Tighten Pro C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation
Tighten Pro - in the Mac App Store
Tighten Pro is now available in the Mac App Store.
Simply click on the icon to the left to purchase directly from Apple.
Or choose PKCS#7Viewer.app by clicking the image to the right.
|
Mac Developer: Flipboard, we hardly knew ye
I'm toying around with the idea of becoming and independent detector of malware. It's such an important field. Take Flipboard (Android) for instance. It looks to me like Flipboard "synthesized" a login to Facebook on my behalf (I was using it without a login), effectively bypassing my privacy concerns so the app (I'm certain) could harvest my address book. That was immediately followed by an attempt to manipulate my Facebook permissions to allow the Flipboard Android app to create a Like for the Flipboard Facebook page programmatically. This is all very nasty, borderline malware activity that is indicative of the desperation that technology companies experience as they take on rounds of funding where pressure to monetize overrules common sense.
Best of luck with that strategy, guys. Let's see how you keep on that growth curve if Facebook locks you out of their ecosystem. Labels: borderline malware
|
|
|
Mac Developer: New privilege escalation exploit discovered in OS X Yosemite, also affects just-released 10.10.5
New privilege escalation exploit discovered in OS X Yosemite, also affects just-released 10.10.5: "The exploit was discovered by Italian developer Luca Todesco, who relies on a combination of attacks — including a null pointer dereference in OS X's IOKit — to drop a proof-of-concept payload into a root shell. It affects every version of OS X Yosemite"
Almost as if someone wants them to find the vulnerabilities. I mean, OSX is hardly a target for hackers. So many bigger fish to fry.
Labels: security flaw
|
|
|
Mac Developer: Google's initial Android Stagefright patch inadequate, forced to issue second fix
Google's initial Android Stagefright patch inadequate, forced to issue second fix: "The first software patch designed to mitigate the high-profile Stagefright vulnerability in Google's Android mobile operating system was insufficient, one security researcher discovered, leading to the issuance of yet another update."
Security is unbelievably difficult when the OS foundation is based on Unix and C. Maybe a new operating system is in order. I've long believed that the crown jewels of Blackberry was QNX.
Labels: security flaw, security research
|
|
|
Mac Developer: The parfait approach to cyber defense: It's all about the layers | VentureBeat | Security | by Israel Levy, Bufferzone
The parfait approach to cyber defense: It's all about the layers | VentureBeat | Security | by Israel Levy, Bufferzone: "And as security consulting firm Security Compass wrote in early 2014, for all of its advantages, HTML5 isn’t bulletproof and shouldn’t be viewed as such: ‘HTML5 applications regardless of deployment can still be plagued with the same vulnerabilities as web applications (SQL injection, cross-site scripting, weak encryption, business logic attacks, etc.).’"
The secure web browser of the future will have no JavaScript and no Flash. I use Little Snitch extensively and it's amazing how many web pages (read: advertisements) open raw socket connections to remote servers. Labels: security flaw
|
|
|
Mac Developer: Lenovo once again reminds everyone why it's better to get a Mac
Lenovo once again reminds everyone why it's better to get a Mac: "Back in February Windows PC manufacturer Lenovo was caught injecting Superfish adware onto some of their laptops, not only exploiting their own customers but leaving those customers open to man-in-the-middle attacks. Now they've been charged with using something akin to a rootkit to make sure their own customers can't cleanly reinstall Windows, not without Lenovo re-intalling updaters, app installers, and system data collectors as well. And yes, this Lenovo hack was also potentially exploitable by malware. "
When shopping for that new PC to run Windows 10 for your WinObjC project, do yourself a favor and get a Dell or use a Mac with bootcamp. I found the Windows 8 to Windows 10 transition on the Dell totally painless. I upgrade the chap to a SSD, used Windows 8 Media Creation to burn an ISO and am now up and running on Windows 10 with VS Community 2015.
I'm totally intrigued by the new HyperV malware protection in Windows and may switch to such a laptop for all my internet related work in the immediate future.
Labels: security, security flaw
|
|
|
Mac Developer: Practical Windows Code and Driver Signing
Practical Windows Code and Driver Signing: "A lot of this information can be verified in official Microsoft documentation found on MSDN, and I will try to cite the official documentation when needed. The authoritative documents on kernel-mode code signing are kmsigning.doc and KMCS_walkthrough.doc. These are pretty good resources, but they are from 2007 and thus contain no information about Windows 7, Windows 8, or SHA-2. Also, their scope is more limited than the scope of this document because they don't talk about signing executables. Therefore, a lot of the things I say here are actually conclusions that I have drawn from my own experiments. When I am telling you something that I determined experimentally, I will use phrases like 'it seems like' or 'in my experience'. When my experiments contradict the official documentation I will say so."
Terrific guide to code signing in Windows environment. Better bone up because WinObjC is here and works great. Labels: authenticode, codesigning
|
|
|
Mac Developer: Security researchers build on PC vulnerabilities to create first firmware-based Mac worm
Security researchers build on PC vulnerabilities to create first firmware-based Mac worm: "Firmware attacks are possible because many computer manufacturers put few safeguards in place to prevent malicious updates or changes, leaving many computers vulnerable. According to Wired, Apple could have put protections in place to prevent at least one type of attack discovered by the research group, but apparently elected not to."
More O Daeng!
Labels: security, security fix
|
|
|
Mac Developer: The iOS 8.4 jailbreak app is now available on Mac
|
|
|
| |
|