Hello,
I'm running an online version of Armory 0.90-beta on Mac OS with a watch-only wallet. Being the paranoid type, especially with an increase of bitcoin related malware on Mac OS, I installed Little Snitch, a firewall that monitors all inbound and outbound traffic.
I was surprised to see more than expected outbound traffic, and one of them is slightly suspicious:
mts1.google.com TCP 80
www.google.com TCP 80
id.google.ca TCP 80
--> unclear why Google is involved?
bitcoinarmory.com TCP 80
bitcoinarmory.com TCP 443
-> checking for updates?
malsup.github.io TCP 443
-> This one looks questionable. There is javascript code hosted here. If this is needed why is it not embedded in the source instead of relying on code from an external source? If this site was hacked, potentially harmful javascript code would be executed
From some tests if I deny any of these sites, Armory fails to come online. Should it not just connect to the local Bitcoin-Qt instance and use it for transaction processing?
I'll do some digging in the source and do some packet captures when I get a chance. Meanwhile, can anyone give some insight on this? Thanks.
