Links...
 
Tighten Pro
C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation

Tighten Pro - in the Mac App Store

Tighten Pro is now available in the Mac App Store. Simply click on the icon to the left to purchase directly from Apple. Or choose PKCS#7Viewer.app by clicking the image to the right.

3.29.2016
Mac Developer: OS X source code hints at switch to 'macOS' | Cult of Mac

OS X source code hints at switch to 'macOS' | Cult of MacWe’ve all noticed Apple’s latest operating system nomenclature, with each new release a device-centric OS, like iOS, tvOS, or watchOS.

Why not macOS, then?

A bit of source code in the current stable release of OS X (10.11.4) seems to point to that very thing.
Or perhaps a lowly developer trying to grapple with complexity by choosing simple and obvious names.

Labels:

By : Tighten OS X source code hints at switch to 'macOS' | Cult of Mac 0 comments

 
3.27.2016
Mac Developer: Zero Day Exploit Bypasses OS X's SIP Entirely | Digital Trends

Zero Day Exploit Bypasses OS X's SIP Entirely | Digital TrendsThe exploit is unique in that it doesn’t use memory corruption, an common attacker exploit. Instead, the attack exploits a longstanding vulnerability in OS X’s security schemes to gain near-total control over any Mac.
Hmmm.

Labels: ,

By : Tighten Zero Day Exploit Bypasses OS X's SIP Entirely | Digital Trends 0 comments

 
3.20.2016
Mac Developer: To bypass code-signing checks, malware gang steals lots of certificates | Ars Technica

To bypass code-signing checks, malware gang steals lots of certificates | Ars Technica "There are lots of ways to ensure the success of an advanced hacking operation. For a gang called Suckfly, one of the keys is having plenty of stolen code-signing certificates on hand to give its custom malware the appearance of legitimacy.

Since 2014, the group has used no fewer than nine separate signing certificates from nine separate companies to digitally sign its hacking wares, according to a blog post published Tuesday by security firm Symantec.
Probably the only thing worse than "no security" is the illusion of security.

Labels: ,

By : Tighten To bypass code-signing checks, malware gang steals lots of certificates | Ars Technica 0 comments

 
3.19.2016
Mac Developer: Gov’t accidentally publishes target of Lavabit probe: It’s Snowden | Ars Technica

Gov’t accidentally publishes target of Lavabit probe: It’s Snowden | Ars Technica "In the summer of 2013, secure e-mail service Lavabit was ordered by a federal judge to provide real-time e-mail monitoring of one of its users. Rather than comply with the order, Levison shut down his entire company. He said what the government was seeking would have endangered the privacy of all of his 410,000 users.

Later, he did provide the private key as a lengthy printout in tiny type."
Retype that exponent, buddy.

Labels:

By : Tighten Gov’t accidentally publishes target of Lavabit probe: It’s Snowden | Ars Technica 0 comments

 
Mac Developer: 275 million Android phones imperiled by new code-execution exploit | Ars Technica

275 million Android phones imperiled by new code-execution exploit | Ars Technica "Starting with version 4.1, Android was fortified with an anti-exploitation defense known as address space layout randomization, which loads downloaded code into unpredictable memory regions to make it harder for attackers to execute malicious payloads. The breakthrough of Metaphor is its improved ability to bypass it."
Escalation affects us all equally.

Labels:

By : Tighten 275 million Android phones imperiled by new code-execution exploit | Ars Technica 0 comments

 
3.15.2016
Mac Developer: Former cyber czar says NSA could crack the San Bernadino shooter’s phone | Ars Technica

Former cyber czar says NSA could crack the San Bernadino shooter’s phone | Ars Technica Clarke added that if he was still at the White House, he would have told FBI Director James Comey to "call Ft. Meade, and the NSA would have solved this problem…Every expert I know believes that NSA can crack this phone." But the FBI wasn't seeking that help, he said, because "they just want the precedent."
Is this a comforting thought? You tell me.

Labels:

By : Tighten Former cyber czar says NSA could crack the San Bernadino shooter’s phone | Ars Technica 0 comments

 
Mac Developer: Justice Department asserts it could demand source code, signing key from Apple

Justice Department asserts it could demand source code, signing key from Apple In the confrontation over the iPhone of San Bernardino shooter Syed Farook, the U.S. Justice Department believes it could potentially demand that Apple hand over iOS source code and a signing key, according to a court filing.
In the future, Lithuania will be the epicenter of secure messaging. Nice and close to Russia. Whereas here in North America, the closest Russia can get to Facebook is owning public shares.

Labels:

By : Tighten Justice Department asserts it could demand source code, signing key from Apple 0 comments

 
3.14.2016
Mac Developer: Justice Department considers wiretapping fight with WhatsApp amid Apple-FBI row

Justice Department considers wiretapping fight with WhatsApp amid Apple-FBI row The U.S. government is at odds with yet another Silicon Valley firm thanks to encrypted communications, this time targeting Facebook-owned messaging superpower WhatsApp over federal wiretapping statutes.
All that's going to happen here is that another jurisdiction is going to become leaders in encrypted communications. Dubai or Iceland, for example.

Labels:

By : Tighten Justice Department considers wiretapping fight with WhatsApp amid Apple-FBI row 0 comments

 
3.10.2016
Mac Developer: Cothority to Apple: Let’s make secret backdoors impossible | Ars Technica

Cothority to Apple: Let’s make secret backdoors impossible | Ars Technica Cothority, a new software project designed to make secret backdoored software updates nearly impossible, is offering to help Apple ensure that any secret court orders to backdoor its software cannot escape public scrutiny.

Currently, when Apple or any software maker issues a software update, they sign the update with their encryption keys. But those keys can be stolen, and a government could coerce the company to sign a backdoored software update for a targeted subset of end users—and do so in secret.
It's like a block chain, only different and same.

Labels: ,

By : Tighten Cothority to Apple: Let’s make secret backdoors impossible | Ars Technica 0 comments

 
3.05.2016
Mac Developer: What is a “lying-dormant cyber pathogen?” San Bernardino DA says it’s made up [Update] | Ars Technica

What is a “lying-dormant cyber pathogen?” San Bernardino DA says it’s made up [Update] | Ars Technica As the chatter on Twitter and elsewhere could attest, security and forensics experts have never heard of this type of threat. Online commenters called it everything from a "magical unicorn" to a make-believe plot that we might see on the broadcast TV show CSI: Cyber.
Proof positive that politicians are simply liars. They don't do so well when the lies rely on cyber-jargon that can't really be spin doctored.

Labels:

By : Tighten What is a “lying-dormant cyber pathogen?” San Bernardino DA says it’s made up [Update] | Ars Technica 0 comments

 
3.04.2016
Mac Developer: It’s 2016, so why is the world still falling for Office macro malware? | Ars Technica

It’s 2016, so why is the world still falling for Office macro malware? | Ars Technica In the late 1990s, Microsoft Office macros were a favorite vehicle for surreptitiously installing malware on the computers of unsuspecting targets. Microsoft eventually disabled the automated scripts by default, a setting that forced attackers to look for new infection methods. Remotely exploiting security bugs in Internet Explorer, Adobe Flash, and other widely used software soon came into favor.
Sad but true.

Labels:

By : Tighten It’s 2016, so why is the world still falling for Office macro malware? | Ars Technica 0 comments

 
Mac Developer: San Bernardino shooter's iPhone may hold evidence of 'dormant cyber pathogen,' DA says

San Bernardino shooter's iPhone may hold evidence of 'dormant cyber pathogen,' DA says In an application to file an amicus brief with a California court on Thursday, San Bernardino District Attorney Michael A. Ramos intimates an iPhone used by terror suspect Syed Rizwan Farook, and later seized by law enforcement officials, might contain evidence of a "dormant cyber pathogen" threatening the county's data infrastructure.
Nonsense but as all things American media, highly entertaining.

Labels: ,

By : Tighten San Bernardino shooter's iPhone may hold evidence of 'dormant cyber pathogen,' DA says 0 comments

 
3.03.2016
Mac Developer: Men behind Diffie-Hellman key exchange receive top computer science prize | Ars Technica

Men behind Diffie-Hellman key exchange receive top computer science prize | Ars Technica In 1976, Diffie and Hellman imagined a future where people would regularly communicate through electronic networks and be vulnerable to having their communications stolen or altered. Now, after nearly 40 years, we see that their forecasts were remarkably prescient.
Way to go guys! Unix hackers unite!

Labels: ,

By : Tighten Men behind Diffie-Hellman key exchange receive top computer science prize | Ars Technica 0 comments

 
Mac Developer: New attack steals secret crypto keys from Android and iOS phones | Ars Technica

New attack steals secret crypto keys from Android and iOS phones | Ars Technica The exploit is what cryptographers call a non-invasive side-channel attack. It works against the Elliptic Curve Digital Signature Algorithm, a crypto system that's widely used because it's faster than many other crypto systems. By placing a probe near a mobile device while it performs cryptographic operations, an attacker can measure enough electromagnetic emanations to fully extract the secret key that authenticates the end user's data or financial transactions. The same can be done using an adapter connected to the USB charging cable.
Seems like it would be easier for the FBI to hire these guys to crack the said iPhone!

Labels: ,

By : Tighten New attack steals secret crypto keys from Android and iOS phones | Ars Technica 0 comments

 

 

 
 
 

 Tighten    
 Generate    
 Secure    
 Inspect    
 Quarantino    
 QTZ    
 Downloads    
 Support    
 Documentation    
 Tighten App.app    
 Tighten Pro.app    
 PKCS#7Viewer.app    
 Quarzenegger.app    
 About    
 Hire    
 Contact    
 Blogger    
 FaceBook    
 iTunes Direct Link    
 Hollywood CA    
 spctl --assess -vvv    
 spctl --master-enable    
 spctl --master-disable    
 Mac App Store Receipt Validation    
 Apple Code Signing Certificates    
 Gatekeeper Developer ID Apple    
 Xcode codesign tutorial    
 [Site Map]    
 


Copyright © 2005-2020
All Rights Reserved
Tighten Pro