Links...
 
Tighten Pro
C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation

Tighten Pro - in the Mac App Store

Tighten Pro is now available in the Mac App Store. Simply click on the icon to the left to purchase directly from Apple. Or choose PKCS#7Viewer.app by clicking the image to the right.

5.29.2016
Mac Developer: Don't panic, says Blue Coat, we're not using CA cert to snoop on you • The Register

Don't panic, says Blue Coat, we're not using CA cert to snoop on you • The Register: "These trusted certs can be used to disguise malicious servers as legit websites; netizens connecting to the systems would think they're using the real deal, but really they're talking to imposters and handing over sensitive information like passwords to strangers."

If it's happening here, it's happening all over the world.

Labels:

By : Tighten Don't panic, says Blue Coat, we're not using CA cert to snoop on you • The Register 0 comments

 
Mac Developer: Feinstein-Burr's bonkers backdoor crypto law is dead in the water • The Register

Feinstein-Burr's bonkers backdoor crypto law is dead in the water • The Register: "The daft bill was championed by Senators Richard Burr (R‑NC) and Dianne Feinstein (D‑CA) in February following an increasingly rancorous debate over encryption, and at one point it looked likely to make it into law. Just last month, Senator Ron Wyden said he was planning to filibuster it."

Sounds like California needs a Senator that understands California.

Labels:

By : Tighten Feinstein-Burr's bonkers backdoor crypto law is dead in the water • The Register 0 comments

 
5.28.2016
Mac Developer: Armed FBI agents raid home of researcher who found unsecured patient data | Ars Technica

Armed FBI agents raid home of researcher who found unsecured patient data | Ars Technica: "FBI agents, one armed with an assault weapon, reportedly raided the home of a security professional who discovered sensitive data for 22,000 dental patients was available on the Internet, according to a report published Friday."

You are living in an Orwellian police state where the only winners are the corporate overlords. If Eaglesoft's security leaks were to result in the loss of property by private citizens, they would be charged with nothing.

Labels: , ,

By : Tighten Armed FBI agents raid home of researcher who found unsecured patient data | Ars Technica 0 comments

 
Mac Developer: Dedupe, dedupe, dedupe dedupe dedupe... Who snuck in to attack Microsoft Edge? • The Register

Dedupe, dedupe, dedupe dedupe dedupe... Who snuck in to attack Microsoft Edge? • The Register: "To validate the attack technique, the Dutch team put together a proof-of-concept JavaScript-based attack against the new Microsoft Edge browser, configured with in-built security defences enabled.

Rowhammer involves rapidly writing and rewriting memory to force capacitor errors in DRAM that can then be exploited to gain control of the system. The hardware hack was brought to public attention by security researchers at Google Project Zero last year."

Comforting thoughts not so much.

Labels:

By : Tighten Dedupe, dedupe, dedupe dedupe dedupe... Who snuck in to attack Microsoft Edge? • The Register 0 comments

 
5.26.2016
Mac Developer: Quiet cryptologist Bill Duane's war with Beijing's best • The Register

Quiet cryptologist Bill Duane's war with Beijing's best • The Register: ""I have never worked so hard, under so much stress, and with so much at risk," Duane told the AusCERT security conference on the Gold Coast."

Considering his credentials, this is easily one of the most disconcerting security articles published in recent memory.

Labels: ,

By : Tighten Quiet cryptologist Bill Duane's war with Beijing's best • The Register 0 comments

 
Mac Developer: Google to bring official Android support to the Raspberry Pi 3 | Ars Technica

Google to bring official Android support to the Raspberry Pi 3 | Ars Technica: "The Raspberry Pi 3 is not hurting for operating system choices. The tiny ARM computer is supported by several Linux distributions and even has a version of Windows 10 IoT core available. Now, it looks like the Pi is about to get official support for one of the most popular operating systems out there: Android. In Google's Android Open Source Project (AOSP) repository, a new device tree recently popped up for the Raspberry Pi 3."

When I was a kid, the Apple ][ was my dream machine, but I could never afford one, so I bought a Commodore 64 and programmed the Apple at my High School. In the end, the C64 provided a superior education because of the ASICs that handled sound (especially), since audio synthesis has played a role in, well, most of my life. If I had the time, I'd get into the Raspberry Pi. You know, with C and Linux, not with Java or Windows. Sorry, guys.

Labels: ,

By : Tighten Google to bring official Android support to the Raspberry Pi 3 | Ars Technica 0 comments

 
Mac Developer: Government agencies keep sacrificing cash to zombie IT systems, GAO finds | Ars Technica

Government agencies keep sacrificing cash to zombie IT systems, GAO finds | Ars Technica: "Some of the most critical business systems run by US government agencies are older than many of the IT people who support them, written in mainframe assembler code or COBOL. That might not shock or surprise anyone who works in mainframe-centric industries like insurance and finance, where the time-tested reliability of some systems has granted them lives that reach back to the Johnson administration."

The other thing that is absolutely clear from this report is that the only company that understands the needs of its customers is IBM. Continues to manufacture and support the hardware necessary to keep these systems running. Which is what the CUSTOMER needs.

Labels:

By : Tighten Government agencies keep sacrificing cash to zombie IT systems, GAO finds | Ars Technica 0 comments

 
5.25.2016
Mac Developer: Pastejack attack turns your clipboard into a threat • The Register

Pastejack attack turns your clipboard into a threat • The Register: "Dylan Ayrey, who published the exploit at GitHub, explains: “If a user attempts to copy the text with keyboard shortcuts, i.e. ctrl+c or command+c, an 800ms timer gets set that will override the user's clipboard with malicious code”."

One day, JavaScript will go the way of Flash. But first, someone will pay a hefty price.

Labels:

By : Tighten Pastejack attack turns your clipboard into a threat • The Register 0 comments

 
5.24.2016
Mac Developer: Apple reportedly working on a rival to Amazon's Echo

Apple reportedly working on a rival to Amazon's Echo: "More interestingly, however, Apple is also apparently working on a smart Bluetooth speaker not unlike Amazon's Echo or Google Home."

I don't find this interesting at all. I guess when Steve Jobs died, so did "Focus is saying no to 1000 good ideas".

Labels:

By : Tighten Apple reportedly working on a rival to Amazon's Echo 0 comments

 
Mac Developer: Google’s closing argument: Android was built from scratch, the fair way | Ars Technica

Google’s closing argument: Android was built from scratch, the fair way | Ars Technica: "SAN FRANCISCO—Google attorney Robert Van Nest made his closing argument to a panel of jurors here today, asking them to clear Android of copyright infringement allegations as a matter of "fairness and fair use.""

They should eliminate all the APIs that look substantially similar to object-oriented system interfaces that preceded Java. That should sober them up a bit. Yawner until it's not.

Labels: ,

By : Tighten Google’s closing argument: Android was built from scratch, the fair way | Ars Technica 0 comments

 
Mac Developer: Apple brings back crypto whiz Jon Callas as encryption battles heat up

Apple brings back crypto whiz Jon Callas as encryption battles heat up: "Callas is known to support this view, but has proposed a compromise in which agencies can exploit zero-day vulnerabilities so long as they're later disclosed for fixing."

The cat came back, the very next day...

Labels: ,

By : Tighten Apple brings back crypto whiz Jon Callas as encryption battles heat up 0 comments

 
Mac Developer: Snowden: NBN leaker raids a 'misuse' of Australian Federal Police • The Register

Snowden: NBN leaker raids a 'misuse' of Australian Federal Police • The Register: "The privacy pundit backs his argument by citing the ubiquitous mantra of the pro-surveillance crowd "if you have nothing to hide, you have nothing to fear" attributing the quote to Nazi propaganda minister Joseph Goebbels."

Orwellian future arrives extra early in Australia.

Labels:

By : Tighten Snowden: NBN leaker raids a 'misuse' of Australian Federal Police • The Register 0 comments

 
5.23.2016
Mac Developer: Snowden calls for whistleblower shield after claims by new Pentagon source | US news | The Guardian

Snowden calls for whistleblower shield after claims by new Pentagon source | US news | The Guardian: "The account of John Crane, a former senior Pentagon investigator, appears to undermine Barack Obama, Hillary Clinton and other major establishment figures who argue that there were established routes for Snowden other than leaking to the media."

Hard to believe that just after WWII, the world used to look to the US for idealism and freedom.

Labels:

By : Tighten Snowden calls for whistleblower shield after claims by new Pentagon source | US news | The Guardian 0 comments

 
5.20.2016
Mac Developer: After a year of using NodeJS in production - elCurator

After a year of using NodeJS in production - elCurator: "All this to say that it feels like the Node ecosystem is constantly moving. Not in a good way. New tools that 'trump' old tools seem to come out daily. Theres always a new shiny thing to replace the other. You'll be surprised on how easily this happens to you and the community seems to encourage it. You use Grunt!? Everyone uses Gulp!? Wait no, use native NPM scripts!"

Here's an awesome article about the hype bullsh*t that is Node. Hopefully it will die during the unicorn culling.

Labels: ,

By : Tighten After a year of using NodeJS in production - elCurator 0 comments

 
5.19.2016
Mac Developer: Senators put forward new bill to halt expansion of gov’t hacking powers | Ars Technica

Senators put forward new bill to halt expansion of gov’t hacking powers | Ars Technica: "Sen. Ron Wyden (D-Ore.) and other like-minded senators have come out forcefully against the pending change to federal judicial rules that would expand judges’ ability to authorize remote access hacking of criminal suspects’ devices."

You no hacky me devices.

Labels:

By : Tighten Senators put forward new bill to halt expansion of gov’t hacking powers | Ars Technica 0 comments

 
5.17.2016
Mac Developer: PolyHook - The C++11 x86/x64 Hooking Library - CodeProject

PolyHook - The C++11 x86/x64 Hooking Library - CodeProject: "To me there was only one real solution, write my own library, on my own terms, with the goal of being the smallest, cleanest, easiest hooking library in existance! "

Nice! My thoughts exactly.

Labels:

By : Tighten PolyHook - The C++11 x86/x64 Hooking Library - CodeProject 0 comments

 
Mac Developer: Previewing Apple's WWDC 2016: Big news for iOS 10, iPhone 7, new iPad Pro

Previewing Apple's WWDC 2016: Big news for iOS 10, iPhone 7, new iPad Pro: "A few are obvious, such as continuing work on Xcode, the company's development tool for building iOS software, and Swift, Apple's new development language that's taken off and gained enthusiastic adoption despite its fledgeling newness. "

Looking forward to seeing what mission critical features are gutted from Xcode Mac Development to make way for script kiddies making crapware for the iPhone.

Labels:

By : Tighten Previewing Apple's WWDC 2016: Big news for iOS 10, iPhone 7, new iPad Pro 0 comments

 
5.16.2016
Mac Developer: Google plans to start blocking Flash in Chrome this year | The Verge

Google plans to start blocking Flash in Chrome this year | The Verge: "Flash's death has been slow and painful, and now Google is planning to deal it another blow. Google has detailed plans to start blocking most Flash content with Chrome, with the change targeted toward the end of this year."

We wanted to let you know that we have identified the source of almost every zero-day exploit and we are, like, totally on top of that. It'll be handled in approximately twelve months, or, in layman's terms, after all your PCs have been conscripted into a server farm for the Russian mafia.

Labels:

By : Tighten Google plans to start blocking Flash in Chrome this year | The Verge 0 comments

 
5.14.2016
Mac Developer: Top programmer describes Android’s nuts and bolts in Oracle v. Google | Ars Technica

Top programmer describes Android’s nuts and bolts in Oracle v. Google | Ars Technica: "Shortly after he took the stand, Google lawyer Christa Anderson asked Bornstein to show an example of just what was meant by 'declaring code,' the type of code that's at issue in this trial. (EFF's Parker Higgins, who is observing the trial, later drew up a copy of Bornstein's completed sketch.)"

Does this mean Apple should sue Oracle for basing Java on NextSTEP?
Java Was Strongly Influenced by Objective-C
As it turns out, Sean and Tom are both absolutely correct. Usually, this kind of urban legend stuff turns out to be completely inaccurate, but in this case, they are right on. When I left Sun to go to NeXT, I thought Objective-C was the coolest thing since sliced bread, and I hated C++. So, naturally when I stayed to start the (eventually) Java project, Obj-C had a big influence. James Gosling, being much older than I was, he had lots of experience with SmallTalk and Simula68, which we also borrowed from liberally.

By : Tighten Top programmer describes Android’s nuts and bolts in Oracle v. Google | Ars Technica 0 comments

 
5.12.2016
Mac Developer: Darktrace appoints a former CIA official to its board - Business Insider

Darktrace appoints a former CIA official to its board - Business Insider: "British cybersecurity startup Darktrace has appointed former Central Intelligence Agency (CIA) official Alan Wade to its advisory board."

Just when we learned the government is creepy, the creepy is privatized.

Labels: ,

By : Tighten Darktrace appoints a former CIA official to its board - Business Insider 0 comments

 
Mac Developer: Report: Apple is approving apps more quickly to increase Services revenue - Ars Technica

Report: Apple is approving apps more quickly to increase Services revenue - Ars Technica: "Developers who want to sell applications in any of Apple's App Stores first need to submit their software to Apple for review, a process in which actual humans examine apps to ensure they comply with Apple's guidelines. One of the problems with this method is that it takes time for apps to move through the opaque review process, meaning users can potentially be stuck with bugs for a few days if something goes wrong with an update, even if the developer submits a new build to Apple as soon as the bug is discovered."

No chance this will increase chances a malicious app is approved.

Labels:

By : Tighten Report: Apple is approving apps more quickly to increase Services revenue - Ars Technica 0 comments

 
Mac Developer: Adobe...sigh...issues critical patch...sigh...for Flash Player zero day • The Register

Adobe...sigh...issues critical patch...sigh...for Flash Player zero day • The Register: "Adobe has pushed out a patch for 25 vulnerabilities in Flash Player, including one that is already being targeted in the wild.

The latest fix for the internet's screen door includes a remedy for CVE-2016-4117, the remote code execution flaw that is already being exploited by criminals serving up malware-laden advertisements."

The gift that keeps on giving.

Labels: ,

By : Tighten Adobe...sigh...issues critical patch...sigh...for Flash Player zero day • The Register 0 comments

 
5.11.2016
Mac Developer: Microsoft's Windows 10 nagware storms live TV weather forecast • The Register

Microsoft's Windows 10 nagware storms live TV weather forecast • The Register: "Microsoft's relentless Windows 10 nagware has interrupted a live TV weather forecast, urging meteorologist Metinka Slater to upgrade."

As bad ideas proliferate, it's just a matter of time before OS X "notifications" provide similar servitude to their users. I disabled mine by removing the system framework responsible for notifications, but in 10.11, that won't even be possible.

Labels:

By : Tighten Microsoft's Windows 10 nagware storms live TV weather forecast • The Register 0 comments

 
Mac Developer: Court refuses request to force alleged hacker to divulge passwords | Technology | The Guardian

Court refuses request to force alleged hacker to divulge passwords | Technology | The Guardian: "An alleged hacker fighting extradition to the US will not have to give the passwords for his encrypted computers to British law enforcement officers, following a landmark legal ruling."

We'll have a much better idea if it was you or not after our illegal search and seizure bears fruit.

Labels:

By : Tighten Court refuses request to force alleged hacker to divulge passwords | Technology | The Guardian 0 comments

 
Mac Developer: Sun’s Jonathan Schwartz at trial: Java was free, Android had no licensing problem | Ars Technica

Sun’s Jonathan Schwartz at trial: Java was free, Android had no licensing problem | Ars Technica: "'You know, there’s a lot of stuff on Google I don’t control,' said Schwartz. 'It’s a pretty big Internet.'"

Lawyers aren't used to dealing with witnesses who understand logical thinking. They like patsies. But most of all, they like billable hours and there are plenty here.

Labels:

By : Tighten Sun’s Jonathan Schwartz at trial: Java was free, Android had no licensing problem | Ars Technica 0 comments

 
Mac Developer: 94% of App Store revenue goes to just 1% of publishers

94% of App Store revenue goes to just 1% of publishers: "You’ve probably heard it’s hard to make money in the App Store, but not for a small few. Last quarter, a staggering 94 percent of App Store revenue generated in the U.S. went to just the top 1 percent of app publishers, according to new data."

Should be no surprise it's just like the economics of Wall Street, the world's overlords.

Labels:

By : Tighten 94% of App Store revenue goes to just 1% of publishers 0 comments

 
5.10.2016
Mac Developer: Second Oracle v. Google trial could lead to huge headaches for developers | Ars Technica

Second Oracle v. Google trial could lead to huge headaches for developers | Ars Technica: "In the EFF's view, the Federal Circuit decision was wrong and conflicts with existing 9th Circuit cases, like Sega v. Accolade (1992) and Sony v. Connectix (2000), which allow for interoperability between systems, whether a copyright owner likes it or not."

Cry, cheer, or neither?

Labels:

By : Tighten Second Oracle v. Google trial could lead to huge headaches for developers | Ars Technica 0 comments

 
5.09.2016
Mac Developer: DARPA wants god-mode attribution platform to pin and predict crime • The Register

DARPA wants god-mode attribution platform to pin and predict crime • The Register: "'Malicious actors in cyberspace currently operate with little fear of being caught due to the fact that it is extremely difficult, in some cases perhaps even impossible, to reliably and confidently attribute actions in cyberspace to individual,' Keromytis says."

I have a keen sense of the obvious.

Labels:

By : Tighten DARPA wants god-mode attribution platform to pin and predict crime • The Register 0 comments

 
5.05.2016
Mac Developer: Critical Qualcomm security bug leaves many phones open to attack | Ars Technica

Critical Qualcomm security bug leaves many phones open to attack | Ars Technica: "The flaw, which is most severe in Android versions 4.3 and earlier, allows low-privileged apps to access sensitive data that's supposed to be off-limits, according to a blog post published by security firm FireEye. But instead, the data is available by invoking permissions that are already requested by millions of apps available in Google Play. Company researchers said the vulnerability can also be exploited by adversaries who gain physical access to an unlocked handset. Indexed as CVE-2016-2060, the bug was first introduced when mobile chipmaker Qualcomm released a set of programming interfaces for a system service known as the 'network_manager' and later the 'netd' daemon."

On a day when it sucks to be an Android user.

Labels:

By : Tighten Critical Qualcomm security bug leaves many phones open to attack | Ars Technica 0 comments

 
5.04.2016
Mac Developer: Huge number of sites imperiled by critical image-processing vulnerability [Updated] | Ars Technica

Huge number of sites imperiled by critical image-processing vulnerability [Updated] | Ars Technica: "The vulnerability resides in ImageMagick, a widely used image-processing library that's supported by PHP, Ruby, NodeJS, Python, and about a dozen other languages. Many social media and blogging sites, as well as a large number of content management systems, directly or indirectly rely on ImageMagick-based processing so they can resize images uploaded by end users."
Say hello to your SKYNET start button.

Labels:

By : Tighten Huge number of sites imperiled by critical image-processing vulnerability [Updated] | Ars Technica 0 comments

 
Mac Developer: Feds Have Found ‘Unbelievable’ Amounts of Child Porn on National Security Computers. Is This the Solution? - Nextgov.com

Feds Have Found ‘Unbelievable’ Amounts of Child Porn on National Security Computers. Is This the Solution? - Nextgov.com: "About 80 percent of the National Security Agency workforce has retired since Sept. 11, 2001, says Kemp Ensor, NSA director of security. When the millennial and Gen Y staff that now populate the spy agency get home, they go online."
Your tax dollars hard at work.

Labels: ,

By : Tighten Feds Have Found ‘Unbelievable’ Amounts of Child Porn on National Security Computers. Is This the Solution? - Nextgov.com 0 comments

 
5.03.2016
Mac Developer: Craig Wright loudly claims “I am Satoshi Nakamoto,” but few believe his “proof” | Ars Technica

Craig Wright loudly claims “I am Satoshi Nakamoto,” but few believe his “proof” | Ars Technica Part of that time was spent on a careful cryptographic verification of messages signed with keys that only Satoshi should possess. But even before I witnessed the keys signed and then verified on a clean computer that could not have been tampered with, I was reasonably certain I was sitting next to the Father of Bitcoin.
Now watch as the governments and bankers take all his bitcoin. Because the ultimate security hack is writing legislation that appropriates your property. It's legal and legislation are two sides of one coin. If the coin says "In God We Trust" you should not be surprised, "The Lord giveth, the Lord taketh away."

Labels:

By : Tighten Craig Wright loudly claims “I am Satoshi Nakamoto,” but few believe his “proof” | Ars Technica 0 comments

 
5.02.2016
Mac Developer: Judge rules in favor of “likely guilty” murder suspect found via stingray | Ars Technica

Judge rules in favor of “likely guilty” murder suspect found via stingray | Ars Technica: "A Baltimore judge has tossed crucial evidence obtained via a stingray in a murder case—the trial was set to begin this week."
One small step for a future free of thought-crimes.

Labels: ,

By : Tighten Judge rules in favor of “likely guilty” murder suspect found via stingray | Ars Technica 0 comments

 
5.01.2016
Mac Developer: Rule 41 would make it easier for the government to carry out hacks | Ars Technica

Rule 41 would make it easier for the government to carry out hacks | Ars TechnicaPrivacy activists and at least one senator are up in arms over a proposed change to a section of the Federal Rule of Criminal Procedure that would allow any magistrate judge to issue warrants authorizing government-sanctioned hacking anywhere in the country.
Which begs the question, "Who is the government?" It's a word used to describe a thing which is not a thing at all but an amalgamation of things.

Labels:

By : Tighten Rule 41 would make it easier for the government to carry out hacks | Ars Technica 0 comments

 

 

 
 
 

 Tighten    
 Generate    
 Secure    
 Inspect    
 Quarantino    
 QTZ    
 Downloads    
 Support    
 Documentation    
 Tighten App.app    
 Tighten Pro.app    
 PKCS#7Viewer.app    
 Quarzenegger.app    
 About    
 Hire    
 Contact    
 Blogger    
 FaceBook    
 iTunes Direct Link    
 Hollywood CA    
 spctl --assess -vvv    
 spctl --master-enable    
 spctl --master-disable    
 Mac App Store Receipt Validation    
 Apple Code Signing Certificates    
 Gatekeeper Developer ID Apple    
 Xcode codesign tutorial    
 [Site Map]    
 


Copyright © 2005-2020
All Rights Reserved
Tighten Pro