|
|
SnitchCTL - Command line tool and security holes
This was originaly posted as a hint a few days ago but never got published so I'm putting it up here. I believe it is important that the LittleSnitch users be warned about this.
I decided my original technic was not enough and came up with a php shell script to manage the LittleSnitch daemon via the terminal.
This is how
Disclaimer :
While creating this script I discovered that LittleSnitch was really not as secured as it should/appears to be. Fracai has posted a great warning call on the LittleSnitch mailinglist. Here's a snippet: LittleSnitch is not currently secure. "killall LittleSnitchDaemon" will allow any app to "phone home" without being detected by LittleSnitch Properly securing LittleSnitch would involve running the daemon and all LittleSnitch components as the root user or as an independent LittleSnitch user. [...] The main point to take away from this is that as it is currently implemented, LittleSnitch is not secure. A malicious app need not sneak new rules in to the configuration when the communication block is not effective. The mailinglist post is available here. Yes you've read that properly. The LittleSnitch daemon runs in user space! This means any malicious application can stop the daemon, sent the data and then start the daemon back up with very little change that the user ever knows about it! LittleSnitch doesn't output to the system/console log so there is no logs of what's been going on.I suggest you read the site I've put up and the mailing list post by Fracai if you want to know more about this issue. I have also created a thread in the forums if you have any questions or comments. ---
Extra Extra: the threat is real! A virus takes avantage of this security hole!
*** The security hole in LittleSnitch is not pure speculation. A virus already has taken advantage of it! *** I was looking to see what the web had to say about LittleSnitch's security (googling with the terms "LittleSnitch Security") and something very interesting came up from Symantec's virus description page (http://securityresponse.symantec.com/avcenter/venc/data/sh.renepo.b.html)
"SH.Renepo.B is a data-collecting script virus that only runs on Mac OS X systems. So I decided to search around a bit more to see what I could find. These are my findings. They are not exactly structured, but a lot of information can be found on these sites. This information is well documented on many sites such as:
*** Objective Development has been aware of this for over a year but seamed to have decided not to act! ***
--- |
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysNo new commentsLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.06 seconds |
|