For the paranoid, please serve the .dmg over HTTPS, or provide Checksums (MD5 and/or SHA1) on a secure web page.
Given LS is for the paranoid, I'm surprised I can't find these already. I googled for them and got no results. Nothing at http://www.obdev.at/products/littlesnitch/download.html either.
Code: Select all
/usr/bin/openssl sha1 LittleSnitch_2_0_5.dmg =>
md5 LittleSnitch_2_0_5.dmg =>
MD5 (LittleSnitch_2_0_5.dmg) = d5b6ec4bd39a4f8426efb58bc1ed184.
Yes, I've submitted this to support, since it's something only the company can do.
A pleasing response (edited for clarity):
Thanks for the suggestion! I have forwarded it to our webmaster.
BTW: Although Little Snitch is for the paranoid, this is the first
request of this type we have received...
There's a very good paper on the topic:
Insecurities within automatic update systems
by ing. P. Ruissen
ing. R. Vloothuis
Research project 2
MSc in System and Network Engineering
University of Amsterdam
Class of 2006-2007
I wonder what they're up to now...
No word yet. (10Feb2009)