Tighten Pro C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation
Tighten Pro - in the Mac App Store
Tighten Pro is now available in the Mac App Store.
Simply click on the icon to the left to purchase directly from Apple.
Or choose PKCS#7Viewer.app by clicking the image to the right.
|
Mac Developer: genkiyooka/MacRuntimeSandboxDetection
genkiyooka/MacRuntimeSandboxDetection
For CFPlugIn and AudioUnit developers - how to check Mac App Store sandbox capabilities at runtime.
If you write system components (i.e. CoreAudio AudioUnit), CFPlugIn bundles or loadable Cocoa frameworks which are shared among applications (like haxies), you may wish to detect the capabilities of the sandbox environment into which you've been loaded so you can gracefully disable features and so forth.
Naive implementations of such loadable code often dump huge volumes of system messages into the Console.log - not useful to anyone.
Labels: app store, c++, cocoa, mac runtime sandbox detection, sandbox, secure coding mac, security tools mac
|
|
|
Mac Developer: Secure Coding Guide: Introduction to Secure Coding Guide
Secure Coding Guide: Introduction to Secure Coding Guide
The document begins with “Types of Security Vulnerabilities,” which gives a brief introduction to the nature of each of the types of security vulnerability commonly found in software. This chapter provides background information that you should understand before reading the other chapters in the document. If you’re not sure what a race condition is, for example, or why it poses a security risk, this chapter is the place to start.
A good overview that just popped up on my radar. Labels: sandbox, secure coding mac, security
|
|
|
Mac Developer: Fully Countering Trusting Trust through Diverse Double-Compiling (DDC) - Countering Trojan Horse attacks on Compilers
Fully Countering Trusting Trust through Diverse Double-Compiling (DDC) - Countering Trojan Horse attacks on Compilers
In the DDC technique, source code is compiled twice: once with a second (trusted) compiler (using the source code of the compiler’s parent), and then the compiler source code is compiled using the result of the first compilation. If the result is bit-for-bit identical with the untrusted executable, then the source code accurately represents the executable.
You are in a maze of twisty passages, all alike. Labels: security
|
|
|
Mac Developer: Who Is Paunch? — Krebs on Security
Who Is Paunch? — Krebs on Security
“As I have done before, I am asking all the users as well as IT Security professionals to disable all plug-ins and add-ons in their browsers,” Fedotov warned forum members. “Do not think that if you are not users of Internet money (web money), there is no danger of being infected. In this case, the infected PCs are turned into socks proxies, spam/ddos bots and all the bad activity is done under your name, so that law enforcement can place all the blame on your shoulders. Safe surfing and good luck to you.”
I think this means you. Labels: app security, security
|
|
|
Mac Developer: Open Threat Exchange (OTX) | AlienVault
Open Threat Exchange (OTX) | AlienVault
AlienVault Open Threat Exchange (OTX™) is an open threat information sharing and analysis network, created to put effective security measures within the reach of all organizations.
This is a terrific idea. Labels: security
|
|
|
Mac Developer: A programmer's view of Apple's new Swift language | VentureBeat | Dev | by Richard Byrne Reilly
A programmer's view of Apple's new Swift language | VentureBeat | Dev | by Richard Byrne Reilly
Objective-C is great and really powerful. It has served Apple well for a really long time. It’s older than the web though. It is pretty awkward to learn – especially for someone new to programming.
No real plans to change to Swift here, but Metal is definitely on the whiteboard. Of course, at same time, love them tuples and other innovative new language features (Yay! I watched the Advanced Swift WWDC talk). And I will much enjoy watching new programmers getting very confused over the difference between structs and classes.
I will use Swift for small tasks. Although I suppose if I'm going to learn a new language it might as well be C#. That mono runtime is really slutty.
Although I do think there are some merits to eliminating header files (Modula-2 "Interface"), I think it would be good to have an option. Really the last thing I want to do when studying a module's interface is read implementation details. Labels: security, swift
|
|
|
Mac Developer: Apple, Inc. opens up access to its WWDC developer utopia
Apple, Inc. opens up access to its WWDC developer utopia: "Another reason why the hands-on labs are seen by developers as being a priority at WWDC is that Apple now makes the videos of its technical sessions available almost immediately, through either the WWDC app or iTunes. "
Favorite aspect of the new WWDC. Although everyone, I'm sure, would love to attend, it's just not feasible.
Labels: wwdc
|
|
|
Mac Developer: Marc Andreessen & Bill Gates agree with Fox News on this: Snowden is a traitor | VentureBeat | Security | by Harrison Weber
Marc Andreessen & Bill Gates agree with Fox News on this: Snowden is a traitor | VentureBeat | Security | by Harrison Weber: "Silicon Valley investor and technologist Marc Andreessen today declared NSA whistleblower Ed Snowden a traitor on national television."
It's true that he spoke up. Who he betrayed is entirely dependent on your interpretation of the purpose of the Constitution of the United States of America.
"When they came for my friend I did not talk, when they came for my brother I did not talk, when they came for my neighbor I did not talk, soon they will come for me and there will be no one to speak for me".
I think he spoke for a lot of Americans. Labels: security
|
|
|
Mac Developer: A programmer's view of Apple's new Swift language | VentureBeat | Gadgets | by Richard Byrne Reilly
A programmer's view of Apple's new Swift language | VentureBeat | Gadgets | by Richard Byrne Reilly: "Swift pulls a lot from various lanagues. There’s a lot that reminds me of JavaScript, Go, Ruby, and others. Objective-C is pretty old. It’s a really welcome change to see lots of features inspired by modern languages."
Of course, I'm no expert, but Swift looks more like Scala to me than any other language I've been exposed to. Labels: scala, swift
|
|
|
Mac Developer: Apple unveils Swift, a brand new Xcode programming language for developers
Apple unveils Swift, a brand new Xcode programming language for developers: "In a demonstration, Apple showed off the 'Swift Playground,' where developers write code and how results are displayed as soon as code is written. Apple says Swift was designed from the ground up for Cocoa and Cocoa Touch.
Swift can be used for basic apps, like social networking, or advanced 3D games using the new 'Metal' graphics optimization. And because it operates alongside Objective-C, developers will be able to seamlessly interchange languages."
Looking forward to Swift and Metal. Together or individually.
Labels: metal, swift, wwdc
|
|
|
| |
|