Notepad++ says Chinese government hackers hijacked its software updates for months
Notepad++ says Chinese government hackers hijacked its software updates for months
Notepad++ says Chinese government hackers hijacked its software updates for months
Notepad++ says Chinese government hackers hijacked its software updates for months
27 Comments
Ok after reading the article it seems like it’s been patched. New release is fix. Or is it?
While the original vulnerability has been fixed, does this mean that anyone who used the built-in updater while the attack was active should consider their PC compromised now? The attackers could have done anything while they had access, including installation of additional malware.
Lacari was right he did get hacked
Lol the developer had not implemented basic security measures (checking digital signatures of updates) so it’s also partly on him
Does anyone actually update notepad++? I have it on all of my machines but usually instantly disregard any update notices…
More info including how it worked (including indicators of compromise) is at https://www.rapid7.com/blog/post/tr-chrysalis-backdoor-dive-into-lotus-blossoms-toolkit/
Also, based on https://community.notepad-plus-plus.org/topic/27212/autoupdater-and-connection-temp-sh/14?_=1770081188510 it appears to have been targeted at some east asian organisations.
That’s a shame…..it was a nice replacement for Windoze Notepad, until I dumped everything Microsoft and migrated to Linux a few years ago.
China is really pitifully despicable
Two revisions later and they still can’t be bothered to run a spell checker and fix the typos in their post, might time to move on to another tool that has bit more care put into it https://notepad-plus-plus.org/news/hijacked-incident-info-update/
People update notepad++?
I’ve been on 8.4.8 for years…what does this mean for me in particular?
gvim in the house! Yes, available for Windows! Use it on Linux too, of course.
Damn I love notepad+;
NOOO NOT MY BOY
If anyone is interested in an alternative, you can try Kate. Excellent features and available on both Windows and Linux.
And here my IT group was arguing that Sublime Text wasn’t secure…
Trump needs to appoint cyber defense leaders
stop defunding cyber defense
this is on you trump
Glad I use sublime
Jokes on them they can take my buggy Kuwahara HLSL code.
What’s a good free lightweight alternative to Notepad++? For Windows system.
Not moving to Linux yet. Just wondering what does other redditors recommend.
“Yikes!” In state government!
My favorite tool, can’t remember it ever updating though. Bummer.
A lot of big companies have blocked npp from being used on work computers. You probably shouldn’t be using at this point. There’s been too many security vulnerabilities.
So, only the software update mechanism was hijacked, so if I use Notepad++ from my company updates (eg.: SCCM) then I should bge safe, if my company administrators did their duty to check the downloads and checksums.
Shoutout to myself for not updating Notepad++ for multiple years on the hundreds of customer PCs I’ve installed on their local networks…………………….. I should probably look into specific releases. Fuck.
reinstalled with ninite
So I just got a cybersecurity masters, and one of the really basic practices of cyber security is to always keep all your software up to date. The logic is really basic, and in a general sense its obviously a good idea.
I tried to bring up issues like this, but struggled to articulate it to my professors. Corrupted updates, compromised updates, updates containing bugs, and updates that automatically push new features (looking at you one drive), are all huge security risks that don’t get enough attention.
I’ve had notepad++ for like a decade. I must have clicked no on the update notification like a thousand times. I’m fucking smart as fuck.