who@feddit.org to Programming@programming.devEnglish · 13 hours agoNotepad++ Hijacked by State-Sponsored Hackersnotepad-plus-plus.orgexternal-linkmessage-square27fedilinkarrow-up1214cross-posted to: technology@lemmy.mltechnology@lemmy.worldcybersecurity@infosec.pubopensource@programming.dev
arrow-up1214external-linkNotepad++ Hijacked by State-Sponsored Hackersnotepad-plus-plus.orgwho@feddit.org to Programming@programming.devEnglish · 13 hours agomessage-square27fedilinkcross-posted to: technology@lemmy.mltechnology@lemmy.worldcybersecurity@infosec.pubopensource@programming.dev
minus-squareyetAnotherUser@discuss.tchncs.delinkfedilinkarrow-up2·1 hour agoYes, but from what I understand this refers to the automatic update functionality and not Microsoft’s own .exe signature verification thing. Couldn’t you do it like this: Put hardcoded key into N++ If a new release is available: Download, then verify signature If the signatures match, do whatever Windows requires to install an update That should work, shouldn’t it?
minus-square9tr6gyp3@lemmy.worldlinkfedilinkEnglisharrow-up1·43 minutes agoNo, because you wouldn’t be able to execute the updated exe without a valid signature. You would essentially brick the install with that method, and probably upset Microsoft’s security software in the process.
minus-squarestephen01king@piefed.ziplinkfedilinkEnglisharrow-up1·6 minutes agoHow are they doing it now, then?
Yes, but from what I understand this refers to the automatic update functionality and not Microsoft’s own .exe signature verification thing.
Couldn’t you do it like this:
That should work, shouldn’t it?
No, because you wouldn’t be able to execute the updated exe without a valid signature. You would essentially brick the install with that method, and probably upset Microsoft’s security software in the process.
How are they doing it now, then?