|
|
Tighten Pro C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation
Tighten Pro - in the Mac App Store
Tighten Pro is now available in the Mac App Store.
Simply click on the icon to the left to purchase directly from Apple.
Or choose PKCS#7Viewer.app by clicking the image to the right.
|
Mac Developer: Unpatched browser weaknesses can be exploited to track millions of Web users | Ars Technica
Unpatched browser weaknesses can be exploited to track millions of Web users | Ars Technica Over the weekend, a researcher demonstrated two unpatched weaknesses that Web masters can exploit to track millions of people who visit their sites. Taken together, the attacks allow websites to compile a list of previously visited domains, even when users have flushed their browsing history, and to tag visitors with a tracking cookie that will persist even after users have deleted all normal cookies.
Meanwhile back in reality, what even normal techies can do, forget about what the capabilities of the NSA might be...
Labels: security flaw
|
|
|
Mac Developer: European Parliament votes to shield Snowden from extradition to US | Ars Technica
European Parliament votes to shield Snowden from extradition to US | Ars Technica By a vote of 285 to 281, the European Parliament passed a nonbinding resolution today calling on member states to "drop any criminal charges against Edward Snowden, grant him protection, and consequently prevent extradition or rendition by third parties." The move is a "recognition of his status as whistle-blower and international human rights defender."
A narrow margin of four.
Labels: security policy
|
|
|
Mac Developer: Unpatched browser weaknesses can be exploited to track millions of Web users | Ars Technica
Unpatched browser weaknesses can be exploited to track millions of Web users | Ars Technica Over the past decade, there's been a privacy arms race between unscrupulous website operators and browser makers. The former wield an ever-changing lineup of so-called zombie cookies that can't be easily deleted and attacks that sniff thousands of previously visited sites, while browser makers aim to prevent such privacy invasions by closing the design weaknesses that make them possible. Almost as soon as one hole is closed, hackers find a new one.
And of course, the writers of typical desktop software are made to suffer for the ill-behaved at the hand of partially tested security features that don't stop real hackers. Labels: security, security fix
|
|
|
Mac Developer: Apple blocks old, unsafe Adobe Flash plug-in versions in OS X Safari
Apple blocks old, unsafe Adobe Flash plug-in versions in OS X Safari Following the discovery — and subsequent fix — of yet another critical Adobe Flash vulnerability last week, Apple activated its Web plug-in blocking capability for OS X Safari to protect Mac users from what Adobe describes as "limited, targeted attacks."
Hmmmm.
Labels: security flaw
|
|
|
Mac Developer: How the NSA can break trillions of encrypted Web and VPN connections | Ars Technica
How the NSA can break trillions of encrypted Web and VPN connections | Ars Technica "Breaking a single, common 1024-bit prime would allow NSA to passively decrypt connections to two-thirds of VPNs and a quarter of all SSH servers globally. Breaking a second 1024-bit prime would allow passive eavesdropping on connections to nearly 20% of the top million HTTPS websites. In other words, a one-time investment in massive computation would make it possible to eavesdrop on trillions of encrypted connections."
Ah, it's so difficult to get software to work exactly as you intended it. Pay no attention to the man behind the curtain...
Labels: security flaw
|
|
|
Mac Developer: Judge looks to jumpstart public encryption debate with Apple iPhone unlocking case
Judge looks to jumpstart public encryption debate with Apple iPhone unlocking case Orenstein's ruling came a day after the public learned the Obama administration won't pursue regulations mandating backdoors in encrypted communications. Instead, however, the administration is continuing to pressure corporations on the matter, and talks have allegedly become "increasingly productive."
It would seem citizens with a clear conscience have nothing to worry about. Labels: security policy
|
|
|
Mac Developer: Apple removes several apps that could spy on encrypted traffic | Ars Technica
Apple removes several apps that could spy on encrypted traffic | Ars Technica Remember Superfish?
LENOVO PCS SHIP WITH MAN-IN-THE-MIDDLE ADWARE THAT BREAKS HTTPS CONNECTIONS [UPDATED]
Superfish may make it trivial for attackers to spoof any HTTPS website.
In any event, third-party root certificates installed on any device—whether it's a computer or phone—can have an extremely powerful effect on security and privacy. A case in point is Lenovo's former practice of selling computers that were preloaded with a self-signed root HTTPS certificate that intercepted and decrypted encrypted traffic for every website a user visited. When users visited an HTTPS-protected site, the adware known as Superfish used the self-signed certificate to encrypt the traffic and bypass the trusted key provided by the visited site.
Remember SUPERFISH? No, I don't remember it.
Labels: security flaw, security policy, security tools mac
|
|
|
Mac Developer: Drop-dead simple exploit completely bypasses Mac’s malware Gatekeeper | Ars Technica
Drop-dead simple exploit completely bypasses Mac’s malware Gatekeeper | Ars Technica Since its introduction in 2012, an OS X feature known as Gatekeeper has gone a long way to protecting the Macs of security novices and experts alike. Not only does it help neutralize social engineering attacks that trick less experienced users into installing trojans, code-signing requirements ensure even seasoned users that an installer app hasn't been maliciously modified as it was downloaded over an unencrypted connection.
Extra hoops for legitimate developers that apparently do not retard the activities of elite hackers.
Labels: secure coding mac, security policy
|
|
|
| |
|
|
|
|
|