Skip to content

{ Author Archives }

Head Labrarian at The Labrary, the place where the library and the laboratory converge to help your software team.

Pre-order professional Mac security books!

You too can own a piece of the magic. Professional Cocoa Application Security and Enterprise Mac: Mac OS X Snow Leopard Security are both already in pre-order; use the Amazon affiliate links below if you want to give me a little extra kick-back from the sales of each. You’re most kind :).

Look what the feds left behind…

So what conference was on in this auditorium before NSConference? Well, why don’t we just read the documents they left behind? Ooops. While there’s nothing at higher clearance than Unrestricted inside, all of the content is marked internal eyes only (don’t worry, feds, I didn’t actually pay too much attention to the content. You don’t […]

More NSConf code signing fun

I’ll be talking at the US NSConference on Tuesday, with an extended version of my talk on code signing. I’ll cover how it works, what it does, what it doesn’t do, and what it should do. Importantly, there are still a few seats left for the conference so if you can get to Atlanta by […]

iPh0wnage

I just reviewed a blog post I wrote for Graham Cluley a while back, in which I looked at the impact a common vulnerability on the iPhone and Mac would have. I think in the run-up to the iPad’s release, it’s a risk worth bearing in mind.

Anatomy of a software sales scam

A couple of days ago, Daniel Kennett of the KennettNet micro-ISV (in plain talk, a one-man software business) told me that a customer had fallen victim to a scam. She had purchased a copy of his application Music Rescue—a very popular utility for working with iPods—from a vendor but had not received a download or […]

Code snippit from NSConference presentation

Here’s the code I used to display the code signature status within the sample app at NSConference. You need to be using the 10.6 SDK, and link against Security.framework. #import <Security/SecCode.h> – (void)updateSignatureStatus { SecCodeRef myCode = NULL; OSStatus secReturn = SecCodeCopySelf(kSecCSDefaultFlags, &myCode); if (noErr != secReturn) { [statusField setIntValue: secReturn]; return; } CFMakeCollectable(myCode); SecRequirementRef […]

Oops. (updated twice)

Q: What caused this? A: this. A Vodafone employee used the corporate Twitter account to post the message: [@VodafoneUK] is fed up of dirty homo’s and is going after beaver And as the Vodafone apology attests, this was no hacking attack, instead a case of TGI Friday on the part of an employee. This goes […]

It’s just a big iPod

I think you would assume I had my privacy settings ramped up a little too high if I hadn’t heard about the iPad, Apple’s new touchscreen mobile device. Having had a few days to consider it and allow the hype to die down, my considered opinion on the iPad’s security profile is this: it’s just […]

Coming very shortly…

This website will be the new home for information on Cocoa and Mac OS X security. But not yet! Please check back soon; in the mean time take a look at my homepage. Graham.