On Wednesday, February 01, 2006, at 12:10PM, Alexander Arnett <[EMAIL PROTECTED]> wrote:
>Does anyone know who's behind "curl" and what it's about? Which >software is it associated with? Is it spyware, legit, something in >between or what? What, is Google down? ;) Curl is a utility much like wget. It's a set of libraries and command line tool used for requesting accessing data on the Internet. Enter "curl google.com" in the Terminal and you'll see the source for the Google homepage displayed on your screen. >Littlesnitch comes back with a message saying "curl" wants to talk to: > >hs47.easymediasolutions.com >TCP port 80 http Some application is attempting to use curl to download something from that address. If you had the full path you could see exactly what was being accessed in a web browser. Were you running an application that was trying to auto-update? What was running at the time? My guess is that if you block the connection and don't find any undesired consequence (ie. blocking a Safari connection results in no displayed web page) it's fine to permanently block. I'd not recommend permanently blocking curl as it's probably used by plenty of software for many valid tasks. I thought LS would display the parent application that spawned the curl task, but maybe curl was launched in a way which doesn't keep that link. >In a like vein, it's nice that Littlesnitch intercepts all these >phone home requests but how can we reference the good/legit requests >"white hat software" from the bad/nefarious "black hat software" >requests? Generally you should be able to match the app name or the address to figure out what is going on. In general just think about it. Does TextWrangler need to phone home? Only if it's checking for updates. If you disable that check and you still see connection attempts, something is "wrong" and can be blocked. Does softwareupdated need to connect to apple.com? Yep, so let it go through. My list is full of "Allow All" rules that I think make sense. There are also plenty of "Block All" rules for apps that I thought were suspicious and haven't caused me any problems so far. >Is there an online directory that we can check against or are we just >left to trial-and-error? Good idea, there should be a place to post connections that apps attempt. A database to post, in a standard format, things like: TextWrangler attempts to connect to bbsoft.com port 80 With space to add comments and explanations like: Version checking which can be disabled or Unknown phoning home I hope this helped. -- -- arno s hautala /-\ [EMAIL PROTECTED] -- -- _______________________________________________ Littlesnitch-talk mailing list [email protected] http://at.obdev.at/mailman/listinfo/littlesnitch-talk
