A few days ago, Notepad++ got compromised—apparently by a state actor (or a proxy). And now, today, ...

r2vcap • today at 9:02 AM • 5 replies • view on HN

A few days ago, Notepad++ got compromised—apparently by a state actor (or a proxy). And now, today, Windows’ built-in Notepad has a fresh CVE. What a life.

At this point, what am I supposed to do other than uninstall Windows completely? No real sandboxing, a mountain of legacy…

Replies

dgxyz • today at 9:13 AM

Well technically Unixes like Linux are a mountain of legacy and they are fine.

Windows is just a mountain of shit.

➕ show 3 replies

karel-3d • today at 12:21 PM

Visual Studio Code was not compromised.

➕ show 2 replies

agumonkey • today at 9:35 AM

we still need a mouse icon rce until we reach peak

TZubiri • today at 10:45 AM

>No real sandboxing, a mountain of legacy…

You have:

- Windows Sandbox (consumer-level sandbox) - Creating a separate User (User folders are permission locked to their user by default, system binaries cannot be modified without admin access) - HyperV (VM hypervisor) - Edge Browsers

Don't get me wrong MSFT quality is dropping steeply, but this is still a strong point. For comparision, on Ubuntu, user folder by default can be read by all users.

➕ show 1 reply

cookiengineer • today at 12:14 PM

I still use VIM in the terminal. So far, I'm fine, but I assume there's gonna be some inevitable CI/CD compromises sooner or later.

alt Hacker News

Replies