| ▲ | tgsovlerkhgsel 6 hours ago | |
From the Heise article: > Until version 8.8.7 of Notepad++, the developer used a self-signed certificate, which is available in the Github source code. This made it possible to create manipulated updates and push them onto victims, as binaries signed this way cause a warning „Unknown Publisher“ It also mentions "installing a root certificate". I suspect that it means that users who installed the root cert could check that a downloaded binary was legit but everyone else (i.e. the majority of users) were trained to blindly click through the warning. | ||
| ▲ | kevin_thibedeau 6 hours ago | parent [-] | |
Notepad++ has way too many updates for a text editor. I purposely decline most of the nags to update for precisely this reason. It is too juicy of a target and was bound to get compromised. | ||