zlacker

[return to "Notepad++ hijacked by state-sponsored actors"]
1. jmole+12[view] [source] 2026-02-02 02:20:10
>>myster+(OP)
i always worry about tools like this, maintained by small teams, that are so universal that even if only a small fraction of installs are somehow co-opted by malicious actors, you have a wide open attack surface on most tech companies.

e.g. iTerm, Cyberduck, editors of all shades, various VSCode extensions, etc.

◧◩
2. guessm+s4[view] [source] 2026-02-02 02:45:55
>>jmole+12
I don’t get it, why don’t you all—absolutely all of you reading—use Little Snitch? [1]

It really doesn’t compute in my head why would any macOS user not use a network firewall like this, or similar, to block unwanted outgoing HTTP(s) requests. You can easily inspect the packet with tools like Wireshark or Burp Suite Professional (or Community) edition, or any other proxy tool, of which there are many in the macOS ecosystem.

And this is not unique to macOS, this is all possible in Windows, Linux and any other OS.

[1] https://www.obdev.at/products/littlesnitch/index.html

◧◩◪
3. jonas2+l5[view] [source] 2026-02-02 02:54:19
>>guessm+s4
Isn't Little Snitch exactly the sort of application they're worried about?
◧◩◪◨
4. 3eb798+1a[view] [source] 2026-02-02 03:44:14
>>jonas2+l5
Zing!

The state of the world is such that I have started running everything inside VMs. Baseline OS install + virtual machine management and that is it. Which is still not immune, but makes me feel a lot better than core OS utilities are probably getting better vetting than nifty-utility-123 on which I depend.

[go to top]