Comment by torpid

Long ago, Canonical did some shady stuff with the now-deprecated apt-key "net-update" signing validation for updating of GnuPG keys over the network, an exclusive Ubuntu "feature" Debian didn't even adopt that in theory allowed the same thing.

First I thought CVE-2012-3587 was incompetence... but then seeing CVE-2012-0954 after it, I couldn't help think something more was at bay as something connected to a nation state. It does not surprise me in the least to see nation state attackers exploiting N++. Because I've also on very sensitive enterprise PAM systems in F500/research/academia, and about 10% of the time it felt like I'd see Notepad++ on internet-connected systems used for security tooling because vanilla notepad is indeed garbage. It does not surprise me at all this has been used as an attack vector.