Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
Someone1234
20 days ago
|
parent
|
context
|
favorite
| on:
Notepad++ supply chain attack breakdown
I'm out of the loop: How did they bypass Notepad++'s digital signatures? I just downloaded it to double-check, and the installer is signed with a valid code-signing certificate.
Avicebron
20 days ago
|
next
[–]
https://notepad-plus-plus.org/news/8.8.2-available-in-1-week...
anonymars
20 days ago
|
parent
|
next
[–]
Jeez, they didn't waste any time, did they? No more signing certificate in June, compromise in July
DANmode
19 days ago
|
parent
|
prev
|
next
[–]
> we’re hopeful we can find a solution ASAP!
Never meet your heroes.
gruez
20 days ago
|
prev
[–]
The updater doesn't check the certificate of the updated installer, it just executes whatever.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
