Allegro.cc - Online Community

Allegro.cc Forums » Off-Topic Ordeals » Attention: Secret agents need to update Notepad++

This thread is locked; no one can reply to it. rss feed Print
 1   2   3 
Attention: Secret agents need to update Notepad++
torhu
Member #2,727
September 2002
avatar

Quote:

"Vault 7: CIA Hacking Tools Revealed" has been published by Wikileaks recentely, and Notepad++ is on the list.[1] 8-)8-)8-)

Chris Katko
Member #1,881
January 2002
avatar

Except the hack only works if the computer is already compromised. (Like any traditional exploit.) So it's not like Notepad++ is shipped with a virus.

Also, notepad2-mod MASTER RACE. DOWN WITH NOTEPAD++.

-----sig:
“Programs should be written for people to read, and only incidentally for machines to execute.” - Structure and Interpretation of Computer Programs

torhu
Member #2,727
September 2002
avatar

Right, I actually use Notepad2-mod as my default editor ;D

LennyLen
Member #5,313
December 2004
avatar

I'll stick to using UltraEdit.

Derezo
Member #1,666
April 2001
avatar

...was sublime on the list!? ARE WE ALL MR ROBOT?

"He who controls the stuffing controls the Universe"

bamccaig
Member #7,536
July 2006
avatar

I guess it's neat that Notepad++ announced it and tried to guard against it. Not sure where they're finding the reference though because I couldn't find 'notepad' or 'note pad' in the referenced page.

I use Vim. >:( If anybody's going to hack my vim it's a clever Unix programmer and it's going to make it better. >:(

Bruce Perry
Member #270
April 2000

I bought Sublime - as well as Beyond Compare :)

Now if only I could find a video-editing package that had favourable licensing terms. They all feel as if they're out to get me. Take VideoPad for instance. It's by far the one I've got on best with, but they violated my trust as a customer. They offer a free version for non-commercial use, allow you to start your project, and then tell you after a week or two that you can no longer use pro version features unless you pay for it. Even if you know this is coming, there is no way to tell the software to disable pro features in advance, or to find out which features are pro ones. It is designed to trap you and force you to pay against your will. On principle, even though I like the package and would otherwise be very tempted, I WILL NOT PAY. (And no, I haven't pirated it. I found a workflow using only the free features.)

When I was considering whether to buy Sublime and Beyond Compare, I just looked into Sublime's track record of users seeming well looked after for years, and, in Beyond Compare's evaluation version, the option for specifying what level of functionality you want the program to behave as so you can truly evaluate the different purchase options - and both also allow you to install for yourself on multiple computers, which, again, VideoPad doesn't and nor does almost any other video editor in its price range - and it was a no-brainer.

(Serif MoviePlus had better multiple-computer licensing terms, and I did buy it, but unfortunately, the page turn transition was buggy so I couldn't use it for the project in question and asked for a refund. It doesn't help that their expert moved on and the software is no longer being developed. Shame, really.)

--
Bruce "entheh" Perry [ Web site | DUMB | Set Up Us The Bomb !!! | Balls ]
Programming should be fun. That's why I hate C and C++.
The brxybrytl has you.

bamccaig
Member #7,536
July 2006
avatar

I bought Sony Movie Studio or something like that a couple of years back to try to edit motovlogs. Cost me something like $120, I forget CAD or USD. It didn't really seem very great, considering it was a commercial product, and it was Windows [and Mac?] only. About a year after that I reverted back to a Linux only desktop so it was useless to me. When motovlogging came back around I discovered OpenShot, which is free software (i.e., open source). It doesn't have many fancy features, but it does have everything I ever used in the proprietary suite to date. I'm not sure what either one is capable of because I don't really know what I'm doing, but all I really need is the ability to clip and cut and add in music tracks and occasional text or images on screen.

Chris Katko
Member #1,881
January 2002
avatar

I want to start making some YouTube videos but I have no idea if any (free) video editing software is worth it. Currently my stuff only consists of single camera videos or captured game sessions with OBS.

I had an epiphany a couple nights ago that I could use PowerPoint / libre_equivalent and then record myself talking live over sections (or pre-record the audio) and sync up the slides while recording the screen view into OBS Studio. I think that would work for a variety of situations and still be super easy.

-----sig:
“Programs should be written for people to read, and only incidentally for machines to execute.” - Structure and Interpretation of Computer Programs

Bruce Perry
Member #270
April 2000

Blender has some limited video editing support. There is (or was) a real feeling of nothing being initialised properly when you create it, forcing you to set settings all over the place and waste a lot of time - but hey, it's free.

Or you can do what I did and take the free version of VideoPad. Just be aware that some of the features (certain transitions, effects and output formats) will be taken away from you after a while, so be ready for it. But then, using the built-in transitions is a perfect way to look amateur, so if you're doing anything serious, you'll probably get away with it. ;)

--
Bruce "entheh" Perry [ Web site | DUMB | Set Up Us The Bomb !!! | Balls ]
Programming should be fun. That's why I hate C and C++.
The brxybrytl has you.

jhuuskon
Member #302
April 2000
avatar

Davinci Resolve is pretty much the most advanced video editor you can get for free. Being advanced also means it has a really steep learning curve. But it's powerful and free.

You don't deserve my sig.

Bruce Perry
Member #270
April 2000

Wow :) That's going to get tried out at some point.

--
Bruce "entheh" Perry [ Web site | DUMB | Set Up Us The Bomb !!! | Balls ]
Programming should be fun. That's why I hate C and C++.
The brxybrytl has you.

Gideon Weems
Member #3,925
October 2003

jhuuskon said:

Davinci Resolve is pretty much the most advanced video editor you can get for free.

Does Lightworks not count?

Bruce Perry
Member #270
April 2000

Not when it restricts you to 720p in the free version (or 1080p if you accept being forced to use Vimeo). ;)

--
Bruce "entheh" Perry [ Web site | DUMB | Set Up Us The Bomb !!! | Balls ]
Programming should be fun. That's why I hate C and C++.
The brxybrytl has you.

Chris Katko
Member #1,881
January 2002
avatar

Yeah, I downloaded it and then got to that point and was like WTF? 720p? I'm trying to move toward 4K, FFS.

-----sig:
“Programs should be written for people to read, and only incidentally for machines to execute.” - Structure and Interpretation of Computer Programs

Gideon Weems
Member #3,925
October 2003

That sounds like crap.

Neil Roy
Member #2,229
April 2002
avatar

Nothing wrong with Notepad++. They released an update so 7.3.3 checks to make certain the effected DLL (not Notepad++ itself) is valid.

I'll continue to use it. I love it too much.

Chris Katko
Member #1,881
January 2002
avatar

I use Notepad2-mod (fork) because it some useful features over Notepad2, but N2 is still WAY less "menu overkill" than Notepad++. So it doesn't have "as many" features but the core set are great and the ones you commonly use.

And then I pull out Notepad++ if I really need the extra missing feature (rarely).

But at that point, I'm half tempted to use a real operating system (Linux) and just toss the problem into Bash/Python/etc.

-----sig:
“Programs should be written for people to read, and only incidentally for machines to execute.” - Structure and Interpretation of Computer Programs

Arvidsson
Member #4,603
May 2004

I use Notepad2-mod (fork) because it some useful features over Notepad2, but N2 is still WAY less "menu overkill" than Notepad++. So it doesn't have "as many" features but the core set are great and the ones you commonly use.

Sounds nice, I'll have to check it out! I'm always a fan of minimalism where appropriate.

MiquelFire
Member #3,110
January 2003
avatar

I use Scite. Technically I could be infected by the CIA >.>

---
Febreze (and other air fresheners actually) is just below perfumes/colognes, and that's just below dead skunks in terms of smells that offend my nose.
MiquelFire.red | +Me
Windows 8 is a toned, stylish, polished professional athlete. But it’s wearing clown makeup, and that creates a serious image problem. ~PCWorld Article

Aaron Bolyard
Member #7,537
July 2006
avatar

I use Scite. Technically I could be infected by the CIA >.>

Not to ruin the fun, but the Notepad++ exploit was used by CIA agents to mask their actions in a public setting. For example, the agent is attempting to gather information from some foreign government organization; so they open Notepad++ with the exploit DLL to run the payload while they type whatever into Notepad++ while sitting in some embassy or whatever.

Running specialized tools via some shell is suspicious. Typing something in Notepad++ isn't.

bamccaig
Member #7,536
July 2006
avatar

I'm not sure that's the case because if it was they wouldn't need a mechanism to hijack Notepad++ in the wild. If they control the machine they can easily modify it.

In terms of using Notepad++ to mask suspicious behavior, I imagine to most people Notepad++ would be suspicious in itself (it's not the kind of software the average Joe would be used to). A better solution would likely be some kind of special kernel that intercepted a keypress combo and then silently treats then next string of inputs specially without echoing anything. E.g., Shift+Esc or maybe AltGr+m. Now every key on your keyboard is mapped to a command to run, including one that might allow silent shell access. Windows is such an unimaginative community. :P

Aaron Bolyard
Member #7,537
July 2006
avatar

bamccaig said:

I'm not sure that's the case because if it was they wouldn't need a mechanism to hijack Notepad++ in the wild. If they control the machine they can easily modify it.

Simply put, you're wrong.

The Fine Dining tools, which Notepad++ was a part of, were made to hide the actions of CIA operatives.

1) https://wikileaks.org/ciav7p1/cms/page_20251099.html

2) https://blogs.sophos.com/2017/03/10/qa-wikileaks-the-cia-fine-dining-and-dll-hijacks/

You don't want to be running unusual programs. You'll blow your cover.

bamccaig
Member #7,536
July 2006
avatar

Simply put, you're wrong.

I can't be wrong because I didn't assert anything. I merely weighted your assertion against the behavior of everybody else. If it is as you say it is then it's not an exploit in any way and it has absolutely fuck all to do with the software listed. That means no "fix" can be done and the work they did to validate the DLL certificate was a complete waste. While that might well be the case, it makes me wonder why anybody is giving this any time at all (including us). It sounds like a complete non-issue in terms of software security. The only people that should be interested are those that may be targets of the exploit, to know that they need to watch for innocent software too. But I think that goes without saying that a intrusive software can be running in the background. It's only in the Windows world that people assume every program must have a flashy window in front of it that explains how it works. In any case, we should close the thread because clearly we're discussing something that didn't happen.

{"name":"NXbL3.gif","src":"\/\/djungxnpq2nug.cloudfront.net\/image\/cache\/8\/3\/839a0cf509ad09cdc97b15d6150d8f3f.gif","w":495,"h":279,"tn":"\/\/djungxnpq2nug.cloudfront.net\/image\/cache\/8\/3\/839a0cf509ad09cdc97b15d6150d8f3f"}NXbL3.gif

Aaron Bolyard
Member #7,537
July 2006
avatar

bamccaig said:

It sounds like a complete non-issue in terms of software security.

Which gets more clicks? "Notepad++ exploit used by CIA to spy" or "CIA has zero days exploits and uses them to spy on foreign targets"?

The dangerous parts of the leak, in my opinion, are the bountiful number of zero days for all sorts of software/devices and the ability for the CIA to reasonably deflect blame by utilizing malware from other states and hacking groups.

 1   2   3 


Go to: