p*******m 发帖数: 20761 | 1 08 Mar 2017 21:58:00
"Vault 7: CIA Hacking Tools Revealed" has been published by Wikileaks
recentely, and Notepad++ is on the list.
The issue of a hijacked DLL concerns scilexer.dll (needed by Notepad++) on a
compromised PC, which is replaced by a modified scilexer.dll built by the
CIA. When Notepad++ is launched, the modified scilexer.dll is loaded instead
of the original one.
It doesn't mean that CIA is interested in your coding skill or in your sex
message content, but rather it prevents raising any red flags while the DLL
does data collection in the background.
For remedying this issue, from this release (v7.3.3) forward, notepad++.exe
checks the certificate validation in scilexer.dll before loading it. If the
certificate is missing or invalid, then it just won't be loaded, and Notepad
++ will fail to launch.
Checking the certificate of DLL makes it harder to hack. Note that once
users’ PCs are compromised, the hackers can do anything on the PCs. This
solution only prevents from Notepad++ loading a CIA homemade DLL. It doesn't
prevent your original notepad++.exe from being replaced by modified notepad
++.exe while the CIA is controlling your PC.
Just like knowing the lock is useless for people who are willing to go into
my house, I still shut the door and lock it every morning when I leave home.
We are in a f**king corrupted world, unfortunately.
Otherwise there are a lot of enhancements and bug-fixes which improve your
Notepad++ experience. For all the detail change log, please check in the
Download page.
Download 7.3.3 here:
Notepad++ Download
https://notepad-plus-plus.org/download/v7.3.3.html
Auto-updater will be triggered in few days if there's no critical issue
found.
If you find any regression or critical bug, please report here:
https://notepad-plus-plus.org/community/topic/13415/v7-3-3-fix-cia-hacking-
notepad-issue |
|