Can someone help clarify this for me? Is it correct to say that users would only... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		wglass 9 days ago \| parent \| context \| favorite \| on: Notepad++ hijacked by state-sponsored actors Can someone help clarify this for me? Is it correct to say that users would only get the compromised version if they downloaded from the website? Notepad++ has auto-update feature, is there any indication that updates from the AutoUpdate were compromised?

jszymborski 9 days ago [–]

No, it's specifically the updates that were targetted. I'm unsure about the downloads but those too are presumably at risk.

> The attackers specifically targeted Notepad++ domain with the goal of exploiting insufficient update verification controls that existed in older versions of Notepad++.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact