Pierre-Yves Lapersonne@programming.devM to Opensource@programming.dev · 1 month agoNotepad++ hijacked by state-sponsored hackersnotepad-plus-plus.orgexternal-linkmessage-square5fedilinkarrow-up123 cross-posted to: foss@beehaw.orgopensource@lemmy.mlcybersecurity@infosec.pubtechnology@lemmy.mltechnology@lemmy.worldopensource@programming.devprogramming@programming.dev
arrow-up123external-linkNotepad++ hijacked by state-sponsored hackersnotepad-plus-plus.orgPierre-Yves Lapersonne@programming.devM to Opensource@programming.dev · 1 month agomessage-square5fedilink cross-posted to: foss@beehaw.orgopensource@lemmy.mlcybersecurity@infosec.pubtechnology@lemmy.mltechnology@lemmy.worldopensource@programming.devprogramming@programming.dev
minus-squareartyom@piefed.sociallinkfedilinkEnglisharrow-up5·1 month agoI’m so confused. It doesn’t say anything about “state-sponsored attackers” outside of the headline? What state? Why? Why is a Notepad app connecting to any servers or have credentials at all?
minus-squareDem Bosain@midwest.sociallinkfedilinkEnglisharrow-up1·1 month agoIt wasn’t specifically notepad++ code, but a custom-written updater. That’s why it was connecting to the internet.
minus-squarevillage604@adultswim.fanlinkfedilinkEnglisharrow-up2·1 month agoI mean, it is n++ code because the updater is part of the code base. They just didn’t have the connection to the update server hardened. This was patched in like December, though.
I’m so confused.
deleted by creator
It wasn’t specifically notepad++ code, but a custom-written updater. That’s why it was connecting to the internet.
I mean, it is n++ code because the updater is part of the code base. They just didn’t have the connection to the update server hardened.
This was patched in like December, though.