Banana Headshot

Jason Schorr

Career Hacker

🔒 Rule Groups for LittleSnitch 🔒 A Micro-Product in 6 Hours!

A collection of feeds of known “Big Brother” (Google, Microsoft, Facebook) domains to block for Little Snitch Firewall.

0xBanana

3 minutes read

Let’s talk about something that’s been rattling around my head the last few months, micro-products! What are “micro-products”?They are specialized products that fit a niche, can self sustain, and be built in a hackathon style session. I really like this as a way to quickly iterate ideas, force projects to complete, and create new revenue streams.

A few weeks ago I released a (free) micro-product, Rule Groups for Little Snitch; A collection of feeds of known “Big Brother” (Google, Microsoft, Facebook) domains to block for Little Snitch Firewall.

How I did it!

  1. Identify a problem
  2. Look at current options
  3. Decide technical direction
  4. Setup website

1. Identify A Problem I wanted an easy way to block big brother from further privacy invasion. Everything we do on our computers creates a picture of who we are and companies like Facebook and Google, try to get the best picture of us as possible.

2. Look At Current Market Options There are many cheap and relatively easy ways to block outbound traffic or domain name resolution.

  • Modifying /etc/hosts file
  • OS Integrated Firewall
  • Network Appliances
  • 3rd Party Software
  • Code something new

3. Decide Technical Direction In this case I wanted the easiest to produce solution. Utilizing software I and many others already use for seemed the most straight forward. While the other options listed would work to achieve my goal, they each have issues that make them unsuitable choices.

Many firewalls will allow you to import custom rules and Little Snitch is no different. Rulesets that meet their format and are network accessible are instantly ingested and available to the user A bit of googling and I was able to find the format needed for these custom rules and all known domains for various big brother entities. Creating the ruleset file after that was a breeze.

4. Setup Website There are many ways to get a website up in 2019 so it’s important to find products and a workflow that works for you. For a micro-anything a smaller footprint and lower overhead means less headaches keeping something up and better margin.

  • Get Domain & SSL Certificate For domains I usually use name.com, namecheap.com, or enom.com, find a custom one that works for your product or if you have a brand to expand on make it a subdomain of a larger site. In this case I opted for a subdomain, no time spent finding “the perfect domain name”, can associate it with a known brand, no long DNS propagation.

  • Site Hosting Static pages and no backend services make this product a perfect candidate for GitHub Pages; free hosting, use a custom domain, and free SSL, easy choice.

  • Make Website Actually make the site where you’ll be showcasing and selling your micro product. I am not a designer and I’m slowly getting comfortable with offloading these tasks to people more suited than I. For this purpose I’ve recently been using pixelarity.com templates and couldn’t be happier. From start to finish this process was an exercise in my ability to build an idea and deploy it in one business day. Finding ways to quickly deploy an idea is a muscle that needs to be practiced and if you want something, go out and make it!


Rule Groups for Little Snitch


If you enjoyed this post let me know! 💛🦄🔖

Recent posts

See more

About

COO - Hacker | #infosec #DFIR #privacy | 🇩🇴🇺🇸 | Proud Dad | he/him | ex: @accenture @intel @mandiant @apple @cisco @nasdaqomx | #firespinner 🔥