|
|
Tighten Pro C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation
Tighten Pro - in the Mac App Store
Tighten Pro is now available in the Mac App Store.
Simply click on the icon to the left to purchase directly from Apple.
Or choose PKCS#7Viewer.app by clicking the image to the right.
|
Mac Developer: Angler's obituary: Super exploit kit was the work of Russia's Lurk group • The Register
Angler's obituary: Super exploit kit was the work of Russia's Lurk group • The Register: "The group counts the discovery of the Equation Group, an entity strongly suspected of being part of the NSA's offensive tailored access operations wing, as one of its most high profile recent collarings. It also helped reveal the ultra sophisticated Flame malware and offered early analysis of the Stuxnet worm."
Weird how the "bad guys" are actually the good guys. I mean Russians, of course. Labels: security fix
|
|
|
Mac Developer: Meet USBee, the malware that uses USB drives to covertly jump airgaps | Ars Technica
Meet USBee, the malware that uses USB drives to covertly jump airgaps | Ars Technica: ""We introduce a software-only method for short-range data exfiltration using electromagnetic emissions from a USB dongle," researchers from Israel's Ben-Gurion University wrote in a research paper published Monday. "Unlike other methods, our method doesn't require any [radio frequency] transmitting hardware since it uses the USB's internal data bus.""
SKYNET is dead, long live SKYNET. Labels: security exploit
|
|
|
Mac Developer: Apple briefly allows, pulls jailbreak app on iOS App Store
Apple briefly allows, pulls jailbreak app on iOS App Store: "The "PG Client" app billed itself as a better client for the service that allows graphic artists to share works. However, when opened, the app was a Chinese version of the Pangu jailbreak tool.
The app was made available by the developer on Sunday at some point. By 3:30 p.m. Eastern, Apple had disabled the download, and by 4:00 p.m. had stricken the webpage for the app leading to the App Store download as well."
Those incorrigible jailbreakers! Labels: security leak, security policy
|
|
|
Mac Developer: Baltimore cops: We flew high-res camera planes to film your every move • The Register
Baltimore cops: We flew high-res camera planes to film your every move • The Register: "As the ACLU's senior policy analyst and privacy expert Jay Stanley told Businessweek in its extensive report on PSS, the system – which uses a bank of cameras on a plane to provide a live-feed and 45-day archive of all activity in a 30-square-mile area – is "where the rubber meets the road" when it comes to the balance between security and privacy."
SKYNET lives. Labels: 1984, orwellian future, skynet
|
|
|
Mac Developer: Dangerous, targeted iPhone attack nullified by Apple with iOS 9.3.5 patch
Dangerous, targeted iPhone attack nullified by Apple with iOS 9.3.5 patch: "More details have emerged about the need for the iOS 9.3.5 patch, which looks to have terminated a trio of exploits capable of a remote jailbreak and mass exfiltration of data from a target's iPhone, including device and account passwords."
The real question is: who knew about it more than 10 days ago? Labels: security exploit
|
|
|
Mac Developer: HTTPS and OpenVPN face new attack that can decrypt secret cookies | Ars Technica
HTTPS and OpenVPN face new attack that can decrypt secret cookies | Ars Technica: "Researchers have devised a new attack that can decrypt secret session cookies from about 1 percent of the Internet's HTTPS traffic and could affect about 600 of the Internet's most visited sites, including nasdaq.com, walmart.com, match.com, and ebay.in."
No worries, the NSA is decrypting everything anyhoo. Labels: security policy
|
|
|
Mac Developer: Shopped in an Eddie Bauer store recently? Your card's probably gone. It's just gone • The Register
Shopped in an Eddie Bauer store recently? Your card's probably gone. It's just gone • The Register: "The retailer – which sells high-end clobber for hikers or anyone who wants to pretend they're outdoorsy – said malware infected its cash registers on January 2 and the code remained undetected for at least six months. The software nasty was cleaned up on July 17."
Longing for the days of the weird, proprietary hardware-based cash registers. Labels: security flaw
|
|
|
Mac Developer: How the NSA snooped on encrypted Internet traffic for a decade | Ars Technica
How the NSA snooped on encrypted Internet traffic for a decade | Ars Technica: "In a revelation that shows how the National Security Agency was able to systematically spy on many Cisco Systems customers for the better part of a decade, researchers have uncovered an attack that remotely extracts decryption keys from the company's now-decommissioned line of PIX firewalls.
AKA the Cisco shrugs series of exploits. Labels: security flaw
|
|
|
Mac Developer: Cisco confirms NSA-linked zeroday targeted its firewalls for years | Ars Technica
Cisco confirms NSA-linked zeroday targeted its firewalls for years | Ars Technica: "Cisco Systems has confirmed that recently-leaked malware tied to the National Security Agency exploited a high-severity vulnerability that had gone undetected for years in every supported version of the company's Adaptive Security Appliance firewall. Oh, were we supposed to fix that? No biggie, just a device in every NOC in the world. Labels: security policy
|
|
|
Mac Developer: Video of Apple's Black Hat 2016 presentation now available
Video of Apple's Black Hat 2016 presentation now available: "The full video of Apple's presentation at this year's Black Hat security conference was posted to YouTube on Tuesday, offering viewers a deep dive into iOS security mechanisms, from backbone synchronization service iCloud to new systems like HomeKit. "
Here you at. Labels: security policy
|
|
|
Mac Developer: Snowden: NSA hack is likely a warning from Russia
Snowden: NSA hack is likely a warning from Russia: "Snowden believes the hack is likely of Russian origin and intended to be a warning that “someone can prove US responsibility for any attacks that originated from this malware server.”"
We're number one! We're number one! Labels: social hacking
|
|
|
Mac Developer: Three times as bad as malware: Google shines light on pay-per-install • The Register
Three times as bad as malware: Google shines light on pay-per-install • The Register: "As some point you have probably downloaded a "free" piece of software only to find it has come with a whole host of other unwanted friends that go on to redirect your browser search bar or inject ads where there weren't any before.
This is the world of pay-per-install (PPI) and Google, along with New York University and the International Computer Science Institute, spent a year digging into the little-understood market, publishing their results in a paper [PDF] this week."
The capitalists and communists agree on this one. Labels: malware, pay per install
|
|
|
Mac Developer: Russian spies claim they can now collect crypto keys—but don’t say how | Ars Technica
Russian spies claim they can now collect crypto keys—but don’t say how | Ars Technica: "Russia's intelligence agency the FSB, successor to the KGB, has posted a notice on its website claiming that it now has the ability to collect crypto keys for Internet services that use encryption. This meets a two-week deadline given by Vladimir Putin to the FSB to develop such a capability. However, no details have been provided of how the FSB is able to do this."
Lots of clever ASM coders in Russia. Labels: security flaw, security leak, security policy
|
|
|
Mac Developer: Oliver Stone asks moviegoers to power down phones—and leave them off | Ars Technica
Oliver Stone asks moviegoers to power down phones—and leave them off | Ars Technica: ""That's not all it does," Stone says as the background music turns darker and the camera begins rapidly jumping between angles. "It allows certain parties to track your every move every time you make a call or send a text. We are giving them access. The information you've put out into the world voluntarily is enough to burn your life to the ground. This will be our undoing.""
Can't wait for the movie. Labels: Snowden
|
|
|
| |
|
|
|
|
|