Upstream infrastructure was compromised. Implying it’s a fault with Notepad++ fault is disingenuous. What OSS maintainer is going to think, “I need to pick a hosting provider that’s not going to get hacked by the Chinese government”? Unless your favorite editor is being hosted on infrastructure hardened against state level hackers, it’s not any better.

[–] Cort@lemmy.world 15 points 20 hours ago (2 children)

Did you not read the part about n++ not changing/rotating credentials? I think there's enough blame to go around.

[–] PM_Your_Nudes_Please@lemmy.world 7 points 17 hours ago

They also weren’t doing any kind of SSL verification for the download request, nor were they doing any kind of hash verification or signing. The former would have prevented a redirect attack in the first place, and the latter would have prevented downloaded files from being modified or swapped out.

[–] firelizzard@programming.dev 0 points 13 hours ago (1 children)

I did not because the only part I actually cared about was the bullshit clickbait title.

[–] not_IO@lemmy.blahaj.zone 2 points 12 hours ago

outstanding