Links...
 
Tighten Pro
C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation

Tighten Pro - in the Mac App Store

Tighten Pro is now available in the Mac App Store. Simply click on the icon to the left to purchase directly from Apple. Or choose PKCS#7Viewer.app by clicking the image to the right.

4.29.2016
Mac Developer: In a first, US military plans to drop “cyberbombs” on ISIS, NYT says | Ars Technica

In a first, US military plans to drop “cyberbombs” on ISIS, NYT says | Ars TechnicaOpening a new front in its campaign to defeat Islamic State terrorists, the US military has for the first time directed its Cyber Command to mount hacking attacks against ISIS computers and networks, The New York Times reported Sunday.
This may lead to a sadly unexpected escalation that affects many ordinary people.

Labels:

By : Tighten In a first, US military plans to drop “cyberbombs” on ISIS, NYT says | Ars Technica 0 comments

 
4.28.2016
Mac Developer: Blame the victim: Report shows fifth of breaches caused by “miscellaneous errors” | Ars Technica

Blame the victim: Report shows fifth of breaches caused by “miscellaneous errors” | Ars TechnicaIn cases where malware or hacking was used to get in the door, "zero day" vulnerabilities played a microscopic role. The vast majority of breaches involving exploiting bugs in software went after known vulnerabilities—and just 10 vulnerabilities accounted for 85 percent of exploit attacks (though the list of top vulnerabilities has been called into question by some observers).
Social hacking has always been dominant. Probably, if someone was good enough to gain access to your systems through a zero-day exploit, you wouldn't know about it, unless they were using a purchased toolkit written by someone else.

Labels: ,

By : Tighten Blame the victim: Report shows fifth of breaches caused by “miscellaneous errors” | Ars Technica 0 comments

 
4.27.2016
Mac Developer: 7 million unsalted MD5 passwords leaked by Minecraft community Lifeboat | Ars Technica

7 million unsalted MD5 passwords leaked by Minecraft community Lifeboat | Ars Technica: "E-mail addresses and hashed passwords for 7 million Lifeboat accounts. The mass compromise was discovered by Troy Hunt, the security researcher behind the Have I been pwned? breach notification site. Hunt said he had acquired the data from someone actively involved in trading hacked login credentials who has provided similar data in the past."
Have you been owned? Yes, in fact, you have.

Labels:

By : Tighten 7 million unsalted MD5 passwords leaked by Minecraft community Lifeboat | Ars Technica 0 comments

 
Mac Developer: Boffins believe buggy Binder embiggens Android attack surface • The Register

Boffins believe buggy Binder embiggens Android attack surface • The RegisterThe paper notes that “private APIs” in Android – APIs that aren't documented for third-party developers – are a security problem. Since they're unknown, they don't get checked or tested.

Another architectural issue the paper cites is that de-serialisation is “assumed to be always undisturbed”, another assumption that depends on the validity of the client-side transaction.
Reminiscent of the XPC exploit that could be used to root Apple devices. Security "features"

Labels:

By : Tighten Boffins believe buggy Binder embiggens Android attack surface • The Register 0 comments

 
Mac Developer: Hacking group “PLATINUM” used Windows’ own patching system against it | Ars Technica

Hacking group “PLATINUM” used Windows’ own patching system against it | Ars TechnicaIn 2006, Alex Sotirov gave a presentation at Black Hat that briefly described how Windows' hotpatching worked in the context of a description of how third parties had offered some quick patches for Windows flaws while waiting for Microsoft's official fixes. A more thorough description was given by Alex Ionescu at SyScan 2013. Ionescu's talk wasn't just about how hotpatching was implemented, but described ways that attackers could use it to modify running systems to inject malware without having to write the malware to disk or inject DLLs, both of which are visible to anti-malware software and humans alike.
The joys of a monoculture. It's like a petri dish where microbes flourish.

Labels: ,

By : Tighten Hacking group “PLATINUM” used Windows’ own patching system against it | Ars Technica 0 comments

 
4.25.2016
Mac Developer: Billion dollar Bangladesh hack: SWIFT software hacked, no firewalls, $10 switches | Ars Technica

Billion dollar Bangladesh hack: SWIFT software hacked, no firewalls, $10 switches | Ars Technica: "Billion dollar Bangladesh hack: SWIFT software hacked, no firewalls, $10 switches

The Bangladesh central bank had no firewall and was using a second-hand $10 network when it was hacked earlier this year. Investigation by British defense contractor BAE Systems has also shown that the SWIFT software used to make payments was compromised, enabling the hackers to send money around the world without leaving any trace in Bangladesh."
No commentary required.

Labels: ,

By : Tighten Billion dollar Bangladesh hack: SWIFT software hacked, no firewalls, $10 switches | Ars Technica 0 comments

 
Mac Developer: Exploit gets around Windows' app security safeguards

Exploit gets around Windows' app security safeguards
Researcher Casey Smith has discovered a vulnerability in Windows that gets around this barrier. If you tell Regsvr32 to point to a remotely hosted file (such as a script), you can make a system run whichever app you want -- just what hackers and virus writers are looking for.
I leak, you leak, we all leak together.

Labels: , ,

By : Tighten Exploit gets around Windows' app security safeguards 0 comments

 
4.24.2016
Mac Developer: EtherPEG

EtherPEGEtherPEG works by capturing unencrypted TCP packets off your local network, collecting packets into groups based on TCP connection (determined from source IP address, destination IP address, source TCP port and destination TCP port), reassembling those packets into order based on TCP sequence number, and then scanning the resulting data for byte sequences that suggest the presence of JPEG or GIF data.
Some familiar characters and their mischief.

Labels:

By : Tighten EtherPEG 0 comments

 
Mac Developer: Managing Subscriptions with In-App Purchase - WWDC 2012 - Videos - Apple Developer

Managing Subscriptions with In-App Purchase - WWDC 2012 - Videos - Apple Developer
An oldie, but goodie.

Labels:

By : Tighten Managing Subscriptions with In-App Purchase - WWDC 2012 - Videos - Apple Developer 0 comments

 
Mac Developer: Facebook was the victim of a backdoor hack

Facebook was the victim of a backdoor hackDevcore's Orange Tsai recently discovered that someone had installed a backdoor on one of Facebook's corporate servers (that is, not the social network itself) in a bid to swipe workers' login details.
And what are mere mortals to do?

Labels:

By : Tighten Facebook was the victim of a backdoor hack 0 comments

 
4.23.2016
Mac Developer: Congress asks the NSA how often it spies on Americans

Congress asks the NSA how often it spies on AmericansThanks in part to leaks, it's no secret that the National Security Agency's foreign intelligence gathering also covers some Americans. But just how many Americans are under watch, and how many are simply innocents caught in the crossfire? Congress wants to find out. The House Judiciary Committee has sent a letter giving Director of National Intelligence James Clapper until May 6th to provide a "rough estimate" of how many Americans are swept up in spying under the Foreign Intelligence Surveillance Act.
Wild Bill Lawless, as sheriff of these parts, I give you just 27 years to get outta town.

Labels:

By : Tighten Congress asks the NSA how often it spies on Americans 0 comments

 
4.22.2016
Mac Developer: “Nuclear” exploit kit service cashes in on demand from cryptoransomware rings | Ars Technica

“Nuclear” exploit kit service cashes in on demand from cryptoransomware rings | Ars Technica: "Security researchers at Cisco Talos and Check Point have published reports detailing the inner workings of Nuclear, an 'exploit kit' Web service that deployed malware onto victims' computers through malicious websites. While a significant percentage of Nuclear's infrastructure has been recently disrupted, the exploit kit is still operating—and looks to be a major contributor to the current crypto-ransomware epidemic."
Somehow, after I deleted it, Flash was on my machine again.

Labels:

By : Tighten “Nuclear” exploit kit service cashes in on demand from cryptoransomware rings | Ars Technica 0 comments

 
Mac Developer: Brazen no more, makers of account-draining bank trojan get 24 years | Ars Technica

Brazen no more, makers of account-draining bank trojan get 24 years | Ars TechnicaAlso providing assistance were researchers from Microsoft’s Digital Crimes Unit, Flashpoint, PhishLabs, Dell SecureWorks, Damballa, and the Norwegian Security Research Team known as "Underworld.no." The arrests came as both men brazenly traveled through places subject to US law-enforcement extradition.
Nice.

Labels:

By : Tighten Brazen no more, makers of account-draining bank trojan get 24 years | Ars Technica 0 comments

 
Mac Developer: National Security Letters are now constitutional, judge rules | Ars Technica

National Security Letters are now constitutional, judge rules | Ars TechnicaThe legal challenge Illston decided stemmed from a challenge brought by the Electronic Frontier Foundation, which was representing two service providers that challenged the NSLs on grounds that the gag requirement illegally limited their rights of speech.
A fight with no winners, only losers.

Labels:

By : Tighten National Security Letters are now constitutional, judge rules | Ars Technica 0 comments

 
4.21.2016
Mac Developer: UK intel agencies spy indiscriminately on millions of innocent folks | Ars Technica

UK intel agencies spy indiscriminately on millions of innocent folks | Ars Technica: "The UK's intelligence agencies (MI5, MI6, and GCHQ) are spying on everything you do, and with only the flimsiest of safeguards in place to prevent abuse, according to more than a thousand pages of documents published today as a result of a lawsuit filed by Privacy International."
They know who you liked on Facebook.

Labels: ,

By : Tighten UK intel agencies spy indiscriminately on millions of innocent folks | Ars Technica 0 comments

 
4.20.2016
Mac Developer: DRAM bitflipping exploits that hijack computers just got easier | Ars Technica

DRAM bitflipping exploits that hijack computers just got easier | Ars Technica: "New research into the 'Rowhammer' bug that resides in certain types of DDR memory chips raises a troubling new prospect: attacks that use Web applications or booby-trapped videos and documents to trigger so-called bitflipping exploits that allow hackers to take control of vulnerable computers."
Hard to imagine building defences against bugs in the actual hardware.

Labels:

By : Tighten DRAM bitflipping exploits that hijack computers just got easier | Ars Technica 0 comments

 
Mac Developer: Apple-backed coalition opposes Burr-Feinstein encryption bill in open letter

Apple-backed coalition opposes Burr-Feinstein encryption bill in open letter: "A group of four tech industry associations — representing businesses like Apple, Amazon, Microsoft and Google — have published an open letter opposing a draft bill by U.S. Senators Richard Burr and Dianne Feinstein, which would make it possible for courts to order help bypassing encryption."
It may well be that we need an entire generation of legislators to die off before we get the laws that are informed by people who understand what is going on.

Labels:

By : Tighten Apple-backed coalition opposes Burr-Feinstein encryption bill in open letter 0 comments

 
4.19.2016
Mac Developer: How hackers eavesdropped on a US Congressman using only his phone number | Ars Technica

How hackers eavesdropped on a US Congressman using only his phone number | Ars TechnicaA US Congressman has learned first-hand just how vulnerable cellphones are to eavesdropping and geographic tracking after hackers were able to record his calls and monitor his movements using nothing more than the public ten-digit phone number associated with the handset he used.
Just when you thought it was safe to go back in the pool.

Labels:

By : Tighten How hackers eavesdropped on a US Congressman using only his phone number | Ars Technica 0 comments

 
Mac Developer: How Hacking Team got hacked | Ars Technica

How Hacking Team got hacked | Ars TechnicaOn Friday, the self-described black hat hacker who claimed responsibility for the Hacking Team dump last year, and who goes by the handle "Phineas Phisher," published the technical details of how he pulled off the caper—and encouraged others to follow his example.
It's like one guy doing the actual work that the NSA was tasked with.

Labels: ,

By : Tighten How Hacking Team got hacked | Ars Technica 0 comments

 
4.18.2016
Mac Developer: Apple confirms QuickTime for Windows at end of life

Apple confirms QuickTime for Windows at end of life: "Last week software security outfit Trend Micro disclosed the discovery of two new flaws in QuickTime 7 for Windows, saying Apple was informed of the security threats in November. At the time, Apple said it had no plans to issue a patch, adding the software 'would be deprecated on Windows and the vendor would publish removal instructions for users.'
iTunes is, of course, everything that QuickTime(tm) was, and aspired to be.

Labels:

By : Tighten Apple confirms QuickTime for Windows at end of life 0 comments

 
Mac Developer: Flashback: Declassified 1970 DOD cybersecurity document still relevant | Ars Technica

Flashback: Declassified 1970 DOD cybersecurity document still relevant | Ars Technica: "The National Security Archives at George Washington University has just added a classic text of computer security to its 'Cyber Vault' project—the original version of what came to be known as the 'Ware Report,' a document published by the predecessor to the Defense Advanced Research Projects Agency in February 1970. And as much as technology has changed in the 46 years that have passed, the Ware Report would still hold up pretty well today with a few notable edits.
We knew exactly what needs to be done but were still unable to do it because it is possibly an unsolvable problem.

Labels:

By : Tighten Flashback: Declassified 1970 DOD cybersecurity document still relevant | Ars Technica 0 comments

 
Mac Developer: House votes to undermine net neutrality rules, and ISPs cheer | Ars Technica

House votes to undermine net neutrality rules, and ISPs cheer | Ars TechnicaThe "No Rate Regulation of Broadband Internet Access Act" was ostensibly proposed to prevent the FCC from setting the rates charged by Internet providers. But the bill defines "rate regulation" so broadly that FCC Chairman Tom Wheeler says it could prevent the commission from enforcing net neutrality rules against blocking and throttling.
Soon, the USA will be the most technologically-backwards country in the world when it comes to connectivity. Google Fiber notwithstanding.

Labels:

By : Tighten House votes to undermine net neutrality rules, and ISPs cheer | Ars Technica 0 comments

 
4.16.2016
Mac Developer: Out-of-date apps put 3 million servers at risk of crypto ransomware infections | Ars Technica

Out-of-date apps put 3 million servers at risk of crypto ransomware infections | Ars Technica: "More than 3 million Internet-accessible servers are at risk of being infected with crypto ransomware because they're running vulnerable software, including out-of-date versions of Red Hat's JBoss enterprise application, researchers from Cisco Systems said Friday."
The joys of monoculture, the ideal petri dish for the epidemic disaster.

Labels:

By : Tighten Out-of-date apps put 3 million servers at risk of crypto ransomware infections | Ars Technica 0 comments

 
4.14.2016
Mac Developer: QuickTime Sandbox Fail

This looks like a security scoped URL fail. When the sandbox is so restrictive even Apple can't figure out how to make it work.

QuickTimeFail

Labels:

By : Tighten QuickTime Sandbox Fail 0 comments

 
Mac Developer: Apple investigating major App Store search changes, mulling paid results, report says

Apple investigating major App Store search changes, mulling paid results, report says: "A report Thursday claims Apple has a 'secret team' working on major user-facing changes to App Store search results, including the possibility of charging developers to promote content. "
I'm looking forward to seeing the Microsoft brand at the top of every search category on the App Store(s). If Google isn't already the way you find relevant content in the App Store, it soon will be.

Labels:

By : Tighten Apple investigating major App Store search changes, mulling paid results, report says 0 comments

 
4.13.2016
Mac Developer: '1970' date bug could be used to wreck pre-iOS 9.3.1 devices over Wi-Fi, researchers say

'1970' date bug could be used to wreck pre-iOS 9.3.1 devices over Wi-Fi, researchers say: "If an iOS device is set to connect to a trusted Wi-Fi network automatically — such as a cable company's free hotspot — a hacker mimicking that network's name can trick a device into setting the wrong time, said Patrick Kelley and Matt Harrigan, cited by Krebs on Security. This is possible because iOS regularly tries to connect to an NTP (network time protocol) server to keep time in sync."
Think of all those wasted hours trying to get useful code running in a sandbox environment. To what end?

Labels: ,

By : Tighten '1970' date bug could be used to wreck pre-iOS 9.3.1 devices over Wi-Fi, researchers say 0 comments

 
Mac Developer: How to install and run Mac apps that don't come from the Mac App Store

How to install and run Mac apps that don't come from the Mac App Store: "Apple has introduced a number of features designed to protect users from malware in OS X, but these tools occasionally go too far when trying to save people from themselves."
Well, as long as the Mac can run really crappy ports of iPad shovel ware, why should anybody complain?

Labels:

By : Tighten How to install and run Mac apps that don't come from the Mac App Store 0 comments

 
4.12.2016
Mac Developer: FBI reportedly paid 'gray-hat' hackers, not Cellebrite, for zero day exploit in San Bernardino iPhone case

FBI reportedly paid 'gray-hat' hackers, not Cellebrite, for zero day exploit in San Bernardino iPhone caseIn the latest development of what appears to be a never-ending guessing game, a report on Tuesday claims FBI officials purchased a zero day exploit from a group of professional security researchers as part of its successful effort in breaking into an iPhone 5c linked to last year's San Bernardino terror attack.
Moral hazard courtesy of "the establishment".

Labels:

By : Tighten FBI reportedly paid 'gray-hat' hackers, not Cellebrite, for zero day exploit in San Bernardino iPhone case 0 comments

 
Mac Developer: Yes, Badlock bug was shamelessly hyped, but the threat is real | Ars Technica

Yes, Badlock bug was shamelessly hyped, but the threat is real | Ars Technica: "it's no Heartbleed or Goto Fail, but people who say it's not serious may be sadly mistaken."
When exploits are compared for marketing value.

Labels:

By : Tighten Yes, Badlock bug was shamelessly hyped, but the threat is real | Ars Technica 0 comments

 
4.11.2016
Mac Developer: Researchers help shut down spam botnet that enslaved 4,000 Linux machines | Ars Technica

Researchers help shut down spam botnet that enslaved 4,000 Linux machines | Ars TechnicaKnown as Mumblehard, the botnet was the product of highly skilled developers. It used a custom "packer" to conceal the Perl-based source code that made it run, a backdoor that gave attackers persistent access, and a mail daemon that was able to send large volumes of spam.
Who's winning? It's hard to tell.

Labels: , ,

By : Tighten Researchers help shut down spam botnet that enslaved 4,000 Linux machines | Ars Technica 0 comments

 
Mac Developer: More big-name sites hit by rash of malicious ads that attack end users | Ars Technica

More big-name sites hit by rash of malicious ads that attack end users | Ars TechnicaSome of the Netherland' most popular websites have fallen victim to a malvertising campaign that managed to compromise a widely used ad platform, security researchers reported on Monday.

The malicious ads were served over at least 11 sites including marktplaats.nl, the Netherlands equivalent to eBay and the country's seventh most visited website, according to a blog post published by security firm Fox IT.
The modern browser: source of most security problems.

Labels:

By : Tighten More big-name sites hit by rash of malicious ads that attack end users | Ars Technica 0 comments

 
4.09.2016
Mac Developer: Adobe Just Issued an Emergency Flash Update After Ransomware Attacks - Fortune

Adobe Just Issued an Emergency Flash Update After Ransomware Attacks - FortuneAdobe Systems issued an emergency update on Thursday to its widely used Flash software for Internet browsers after researchers discovered a security flaw that was being exploited to deliver ransomware to Windows PCs.
The solution is not to play. Uninstall Flash.

Labels:

By : Tighten Adobe Just Issued an Emergency Flash Update After Ransomware Attacks - Fortune 0 comments

 
Mac Developer: Leaked Senate encryption bill called 'ludicrous, dangerous' by security experts

Leaked Senate encryption bill called 'ludicrous, dangerous' by security expertsThe proposed bill, authored by U.S. Senate Intelligence Committee Chairman Sen. Richard Burr (R-NC) and Vice Chair Sen. Dianne Feinstein (D-CA), has been circulating amongst key members of Congress for the past two weeks in a bid to build support prior to vote.
Full steam ahead at ludicrous speed!

Labels: , ,

By : Tighten Leaked Senate encryption bill called 'ludicrous, dangerous' by security experts 0 comments

 
4.08.2016
Mac Developer: Neutered random number generator let man rig million dollar lotteries | Ars Technica

Neutered random number generator let man rig million dollar lotteries | Ars Technica: "Prosecutors say they have unearthed forensic evidence that shows how a former computer security official for a US state lottery association let him rig drawings worth millions of dollars across five states using unauthorized code that tampered with a random number generator used to pick winning tickets."
The new greed is the old greed written in C#.

Labels: , , ,

By : Tighten Neutered random number generator let man rig million dollar lotteries | Ars Technica 0 comments

 
4.07.2016
Mac Developer: FBI can't unlock anything newer than Apple's iPhone 5c, Comey reveals

FBI can't unlock anything newer than Apple's iPhone 5c, Comey reveals: "The unlocking procedure used by the Federal Bureau of Investigation to break into an iPhone 5c at the center of the San Bernardino case cannot be used on new devices, the bureau's director said on Wednesday."
Well, some good news!

Labels: ,

By : Tighten FBI can't unlock anything newer than Apple's iPhone 5c, Comey reveals 0 comments

 
4.05.2016
Mac Developer: WhatsApp is now most widely used end-to-end crypto tool on the planet | Ars Technica

WhatsApp is now most widely used end-to-end crypto tool on the planet | Ars TechnicaAs the company explained in a white paper that was released on Monday night, WhatsApp uses the Signal protocol (formerly known as Axolotl), which was created by Moxie Marlinspike’s Open Whisper Systems. (That protocol is also used by Marlinspike’s Signal encrypted messaging and voice app.)
Open source wins again.

Labels:

By : Tighten WhatsApp is now most widely used end-to-end crypto tool on the planet | Ars Technica 0 comments

 
Mac Developer: Why Microsoft needed to make Windows run Linux software | Ars Technica

Why Microsoft needed to make Windows run Linux software | Ars Technica: "The recent Xamarin acquisition and the announcement last week that Xamarin would be free with Visual Studio and released as open source to boot makes Windows a strong candidate for all kinds of software development. Visual Studio includes a high quality Android emulator and all the tools for developing on Android."
Quite right.

Labels:

By : Tighten Why Microsoft needed to make Windows run Linux software | Ars Technica 0 comments

 
4.04.2016
Mac Developer: A spiritual successor to Aaron Swartz is angering publishers all over again | Ars Technica

A spiritual successor to Aaron Swartz is angering publishers all over again | Ars TechnicaI would like to reference Robert K. Merton, the founder of sociology of science. He studied ethos of research communities. And what he found is that communism is one of the four important ethical norms (along with universalism, disinterested, and organized skepticism) that makes science work. By communism, he meant the common ownership of scientific discoveries, according to which scientists give up intellectual property in exchange for recognition.
Information wants to be free.

Labels: ,

By : Tighten A spiritual successor to Aaron Swartz is angering publishers all over again | Ars Technica 0 comments

 
4.02.2016
Mac Developer: Software security needs a new perspective | TechCrunch

Software security needs a new perspective | TechCrunchthe potential destructiveness of software bugs has become orders of magnitude more dramatic than it used to be, say, 20 years ago.
It used to be that only AT & T was networked and running Unix and susceptible. Now, every darn IOT device is running some version of Linux.

Labels:

By : Tighten Software security needs a new perspective | TechCrunch 0 comments

 
4.01.2016
Mac Developer: Announcing the official release of the Visual C++ Build Tools 2015 | Visual C++ Team Blog

Announcing the official release of the Visual C++ Build Tools 2015 | Visual C++ Team BlogATL and MFC are important libraries. The fact that they were missing from the Build Tools made it impossible for you to use the Build Tools for your projects.
You think you understand corporate development, but you don't. MFC and ATL were my primary frameworks in 1994. That's 22 years ago. Keep that in mind when you release new tools every year that break code that was written 3 years ago.

Labels:

By : Tighten Announcing the official release of the Visual C++ Build Tools 2015 | Visual C++ Team Blog 0 comments

 

 

 
 
 

 Tighten    
 Generate    
 Secure    
 Inspect    
 Quarantino    
 Downloads    
 Support    
 Documentation    
 Tighten App.app    
 Tighten Pro.app    
 PKCS#7Viewer.app    
 About    
 Hire    
 Contact    
 Blogger    
 FaceBook    
 iTunes Direct Link    
 Hollywood CA    
 spctl --assess -vvv    
 spctl --master-enable    
 spctl --master-disable    
 Mac App Store Receipt Validation    
 Apple Code Signing Certificates    
 Gatekeeper Developer ID Apple    
 Xcode codesign tutorial    
 [Site Map]    
 


Copyright © 2005-2015
All Rights Reserved
Tighten Pro