Author Archives: Graham

About Graham

I make it faster and easier for you to create high-quality code.

One Window that is good for Mac security

Posted on 2010-03-27 by Graham

I realise now that I didn’t cover this when it happened back at the beginning of March, but that not everyone in either the Apple world nor the general infosec community is aware of it. Nearly one month ago, Apple … Continue reading →

Posted in AAPL | Comments Off

Why do we annoy our users?

Posted on 2010-03-25 by Graham

I assume that, with my audience being mainly Mac users, you are not familiar with Microsoft Security Assessment Tool, or MSAT. It’s basically a free tool for CIOs, CSOs and the like to perform security analyses. It presents two questionnaires, … Continue reading →

Posted in brute-force, password, tool-support | 2 Comments

So it’s not just the Department of Homeland Security, then

Posted on 2010-03-12 by Graham

What is it about government security agencies and, well, security? The UK Intelligence and Security Committee has just published its Annual Report 2008-2009 (pdf, because if there’s one application we all trust, it’s Adobe Reader), detailing financial and policy issues … Continue reading →

Posted in Data Leakage, government, Policy | Leave a comment

Integrating SSH with the keychain on Snow Leopard

Posted on 2010-03-08 by Graham

Not much movement has occurred on projects like SSHKeychain.app or SSHAgent.app in the last couple of years. The reason is that it’s not necessary to use them these days; you can get all of the convenience of keychain-stored SSH passphrases … Continue reading →

Posted in Encryption, Keychain, Mac, ssh | 8 Comments

Pre-order professional Mac security books!

Posted on 2010-02-25 by Graham

You too can own a piece of the magic. Professional Cocoa Application Security and Enterprise Mac: Mac OS X Snow Leopard Security are both already in pre-order; use the Amazon affiliate links below if you want to give me a … Continue reading →

Posted in PCAS | Leave a comment

Look what the feds left behind…

Posted on 2010-02-22 by Graham

So what conference was on in this auditorium before NSConference? Well, why don’t we just read the documents they left behind? Ooops. While there’s nothing at higher clearance than Unrestricted inside, all of the content is marked internal eyes only … Continue reading →

Posted in Data Leakage, government, NSConf, Policy, Privacy | Comments Off

More NSConf code signing fun

Posted on 2010-02-21 by Graham

I’ll be talking at the US NSConference on Tuesday, with an extended version of my talk on code signing. I’ll cover how it works, what it does, what it doesn’t do, and what it should do. Importantly, there are still … Continue reading →

Posted in Codesign, Encryption, iPad, iPhone, Mac, NSConf, Talk | Comments Off

iPh0wnage

Posted on 2010-02-15 by Graham

I just reviewed a blog post I wrote for Graham Cluley a while back, in which I looked at the impact a common vulnerability on the iPhone and Mac would have. I think in the run-up to the iPad’s release, … Continue reading →

Posted in iPad, iPhone, Mac, Malware | Leave a comment

Anatomy of a software sales scam

Posted on 2010-02-11 by Graham

A couple of days ago, Daniel Kennett of the KennettNet micro-ISV (in plain talk, a one-man software business) told me that a customer had fallen victim to a scam. She had purchased a copy of his application Music Rescue—a very … Continue reading →

Posted in Phishing, Scam | 1 Comment

Code snippit from NSConference presentation