Re: [Littlesnitch-talk] curl
Does anyone know who's behind curl and what it's about? Which software is it associated with? Is it spyware, legit, something in between or what? curl is a command-line retrieval utility. Several developers use curl to send and retrieve data so they don't have to add networking code into there own program. The key is to find out which application you are running is associated with easymediasolutions.com. Also, if you are going to allow curl or other command line utilities (like smtp) to connect, make sure you allow once or until quit only, or specify server and port. -- Jeremy Weathers Political history is far too criminal and pathological to be a fit subject of study for the young. Children should acquire their heroes and villains from fiction. - Wystan Hugh Auden ___ Littlesnitch-talk mailing list Littlesnitch-talk@obdev.at http://at.obdev.at/mailman/listinfo/littlesnitch-talk
Re: [Littlesnitch-talk] curl
curl is a Commanline tool for retrieving or sending files over a network connection. It usually works with ftp or http protocoll. It is also sometimes used by Shell/Perl/Apple scripts and so on but it might also be missused by trojans. type 'man curl' in Terminal if you want to know how curl works Am 01.02.2006 um 18:07 schrieb Alexander Arnett: Does anyone know who's behind curl and what it's about? Which software is it associated with? Is it spyware, legit, something in between or what? Littlesnitch comes back with a message saying curl wants to talk to: hs47.easymediasolutions.com TCP port 80 http In a like vein, it's nice that Littlesnitch intercepts all these phone home requests but how can we reference the good/legit requests white hat software from the bad/nefarious black hat software requests? Is there an online directory that we can check against or are we just left to trial-and-error? ___ Littlesnitch-talk mailing list Littlesnitch-talk@obdev.at http://at.obdev.at/mailman/listinfo/littlesnitch-talk -- postfix version 2.1.5 ___ Littlesnitch-talk mailing list Littlesnitch-talk@obdev.at http://at.obdev.at/mailman/listinfo/littlesnitch-talk
Re: [Littlesnitch-talk] curl
On Wednesday, February 01, 2006, at 12:10PM, Alexander Arnett [EMAIL PROTECTED] wrote: Does anyone know who's behind curl and what it's about? Which software is it associated with? Is it spyware, legit, something in between or what? What, is Google down? ;) Curl is a utility much like wget. It's a set of libraries and command line tool used for requesting accessing data on the Internet. Enter curl google.com in the Terminal and you'll see the source for the Google homepage displayed on your screen. Littlesnitch comes back with a message saying curl wants to talk to: hs47.easymediasolutions.com TCP port 80 http Some application is attempting to use curl to download something from that address. If you had the full path you could see exactly what was being accessed in a web browser. Were you running an application that was trying to auto-update? What was running at the time? My guess is that if you block the connection and don't find any undesired consequence (ie. blocking a Safari connection results in no displayed web page) it's fine to permanently block. I'd not recommend permanently blocking curl as it's probably used by plenty of software for many valid tasks. I thought LS would display the parent application that spawned the curl task, but maybe curl was launched in a way which doesn't keep that link. In a like vein, it's nice that Littlesnitch intercepts all these phone home requests but how can we reference the good/legit requests white hat software from the bad/nefarious black hat software requests? Generally you should be able to match the app name or the address to figure out what is going on. In general just think about it. Does TextWrangler need to phone home? Only if it's checking for updates. If you disable that check and you still see connection attempts, something is wrong and can be blocked. Does softwareupdated need to connect to apple.com? Yep, so let it go through. My list is full of Allow All rules that I think make sense. There are also plenty of Block All rules for apps that I thought were suspicious and haven't caused me any problems so far. Is there an online directory that we can check against or are we just left to trial-and-error? Good idea, there should be a place to post connections that apps attempt. A database to post, in a standard format, things like: TextWrangler attempts to connect to bbsoft.com port 80 With space to add comments and explanations like: Version checking which can be disabled or Unknown phoning home I hope this helped. -- -- arno s hautala /-\ [EMAIL PROTECTED] -- -- ___ Littlesnitch-talk mailing list Littlesnitch-talk@obdev.at http://at.obdev.at/mailman/listinfo/littlesnitch-talk
Re: [Littlesnitch-talk] curl
PS: Since there is no useful Information on the website hs47.easymediasolutions.com (you can open it in Safari) it is most likely that this is some sort of user tracking or something like that. Am 01.02.2006 um 18:07 schrieb Alexander Arnett: Does anyone know who's behind curl and what it's about? Which software is it associated with? Is it spyware, legit, something in between or what? Littlesnitch comes back with a message saying curl wants to talk to: hs47.easymediasolutions.com TCP port 80 http In a like vein, it's nice that Littlesnitch intercepts all these phone home requests but how can we reference the good/legit requests white hat software from the bad/nefarious black hat software requests? Is there an online directory that we can check against or are we just left to trial-and-error? ___ Littlesnitch-talk mailing list Littlesnitch-talk@obdev.at http://at.obdev.at/mailman/listinfo/littlesnitch-talk -- postfix version 2.1.5 ___ Littlesnitch-talk mailing list Littlesnitch-talk@obdev.at http://at.obdev.at/mailman/listinfo/littlesnitch-talk
Re: [Littlesnitch-talk] curl
Am 01.02.2006 um 18:31 schrieb Arno S Hautala:Is there an online directory that we can check against or are we just left to trial-and-error? Good idea, there should be a place to post connections that apps attempt. A database to post, in a standard format, things like: TextWrangler attempts to connect to bbsoft.com port 80 With space to add comments and explanations like: Version checking which can be disabled or Unknown phoning home Good idea - Full ACK.
Re: [Littlesnitch-talk] curl
Something on your computer wants to downlad something else onto your computer, or send something from your computer to someplace else. Very risky unless you know exactly what has called curl and what it is trying to download. This is the kind of thing a trojan scout might do, to get the true trojan. Or maybe it's something sending off your address book and credit card numbers. Or maybe it's something entirely benign. Read the curl manpage, too. One thing to try, when the LS alert comes up, is to (i) click on some LS button, like the once button (but don't click the Allow Once button yet), which I believe will keep the LS alert from timing out, (ii) move the LS window out of the way, (iii) start up Activity Monitor, showing processes threaded, to see what the curl process is a child of, ie what program wants to use curl. Re requesting good vs bad, be clear that what you're asking for is opinions from people who might not be trustworthy, so then what you have to do is try to get enough opinions for you to be able to make up your own mind. On Wed, 1 Feb 2006, Alexander Arnett wrote: Does anyone know who's behind curl and what it's about? Which software is it associated with? Is it spyware, legit, something in between or what? Littlesnitch comes back with a message saying curl wants to talk to: hs47.easymediasolutions.com TCP port 80 http In a like vein, it's nice that Littlesnitch intercepts all these phone home requests but how can we reference the good/legit requests white hat software from the bad/nefarious black hat software requests? . . . ___ Littlesnitch-talk mailing list Littlesnitch-talk@obdev.at http://at.obdev.at/mailman/listinfo/littlesnitch-talk
Re: [Littlesnitch-talk] curl
On 01 Feb 2006, at 17:59, Martin Kissner wrote: Still I wouldn't encourage anyone to uninstall brain 1.0 ;-) Absolutely. It'd be interesting to see this integrated with LS. An extra button in the LS dialog to Report the connection attempt to the ObDev database. Also reporting wouldn't be sufficient if Users wouldn't be able check the database. And of course you can wait for people who would get suspicious about the connection to obdev. Absolutely, I envisioned a system where this just made reporting easier. It would really only be useful if available to the public (submitted anonymously of course ;) ). -- -- arno s. hautala/-\[EMAIL PROTECTED] -- -- ___ Littlesnitch-talk mailing list Littlesnitch-talk@obdev.at http://at.obdev.at/mailman/listinfo/littlesnitch-talk