Recent posts about Security

Manifesto

We assumed the following points were self-evident and required no further mention. However, after a well-known antivirus provider announced in October 2024 that they monitor their customers for signs of criminal activity, we feel compelled to clarify

Should I upgrade to macOS Sequoia? (Part 2)

This is a follow-up to our previous recommendation advising against upgrading to macOS Sequoia 15.0. Just over two weeks after the public launch of Sequoia, Apple has released its first bugfix update (15.0.1) on October 3rd. So, should you upgrade

Should I upgrade to macOS Sequoia now?

The short answer is: We don’t recommend upgrading now because there are several bugs related to networking and firewalls in the 15.0 release. We expect most of them to be fixed in 15.1. If you have already upgraded or if you want to upgrade for

Three-way handshake bypassing Little Snitch

There has been some discussion recently about the bypassing of Little Snitch by the first datagram of a three-way TCP handshake. The facts: When a deny-rule for a domain is set in Little Snitch, and a TCP connection is made to that domain, a TCP SYN

The Story Behind CVE-2019-13013

This blog post targets fellow software developers. It’s a story of how it could happen that we shipped a version of Little Snitch with a serious vulnerability and, more importantly, what we can learn from it. It all began with a security
Archive