Brolly: a utility to help understand failed secure connections

A convenient utility to check secure connections under ATS using the nscurl command tool. For El Capitan to Monterey.

How Safari 15 checks a secure connection

A detailed walk through the log shows Safari 15 checking Safe Browsing, phishing sites using ML, and performing trust evaluation of certificates.

Last Week on My Mac: Web woes worsen

It should have been so easy: a quick change of Root certificate. So why all the chaos, and most of all why you mustn’t compromise your security as a result.

Explainer: Security certificates

Why do we keep having problems with security certificates when they’re just supposed to work? A look at what they do, and they work.

Why won’t Safari open that web page?

Did you think it was only old Mac OS X affected by the Let’s Encrypt certificate expiry problem? No, it’s Safari wherever you can use it. Here’s how to deal with it.

El Capitan and older Mac OS X are about to have a security certificate problem

If you’re still running El Capitan, or any version of Mac OS X prior to 10.12.1, then you’re […]

Is Apple keeping its promises over online OCSP certificate checks?

Nine months ago, Apple undertook to make changes in the way in which macOS checks its OCSP service for certificate revocations. Has it changed anything yet?

A Short History of Malware Protection in macOS

From the start of voluntary code signing in 2007, defences against malware in macOS have changed dramatically. Here’s an overview of what has happened.

macOS has checked app signatures online for over 2 years

Why does it take 2 years to realise that macOS has been checking signing certificate validity online?

Checks on executable code in Catalina and Big Sur: a first draft

How macOS checks executable code before it’s loaded and run, in macOS 10.15 and 11.0. Covering integrity checks using hashes, and validity of the signing certificate, on Intel and ARM.