Links...
 
Tighten Pro
C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation

Tighten Pro - in the Mac App Store

Tighten Pro is now available in the Mac App Store. Simply click on the icon to the left to purchase directly from Apple. Or choose PKCS#7Viewer.app by clicking the image to the right.

4.13.2020
Mac Developer: PKCS#7Viewer Updated to 64-bit binary

Refreshed the binaries for PKCS#7Viewer for 64-bit operating systems including all versions of Mac OS X and macOS from 10.8 Mountain Lion to 10.15 Catalina.

Assuming it makes it to the Mac App Store, you can find it there; otherwise, there is a free version available for download from this website.

The question is: "Am I feeling motivated enough to try getting PCKS#7Viewer into the Mac App Store?" Certainly the codesigning procedure has been streamlined in Xcode.
PKCS7Viewer has been notarized for easier access on Catalina - however - some features still are not available; I am continuing to research this issue.

Labels: , , , , , , ,

By : Tighten PKCS#7Viewer Updated to 64-bit binary 0 comments

Mac Developer: Introducing The Quarzenegger for macOS (X).

Now with binary download notarized by Apple's new notary service.
If you started using Quartz Composer before 2014...

(like, say, in 2007)

...or if you have been tasked with updating a project that includes QTZ files created "before your time”...

...or maybe you found a QC composition on the internet that will not open in Quartz Composer without errors...

. ... then The Quarzenegger may be for you.

At the initial stages of Apple's transition from OpenGL to Metal, the future of Quartz Composer was unclear. In a perfect world, QTZ files would run on macOS and iOS but until then, the least we would want is for reliable support on the Mac desktop and 2014-2018 were decidedly shakey times for QC enthusiasts. The composition editor seemed to crash frequently, limiting its usefulness.

With The Quarzenegger, you can open any of these older QC compositions (*.qtz files) and find and correct the CIKernel compilation errors. Once the errors have been removed, you can then save the file and open it again in the Quartz Composer editor and, VOILA, all the connections should be intact, to go along with your newly debugged shader code.

Labels: , ,

By : Tighten Introducing The Quarzenegger for macOS (X). 0 comments

4.12.2020
Mac Developer: Quarantino updated to 64-bit 1.0.8

Posted a quick refresh of Quarantino here on the website. Still need to get these apps notarized but we're at least on the modern 64-bit runtime! Download in the usual places...

As it turns out, Application bundles containing so-called FAT binaries (in this case 32/64-Bit x86 and x86-64 architectures) are not eligible for notarization through Apple's gatekeeper notary service. At least this is the case for binaries built after June 2019. In any event, I have thinned the Quarantino package so that it contains only x86-64 code and now it's been notarized and as such, conveniently installs on Catalina (10.15). It should run on systems as early as 10.8. If you, for some reason, need even earlier support, the original 32-bit version (Gatekeeper approved) is available for download here.

Labels: , , , , ,

By : Tighten Quarantino updated to 64-bit 1.0.8 0 comments

4.04.2020
Mac Developer: Bluewave, Blue Tooth, it ain't nothin' but the blues today...

Such an attacker can then passively intercept and decrypt all device messages, and/or forge and inject malicious messages.
https://www.schneier.com/blog/archives/2018/07/major_bluetooth.html

Perhaps I overreacted by patching all my OS versions.

Labels:

By : Tighten Bluewave, Blue Tooth, it ain't nothin' but the blues today... 0 comments

Mac Developer: Find Support Here

This is the linkage for support.

Labels:

By : Tighten Find Support Here 0 comments

Mac Developer: Can you hear the metal shader compiler whirring?

Can do.  Will do.  Have done.

Labels:

By : Tighten Can you hear the metal shader compiler whirring? 0 comments

10.16.2018
Mac Developer: Trivial authentication bypass in libssh leaves servers wide open | Ars Technica

Trivial authentication bypass in libssh leaves servers wide open | Ars Technica: "A search on Shodan showed 6,351 sites using libssh, but knowing how meaningful the results are is challenging. For one thing, the search probably isn’t exhaustive. And for another, as is the case with GitHub, the use of libssh doesn’t automatically make a site vulnerable."

The cool linkage here is Shodan.

Labels:

By : Tighten Trivial authentication bypass in libssh leaves servers wide open | Ars Technica 0 comments

8.21.2018
Mac Developer: iTunes is finally in the Microsoft Store | Ars Technica

iTunes is finally in the Microsoft Store | Ars Technica: "Promised just over a year ago at Microsoft's Build conference in 2017, Apple iTunes is now finally available in the Microsoft Store."

Do as I say, not as I do.

Labels:

By : Tighten iTunes is finally in the Microsoft Store | Ars Technica 0 comments

8.13.2018
Mac Developer: Caesars Palace not-so-Praetorian guards intimidate DEF CON goers, seize soldering irons | Ars Technica

Caesars Palace not-so-Praetorian guards intimidate DEF CON goers, seize soldering irons | Ars Technica: "Katie Moussouris—a bug bounty and vulnerability disclosure program pioneer at Microsoft, an advocate for security researchers, and now the founder and CEO of Luta Security—was confronted by two male members of hotel security as she returned to her room. When she went into the room to call the desk to verify who they were, they banged on the door and screamed at her to immediately open it."

Looks like Orwellian future, smells like Orwellian future, probably living in an Orwellian future.

Labels:

By : Tighten Caesars Palace not-so-Praetorian guards intimidate DEF CON goers, seize soldering irons | Ars Technica 0 comments

Mac Developer: 'Synthetic Click' attack re-emerges in macOS High Sierra at Defcon

'Synthetic Click' attack re-emerges in macOS High Sierra at Defcon: "A vulnerability has been discovered in macOS that could allow an attacker to impersonate a mouse click, enabling for it to bypass security prompts and completely compromise a Mac, a flaw that was found by accident. "

No, mama no!

Labels: ,

By : Tighten 'Synthetic Click' attack re-emerges in macOS High Sierra at Defcon 0 comments

7.29.2018
Mac Developer: Autodesk dropping support for Alias and VRED in macOS Mojave over OpenGL deprecation

Autodesk dropping support for Alias and VRED in macOS Mojave over OpenGL deprecation: "It isn't clear why Autodesk made the declaration that OpenGL's deprecation was responsible for the applications not working in Mojave."

Dammit Jim, I'm a journalist not a software developer!

Labels:

By : Tighten Autodesk dropping support for Alias and VRED in macOS Mojave over OpenGL deprecation 0 comments

7.27.2018
Mac Developer: Google launches “Shielded VMs” to protect cloud servers from rootkits, data theft | Ars Technica

Google launches “Shielded VMs” to protect cloud servers from rootkits, data theft | Ars Technica: "Both Microsoft and Google have launched confidential computing technologies; Microsoft's Azure Confidential Compute was announced last September, and Google's Asylo framework was launched in beta in May. These platforms run application containers in "trusted execution environments"—enclaves that prevent access to the data within those instances from being read by anything running on the underlying operating system or virtual environment."

Hum dada.

Labels: , ,

By : Tighten Google launches “Shielded VMs” to protect cloud servers from rootkits, data theft | Ars Technica 0 comments

Mac Developer: Wipe your iPhone before selling it, because if you don't you might get your data stolen

Wipe your iPhone before selling it, because if you don't you might get your data stolen: "Even if you can't use your phone, you can safeguard your data. For instance, Apple does let you remotely wipe everything using Find My iPhone from another iOS device. That has to be enabled: if you've never switched on Find My iPhone or you've actively switched it off, you can't remote wipe."

The moral of the story is: turn on Find my iPhone.

Labels: ,

By : Tighten Wipe your iPhone before selling it, because if you don't you might get your data stolen 0 comments

5.24.2018
Mac Developer: Amazon Echo recorded household audio, sent it to random contact

Amazon Echo recorded household audio, sent it to random contact: "An Oregon family's Amazon Echo recorded household audio and sent it to an employee of the family's husband, something Amazon blamed on a rare bug that it intends to fix."

Hmmm.

Labels: ,

By : Tighten Amazon Echo recorded household audio, sent it to random contact 0 comments

5.23.2018
Mac Developer: Police use of Amazon’s face-recognition service draws privacy warnings | Ars Technica

Police use of Amazon’s face-recognition service draws privacy warnings | Ars Technica: "Amazon is actively courting law-enforcement agencies to use a cloud-based facial-recognition service that can identify people in real time, the American Civil Liberties Union reported Tuesday, citing the documents obtained from two US departments."

Hmmm.

Labels:

By : Tighten Police use of Amazon’s face-recognition service draws privacy warnings | Ars Technica 0 comments

Mac Developer: Smartphone app that allows credit card skimming ‘real risk’ to consumers: experts - National | Globalnews.ca

Smartphone app that allows credit card skimming ‘real risk’ to consumers: experts - National | Globalnews.ca: "A smartphone app, which allows the user to read credit card information through wallets and purses, is cause for concern amongst consumers that carry credit cards with radio-frequency identification (RFID) technology, according to experts.

The free app, available on the Samsung Galaxy S3 through the Google Play store, allows the phone to read the RFID chip on a credit card, picking up the cardholder’s name, credit card number and expiry date, according to a CBC investigation."

Way to go global payment processing plutocracy!

Labels:

By : Tighten Smartphone app that allows credit card skimming ‘real risk’ to consumers: experts - National | Globalnews.ca 0 comments

Mac Developer: YubiKey NEO's physical NFC key can now unlock apps on iPhone 7 & later

YubiKey NEO's physical NFC key can now unlock apps on iPhone 7 & later: "Taking advantage of the more open NFC access on iPhones made possible with iOS 11, Yubico has announced that its physical YubiKey NEO authentication key can now be used to unlock compatible iOS apps. "

Cool!

Labels: , ,

By : Tighten YubiKey NEO's physical NFC key can now unlock apps on iPhone 7 & later 0 comments

5.22.2018
Mac Developer: Intel promises fix for new 'Variant 4' Meltdown, Spectre vulnerability

Intel promises fix for new 'Variant 4' Meltdown, Spectre vulnerability: "Industry woes over Meltdown and Spectre continued this week when Google and Microsoft on Monday revealed a newly discovered silicon-level vulnerability impacting chips used in millions of computers, including those marketed by Apple. "

I'm totally cereal about this.

Labels: , , ,

By : Tighten Intel promises fix for new 'Variant 4' Meltdown, Spectre vulnerability 0 comments

5.11.2018
Mac Developer: Every major OS maker misread Intel's docs. Now their kernels can be hijacked or crashed • The Register

Every major OS maker misread Intel's docs. Now their kernels can be hijacked or crashed • The Register: "Every major OS maker misread Intel's docs. Now their kernels can be hijacked or crashed"

Wot!

Labels: ,

By : Tighten Every major OS maker misread Intel's docs. Now their kernels can be hijacked or crashed • The Register 0 comments

5.04.2018
Mac Developer: More Spectre-style chip flaws discovered in Intel processors

More Spectre-style chip flaws discovered in Intel processors: "The eighth vulnerability is apparently an exception, potentially posing a greater threat than Spectre itself, as it could allow an attacker to launch an exploit in a virtual machine (VM) as a way to attack the host system. Largely affecting enterprise, as well as some individual users who operate VMs privately, the vulnerability could also be used to attack other VM instances on the same server, and due to Intel's Software Guard Extensions (SGX) not being "Spectre-safe," it could also intercept passwords and keys transmitted between VM instances. "

"Nobody ever got fired for buying IBM."

Labels: , ,

By : Tighten More Spectre-style chip flaws discovered in Intel processors 0 comments

5.03.2018
Mac Developer: Drive-by Rowhammer attack uses GPU to compromise an Android phone | Ars Technica

Drive-by Rowhammer attack uses GPU to compromise an Android phone | Ars Technica: "Over the past few years, there has been a steady evolution in Rowhammer, the once largely theoretical attack that exploits physical defects in memory chips to tamper with the security of the devices they run on. On Thursday, researchers are unveiling the most practical demonstration yet of Rowhammer's power and reach: an exploit that remotely executes malicious code on Android phones by harnessing their graphical processors."

Yo! Hammer! Can't touch this...

Labels: ,

By : Tighten Drive-by Rowhammer attack uses GPU to compromise an Android phone | Ars Technica 0 comments

Mac Developer: Hands off! Arm pitches tamper-resistant Cortex-M35-P CPU cores • The Register

Hands off! Arm pitches tamper-resistant Cortex-M35-P CPU cores • The Register: "Arm has released a new processor core design for Cortex-M-powered system-on-chips that will try to stop physical tampering and side-channel attacks by hackers."

Hackey sacked.

Labels:

By : Tighten Hands off! Arm pitches tamper-resistant Cortex-M35-P CPU cores • The Register 0 comments

4.06.2018
Mac Developer: Baltimore’s 911 system, Boeing join Atlanta in week of crypto-malware outbreaks | Ars Technica

Baltimore’s 911 system, Boeing join Atlanta in week of crypto-malware outbreaks | Ars Technica: "Last Friday, the City of Atlanta was struck by a ransomware attack that took much of the city's internal and external services offline. As of today, many of those services have been restored, but two public portals remain offline."

Security is hard, people. And getting harder. Humans are the weak link in the chain.

Labels:

By : Tighten Baltimore’s 911 system, Boeing join Atlanta in week of crypto-malware outbreaks | Ars Technica 0 comments

4.04.2018
Mac Developer: Intel drops plans to develop Spectre microcode for ancient chips | Ars Technica

Intel drops plans to develop Spectre microcode for ancient chips | Ars Technica: "Intel has scaled back its plans to produce microcode updates for some of its older processors to address the "Spectre variant 2" attack. Core 2 processors are no longer scheduled to receive updates, and, while some first generation Core products have microcode updates available already, others have had their update cancelled.

I wanted to fix the worst computer bug in the history of humankind but then I realized if I don't fix it, people will buy more new CPU chips. It's a win-win situation!

Labels:

By : Tighten Intel drops plans to develop Spectre microcode for ancient chips | Ars Technica 0 comments

1.16.2018
Mac Developer: There's a new malicious link that can crash or hang Messages and Safari

There's a new malicious link that can crash or hang Messages and Safari: "Yet another "text bomb" has surfaced, this time in the form of a website that can sometimes cause system crashes or hangups when received through Apple's Messages app on iOS and macOS."

Wonky tonk.

Labels:

By : Tighten There's a new malicious link that can crash or hang Messages and Safari 0 comments

Mac Developer: Found: New Android malware with never-before-seen spying capabilities | Ars Technica

Found: New Android malware with never-before-seen spying capabilities | Ars Technica: "Now, in a discovery that underscores the growing arms race among competing malware developers, researchers have uncovered a new Android spying platform that includes location-based audio recording and other features that have never been seen in the wild before."

aka Wowsers and browsers.

Labels:

By : Tighten Found: New Android malware with never-before-seen spying capabilities | Ars Technica 0 comments

12.19.2017
Mac Developer: Geekbench and Reddit think they’ve cracked why iPhones get slower over time | Ars Technica

Geekbench and Reddit think they’ve cracked why iPhones get slower over time | Ars Technica: "Based on anecdotal observation, many iPhone users have long believed that older iPhones get slower over time. Generally, people have assumed that this is because of new features and additions in new versions of iOS that are better optimized for the latest phones."

Conspiracy theories laid to rest: it's the hardware, stupid!

Labels: ,

By : Tighten Geekbench and Reddit think they’ve cracked why iPhones get slower over time | Ars Technica 0 comments

 

 
 
 

 Tighten    
 Generate    
 Secure    
 Inspect    
 Quarantino    
 QTZ    
 Downloads    
 Support    
 Documentation    
 Tighten App.app    
 Tighten Pro.app    
 PKCS#7Viewer.app    
 Quarzenegger.app    
 About    
 Hire    
 Contact    
 Blogger    
 FaceBook    
 iTunes Direct Link    
 Hollywood CA    
 spctl --assess -vvv    
 spctl --master-enable    
 spctl --master-disable    
 Mac App Store Receipt Validation    
 Apple Code Signing Certificates    
 Gatekeeper Developer ID Apple    
 Xcode codesign tutorial    
 [Site Map]    
 


Copyright © 2005-2020
All Rights Reserved
Tighten Pro