schizoidman@lemmy.zip to Technology@lemmy.worldEnglish · edit-23 months agoNotepad++ updater installed malwarewww.heise.deexternal-linkmessage-square26fedilinkarrow-up1322arrow-down113file-text
arrow-up1309arrow-down1external-linkNotepad++ updater installed malwarewww.heise.deschizoidman@lemmy.zip to Technology@lemmy.worldEnglish · edit-23 months agomessage-square26fedilinkfile-text
minus-squarefloofloof@lemmy.calinkfedilinkEnglisharrow-up45arrow-down1·3 months ago Until version 8.8.7 of Notepad++, the developer used a self-signed certificate, which is available in the Github source code. That doesn’t sound wise.
minus-squareasbestos@lemmy.worldlinkfedilinkEnglisharrow-up17arrow-down1·3 months agoSo the private key was left in the Github source code and nobody caught it? Or was it the public key? (which makes this statement way less impactful)
minus-squareSamskara@sh.itjust.workslinkfedilinkEnglisharrow-up12arrow-down1·3 months agoPrivate key probably. Only the public key is not enough to sign the package.
minus-squaretecht@lemmy.worldlinkfedilinkEnglisharrow-up6·3 months agoThis is the explanation for why: https://notepad-plus-plus.org/news/v883-self-signed-certificate/
That doesn’t sound wise.
So the private key was left in the Github source code and nobody caught it? Or was it the public key? (which makes this statement way less impactful)
Private key probably. Only the public key is not enough to sign the package.
This is the explanation for why:
https://notepad-plus-plus.org/news/v883-self-signed-certificate/