| ▲ | getcrunk 7 hours ago | |
So they say at the provider level update traffic was redirected . Does this also mean their update endpoints didn’t do encryption? | ||
| ▲ | gruez 6 hours ago | parent | next [-] | |
It's also possible the update manifest contained an url that the updater blindly trusted, and by modifying that file you could change what got downloaded. | ||
| ▲ | getcrunk 7 hours ago | parent | prev [-] | |
Yea, should have finished reading. Remediation was to “ verify both the certificate and the signature of the downloaded installer. “ I mean for such a dev focused and extremely performant app, that’s disappointing. Glad I’m off windows as of late | ||