Monthly Archives: March 2010

Rehearsals in beta!

I have a new application, Rehearsals, an online practice diary for musicians. If that sounds like the kind of thing you’re interested in, and you have Mac OS X 10.6 or newer, then please download the beta release and test … Continue reading

Posted in cocoa, metadev, rehearsals, test | Leave a comment

Security flaw liability

The Register recently ran an opinion piece called Don’t blame Willy the Mailboy for software security flaws. The article is a reaction to the following excerpt from a SANS sample application security procurement contract: No Malicious Code Developer warrants that … Continue reading

Posted in Malware, Policy, Responsibility, Vulnerability | Comments Off on Security flaw liability

One Window that is good for Mac security

I realise now that I didn’t cover this when it happened back at the beginning of March, but that not everyone in either the Apple world nor the general infosec community is aware of it. Nearly one month ago, Apple … Continue reading

Posted in AAPL | Comments Off on One Window that is good for Mac security

Why do we annoy our users?

I assume that, with my audience being mainly Mac users, you are not familiar with Microsoft Security Assessment Tool, or MSAT. It’s basically a free tool for CIOs, CSOs and the like to perform security analyses. It presents two questionnaires, … Continue reading

Posted in brute-force, password, tool-support | 2 Comments

So it’s not just the Department of Homeland Security, then

What is it about government security agencies and, well, security? The UK Intelligence and Security Committee has just published its Annual Report 2008-2009 (pdf, because if there’s one application we all trust, it’s Adobe Reader), detailing financial and policy issues … Continue reading

Posted in Data Leakage, government, Policy | Leave a comment

Integrating SSH with the keychain on Snow Leopard

Not much movement has occurred on projects like SSHKeychain.app or SSHAgent.app in the last couple of years. The reason is that it’s not necessary to use them these days; you can get all of the convenience of keychain-stored SSH passphrases … Continue reading

Posted in Encryption, Keychain, Mac, ssh | 8 Comments

How to hire Graham Lee

There are few people who can say that when it comes to Cocoa application security, they wrote the book. In fact, I can think of only one: me. I’ve just put the final draft together for Professional Cocoa Application Security … Continue reading

Posted in book, Business, cocoa, conference, CoreData, iPad, iPhone, Java, kernel, macfuse, mach, nextstep, objc, openstep, UNIX, xcode | 2 Comments