zlacker

[parent] [thread] 2 comments
1. tgsovl+(OP)[view] [source] 2026-02-02 03:21:20
From the Heise article:

> Until version 8.8.7 of Notepad++, the developer used a self-signed certificate, which is available in the Github source code. This made it possible to create manipulated updates and push them onto victims, as binaries signed this way cause a warning „Unknown Publisher“

It also mentions "installing a root certificate". I suspect that it means that users who installed the root cert could check that a downloaded binary was legit but everyone else (i.e. the majority of users) were trained to blindly click through the warning.

replies(1): >>kevin_+b2
â—§
2. kevin_+b2[view] [source] 2026-02-02 03:47:39
>>tgsovl+(OP)
Notepad++ has way too many updates for a text editor. I purposely decline most of the nags to update for precisely this reason. It is too juicy of a target and was bound to get compromised.
replies(1): >>lukan+Iw
◧◩
3. lukan+Iw[view] [source] [discussion] 2026-02-02 09:34:35
>>kevin_+b2
Well, some people use it as a IDE, so there are more feature they need. But I am not sure if a less frequent update routine would be safer.
[go to top]