It’s a false sense of security, more or less. If an application wants to talk to a C2 they don’t have to make a connection at all, just proxy a connection through something already allowed, or tunnel through DNS. Those juicy cryptocurrency keys? Pop Safari with them in the URL and they’re sent to the malicious actor instantly. If you’re owned Little Snitch does nothing at all for you except give you the impression that you’re not.

▲

6 hours ago | parent | next [-]

[deleted]

▲

nickorlow 6 hours ago | parent | prev | next [-]

Especially in this case where the attackers could've proxied you to their malicious servers through npp's good/trusted servers

▲

g-b-r 3 hours ago | parent | prev | next [-]

That's at the very least harder and less likely; security is not all or nothing.

▲

worthless-trash 6 hours ago | parent | prev [-]

I find it difficult to believe that there is levels of cooperation between different companies that would allow this to work.

Source. I work for a company for longer than the internet has been alive.

▲

drum55 6 hours ago | parent | next [-]

My example is “living off the land”, safari already has access to everything, open it and use it to communicate. Needs no permissions, bypasses little snitch entirely.

	▲	worthless-trash 6 hours ago \| parent [-]
		Ah . I was thinking of non web apps.

▲

dfc 5 hours ago | parent | prev [-]

You have worked for the same company for >55 years? That's wild. Can you share the industry?

	▲	worthless-trash 2 hours ago \| parent [-]
		IBM, although I consider internet and arpanet different things. Like saying pstn and fiber are different things.