It wouldn't protect against this attack though. The Notepad++ update servers were hijacked. Presumably you would allow Notepad++ updates through Little Snitch so you would be equally as vulnerable.

▲

guessmyname 6 hours ago | parent [-]

No, why would you allow automatic updates? It makes no sense. You should audit every update as if each payload could contain malware. It’s a paranoid way to live, but that’s what it takes.

We also need better computer science education in high schools, teaching students how to inspect network packets, verify SSL certificates, and evaluate whether a binary blob might contain malicious code.

People have gotten complacent about the internet, which is why they still get hacked, when it should be the other way around. With everything we’ve learned over the years, why are breaches more common than ever? I don’t understand why people are so careless about online security today, compared to decades ago when we were taught not to share personal information and not to trust anything on the internet.

▲

drum55 6 hours ago | parent | next [-]

Do you go by the smell of the executable or just general vibes? Nobody has never reviewed even a tiny fraction of the software they run, closed source or open source.

	▲	sieabahlpark 6 hours ago \| parent [-]
		[dead]

▲

kemotep 6 hours ago | parent | prev | next [-]

So you only run software on an operating system and on hardware that you have personally vetted each line of code for?

▲

velcrovan 5 hours ago | parent | prev | next [-]

Tell me about your auditing workflow and procedures.

▲

eviks 4 hours ago | parent | prev | next [-]

You don't understand because you compare a mythical view of the past with the current reality

▲

knowitnone3 6 hours ago | parent | prev [-]

[dead]