new | ask | show | jobs
LamaOfRuin 20 hours ago  [ - ]

That seems... not correct?

The comment was asking about preventing a compromised supplier for the developers.

A supply chain attack can be anywhere in the supply chain to the target. If I, the end user, am the target, then a supply chain attack compromising the developer of LittleSnitch is effective.

I may then be a conduit to compromising other software or components, and would both I and LittleSnitch would be part of the supply chain that could be attacked targeting them.

lapcat 20 hours ago  [ - ]

> If I, the end user, am the target

You're not a target, anonymous rando.

microtonal 16 hours ago  [ - ]

Many supply chain attacks aim to run malware on the end-users machine to harvest authentication tokens, etc. So pretty much everyone here who is a developer is the target.

lapcat 12 hours ago  [ - ]

> So pretty much everyone here who is a developer is the target.

Are you going to have this same discussion about every piece of software every mentioned on Hacker News? Why are we having it for Little Snitch specifically?