Links...
 
Tighten Pro
C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation

Tighten Pro - in the Mac App Store

Tighten Pro is now available in the Mac App Store. Simply click on the icon to the left to purchase directly from Apple. Or choose PKCS#7Viewer.app by clicking the image to the right.

9.29.2017
Mac Developer: Security study finds old or improperly updated Macs in limited danger from EFI attack vectors

Security study finds old or improperly updated Macs in limited danger from EFI attack vectors: " Duo suggests that Mac system administrators use the Apple-provided combo OS update, instead of delta updates —and to not use restore images to update machines even though it may be quicker."

Executive summary!

Labels:

By : Tighten Security study finds old or improperly updated Macs in limited danger from EFI attack vectors 0 comments

 
9.28.2017
Mac Developer: Patch alert! Easy-to-exploit flaw in Linux kernel rated 'high risk' • The Register

Patch alert! Easy-to-exploit flaw in Linux kernel rated 'high risk' • The Register: "If a malicious program is built as a Position Independent Executable (PIE), the loader can be exploited to map part of that application's data segment over the memory area reserved for its stack. This can result in memory corruption and possible local privilege escalation."

It's a lot of surface to keep secure.

Labels:

By : Tighten Patch alert! Easy-to-exploit flaw in Linux kernel rated 'high risk' • The Register 0 comments

 
9.26.2017
Mac Developer: Deloitte is a sitting duck: Key systems with RDP open, VPN and proxy 'login details leaked' • The Register

Deloitte is a sitting duck: Key systems with RDP open, VPN and proxy 'login details leaked' • The Register: "In addition, it appears that a Deloitte employee uploaded company proxy login credentials to his public Google+ page. The information was up there for over six months – and was removed in the past few minutes."

Trusted computing.

Labels: ,

By : Tighten Deloitte is a sitting duck: Key systems with RDP open, VPN and proxy 'login details leaked' • The Register 0 comments

 
Mac Developer: macOS's Keychain vulnerability reported earlier in Sept., Apple patch likely coming soon

macOS's Keychain vulnerability reported earlier in Sept., Apple patch likely coming soon: "The Keychain password vulnerability affecting multiple versions of macOS —including High Sierra —was reported to Apple on Sept. 7, and will likely be patched by the company in the near future, according to the security researcher who first publicized the issue. "

Hmmm.

Labels:

By : Tighten macOS's Keychain vulnerability reported earlier in Sept., Apple patch likely coming soon 0 comments

 
9.25.2017
Mac Developer: In spectacular fail, Adobe security team posts private PGP key on blog | Ars Technica

In spectacular fail, Adobe security team posts private PGP key on blog | Ars Technica: "But instead of clicking on the "public" button, the person responsible clicked on "all" and exported both keys into a text file. Then, without realizing the error, the text file was cut/pasted directly to Adobe's PSIRT blog."

Hmmm.

Labels: ,

By : Tighten In spectacular fail, Adobe security team posts private PGP key on blog | Ars Technica 0 comments

 
Mac Developer: Justice Department goes nuclear on Google in search warrant fight | Ars Technica

Justice Department goes nuclear on Google in search warrant fight | Ars Technica: "The Supreme Court is expected to announce any day whether it will hear the government's appeal of that Microsoft case, which has huge privacy ramifications for consumers and for the tech sector. The sector is being asked by the US government to comply with court orders that sometimes conflict with the laws of where the data is stored."

Do yeah, do yeah, do yeah?

Labels:

By : Tighten Justice Department goes nuclear on Google in search warrant fight | Ars Technica 0 comments

 
9.14.2017
Mac Developer: Ad industry complains Apple Safari update is 'unilateral and heavy-handed' against tracking

Ad industry complains Apple Safari update is 'unilateral and heavy-handed' against tracking: "Six ad industry organizations have crafted an open letter complaining about changes coming to Apple's Safari browser, claiming that a new feature — "Intelligent Tracking Prevention" — will hurt both them and the public."

Awesome!

Labels:

By : Tighten Ad industry complains Apple Safari update is 'unilateral and heavy-handed' against tracking 0 comments

 
9.10.2017
Mac Developer: Microsoft says it won't fix kernel flaw: It's not a security issue. Suuuure • The Register

Microsoft says it won't fix kernel flaw: It's not a security issue. Suuuure • The Register: "spotted this week by enSilo security researcher Omri Misgav, lies within the system call PsSetLoadImageNotifyRoutine, which has been part of Microsoft's operating system since Windows 2000 and is still active in the latest builds."

Things that go hmmmm in the night.

Labels:

By : Tighten Microsoft says it won't fix kernel flaw: It's not a security issue. Suuuure • The Register 0 comments

 
9.06.2017
Mac Developer: Exploit goes public for severe bug affecting high-impact sites | Ars Technica

Exploit goes public for severe bug affecting high-impact sites | Ars Technica: "The critical vulnerability is located in Apache Struts 2, an open-source framework that large numbers of enterprise-grade organizations use to develop customer-facing Web applications. The bug, which has been active since 2008, allows end users to execute malicious code or commands by plugging maliciously modified data into search boxes or similar features hosted on the site."

Not invented here syndrome may have some unexpected benefits.

Labels: , ,

By : Tighten Exploit goes public for severe bug affecting high-impact sites | Ars Technica 0 comments

 

 

 
 
 

 Tighten    
 Generate    
 Secure    
 Inspect    
 Quarantino    
 Downloads    
 Support    
 Documentation    
 Tighten App.app    
 Tighten Pro.app    
 PKCS#7Viewer.app    
 About    
 Hire    
 Contact    
 Blogger    
 FaceBook    
 iTunes Direct Link    
 Hollywood CA    
 spctl --assess -vvv    
 spctl --master-enable    
 spctl --master-disable    
 Mac App Store Receipt Validation    
 Apple Code Signing Certificates    
 Gatekeeper Developer ID Apple    
 Xcode codesign tutorial    
 [Site Map]    
 


Copyright © 2005-2015
All Rights Reserved
Tighten Pro