Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Search - "cia wikileaks"
The change log from notepad++ update. The last paragraph is the cream!
" The issue of a hijacked DLL concerns scilexer.dll (needed by Notepad++) on a compromised PC, which is replaced by a modified scilexer.dll built by the CIA. When Notepad++ is launched, the modified scilexer.dll is loaded instead of the original one.
It doesn't mean that CIA is interested in your coding skill or in your sex message content typed in Notepad++, but rather it prevents raising any red flags while the DLL does data collection in the background.
It's not a vulnerability/security issue in Notepad++, but for remedying this issue, from this release (v7.3.3) forward, notepad++.exe checks the certificate validation in scilexer.dll before loading it. If the certificate is missing or invalid, then it just won't be loaded, and Notepad++ will fail to launch.
Checking the certificate of DLL makes it harder to hack. Note that once users’ PCs are compromised, the hackers can do anything on the PCs. This solution only prevents from Notepad++ loading a CIA homemade DLL. It doesn't prevent your original notepad++.exe from being replaced by modified notepad++.exe while the CIA is controlling your PC.
Just like knowing the lock is useless for people who are willing to go into my house, I still shut the door and lock it every morning when I leave home. We are in a f**king corrupted world, unfortunately. "1
So apparently the CIA signed some of their malware with a kaspersky certificate to not get caught...
I think this kind of a genius thing from a hackers pov, but very very scary... Gotta remove that thwate ca 😁😁 (they singed the fake kaspersky certificate for the CIA)
Source (in German, I'll add one in English as soon as I fond one): https://m.heise.de/newsticker/...6
Has anyone read the latest rant from Microsoft?
<<Finally, this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage.>>12
I don't understand how can Wikileaks be still active and publishing new stuff... Shouldn't it be like "pwned" by CIA or NSA or something? Can I trust whatever I see on that website?10
Fuck you, Julian Assange! I mean honestly! Stop being a fucking dick, that needs to polish his ego! https://motherboard.vice.com/en_us/...
(On a side note, yes it's a good idea to give a disclosure deadline, but come on just give them the code so they can fix it!)1