Archive for the 'Apple' Category

Secure Password Storage

Tuesday, March 20th, 2012

Tony Arcieri urges developers storing user-sensitive data, such as a passwords, not to use bcrypt (via Michael Tsai) for deriving the encryption key: The first cipher I’d suggest you consider besides bcrypt is PBKDF2. It’s ubiquitous and time-tested with an academic pedigree from RSA Labs, you know, the guys who invented much of the cryptographic […]

Developer ID Gotcha

Monday, March 19th, 2012

For the upcoming Gatekeeper feature in Mac OS X 10.8, Apple will make it easy for customers to prevent software from running that has not been digitally “signed” by developers with a certificate from Apple called the Developer ID certificate. Many developers already choose to sign software using self-generated signing certificates. I wrote many years […]

Fix The Sandbox

Friday, February 17th, 2012

Apple’s getting a lot of press this week about their forthcoming 10.8 “Mountain Lion” update to Mac OS X. One of its key features will be a security feature called “Gatekeeper” that will allow users to avoid launching apps from developers who are not registered with Apple. If you are not already familiar with Gatekeeper, […]

Freedom From Choice

Friday, October 7th, 2011

Since Steve Jobs passed away on Wednesday, the web has been overflowing with heartfelt tributes to the impact his work had on the technology world, and the world at large. But a few people don’t respect or value the contributions that Jobs made. Richard Stallman, the famously anti-Apple, GPL protagonist, comes off borderline celebratory in […]