Tighten Pro C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation
Tighten Pro - in the Mac App Store
Tighten Pro is now available in the Mac App Store.
Simply click on the icon to the left to purchase directly from Apple.
Or choose PKCS#7Viewer.app by clicking the image to the right.
|
Mac Developer: OS X source code hints at switch to 'macOS' | Cult of Mac
OS X source code hints at switch to 'macOS' | Cult of MacWe’ve all noticed Apple’s latest operating system nomenclature, with each new release a device-centric OS, like iOS, tvOS, or watchOS.
Why not macOS, then?
A bit of source code in the current stable release of OS X (10.11.4) seems to point to that very thing.
Or perhaps a lowly developer trying to grapple with complexity by choosing simple and obvious names. Labels: mac os x
|
|
|
Mac Developer: To bypass code-signing checks, malware gang steals lots of certificates | Ars Technica
To bypass code-signing checks, malware gang steals lots of certificates | Ars Technica "There are lots of ways to ensure the success of an advanced hacking operation. For a gang called Suckfly, one of the keys is having plenty of stolen code-signing certificates on hand to give its custom malware the appearance of legitimacy.
Since 2014, the group has used no fewer than nine separate signing certificates from nine separate companies to digitally sign its hacking wares, according to a blog post published Tuesday by security firm Symantec.
Probably the only thing worse than "no security" is the illusion of security. Labels: app security, codesigning
|
|
|
Mac Developer: Gov’t accidentally publishes target of Lavabit probe: It’s Snowden | Ars Technica
Gov’t accidentally publishes target of Lavabit probe: It’s Snowden | Ars Technica "In the summer of 2013, secure e-mail service Lavabit was ordered by a federal judge to provide real-time e-mail monitoring of one of its users. Rather than comply with the order, Levison shut down his entire company. He said what the government was seeking would have endangered the privacy of all of his 410,000 users.
Later, he did provide the private key as a lengthy printout in tiny type."
Retype that exponent, buddy. Labels: security policy
|
|
|
Mac Developer: 275 million Android phones imperiled by new code-execution exploit | Ars Technica
275 million Android phones imperiled by new code-execution exploit | Ars Technica "Starting with version 4.1, Android was fortified with an anti-exploitation defense known as address space layout randomization, which loads downloaded code into unpredictable memory regions to make it harder for attackers to execute malicious payloads. The breakthrough of Metaphor is its improved ability to bypass it." Escalation affects us all equally.
Labels: address space randomization
|
|
|
Mac Developer: Former cyber czar says NSA could crack the San Bernadino shooter’s phone | Ars Technica
Former cyber czar says NSA could crack the San Bernadino shooter’s phone | Ars Technica Clarke added that if he was still at the White House, he would have told FBI Director James Comey to "call Ft. Meade, and the NSA would have solved this problem…Every expert I know believes that NSA can crack this phone." But the FBI wasn't seeking that help, he said, because "they just want the precedent."
Is this a comforting thought? You tell me. Labels: security policy
|
|
|
Mac Developer: Justice Department asserts it could demand source code, signing key from Apple
Justice Department asserts it could demand source code, signing key from Apple In the confrontation over the iPhone of San Bernardino shooter Syed Farook, the U.S. Justice Department believes it could potentially demand that Apple hand over iOS source code and a signing key, according to a court filing.
In the future, Lithuania will be the epicenter of secure messaging. Nice and close to Russia. Whereas here in North America, the closest Russia can get to Facebook is owning public shares.
Labels: security policy
|
|
|
Mac Developer: Justice Department considers wiretapping fight with WhatsApp amid Apple-FBI row
Justice Department considers wiretapping fight with WhatsApp amid Apple-FBI row The U.S. government is at odds with yet another Silicon Valley firm thanks to encrypted communications, this time targeting Facebook-owned messaging superpower WhatsApp over federal wiretapping statutes.
All that's going to happen here is that another jurisdiction is going to become leaders in encrypted communications. Dubai or Iceland, for example. Labels: security policy
|
|
|
Mac Developer: Cothority to Apple: Let’s make secret backdoors impossible | Ars Technica
Cothority to Apple: Let’s make secret backdoors impossible | Ars Technica Cothority, a new software project designed to make secret backdoored software updates nearly impossible, is offering to help Apple ensure that any secret court orders to backdoor its software cannot escape public scrutiny.
Currently, when Apple or any software maker issues a software update, they sign the update with their encryption keys. But those keys can be stolen, and a government could coerce the company to sign a backdoored software update for a targeted subset of end users—and do so in secret.
It's like a block chain, only different and same.
Labels: blockchain, security policy
|
|
|
Mac Developer: What is a “lying-dormant cyber pathogen?” San Bernardino DA says it’s made up [Update] | Ars Technica
What is a “lying-dormant cyber pathogen?” San Bernardino DA says it’s made up [Update] | Ars Technica As the chatter on Twitter and elsewhere could attest, security and forensics experts have never heard of this type of threat. Online commenters called it everything from a "magical unicorn" to a make-believe plot that we might see on the broadcast TV show CSI: Cyber.
Proof positive that politicians are simply liars. They don't do so well when the lies rely on cyber-jargon that can't really be spin doctored.
Labels: security policy
|
|
|
Mac Developer: It’s 2016, so why is the world still falling for Office macro malware? | Ars Technica
It’s 2016, so why is the world still falling for Office macro malware? | Ars Technica In the late 1990s, Microsoft Office macros were a favorite vehicle for surreptitiously installing malware on the computers of unsuspecting targets. Microsoft eventually disabled the automated scripts by default, a setting that forced attackers to look for new infection methods. Remotely exploiting security bugs in Internet Explorer, Adobe Flash, and other widely used software soon came into favor.
Sad but true.
Labels: security fix
|
|
|
Mac Developer: San Bernardino shooter's iPhone may hold evidence of 'dormant cyber pathogen,' DA says
San Bernardino shooter's iPhone may hold evidence of 'dormant cyber pathogen,' DA says In an application to file an amicus brief with a California court on Thursday, San Bernardino District Attorney Michael A. Ramos intimates an iPhone used by terror suspect Syed Rizwan Farook, and later seized by law enforcement officials, might contain evidence of a "dormant cyber pathogen" threatening the county's data infrastructure.
Nonsense but as all things American media, highly entertaining. Labels: security, security policy
|
|
|
Mac Developer: New attack steals secret crypto keys from Android and iOS phones | Ars Technica
New attack steals secret crypto keys from Android and iOS phones | Ars Technica The exploit is what cryptographers call a non-invasive side-channel attack. It works against the Elliptic Curve Digital Signature Algorithm, a crypto system that's widely used because it's faster than many other crypto systems. By placing a probe near a mobile device while it performs cryptographic operations, an attacker can measure enough electromagnetic emanations to fully extract the secret key that authenticates the end user's data or financial transactions. The same can be done using an adapter connected to the USB charging cable.
Seems like it would be easier for the FBI to hire these guys to crack the said iPhone! Labels: security flaw, security policy
|
|
|
| |
|