schizoidman@lemmy.zip to Technology@lemmy.worldEnglish · edit-23 months agoNotepad++ updater installed malwarewww.heise.deexternal-linkmessage-square26fedilinkarrow-up1322arrow-down113file-text
arrow-up1309arrow-down1external-linkNotepad++ updater installed malwarewww.heise.deschizoidman@lemmy.zip to Technology@lemmy.worldEnglish · edit-23 months agomessage-square26fedilinkfile-text
minus-squareKazumara@discuss.tchncs.delinkfedilinkEnglisharrow-up15·edit-23 months agoI don’t get how this was exploited in practise. Even if the signatures on the downloaded packages weren’t checked properly, how would you modify the content of the XML file returned from https://notepad-plus-plus.org/update/getDownloadUrl.php?version=8.8.0 ? For that you’d have to break or MITM the TLS too, no? The usual case for TLS MITM is when a company decides DPI is more important than E2E encryption and they terminate all TLS on the firewall, but if the firewall is compromised there would be much easier avenues of entry other than notepad++
I don’t get how this was exploited in practise.
Even if the signatures on the downloaded packages weren’t checked properly, how would you modify the content of the XML file returned from https://notepad-plus-plus.org/update/getDownloadUrl.php?version=8.8.0 ? For that you’d have to break or MITM the TLS too, no?
The usual case for TLS MITM is when a company decides DPI is more important than E2E encryption and they terminate all TLS on the firewall, but if the firewall is compromised there would be much easier avenues of entry other than notepad++