|
Tighten Pro
C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation
  Tighten Pro - in the Mac App Store
Tighten Pro is now available in the Mac App Store.
Simply click on the icon to the left to purchase directly from Apple.
Or choose PKCS#7Viewer.app by clicking the image to the right.
|
Mac Developer: Apple Leaves Two Obvious Security Weaknesses In Mac OS X El Capitan - Forbes
Apple Leaves Two Obvious Security Weaknesses In Mac OS X El Capitan - ForbesAAPL launched its latest iteration of Mac OS X today, El Capitan, but along with a host of fresh features there are two key weaknesses that researchers have warned leave users open to password theft and malware infection. Both reside in security tools designed to prevent attacks.
Two for the road.
Labels: security flaw
|
|
|
Mac Developer: Hackers restore PlayStation TV compatibility that was blocked by Sony | Ars Technica
Hackers restore PlayStation TV compatibility that was blocked by Sony | Ars Technica Now, some enterprising hackers have apparently gone a long way toward fixing this problem by increasing the PlayStation TV's software compatibility with a simple hack. The method, as outlined on HackInformer, exploits an error in the PlayStation TV's e-mail app that lets users write files to the system memory by attaching them as fake images in a message.
The most worrisome phrase in this article is the use of the phrase "simple hack"
Labels: security flaw
|
|
|
Mac Developer: GCHQ tried to track Web visits of “every visible user on Internet” | Ars Technica
GCHQ tried to track Web visits of “every visible user on Internet” | Ars Technica If you used the World Wide Web anytime after 2007, the United Kingdom's Government Communications Headquarters (GCHQ) has probably spied on you. That's the revelation contained in documents published today by The Intercept, which detail a GCHQ operation called "Karma Police"—a program that tracked Web browsing habits of people around the globe in what the agency itself billed as the "world's biggest" Internet data-mining operation, intended to eventually track "every visible user on the Internet."
Undoubtedly, monitoring these logs is easily the most boring job in the world. Labels: security policy
|
|
|
Mac Developer: UK cinema staff will wear night-vision goggles to fight Bond (piracy)
UK cinema staff will wear night-vision goggles to fight Bond (piracy) the Telegraph that says cinema staff in the UK will use military-grade night vision headsets to combat piracy during the UK's early run of the new Bond romp Spectre. Like something lifted straight out of a Bond film, staff will don these goggles in auditoriums across the country to catch those who are trying to record the movie for illegal distribution.
Cameras are getting smaller. Labels: security policy
|
|
|
Mac Developer: ZERODIUM Announces $1 Million Dollars For Anyone Who Can Jailbreak iOS 9 | Redmond Pie
ZERODIUM Announces $1 Million Dollars For Anyone Who Can Jailbreak iOS 9 | Redmond Pie The firm’s out-of-the-blue iOS 9 bounty either insinuates that it believes Apple’s latest iteration of iOS is extremely secure, therefore making the money safe, or perhaps more likely, it has a client willing to pay big for a browser-based untethered jailbreak of iOS 9.
Although most hackers are not motivated by money. Labels: ios 9, jailbreak
|
|
|
Mac Developer: A million developers used the Unity game engine in August | GamesBeat | Games | by Dean Takahashi
A million developers used the Unity game engine in August | GamesBeat | Games | by Dean Takahashi “Democratization is the founding idea of the company,” he said. “We put power in the hands of developers. The key idea we want to see is more people creating content than ever before. Game production is a fundamentally hard thing to do. Getting those games to work on multiple platforms is a very hard thing to do.”
Never hurts to have lofty, noble goals. Labels: democracy
|
|
|
Mac Developer: Modified versions of Xcode used to sneak malware into App Store, Apple confirms [u]
About 40 infected apps made it onto the App Store, according to security researchers with Palo Alto Networks. Some of the apps were extremely high-profile, including WeChat and a popular ridesharing service, Didi Kuaidi.
Just put that old PowerBook to work as a downloader machine. Oh, except that older Safaris can no longer access Apple websites.
|
|
|
Mac Developer: In blunder threatening Windows users, D-Link publishes code-signing key | Ars Technica
In blunder threatening Windows users, D-Link publishes code-signing key | Ars Technica The key expired earlier this month, but Klijnsma said that any software that was signed before the expiration date will continue to be accepted as a legitimate D-Link release. He said the key is accepted by Microsoft Windows code-signing requirements and appears to be accepted by Apple's OS X as well.
The beginning of the end? Labels: authenticode
|
|
|
Mac Developer: iOS 9, OS X El Capitan close serious AirDrop vulnerability allowing malware infections
iOS 9, OS X El Capitan close serious AirDrop vulnerability allowing malware infections The technique bypasses Apple's security using a spoofed enterprise certificate, and can potentially be used against anyone within AirDrop range, Azimuth Security's Mark Dowd told Forbes. The attack forces the installation of a provisioning profile, and can alter iOS' Springboard to convince a device that the fake certificate is already trusted.
Kind of a showstopper as far as things like this go.
Labels: secure coding mac, security flaw
|
|
|
Mac Developer: You may be picking the wrong programmers | VentureBeat | Dev | by Ivan Bercovich, Graphiq
The human tendency is to pursue the path with the fastest perceived growth, which encourages developers to constantly start new projects and learn new technologies.
That's how I sidestepped that whole garbage collection fiasco. Garbage in garbage out. Labels: art of the long view
|
|
|
Mac Developer: Once seen as bulletproof, 11 million+ Ashley Madison passwords already cracked | Ars Technica
Once seen as bulletproof, 11 million+ Ashley Madison passwords already cracked | Ars Technica When the Ashley Madison hackers leaked close to 100 gigabytes' worth of sensitive documents belonging to the online dating service for people cheating on their romantic partners, there seemed to be one saving grace. User passwords were cryptographically protected using bcrypt, an algorithm so slow and computationally demanding it would literally take centuries to crack all 36 million of them.
Security researcher could only crack weak passwords—just 0.0668% of trove. Now, a crew of hobbyist crackers has uncovered programming errors that make more than 15 million of the Ashley Madison account passcodes orders of magnitude faster to crack.
Security is quite difficult to do right. I think it starts with the choice of FreeBSD.
Labels: security flaw
|
|
|
Mac Developer: How corporate fears of hacks just created Silicon Valley's newest $1 billion startup - CNET
Okta receives a $75 million investment, the latest sign companies are scrambling for cybersecurity software that can prevent them from becoming the next Ashley Madison, Sony or Target.
Hmmmm. Labels: sony hack
|
|
|
Mac Developer: US claim on the world’s servers at a crossroads | Ars Technica
Much of the tech sector, from Amazon and Microsoft to Verizon, oppose the US government's position in the closely watched case. These companies and a slew of others maintain that the enforcement of US law stops at the border.
Take a pint of Guiness while you're there, lad. Labels: security policy
|
|
|
Mac Developer: Malware menaces poison ads as Google, Yahoo! look away • The Register
Online advertising has become an increasingly potent threat to end-user security on the internet. More hackers than ever are targeting the internet's money engine, using it as a powerful attack vector to hide exploits and compromise huge numbers of victims.
Flash, the gift that keeps on giving. Labels: malvertising, security fix, security flaw
|
|
|
Mac Developer: Newly Discovered Android Ransomware Communicates Over XMPP, Poses As NSA | Redmond Pie
Newly Discovered Android Ransomware Communicates Over XMPP, Poses As NSA | Redmond Pie
A new strain of Android ransomware, which disguises itself as a legitimate application, has been discovered to be utilizing the Extensible Messaging and Presence Protocol (XMPP) for instant messaging, to receive commands and to communicate remotely with the server that controls the malicious installation.
Exciting new lifeforms in the petri dish of the future. Labels: security, security flaw
|
|
|
Mac Developer: Malware swipes 225,000 Apple accounts through jailbroken iPhones
Malware swipes 225,000 Apple accounts through jailbroken iPhones: "Researchers have discovered a strain of iOS malware, nicknamed KeyRaider, that has stolen over 225,000 Apple IDs from jailbroken devices. The software takes advantage of Chinese app repositories that let people directly upload and share their own titles. If you happen to download the code, it'll either scoop up your Apple account data (to give rogue users 'free' apps) or hold your phone for ransom."
As they say, you get what you pay for. Labels: security leak
|
|
|
| |
|
