On Sun, Dec 27, 2009 at 20:19, Evan Schoenberg, M.D. <[email protected]> wrote: > > On Dec 27, 2009, at 7:05 PM, Thomas Tempelmann wrote: > >> 2. To avoid alerting the user through outgoing "firewalls" such as >> Little Snitch, I wonder if one can use any of the protocols that are >> enabled by default? E.g, use the ntp tool to access your own server, >> thus "pinging" it with minimum information? Any ideas there? > > Little Snitch, at least, would notify whether you used port 80 or port > rand()%10000... it allows/denies both per-app and per-port. >
It would also notify if you spawned off something like ntpd. The user would see a prompt like "deviousapp wants to connect to bla.example.com port XXX using ntpd." You'd also need to consider the possibility that your pirated s/n detection code could misfire and a legit user sees your application doing something sneaky-looking. The reputation damage if that user happens to be or know a widely-read blogger or similar could be much worse than the evil you're trying to prevent. Geoff
