zlacker

>>myster+(OP)
i always worry about tools like this, maintained by small teams, that are so universal that even if only a small fraction of installs are somehow co-opted by malicious actors, you have a wide open attack surface on most tech companies.

e.g. iTerm, Cyberduck, editors of all shades, various VSCode extensions, etc.

>>jmole+12
I don’t get it, why don’t you all—absolutely all of you reading—use Little Snitch? [1]

It really doesn’t compute in my head why would any macOS user not use a network firewall like this, or similar, to block unwanted outgoing HTTP(s) requests. You can easily inspect the packet with tools like Wireshark or Burp Suite Professional (or Community) edition, or any other proxy tool, of which there are many in the macOS ecosystem.

And this is not unique to macOS, this is all possible in Windows, Linux and any other OS.

[1] https://www.obdev.at/products/littlesnitch/index.html

>>guessm+s4
It’s a false sense of security, more or less. If an application wants to talk to a C2 they don’t have to make a connection at all, just proxy a connection through something already allowed, or tunnel through DNS. Those juicy cryptocurrency keys? Pop Safari with them in the URL and they’re sent to the malicious actor instantly. If you’re owned Little Snitch does nothing at all for you except give you the impression that you’re not.

>>drum55+q5
This is far too cynical of a take. LittleSnitch might not save you from well-established malware on your machine, but it will certainly hamper attempts to get payloads and exploits on your machine in the first place