Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
Someone1234
3 hours ago
|
parent
|
context
|
favorite
| on:
Notepad++ supply chain attack breakdown
I'm out of the loop: How did they bypass Notepad++'s digital signatures? I just downloaded it to double-check, and the installer is signed with a valid code-signing certificate.
Avicebron
3 hours ago
|
next
[–]
https://notepad-plus-plus.org/news/8.8.2-available-in-1-week...
reply
anonymars
1 hour ago
|
parent
|
next
[–]
Jeez, they didn't waste any time, did they? No more signing certificate in June, compromise in July
reply
gruez
3 hours ago
|
prev
[–]
The updater doesn't check the certificate of the updated installer, it just executes whatever.
reply
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
