Re: [Littlesnitch-talk] LittleSnitch_1.2.3beta3

Wed, 26 Apr 2006 14:52:05 -0700 


-----Original Message-----
    From: "wsheluk"<[EMAIL PROTECTED]>
    Sent: 3/31/06 10:59:07 AM
    To: "[email protected]"<[email protected]>
    Subject: Re: [Littlesnitch-talk] LittleSnitch_1.2.3beta3
    
    Little Snitch Support wrote:
    > Dear Little Snitch users!
    >
    > I would like to give some explanations regarding questions that where 
    > discussed in the littlesnitch-talk list lately.
    >
    > 1. Regarding the "Code Injection Alert"
    >
    > The term "Code Injection" refers to a technique that uses a Mac OS X 
    > security flaw to "inject" program code from one application into 
    > another. The consequence of this is, that if you allow application A 
    > to communicate with the internet, application B, who is not allowed to 
    > do so, could simply "inject" some code into application A and 
    > communicate "under app A's name", thus undermining Little Snitch.
    >
    > This security flaw has been addressed by Apple in the current release 
    > of Mac OS X for Intel processors. Apple restricted the possibilities 
    > of "code injection" and so made the system more secure. Unfortunately 
    > the PowerPC version of Mac OS X was not adopted now and still suffers 
    > from this security flaw.
    >
    > That's why we added functionality to Little Snitch in this current 
    > beta to intercept these attempts of "code injection". This makes the 
    > PowerPC platform more secure during the transition period, until Apple 
    > aligns the Mac OS versions for PowerPC and Intel processors. The new 
    > "Code Injection Alert" is an alert panel that allows the user to 
    > decide, whether he/she want's to allow app A to inject code into app B.
    >
    > During the first beta period we received response regarding several 
    > application that are using this "code injection" technique for their 
    > normal operation. Although these applications will not be able to do 
    > this that way in future Mac OS versions (or already now in Intel 
    > machines) and will have to be adopted anyway, we didn't want to make 
    > them unusable with our new "Code Injection Alert" now.
    >
    > That's why we decided to add a preference setting for it. In the 
    > current beta you can decide whether you want your system to behave the 
    > "new" way (only letting special applications do "cod    

[Message truncated. Tap Edit->Mark for Download to get remaining portion.]

_______________________________________________
Littlesnitch-talk mailing list
[email protected]
http://at.obdev.at/mailman/listinfo/littlesnitch-talk

Reply via email to