Readit News logoReadit News
tonymet commented on Vouch   github.com/mitchellh/vouc... · Posted by u/chwtutha
andai · 6 hours ago
It should just be $1 to submit PR.

If PR is good, maintainer refunds you ;)

I noticed the same thing in communication. Communication is now so frictionless, that almost all the communication I receive is low quality. If it cost more to communicate, the quality would increase.

But the value of low quality communication is not zero: it is actively harmful, because it eats your time.

tonymet · 17 minutes ago
in the 90s, before bayesian spam filtering, Microsoft proposed a proof of work for email along these lines. it would cost the server a few cents per message to sign and send emails, so spammers would not be able to afford spam, but regular senders could handle a small fee per day.
tonymet commented on Notepad++ supply chain attack breakdown   securelist.com/notepad-su... · Posted by u/natebc
kijin · 4 days ago
It's a testing box, sure, but a lot of people have the same setting, usually because of some legacy app that requires it.

It does contradict your insistence that Windows would never allow such things. An exploit doesn't need to do its thing silently in order to be effective. If a security apparatus can be bypassed by tricking a user to flip a switch, it WILL be bypassed. Heck, just trying to install or update Notepad++ throws up a UAC dialog. Who would suspect anything?

tonymet · 3 days ago
I'm not going to say that any OS is perfect. and it's great that you actually test Windows. most critiques I see are 1990s assessments of ACLs and memory protection.

Generally protected folders (CFA) will protect system32 , but trusted apps can make it through. e.g. explorer.exe and powershell.exe if it's run in the terminal. Untrusted apps are expected to be blocked.

My general point is that modern windows landscape has an incredible number of protections that linux systems don't. and linux has become a bigger target over the past 10+ years as well.

It's not so much to say that Windows is better, but to encourage Linux users to be more careful with their systems, and Windows users to enable those features if they turned them off in the past.

tonymet commented on Disrupting the largest residential proxy network   cloud.google.com/blog/top... · Posted by u/cdrnsf
Kodiack · 7 days ago
If you have a "legitimate scraping pursuit", identify yourself appropriately that way. I'm happy to let most well-behaved scrapers access my content.

Hiding behind a residential proxy and using random user agents? Gross. Learn what consent is.

tonymet · 4 days ago
try scraping any of the major players e.g. Amazon without residential proxy it won't work. I appreciate that you are offering to abide by crawling etiquette (e.g. robots.txt) but no major app supports that any more.

You're thinking about the case of big AI companies crawling your blog. I'm talking about a small startup trying to do traditional indexing and needing to run from residential proxy to make it work.

tonymet commented on Notepad++ supply chain attack breakdown   securelist.com/notepad-su... · Posted by u/natebc
kijin · 5 days ago
Well, try again. I just managed to copy a random .exe to C:\Windows\System32 using an administrator account. I got a typical UAC dialog that most people would blindly click "Continue" on, and the copy succeeded. :)
tonymet · 4 days ago
And you likely have protected folders and certainly s mode disabled
tonymet commented on Notepad++ supply chain attack breakdown   securelist.com/notepad-su... · Posted by u/natebc
kijin · 5 days ago
Well, try again. I just managed to copy a random .exe to C:\Windows\System32 using an administrator account. I got a typical UAC dialog that most people would blindly click "Continue" on, and the copy succeeded. :)
tonymet · 4 days ago
That’s via explorer not an installer
tonymet commented on Notepad++ supply chain attack breakdown   securelist.com/notepad-su... · Posted by u/natebc
yodon · 5 days ago
Is there a "detect infection and clean it up" app from a reputable source yet (beyond the "version 8.8.8 is bad" designator)?
tonymet · 5 days ago
Run MS Defender offline mode .
tonymet commented on Notepad++ supply chain attack breakdown   securelist.com/notepad-su... · Posted by u/natebc
kijin · 5 days ago
Malware can't modify files in System32, but it can drop extra files in there no problem. The only way to find and clean them up is a clean install.

In Linux, one could write a script that reinstalls all packages, cleans up anything that doesn't belong to an installed package, and asks you about files it's not sure about. It's easy to modify a Linux system, but just as easy to restore it to a known state.

tonymet · 5 days ago
False . Even escalated sustem32 is blocked by protected folders. The write silently fails and logs to MS Defender
tonymet commented on Notepad++ supply chain attack breakdown   securelist.com/notepad-su... · Posted by u/natebc
ziml77 · 5 days ago
I'd say it's more true on Linux that malware can hide anywhere if you allow a sudo prompt (which people have been unfortunately been trained is normal when installing software).

Windows enforces driver signing and has a deeper access control system that means a root account doesn't even truly exist. The SYSTEM pseudo-account looks like it should be that, but you can actually set up ACLs that make files untouchable by it. In fact if you check the files in System32, they are only writable by TrustedInstaller. A user's administrative token and SYSTEM have no access those files.

But when it comes down to it, I wouldn't trust any system that has had malware on it. At the very least I'd do a complete reinstall. It might even be worth re-flashing the firmware of all components of the system too, but the chances of those also being infected are lower as long as signed firmware is required.

tonymet · 5 days ago
not to mention secure boot kernel protection, protected folders , memory protection, real time scanning , real time behavioral scanning, signature scanning, code signing. And Windows S mode protection.

Malware and supply chain attack landscape is totally different now. Linux has many more viruses than in the past . People don’t actively scan because they are operating on a 1990s mindset

tonymet commented on Notepad++ supply chain attack breakdown   securelist.com/notepad-su... · Posted by u/natebc
kijin · 5 days ago
The only way to clean up an infected Windows system is to wipe your disk and reinstall the OS.

There are so many nooks and crannies where malware can hide, and Windows doesn't enforce any boundaries that can't be crossed with a trivial UAC dialog.

tonymet · 5 days ago
This hasn’t been true for 15 years
tonymet commented on Notepad++ supply chain attack breakdown   securelist.com/notepad-su... · Posted by u/natebc
tonymet · 5 days ago
I noticed I had version 8.9 on Dec 28, 2025 and it seems clean according to

https://arstechnica.com/security/2026/02/notepad-updater-was...

I recommend removing notepad++ and installing via winget which installs the EXE directly without the winGUP updater service.

Here's an AI summary explaining who is affected.

Affected Versions: All versions of Notepad++ released prior to version 8.8.9 are considered potentially affected if an update was initiated during the compromise window.

Compromise Window: Between June 2025 and December 2, 2025.

Specific Risk: Users running older versions that utilized the WinGUp update tool were vulnerable to being redirected to malicious servers. These servers delivered trojanized installers containing a custom backdoor dubbed Chrysalis.

t

u/tonymet

KarmaCake day4060September 3, 2015View Original