Howdy,
On 10/08/2005, at 6:22 PM, Saad Kadhi wrote:
Hi there,
I have recently installed NetNewsWire and I was very much surprised to
see it connecting to the Web without a single alert from Little
Snitch.
I run NetNewsWire Lite 2.0 in 10.3.9 and I had to make the usual rule
to allow TCP over port 80 before it could get any net access.
After some delving, I found out that NetNewsWire uses Safari to
access the Web.
This isn't unusual. For example iRecordMusic (RAW as was) "uses" a
Safari-based browser to run it's functions. However Littlesnitch
still had to give it inital permission to access the network
independently of Safari.
The browser tabs that appear inside NetNewsWire are Safari ones.
yes, but you've already called the links up (by subscribing or
whatever) - it's not as if NetNewsWire is initiating hidden or even
independent net activity is it?
Given this, any new application that might want to phone home would
simply need to use an authorized one such as Safari (using an API of
some sort etc.) and go completely unnoticed here. Thus effectively
bypass any security Little Snitch might provide. Am I wrong here? Is
there any option I need to activate on Little Snitch to stop this from
happening?
If this scenario is realistic (as demonstrated with
NetNewsWire+Safari), let's assume we have two applications:
application A, a newly installed application not authorized by Little
Snitch to access the network and application B, which has permit rules
to access it.
One way to thwart this attack path is to control whether application A
is authorized to launch application B (or some part of it). As a
multi-platform user, the personal firewall I use on Windows XP (Tiny
Personal Firewall) does this out-of-the-box, thus effectively stopping
application A from calling application B and inheriting its
permissions.
What does Little Snitch offer in this regard? What can be done to stop
this attack path from happening?
That all reads a little too complicated for OS X - I'd be very
interested if you could show this kind of thing happening; that is to
say, an uninvited nasty getting such easy access to general network
permissions.
darky M
_______________________________________________
Littlesnitch-talk mailing list
[email protected]
http://at.obdev.at/mailman/listinfo/littlesnitch-talk
