Bill Bumgarner


"Little Snitch" tells all.

SBook triggers the snitch.
Little Snitch is a little tool that monitors outbound connections from your system and, unless it already has a rule in place to permit or deny the connection outright, pops up a panel letting you know that an app is requesting a connection.

For example, the screen shot above was triggered by the launch of SBook as the app contacts the mothership to determine if a new version is available. Interesting.

I wonder what it is sending as a part of the "am I the latest version?" query?

Now, if you happen to have tcpflow installed (via Fink or from source or from Fred's public iDisk), you can easily answer that question.

It is just a matter of copy/paste (before hitting the allow button):

% sudo tcpflow -c -i en1 'host'
tcpflow[2703]: listening on en1 GET /build.txt?myversion=5.17 HTTP/1.0
User-Agent: CFNetwork/1.1
Connection: close HTTP/1.1 200 OK
Date: Fri, 19 Mar 2004 05:46:42 GMT
Server: Apache/1.3.27 (Unix) mod_perl/1.27 PHP/4.3.4 mod_ssl/2.8.14 OpenSSL/0.9.7a
Last-Modified: Mon, 29 Dec 2003 03:34:19 GMT
ETag: "38747b-10-3fefa0bb"
Accept-Ranges: bytes
Content-Length: 16
Connection: close
Content-Type: text/plain


(If you are on Ethernet, use 'en0' instead of 'en1'.)

As expected (Simson definitely understands security & privacy), SBook doesn't do anything nefarious. But what about the other apps on the system?

I don't know. With the Little Snitch active, I'm certainly going to be keeping a closer eye on things... (link fixed!)

Comment on this post [ so far] ... more like this: [Mac OS X, Security] ... topic exchange: [Mac OS X, Security]