Tighten Pro C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation
Tighten Pro - in the Mac App Store
Tighten Pro is now available in the Mac App Store.
Simply click on the icon to the left to purchase directly from Apple.
Or choose PKCS#7Viewer.app by clicking the image to the right.
|
Mac Developer: Don't panic, says Blue Coat, we're not using CA cert to snoop on you • The Register
Don't panic, says Blue Coat, we're not using CA cert to snoop on you • The Register: "These trusted certs can be used to disguise malicious servers as legit websites; netizens connecting to the systems would think they're using the real deal, but really they're talking to imposters and handing over sensitive information like passwords to strangers."
If it's happening here, it's happening all over the world. Labels: security policy
|
|
|
Mac Developer: Feinstein-Burr's bonkers backdoor crypto law is dead in the water • The Register
Feinstein-Burr's bonkers backdoor crypto law is dead in the water • The Register: "The daft bill was championed by Senators Richard Burr (R‑NC) and Dianne Feinstein (D‑CA) in February following an increasingly rancorous debate over encryption, and at one point it looked likely to make it into law. Just last month, Senator Ron Wyden said he was planning to filibuster it."
Sounds like California needs a Senator that understands California. Labels: security policy
|
|
|
Mac Developer: Armed FBI agents raid home of researcher who found unsecured patient data | Ars Technica
Armed FBI agents raid home of researcher who found unsecured patient data | Ars Technica: "FBI agents, one armed with an assault weapon, reportedly raided the home of a security professional who discovered sensitive data for 22,000 dental patients was available on the Internet, according to a report published Friday."
You are living in an Orwellian police state where the only winners are the corporate overlords. If Eaglesoft's security leaks were to result in the loss of property by private citizens, they would be charged with nothing. Labels: security fail, security policy, security research
|
|
|
Mac Developer: Dedupe, dedupe, dedupe dedupe dedupe... Who snuck in to attack Microsoft Edge? • The Register
Dedupe, dedupe, dedupe dedupe dedupe... Who snuck in to attack Microsoft Edge? • The Register: "To validate the attack technique, the Dutch team put together a proof-of-concept JavaScript-based attack against the new Microsoft Edge browser, configured with in-built security defences enabled.
Rowhammer involves rapidly writing and rewriting memory to force capacitor errors in DRAM that can then be exploited to gain control of the system. The hardware hack was brought to public attention by security researchers at Google Project Zero last year."
Comforting thoughts not so much. Labels: security flaw
|
|
|
Mac Developer: Google to bring official Android support to the Raspberry Pi 3 | Ars Technica
Google to bring official Android support to the Raspberry Pi 3 | Ars Technica: "The Raspberry Pi 3 is not hurting for operating system choices. The tiny ARM computer is supported by several Linux distributions and even has a version of Windows 10 IoT core available. Now, it looks like the Pi is about to get official support for one of the most popular operating systems out there: Android. In Google's Android Open Source Project (AOSP) repository, a new device tree recently popped up for the Raspberry Pi 3."
When I was a kid, the Apple ][ was my dream machine, but I could never afford one, so I bought a Commodore 64 and programmed the Apple at my High School. In the end, the C64 provided a superior education because of the ASICs that handled sound (especially), since audio synthesis has played a role in, well, most of my life. If I had the time, I'd get into the Raspberry Pi. You know, with C and Linux, not with Java or Windows. Sorry, guys. Labels: Apple ][ Forever, Commodore 64
|
|
|
Mac Developer: Government agencies keep sacrificing cash to zombie IT systems, GAO finds | Ars Technica
Government agencies keep sacrificing cash to zombie IT systems, GAO finds | Ars Technica: "Some of the most critical business systems run by US government agencies are older than many of the IT people who support them, written in mainframe assembler code or COBOL. That might not shock or surprise anyone who works in mainframe-centric industries like insurance and finance, where the time-tested reliability of some systems has granted them lives that reach back to the Johnson administration."
The other thing that is absolutely clear from this report is that the only company that understands the needs of its customers is IBM. Continues to manufacture and support the hardware necessary to keep these systems running. Which is what the CUSTOMER needs. Labels: IBM vs. Everyone Else
|
|
|
Mac Developer: Pastejack attack turns your clipboard into a threat • The Register
Pastejack attack turns your clipboard into a threat • The Register: "Dylan Ayrey, who published the exploit at GitHub, explains: “If a user attempts to copy the text with keyboard shortcuts, i.e. ctrl+c or command+c, an 800ms timer gets set that will override the user's clipboard with malicious code”."
One day, JavaScript will go the way of Flash. But first, someone will pay a hefty price. Labels: security flaw
|
|
|
Mac Developer: Apple reportedly working on a rival to Amazon's Echo
Apple reportedly working on a rival to Amazon's Echo: "More interestingly, however, Apple is also apparently working on a smart Bluetooth speaker not unlike Amazon's Echo or Google Home."
I don't find this interesting at all. I guess when Steve Jobs died, so did "Focus is saying no to 1000 good ideas". Labels: amazon vs. google vs. apple
|
|
|
Mac Developer: Google’s closing argument: Android was built from scratch, the fair way | Ars Technica
Google’s closing argument: Android was built from scratch, the fair way | Ars Technica: "SAN FRANCISCO—Google attorney Robert Van Nest made his closing argument to a panel of jurors here today, asking them to clear Android of copyright infringement allegations as a matter of "fairness and fair use.""
They should eliminate all the APIs that look substantially similar to object-oriented system interfaces that preceded Java. That should sober them up a bit. Yawner until it's not. Labels: software engineering, software fail
|
|
|
Mac Developer: Snowden: NBN leaker raids a 'misuse' of Australian Federal Police • The Register
Snowden: NBN leaker raids a 'misuse' of Australian Federal Police • The Register: "The privacy pundit backs his argument by citing the ubiquitous mantra of the pro-surveillance crowd "if you have nothing to hide, you have nothing to fear" attributing the quote to Nazi propaganda minister Joseph Goebbels."
Orwellian future arrives extra early in Australia. Labels: orwell 1984
|
|
|
Mac Developer: Snowden calls for whistleblower shield after claims by new Pentagon source | US news | The Guardian
Snowden calls for whistleblower shield after claims by new Pentagon source | US news | The Guardian: "The account of John Crane, a former senior Pentagon investigator, appears to undermine Barack Obama, Hillary Clinton and other major establishment figures who argue that there were established routes for Snowden other than leaking to the media."
Hard to believe that just after WWII, the world used to look to the US for idealism and freedom. Labels: security policy
|
|
|
Mac Developer: After a year of using NodeJS in production - elCurator
After a year of using NodeJS in production - elCurator: "All this to say that it feels like the Node ecosystem is constantly moving. Not in a good way. New tools that 'trump' old tools seem to come out daily. Theres always a new shiny thing to replace the other. You'll be surprised on how easily this happens to you and the community seems to encourage it. You use Grunt!? Everyone uses Gulp!? Wait no, use native NPM scripts!"
Here's an awesome article about the hype bullsh*t that is Node. Hopefully it will die during the unicorn culling. Labels: javascript is not a programming tool, sad node
|
|
|
Mac Developer: PolyHook - The C++11 x86/x64 Hooking Library - CodeProject
PolyHook - The C++11 x86/x64 Hooking Library - CodeProject: "To me there was only one real solution, write my own library, on my own terms, with the goal of being the smallest, cleanest, easiest hooking library in existance! "
Nice! My thoughts exactly. Labels: sample code
|
|
|
Mac Developer: Previewing Apple's WWDC 2016: Big news for iOS 10, iPhone 7, new iPad Pro
Previewing Apple's WWDC 2016: Big news for iOS 10, iPhone 7, new iPad Pro: "A few are obvious, such as continuing work on Xcode, the company's development tool for building iOS software, and Swift, Apple's new development language that's taken off and gained enthusiastic adoption despite its fledgeling newness. "
Looking forward to seeing what mission critical features are gutted from Xcode Mac Development to make way for script kiddies making crapware for the iPhone. Labels: wwdc
|
|
|
Mac Developer: Google plans to start blocking Flash in Chrome this year | The Verge
Google plans to start blocking Flash in Chrome this year | The Verge: "Flash's death has been slow and painful, and now Google is planning to deal it another blow. Google has detailed plans to start blocking most Flash content with Chrome, with the change targeted toward the end of this year."
We wanted to let you know that we have identified the source of almost every zero-day exploit and we are, like, totally on top of that. It'll be handled in approximately twelve months, or, in layman's terms, after all your PCs have been conscripted into a server farm for the Russian mafia. Labels: security flaw
|
|
|
Mac Developer: Top programmer describes Android’s nuts and bolts in Oracle v. Google | Ars Technica
Top programmer describes Android’s nuts and bolts in Oracle v. Google | Ars Technica: "Shortly after he took the stand, Google lawyer Christa Anderson asked Bornstein to show an example of just what was meant by 'declaring code,' the type of code that's at issue in this trial. (EFF's Parker Higgins, who is observing the trial, later drew up a copy of Bornstein's completed sketch.)"
Does this mean Apple should sue Oracle for basing Java on NextSTEP?
Java Was Strongly Influenced by Objective-C As it turns out, Sean and Tom are both absolutely correct. Usually, this
kind of urban legend stuff turns out to be completely inaccurate, but in
this case, they are right on. When I left Sun to go to NeXT, I thought
Objective-C was the coolest thing since sliced bread, and I hated C++.
So, naturally when I stayed to start the (eventually) Java project, Obj-C
had a big influence. James Gosling, being much older than I was, he had
lots of experience with SmallTalk and Simula68, which we also borrowed
from liberally.
|
|
|
Mac Developer: Report: Apple is approving apps more quickly to increase Services revenue - Ars Technica
Report: Apple is approving apps more quickly to increase Services revenue - Ars Technica: "Developers who want to sell applications in any of Apple's App Stores first need to submit their software to Apple for review, a process in which actual humans examine apps to ensure they comply with Apple's guidelines. One of the problems with this method is that it takes time for apps to move through the opaque review process, meaning users can potentially be stuck with bugs for a few days if something goes wrong with an update, even if the developer submits a new build to Apple as soon as the bug is discovered."
No chance this will increase chances a malicious app is approved. Labels: security policy
|
|
|
Mac Developer: Microsoft's Windows 10 nagware storms live TV weather forecast • The Register
Microsoft's Windows 10 nagware storms live TV weather forecast • The Register: "Microsoft's relentless Windows 10 nagware has interrupted a live TV weather forecast, urging meteorologist Metinka Slater to upgrade."
As bad ideas proliferate, it's just a matter of time before OS X "notifications" provide similar servitude to their users. I disabled mine by removing the system framework responsible for notifications, but in 10.11, that won't even be possible. Labels: software fail
|
|
|
Mac Developer: 94% of App Store revenue goes to just 1% of publishers
94% of App Store revenue goes to just 1% of publishers: "You’ve probably heard it’s hard to make money in the App Store, but not for a small few. Last quarter, a staggering 94 percent of App Store revenue generated in the U.S. went to just the top 1 percent of app publishers, according to new data."
Should be no surprise it's just like the economics of Wall Street, the world's overlords. Labels: app store
|
|
|
Mac Developer: DARPA wants god-mode attribution platform to pin and predict crime • The Register
DARPA wants god-mode attribution platform to pin and predict crime • The Register: "'Malicious actors in cyberspace currently operate with little fear of being caught due to the fact that it is extremely difficult, in some cases perhaps even impossible, to reliably and confidently attribute actions in cyberspace to individual,' Keromytis says."
I have a keen sense of the obvious. Labels: security flaw
|
|
|
Mac Developer: Critical Qualcomm security bug leaves many phones open to attack | Ars Technica
Critical Qualcomm security bug leaves many phones open to attack | Ars Technica: "The flaw, which is most severe in Android versions 4.3 and earlier, allows low-privileged apps to access sensitive data that's supposed to be off-limits, according to a blog post published by security firm FireEye. But instead, the data is available by invoking permissions that are already requested by millions of apps available in Google Play. Company researchers said the vulnerability can also be exploited by adversaries who gain physical access to an unlocked handset. Indexed as CVE-2016-2060, the bug was first introduced when mobile chipmaker Qualcomm released a set of programming interfaces for a system service known as the 'network_manager' and later the 'netd' daemon."
On a day when it sucks to be an Android user. Labels: android vs. ios
|
|
|
Mac Developer: Huge number of sites imperiled by critical image-processing vulnerability [Updated] | Ars Technica
Huge number of sites imperiled by critical image-processing vulnerability [Updated] | Ars Technica: "The vulnerability resides in ImageMagick, a widely used image-processing library that's supported by PHP, Ruby, NodeJS, Python, and about a dozen other languages. Many social media and blogging sites, as well as a large number of content management systems, directly or indirectly rely on ImageMagick-based processing so they can resize images uploaded by end users." Say hello to your SKYNET start button. Labels: security flaw
|
|
|
Mac Developer: Craig Wright loudly claims “I am Satoshi Nakamoto,” but few believe his “proof” | Ars Technica
Craig Wright loudly claims “I am Satoshi Nakamoto,” but few believe his “proof” | Ars Technica Part of that time was spent on a careful cryptographic verification of messages signed with keys that only Satoshi should possess. But even before I witnessed the keys signed and then verified on a clean computer that could not have been tampered with, I was reasonably certain I was sitting next to the Father of Bitcoin.
Now watch as the governments and bankers take all his bitcoin. Because the ultimate security hack is writing legislation that appropriates your property. It's legal and legislation are two sides of one coin. If the coin says "In God We Trust" you should not be surprised, "The Lord giveth, the Lord taketh away." Labels: security policy
|
|
|
Mac Developer: Rule 41 would make it easier for the government to carry out hacks | Ars Technica
Rule 41 would make it easier for the government to carry out hacks | Ars TechnicaPrivacy activists and at least one senator are up in arms over a proposed change to a section of the Federal Rule of Criminal Procedure that would allow any magistrate judge to issue warrants authorizing government-sanctioned hacking anywhere in the country. Which begs the question, "Who is the government?" It's a word used to describe a thing which is not a thing at all but an amalgamation of things.
Labels: security policy
|
|
|
| |
|