zlacker

[parent] [thread] 2 comments
1. getcru+(OP)[view] [source] 2026-02-02 02:32:35
So they say at the provider level update traffic was redirected . Does this also mean their update endpoints didn’t do encryption?
replies(2): >>getcru+e >>gruez+R4
2. getcru+e[view] [source] 2026-02-02 02:35:02
>>getcru+(OP)
Yea, should have finished reading. Remediation was to “ verify both the certificate and the signature of the downloaded installer. “

I mean for such a dev focused and extremely performant app, that’s disappointing.

Glad I’m off windows as of late

3. gruez+R4[view] [source] 2026-02-02 03:20:44
>>getcru+(OP)
It's also possible the update manifest contained an url that the updater blindly trusted, and by modifying that file you could change what got downloaded.
[go to top]