to use OpenSSL that supports SHA-2. Obviously a roll back on Apple's side would be faster, a developer update better in the long run. Hopefully we'll get both.
I'm not sure this is a good description of the problem. In my case, we were testing for the authenticity of the "Mac App Store Receipt Signing" certificate by testing the SHA1 fingerprint of the certificate. Obviously, when the certificate expired (30 years would have been a good length for that vert), the new certificate would have failed the test, yet still be an authentic Apple cert.

This particular test was part of Tighten's "most restrictive" or "paranoid" receipt validation. Less stringent validation (such as code generated by Tighten App) was not affected in the same way.

Labels: ,

By : Tighten Here's what's happening with the Mac App Store and 'damaged' apps | iMore 0 comments

 
11.15.2015
Mac Developer: Validating Receipts Locally

Validating Receipts Locally
/* For additional security, you may verify the fingerprint of the root certificate and verify the OIDs of the intermediate certificate and signing certificate. The OID in the certificate policies extension of the intermediate certificate is (1 2 840 113635 100 5 6 1), and the marker OID of the signing certificate is (1 2 840 113635 100 6 11 1). */
I suppose the moral of the story is: don't say I didn't warn ya.

Labels: , ,

By : Tighten Validating Receipts Locally 0 comments

 
11.14.2015
Mac Developer: Op-ed: (How) did they break Diffie-Hellman? | Ars Technica

Op-ed: (How) did they break Diffie-Hellman? | Ars Technica Earlier this year, a research paper presented a new attack against the Diffie-Hellman key exchange protocol. Among other things, the paper came with a reasonable explanation of how the NSA might be able to read a lot of the Internet’s VPN traffic. I wrote a blog about this in May.
Did they break Diffie-Hellman? Find out now.

Labels:

By : Tighten Op-ed: (How) did they break Diffie-Hellman? | Ars Technica 0 comments

 
11.13.2015
Mac Developer: A single malicious Chrome link is enough to give attackers control of your Android phone

A single malicious Chrome link is enough to give attackers control of your Android phone It’s by no means the first time, but security researchers have demonstrated a weakness present in pretty much all versions of Google’s Android OS.

The bad news? All it takes is opening a website containing the malicious code and an attacker can have full control of your phone, and do things like download additional apps without your interaction.
What news is this?

Labels: ,

By : Tighten A single malicious Chrome link is enough to give attackers control of your Android phone 0 comments

 
Mac Developer: Microsoft building data centers in Germany that US government can’t touch | Ars Technica

Microsoft building data centers in Germany that US government can’t touch | Ars Technica Microsoft has launched a new kind of cloud service in Germany where user data is controlled by a "data trustee" operating under German law. Microsoft is unable to access user data without the permission of the data trustee or the customer, even if it is instructed to do so by the US government. If permission is granted by the data trustee, Microsoft will still only do so under its supervision.
My prediction for the fallout of TTP is an explosion of hosting facilities outside the TTP zone.

Labels:

By : Tighten Microsoft building data centers in Germany that US government can’t touch | Ars Technica 0 comments

 
11.12.2015
Mac Developer: Tor Project Claims FBI Paid $1 Million For Carnegie Mellon Researchers To Uncloak Users - Forbes

Tor Project Claims FBI Paid $1 Million For Carnegie Mellon Researchers To Uncloak Users - Forbes In one of the more startling blogs to come out of the Tor Project, the team responsible for maintaining the Tor anonymizing network has claimed the FBI paid researchers at Carnegie Mellon University $1 million to disclose techniques they’d discovered that could help uncover the identities of users.
I think this is disturbing. Hard to tell. Does it mean that service providers on the TOR network were actually attacking the users of the TOR network? More details are needed. Maybe the hacking community will find the details I'm referring to.

Labels: ,

By : Tighten Tor Project Claims FBI Paid $1 Million For Carnegie Mellon Researchers To Uncloak Users - Forbes 0 comments

 
Mac Developer: Certificate problems causing app authentication errors for some Mac App Store users

Certificate problems causing app authentication errors for some Mac App Store users Many Mac owners have found themselves forced to delete and re-download Mac App Store apps after what appears to be a certificate expiration error caused the operating system to mistakenly identify the apps as damaged.
Ah the disadvantages of single vendor solutions.

Labels:

By : Tighten Certificate problems causing app authentication errors for some Mac App Store users 0 comments

 
11.11.2015
Mac Developer: The NSA school: How the intelligence community gets smarter, secretly - The Washington Post

The NSA school: How the intelligence community gets smarter, secretly - The Washington Post Leonard Reinsfelder’s wife found a note on her car as she was leaving a shopping center one day: “Have your husband give us a call. We think we could use him.”
How we do.

Labels: ,

By : Tighten The NSA school: How the intelligence community gets smarter, secretly - The Washington Post 0 comments

 
Mac Developer: Cult of Android - WTF?! Study finds Android is actually safer than iOS

Cult of Android - WTF?! Study finds Android is actually safer than iOS While 36 percent of Android apps were found to have “potentially catastrophic vulnerabilities for system stability and data protection,” that figure rose to 40 percent on iOS, crushing the common misconception that iOS is a safer platform overall.
So it's primarily a war of the press. I guess this means the mobile market is rapidly becoming like the pharmaceutical market.

Labels:

By : Tighten Cult of Android - WTF?! Study finds Android is actually safer than iOS 0 comments

 
11.10.2015
Mac Developer: Apple pulls popular Instagram client 'InstaAgent' from iOS App Store after malware discovery

Apple pulls popular Instagram client 'InstaAgent' from iOS App Store after malware discovery Before being yanked from the App Store, InstaAgent was a chart-topping free app in multiple countries including Canada and the UK, suggesting thousands of unsuspecting users unwittingly handed over their Instagram credentials. Hard numbers are currently unavailable, but the developer guesses as many as 500,000 users downloaded the app. The metric matches up with InstaAgent's performance on the Google Play app store, which removed the title earlier today.
Hmmm.

Labels: ,

By : Tighten Apple pulls popular Instagram client 'InstaAgent' from iOS App Store after malware discovery 0 comments

 
Mac Developer: NSA phone records collection 'likely violates constitution', US judge rules | US news | The Guardian

NSA phone records collection 'likely violates constitution', US judge rules | US news | The Guardian
A federal judge ruled against the National Security Agency on Monday, saying that its bulk collection of telephone metadata “likely violates the constitution”.

Nothing like a clear and unambiguous statement written by a judge.

Labels:

By : Tighten NSA phone records collection 'likely violates constitution', US judge rules | US news | The Guardian 0 comments

 
11.09.2015
Mac Developer: HTTPS certificates with forbidden domains issued by “quite a few” CAs | Ars Technica

HTTPS certificates with forbidden domains issued by “quite a few” CAs | Ars Technica Browser-trusted certificate authority (CA) Comodo said it mistakenly issued transport layer security credentials for "mailarchive," "help," and at least five other forbidden names and warned that "quite a number" of unnamed competitors have committed similar violations.
My guess is the Kim Dot Com's truly alter.net internet will have better protections now that the corporations are your security best friend.

Labels:

By : Tighten HTTPS certificates with forbidden domains issued by “quite a few” CAs | Ars Technica 0 comments

 
Mac Developer: Belgium orders Facebook to stop tracking non-users within 48 hours | VentureBeat | Business | by Ken Yeung

Belgium orders Facebook to stop tracking non-users within 48 hours | VentureBeat | Business | by Ken Yeung A judge in Belgium has ordered Facebook to stop tracking Internet users, specifically those who don’t have an account, based on apparent lack of consent. The court warned that failure to do so within the next 48 hours could result in fines of up to $269,000 a day (250,000 euros).
We're going to keep doing it as long as our market cap says we can afford it.

Labels:

By : Tighten Belgium orders Facebook to stop tracking non-users within 48 hours | VentureBeat | Business | by Ken Yeung 0 comments

 
11.07.2015
Mac Developer: NSA says how often, not when, it discloses software flaws | VentureBeat | Security | by Reuters

NSA says how often, not when, it discloses software flaws | VentureBeat | Security | by Reuters The U.S. National Security Agency, seeking to rebut accusations that it hoards information about vulnerabilities in computer software, thereby leaving U.S. companies open to cyber attacks, said last week that it tells U.S. technology firms about the most serious flaws it finds more than 90 percent of the time.

The re-assurances may be misleading, because the NSA often uses the vulnerabilities to make its own cyber-attacks first, according to current and former U.S. government officials.
It would seem the entire business of client side surveillance requires remote exploits, so why would they reveal them?

Labels:

By : Tighten NSA says how often, not when, it discloses software flaws | VentureBeat | Security | by Reuters 0 comments

 
11.06.2015
Mac Developer: MI5 carried out secret mass surveillance for a decade | Ars Technica

MI5 carried out secret mass surveillance for a decade | Ars Technica MI5 has been secretly collecting vast quantities of data about UK phone calls for the last 10 years. According to a report on BBC News, the newly-revealed programme was "so secret that few even in MI5 knew about it, let alone the public." Meanwhile, as part of GCHQ's continuing charm offensive to bolster the case for wider surveillance powers, a senior officer named "Peter" has taken the unusual step of writing an article in The Guardian.
Bond, James Bond: all up in your arse.

Labels:

By : Tighten MI5 carried out secret mass surveillance for a decade | Ars Technica 0 comments

 
11.05.2015
Mac Developer: New type of auto-rooting Android adware is nearly impossible to remove | Ars Technica

New type of auto-rooting Android adware is nearly impossible to remove | Ars Technica The researchers have found more than 20,000 samples of trojanized apps that repackage the code or other features found in official apps available in Google Play and then are posted to third-party markets.
Good thing I know the difference between Google Play and other random app stores.

Labels:

By : Tighten New type of auto-rooting Android adware is nearly impossible to remove | Ars Technica 0 comments

 
Mac Developer: ACLU: Google is embarrassed by Android security, isn't protecting vulnerable users like Apple's iOS

ACLU: Google is embarrassed by Android security, isn't protecting vulnerable users like Apple's iOS Soghioan cited the FBI's snooping on Martin Luther King's phone calls in the 1960s, and noted that U.S. and overseas activists of today and tomorrow could be even easier targets.
I'm not sure it will matter in the UK where the law will force collection of browsing data for a year.

Labels:

By : Tighten ACLU: Google is embarrassed by Android security, isn't protecting vulnerable users like Apple's iOS 0 comments

 
11.04.2015
Mac Developer: Team claims $1 million bounty for remotely jailbreaking iOS 9.1 & 9.2

Team claims $1 million bounty for remotely jailbreaking iOS 9.1 & 9.2 An anonymous team has claimed a $1 million bounty for zero-day exploits in iOS 9.1 and the 9.2 beta, potentially allowing someone to jailbreak an Apple device over the Internet.
Safari, the gift that keeps on giving.

Labels:

By : Tighten Team claims $1 million bounty for remotely jailbreaking iOS 9.1 & 9.2 0 comments

 

 

 
 
 

 Tighten    
 Generate    
 Secure    
 Inspect    
 Quarantino    
 Downloads    
 Support    
 Documentation    
 Tighten App.app    
 Tighten Pro.app    
 PKCS#7Viewer.app    
 About    
 Hire    
 Contact    
 Blogger    
 FaceBook    
 iTunes Direct Link    
 Hollywood CA    
 spctl --assess -vvv    
 spctl --master-enable    
 spctl --master-disable    
 Mac App Store Receipt Validation    
 Apple Code Signing Certificates    
 Gatekeeper Developer ID Apple    
 Xcode codesign tutorial    
 [Site Map]    
 


Copyright © 2005-2015
All Rights Reserved
Tighten Pro