zlacker

[return to "Notepad++ hijacked by state-sponsored actors"]
1. Lammy+Nc[view] [source] 2026-02-02 04:16:11
>>myster+(OP)
Vindicated once again for turning off any update checks the moment I install any new piece of software.

Even if this sort of (obviously rare) attack is not a concern, it baffles me how few otherwise-intelligent people fail to see the way these updaters provide the network (which itself is always listening, see Room 641A and friends) with a fingerprint of your specific computer and a way to track its physical location based on the set of software you have installed, all of which want to check for updates every goddamn day.

◧◩
2. sodali+Pe[view] [source] 2026-02-02 04:39:55
>>Lammy+Nc
How do you deal with the opposite, software that you forget to update but contains vulnerabilities discovered/exploited later?
◧◩◪
3. Lammy+Kf[view] [source] 2026-02-02 04:49:04
>>sodali+Pe
I use a package manager that checks the hash of the downloaded installer against what's recorded in the package listing for that version. WinGet has been built in to Windows since one of the 2018-era releases of Windows 10: https://i.ibb.co/VYGXdc56/2026-02-01-20-46-28-Greenshot.png
[go to top]