Hi there,
I have recently installed NetNewsWire and I was very much surprised
to see it connecting to the Web without a single alert from Little
Snitch. After some delving, I found out that NetNewsWire uses Safari
to access the Web. The browser tabs that appear inside NetNewsWire
are Safari ones.
Given this, any new application that might want to phone home would
simply need to use an authorized one such as Safari (using an API of
some sort etc.) and go completely unnoticed here. Thus effectively
bypass any security Little Snitch might provide. Am I wrong here? Is
there any option I need to activate on Little Snitch to stop this
from happening?
If this scenario is realistic (as demonstrated with NetNewsWire
+Safari), let's assume we have two applications: application A, a
newly installed application not authorized by Little Snitch to access
the network and application B, which has permit rules to access it.
One way to thwart this attack path is to control whether application
A is authorized to launch application B (or some part of it). As a
multi-platform user, the personal firewall I use on Windows XP (Tiny
Personal Firewall) does this out-of-the-box, thus effectively
stopping application A from calling application B and inheriting its
permissions.
What does Little Snitch offer in this regard? What can be done to
stop this attack path from happening?
Thanks in Advance for your answers.
--
Saad Kadhi
"He who relieves the poor makes Ahura king"
_______________________________________________
Littlesnitch-talk mailing list
[email protected]
http://at.obdev.at/mailman/listinfo/littlesnitch-talk
