Tighten Pro C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation
Tighten Pro - in the Mac App Store
Tighten Pro is now available in the Mac App Store.
Simply click on the icon to the left to purchase directly from Apple.
Or choose PKCS#7Viewer.app by clicking the image to the right.
|
Mac Developer: Gooligan malware roots 1M Android phones in "largest Google account breach to date"
Gooligan malware roots 1M Android phones in "largest Google account breach to date": "A new strain of Android malware dubbed "Gooligan," thought to be "the largest Google account breach to date," is already in active circulation and three-fourths of the Android installed base is vulnerable. Once infected, devices give hackers access to the users' Gmail, Google Photos, Docs, Drive and other Google services accounts.
"
So excited to have a new iPhone courtesy of a free upgrade from my carrier. I enjoyed learning about Android, but in the end, let me say it again: interpreted languages SUCK! 6502 ASM forever! Labels: security fail
|
|
|
Mac Developer: Journalist linked to Anonymous released from prison - CNET
Journalist linked to Anonymous released from prison - CNET: "Barrett Brown, a journalist who served as an unofficial spokesman for various Anonymous hacking operations, was released from prison Tuesday after serving more than four years behind bars for sharing stolen data and threatening an FBI agent.
More of Obama's sad legacy. Labels: security policy
|
|
|
Mac Developer: Security researcher Morgan Marquis-Boire explains “data contraception” | Ars Technica
Security researcher Morgan Marquis-Boire explains “data contraception” | Ars TechnicaMarquis-Boire also told us about the difference between doing security for a company like Google vs. First Look Media. First Look is the company that owns The Intercept, which has published Snowden documents. So part of his job is protecting those documents, as well as the journalists reporting on them and similarly sensitive information. It sounds difficult, but one of the first things he realized was that he could just store things off the network. That never would have been an option at Google. The Marquis de Security.
Labels: security policy
|
|
|
Mac Developer: President-elect Trump considers potential Apple manufacturing in US a 'real achievement'
President-elect Trump considers potential Apple manufacturing in US a 'real achievement': ""Tim, you know one of the things that will be a real achievement for me is when I get Apple to build a big plant in the United States, or many big plants in the United States," recounted Trump to the New York Times about the recent call with the Apple CEO. "Instead of going to China, and going to Vietnam, and going to the places that you go to, you're making your product right here.""
Apple ][ computers were made in America. Labels: Apple ][ Forever
|
|
|
Mac Developer: FYI: The FBI is being awfully evasive about its fresh cyber-spy powers • The Register
FYI: The FBI is being awfully evasive about its fresh cyber-spy powers • The Register: "Those are the spying powers granted by Congressional inaction over an update to Rule 41 of the Federal Rules of Criminal Procedure. These changes will kick in on December 1 unless they are somehow stopped, and it's highly unlikely they will be challenged as we slide into the Thanksgiving weekend.
More of Obama's legacy. Labels: security policy
|
|
|
Mac Developer: PoisonTap fools your PC into thinking the whole internet lives in an rPi • The Register
PoisonTap fools your PC into thinking the whole internet lives in an rPi • The Register: "How do you get a sniff of a locked computer? Tell it you're its gateway to the entire Internet IPv4 routing space.
That's the basic principle behind a demo from brainiac cracker Samy Kamkar. Plugged into a victim, his Raspberry Pi Zero-based "PoisonTap" isn't just a network sniffer, it's a backdoor-digger.
MacOS users can breathe a sigh of relief: Kamkar's attack currently only works on Windows and Linux boxen.
Breathing now. Labels: Mac vs. Windows vs. Linux
|
|
|
Mac Developer: Pwnfest drops a nasty surprise on VMware • The Register
Pwnfest drops a nasty surprise on VMware • The Register: "The bug scores a critical rating because it could allow a guest to “execute code on the operating system that runs Workstation or Fusion”, the company's advisory says. That's a big no-no in the virtual world: hypervisors are supposed to contain guests and keep the host OS pristine."
Filed under security is hard, and even if you are secure, your VM might be at risk. Labels: security, security exploit
|
|
|
Mac Developer: Study finds malware lurking in Amazon, Google and Groupon cloud services - PC & Tech Authority
Study finds malware lurking in Amazon, Google and Groupon cloud services - PC & Tech Authority: "Researchers from the Georgia Institute of Technology, Indiana University Bloomington and the University of California Santa Barbara scanned more than 140,000 sites on 20 major cloud hosting services and found that as many as 10 percent of the repositories hosted by them had been compromised, according to the “Lurking Malice in the Cloud: Understanding and Detecting Cloud Repository as a Malicious Service” report."
So many places to hide, so many surfaces to protect. Labels: skynet
|
|
|
Mac Developer: Mac administrators brace for big changes to Apple-powered fleets • The Register
Mac administrators brace for big changes to Apple-powered fleets • The Register: "The idea of a shift to MDM was outlined by admin Michael Lynn earlier this fall in a blog post, and immediately gained a following. While Lynn stresses that his piece was merely speculation and not a prediction of Apple's plans, a number of other admins who manage Mac networks and spoke with The Register believe he is onto something, and that Apple is in fact looking to move toward an MDM model for managing macOS machines."
Things that go hmmmm in the night. Labels: MDM, security policy
|
|
|
Mac Developer: Google Pixel pwned in 60 seconds • The Register
Google Pixel pwned in 60 seconds • The Register: "Apple's updated Safari browser running on MacOS Sierra also fell. Respected Chinese hacker outfit Pangu Team renowned for releasing million-dollar persistent modern iOS jailbreaks for free, along with hacker JH, blasted Cupertino's web browser with a root privilege escalation zero day that took 20 seconds to run, earning the team $80,000."
How many fingers am I holding up? Labels: security exploit
|
|
|
Mac Developer: Bay Area: Join us 11/16 to talk about infosec for dissidents and citizens | Ars Technica
Bay Area: Join us 11/16 to talk about infosec for dissidents and citizens | Ars Technica: "The eighth episode of Ars Technica Live is coming up next Wednesday, November 16, in Oakland, California, at Longitude! Join Ars Technica editors Dan Goodin and Annalee Newitz with guest Morgan Marquis-Boire for a conversation about infosec, surveillance, and digital authoritarianism."
If you're not part of the solution, you're part of the problem. Labels: security policy
|
|
|
Mac Developer: Fake apps on Apple App Stores seeing a pre-holiday surge, purges ongoing
Fake apps on Apple App Stores seeing a pre-holiday surge, purges ongoing: "A report by the New York Times points out that a rogue app producer going by the name of "Footlocke Sports" populated the app store with fake apps for Puma, Nike, Canada Goose, Celine, and others. The apps, when functional, were attempting to induce shoppers to buy products that would never arrive, with the scammers collecting user information and credit card data."
But your valid, innocuous app has been rejected due to violation of some meaningless clause in the app store guidelines. Labels: app store
|
|
|
Mac Developer: Google knifes Eclipse Android Developer Tools • The Register
Google knifes Eclipse Android Developer Tools • The Register: "Android Studio 2.2 was previewed at Google I/O 2016, an event described as "the conference version of hell," and released in September."
The real hell is Android performance. Native code forever and no pooftas! Labels: 2001
|
|
|
Mac Developer: Windows zero-day exploited by same group behind DNC hack | Ars Technica
Windows zero-day exploited by same group behind DNC hack | Ars Technica: "Today, Terry Myerson, executive vice president of Microsoft's Windows and Devices group, acknowledged the exploit was being used actively by a sophisticated threat group—the same threat group involved in the hacks that led to the breach of data from the Democratic National Committee and the Clinton campaign."
Maybe it's state-sponsored or maybe the hackers are just a whole lot smarter than the IT department at the DNC who apparently think setting up a server in Hilary's basement is state of the art security for a datacenter. Labels: security fail
|
|
|
| |
|