Links...
 
Tighten Pro
C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation

Tighten Pro - in the Mac App Store

Tighten Pro is now available in the Mac App Store. Simply click on the icon to the left to purchase directly from Apple. Or choose PKCS#7Viewer.app by clicking the image to the right.

8.31.2016
Mac Developer: Angler's obituary: Super exploit kit was the work of Russia's Lurk group • The Register

Angler's obituary: Super exploit kit was the work of Russia's Lurk group • The Register: "The group counts the discovery of the Equation Group, an entity strongly suspected of being part of the NSA's offensive tailored access operations wing, as one of its most high profile recent collarings. It also helped reveal the ultra sophisticated Flame malware and offered early analysis of the Stuxnet worm."

Weird how the "bad guys" are actually the good guys. I mean Russians, of course.

Labels:

By : Tighten Angler's obituary: Super exploit kit was the work of Russia's Lurk group • The Register 0 comments

 
8.29.2016
Mac Developer: Meet USBee, the malware that uses USB drives to covertly jump airgaps | Ars Technica

Meet USBee, the malware that uses USB drives to covertly jump airgaps | Ars Technica: ""We introduce a software-only method for short-range data exfiltration using electromagnetic emissions from a USB dongle," researchers from Israel's Ben-Gurion University wrote in a research paper published Monday. "Unlike other methods, our method doesn't require any [radio frequency] transmitting hardware since it uses the USB's internal data bus.""

SKYNET is dead, long live SKYNET.

Labels:

By : Tighten Meet USBee, the malware that uses USB drives to covertly jump airgaps | Ars Technica 0 comments

 
Mac Developer: Apple briefly allows, pulls jailbreak app on iOS App Store

Apple briefly allows, pulls jailbreak app on iOS App Store: "The "PG Client" app billed itself as a better client for the service that allows graphic artists to share works. However, when opened, the app was a Chinese version of the Pangu jailbreak tool.

The app was made available by the developer on Sunday at some point. By 3:30 p.m. Eastern, Apple had disabled the download, and by 4:00 p.m. had stricken the webpage for the app leading to the App Store download as well."

Those incorrigible jailbreakers!

Labels: ,

By : Tighten Apple briefly allows, pulls jailbreak app on iOS App Store 0 comments

 
Mac Developer: Baltimore cops: We flew high-res camera planes to film your every move • The Register

Baltimore cops: We flew high-res camera planes to film your every move • The Register: "As the ACLU's senior policy analyst and privacy expert Jay Stanley told Businessweek in its extensive report on PSS, the system – which uses a bank of cameras on a plane to provide a live-feed and 45-day archive of all activity in a 30-square-mile area – is "where the rubber meets the road" when it comes to the balance between security and privacy."

SKYNET lives.

Labels: , ,

By : Tighten Baltimore cops: We flew high-res camera planes to film your every move • The Register 0 comments

 
8.25.2016
Mac Developer: Dangerous, targeted iPhone attack nullified by Apple with iOS 9.3.5 patch

Dangerous, targeted iPhone attack nullified by Apple with iOS 9.3.5 patch: "More details have emerged about the need for the iOS 9.3.5 patch, which looks to have terminated a trio of exploits capable of a remote jailbreak and mass exfiltration of data from a target's iPhone, including device and account passwords."

The real question is: who knew about it more than 10 days ago?

Labels:

By : Tighten Dangerous, targeted iPhone attack nullified by Apple with iOS 9.3.5 patch 0 comments

 
8.24.2016
Mac Developer: HTTPS and OpenVPN face new attack that can decrypt secret cookies | Ars Technica

HTTPS and OpenVPN face new attack that can decrypt secret cookies | Ars Technica: "Researchers have devised a new attack that can decrypt secret session cookies from about 1 percent of the Internet's HTTPS traffic and could affect about 600 of the Internet's most visited sites, including nasdaq.com, walmart.com, match.com, and ebay.in."

No worries, the NSA is decrypting everything anyhoo.

Labels:

By : Tighten HTTPS and OpenVPN face new attack that can decrypt secret cookies | Ars Technica 0 comments

 
8.23.2016
Mac Developer: Hints suggest an insider helped the NSA “Equation Group” hacking tools leak | Ars Technica

Hints suggest an insider helped the NSA “Equation Group” hacking tools leak | Ars Technica: "A group called the Shadow Brokers made headlines this month by leaking a hacking tool belonging to the NSA's Tailored Access Operations (TAO) team. Now this week, several informed sources suggest an inside source may have been involved."

Snowden, Snowden, Snowden opening the way...

Labels:

By : Tighten Hints suggest an insider helped the NSA “Equation Group” hacking tools leak | Ars Technica 0 comments

 
8.22.2016
Mac Developer: Shopped in an Eddie Bauer store recently? Your card's probably gone. It's just gone • The Register

Shopped in an Eddie Bauer store recently? Your card's probably gone. It's just gone • The Register: "The retailer – which sells high-end clobber for hikers or anyone who wants to pretend they're outdoorsy – said malware infected its cash registers on January 2 and the code remained undetected for at least six months. The software nasty was cleaned up on July 17."

Longing for the days of the weird, proprietary hardware-based cash registers.

Labels:

By : Tighten Shopped in an Eddie Bauer store recently? Your card's probably gone. It's just gone • The Register 0 comments

 
8.21.2016
Mac Developer: Snowden files confirm Shadow Brokers spilled NSA's Equation Group spy tools over the web • The Register

Snowden files confirm Shadow Brokers spilled NSA's Equation Group spy tools over the web • The Register: "Among the files leaked by whistleblower Snowden in 2013 is a draft NSA manual on how to redirect people's web browsers using a man-in-the-middle tool called SECONDDATE. This piece of software meddles with connections in real-time so targets quietly download malware from NSA-controlled servers.

Computer security - why even bother?

Labels: ,

By : Tighten Snowden files confirm Shadow Brokers spilled NSA's Equation Group spy tools over the web • The Register 0 comments

 
Mac Developer: How the NSA snooped on encrypted Internet traffic for a decade | Ars Technica

How the NSA snooped on encrypted Internet traffic for a decade | Ars Technica: "In a revelation that shows how the National Security Agency was able to systematically spy on many Cisco Systems customers for the better part of a decade, researchers have uncovered an attack that remotely extracts decryption keys from the company's now-decommissioned line of PIX firewalls.

AKA the Cisco shrugs series of exploits.

Labels:

By : Tighten How the NSA snooped on encrypted Internet traffic for a decade | Ars Technica 0 comments

 
8.18.2016
Mac Developer: Cisco confirms NSA-linked zeroday targeted its firewalls for years | Ars Technica

Cisco confirms NSA-linked zeroday targeted its firewalls for years | Ars Technica: "Cisco Systems has confirmed that recently-leaked malware tied to the National Security Agency exploited a high-severity vulnerability that had gone undetected for years in every supported version of the company's Adaptive Security Appliance firewall.

Oh, were we supposed to fix that? No biggie, just a device in every NOC in the world.

Labels:

By : Tighten Cisco confirms NSA-linked zeroday targeted its firewalls for years | Ars Technica 0 comments

 
8.17.2016
Mac Developer: Video of Apple's Black Hat 2016 presentation now available

Video of Apple's Black Hat 2016 presentation now available: "The full video of Apple's presentation at this year's Black Hat security conference was posted to YouTube on Tuesday, offering viewers a deep dive into iOS security mechanisms, from backbone synchronization service iCloud to new systems like HomeKit. "

Here you at.

Labels:

By : Tighten Video of Apple's Black Hat 2016 presentation now available 0 comments

 
8.16.2016
Mac Developer: Snowden: NSA hack is likely a warning from Russia

Snowden: NSA hack is likely a warning from Russia: "Snowden believes the hack is likely of Russian origin and intended to be a warning that “someone can prove US responsibility for any attacks that originated from this malware server.”"

We're number one! We're number one!

Labels:

By : Tighten Snowden: NSA hack is likely a warning from Russia 0 comments

 
Mac Developer: Group claims to hack NSA-tied hackers, posts exploits as proof | Ars Technica

Group claims to hack NSA-tied hackers, posts exploits as proof | Ars Technica: "In what security experts say is either a one-of-a-kind breach or an elaborate hoax, an anonymous group has published what it claims are sophisticated software tools belonging to an elite team of hackers tied to the US National Security Agency."

Wot

Labels: ,

By : Tighten Group claims to hack NSA-tied hackers, posts exploits as proof | Ars Technica 0 comments

 
8.10.2016
Mac Developer: Oops: Microsoft leaks its Golden Key, unlocking Windows Secure Boot and exposing the danger of backdoors

Oops: Microsoft leaks its Golden Key, unlocking Windows Secure Boot and exposing the danger of backdoors: "Microsoft has demonstrated why the FBI's desire for "Golden Key" backdoors allowing "good guys" to bypass security is such a bad idea: it inadvertently released its own keys to Windows tablets, phones, HoloLens and other devices using UEFI Secure Boot."

Wow. Secure boot no more.

Labels: ,

By : Tighten Oops: Microsoft leaks its Golden Key, unlocking Windows Secure Boot and exposing the danger of backdoors 0 comments

 
8.05.2016
Mac Developer: Three times as bad as malware: Google shines light on pay-per-install • The Register

Three times as bad as malware: Google shines light on pay-per-install • The Register: "As some point you have probably downloaded a "free" piece of software only to find it has come with a whole host of other unwanted friends that go on to redirect your browser search bar or inject ads where there weren't any before.

This is the world of pay-per-install (PPI) and Google, along with New York University and the International Computer Science Institute, spent a year digging into the little-understood market, publishing their results in a paper [PDF] this week."

The capitalists and communists agree on this one.

Labels: ,

By : Tighten Three times as bad as malware: Google shines light on pay-per-install • The Register 0 comments

 
8.04.2016
Mac Developer: 'ICANN's general counsel should lose his job over this' • The Register

'ICANN's general counsel should lose his job over this' • The RegisterThe extent to which ICANN manipulated its own processes to reject Dot Registry's applications and then make it impossible for the company to find out why, or to have that decision reviewed, is almost Kafkaesque.
Who is John Galt?

Labels:

By : Tighten 'ICANN's general counsel should lose his job over this' • The Register 0 comments

 
Mac Developer: OS X file guard tool in alpha • The Register

OS X file guard tool in alpha • The Register: "A new OS X utility called FlockFlock that monitors file-system accesses for malicious activity is available as an alpha release for experienced developers to test."

Yessssss...

Labels:

By : Tighten OS X file guard tool in alpha • The Register 0 comments

 
Mac Developer: Russian spies claim they can now collect crypto keys—but don’t say how | Ars Technica

Russian spies claim they can now collect crypto keys—but don’t say how | Ars Technica: "Russia's intelligence agency the FSB, successor to the KGB, has posted a notice on its website claiming that it now has the ability to collect crypto keys for Internet services that use encryption. This meets a two-week deadline given by Vladimir Putin to the FSB to develop such a capability. However, no details have been provided of how the FSB is able to do this."

Lots of clever ASM coders in Russia.

Labels: , ,

By : Tighten Russian spies claim they can now collect crypto keys—but don’t say how | Ars Technica 0 comments

 
Mac Developer: Oliver Stone asks moviegoers to power down phones—and leave them off | Ars Technica

Oliver Stone asks moviegoers to power down phones—and leave them off | Ars Technica: ""That's not all it does," Stone says as the background music turns darker and the camera begins rapidly jumping between angles. "It allows certain parties to track your every move every time you make a call or send a text. We are giving them access. The information you've put out into the world voluntarily is enough to burn your life to the ground. This will be our undoing.""

Can't wait for the movie.

Labels:

By : Tighten Oliver Stone asks moviegoers to power down phones—and leave them off | Ars Technica 0 comments

 

 

 
 
 

 Tighten    
 Generate    
 Secure    
 Inspect    
 Quarantino    
 QTZ    
 Downloads    
 Support    
 Documentation    
 Tighten App.app    
 Tighten Pro.app    
 PKCS#7Viewer.app    
 Quarzenegger.app    
 About    
 Hire    
 Contact    
 Blogger    
 FaceBook    
 iTunes Direct Link    
 Hollywood CA    
 spctl --assess -vvv    
 spctl --master-enable    
 spctl --master-disable    
 Mac App Store Receipt Validation    
 Apple Code Signing Certificates    
 Gatekeeper Developer ID Apple    
 Xcode codesign tutorial    
 [Site Map]    
 


Copyright © 2005-2020
All Rights Reserved
Tighten Pro