zlacker

[return to "Notepad++ hijacked by state-sponsored actors"]
1. Lammy+Nc[view] [source] 2026-02-02 04:16:11
>>myster+(OP)
Vindicated once again for turning off any update checks the moment I install any new piece of software.

Even if this sort of (obviously rare) attack is not a concern, it baffles me how few otherwise-intelligent people fail to see the way these updaters provide the network (which itself is always listening, see Room 641A and friends) with a fingerprint of your specific computer and a way to track its physical location based on the set of software you have installed, all of which want to check for updates every goddamn day.

◧◩
2. derf_+od[view] [source] 2026-02-02 04:24:10
>>Lammy+Nc
It is baffling to me, as well. You know how you get a remote-code-execution vulnerability? You give a bunch of software permission to fetch code remotely and execute it.
◧◩◪
3. mmis10+mf[view] [source] 2026-02-02 04:44:55
>>derf_+od
Like… browser? Or anything with script loading capabilities like script engine in games. Executing remote script is almost unavoidable nowadays.

And there isn't really a way to confirm if it is configured in a secure way.

You either trust the developer or not.

[go to top]