• artyom@piefed.social
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    2
    ·
    21 days ago

    I’m so confused.

    1. It doesn’t say anything about “state-sponsored attackers” outside of the headline? What state? Why?
    2. Why is a Notepad app connecting to any servers or have credentials at all?
    • Dem Bosain@midwest.social
      link
      fedilink
      English
      arrow-up
      1
      ·
      21 days ago

      It wasn’t specifically notepad++ code, but a custom-written updater. That’s why it was connecting to the internet.

      • village604@adultswim.fan
        link
        fedilink
        English
        arrow-up
        2
        ·
        21 days ago

        I mean, it is n++ code because the updater is part of the code base. They just didn’t have the connection to the update server hardened.

        This was patched in like December, though.