Notepad++ Update Fixes 'CIA Hacking' Issue

Free software Notepad++ (released under the GNU General Public License) received a new update this week which was announced under the headline "Fix CIA Hacking Notepad++ Issue". The CIA documents in WikiLeaks' 'Vault 7' included a "Notepad++ DLL Hijack" document which affected the popular Windows editor for text and source code. "It's not a vulnerability/security issue in Notepad++, but for remedying this issue, from this release (v7.3.3) forward, notepad++.exe checks the certificate validation in scilexer.dll before loading it," reads the announcement. From the Notepad++ web site: If the certificate is missing or invalid, then it just won't be loaded, and Notepad++ will fail to launch. Checking the certificate of DLL makes it harder to hack.

Note that once users' PCs are compromised, the hackers can do anything on the PCs. This solution only prevents from Notepad++ loading a CIA homemade DLL. It doesn't prevent your original notepad++.exe from being replaced by modified notepad++.exe while the CIA is controlling your PC.
The update also includes "a lot of enhancements and bug-fixes," and if no critical issues are found, "Auto-updater will be triggered in few days."

Vault 7

[war4peace]

It helps knowing all those things. Now, whoever isn't lazy/incompetent/in bed with the CIA will implement required changes to eliminate vulnerabilities.

Re:Vault 7

Now, whoever isn't lazy/incompetent/in bed with the CIA will implement required changes to eliminate vulnerabilities.

I suggest you read that second paragraph again.

Maybe than you will realize that when some three-letter agency is able to exchange the DLL or the executable for something they wrote they can do that as easily for a gazillion other DLLs and executables on your computer, and that your "lazy/incompetent/in bed with" is nothing more than either ignorance, or sticking your head into the sand.

Or trolling, lets not forget that one.

Re:Vault 7

Somebody on CNN told me so

No they didn't.

Re:Vault 7

Another retarded Trump supporter trying to pretend CNN lied about something, sad!

Re:Vault 7

Another Hitlery supporter believing what the Communist News Network feeds them. Why isn't Hitlery in prison?

Re:Vault 7

If you believe Hillary, Trump, CNN or FOX, you're a fucking Looney. They are equally corrupt.

Re:Vault 7

[PolygamousRanchKid+]

Now, whoever isn't lazy/incompetent/in bed with the CIA will implement required changes to eliminate vulnerabilities.

Why don't we eliminate the CIA instead? They are the problem.

It's "legal-ish" for the CIA to install malware on the devices of US citizens. It is also legal in the US for the CIA to install malware on the devices of foreigners anywhere in the world.

However, in most countries of the world, a foreign agency installing malware on devices of its citizens is a crime of espionage, or an act of war. Unfortunately, the CIA doesn't care about harming US citizens, and most definitely doesn't give a rat's ass about harming folks of other countries. Any legal action against the CIA will get you nowhere, really fast.

So how can you fight back? Well, kick the CIA where it hurts . . . right in their balls. The CIA has two types of agents in foreign countries, so-called "legals" and "illegals". "Legals" work in a consulate or embassy and have diplomatic immunity. "Illegals" are undercover and have no diplomatic immunity. You have no chance as a common citizen of identifying an "illegal".

"Legals", on the other hand, are quite easy to spot. They will usually have some innocuous sounding title, like, "Under Secretary for Cultural and Economic Exchange". So they can just hang out at cocktail parties and listen to political gossip. "The Economist" recommends: "Just look for someone who is obviously too clever for their job." CIA agents also run the visa department of US embassies and consulates. The want to check out folks even before they travel to the US.

So just visit your local US embassy or consulate, ask for a visa to the US. The guy who interviews you will be a CIA agent. Do NOT bring any devices with you! Wait outside after closing time for the agent to walk outside.

Then just kick him in the 'nads. If enough people in the world would do this, maybe even the US might think about taking notice of this.

Re:Vault 7

[GuB-42]

What Notepad++ did is just a patch to prevent a specific exploit from being used, the underlying "vulnerability" is still there. This may be effective against inexperienced script kiddies but It won't stop the CIA or any self respecting cracker.
DLL hijacking is actually a feature rather than a bug on general purpose OSes like Windows and Linux. It is very useful for development. Eliminating these kinds of vulnerabilities at a fundamental level means locking down the system, which can be done (ex : Microsoft AppLocker) but it is typically not what power users (the kind that use Notepad++) want.

Re:Vault 7

Thank you for your interest in joining the Gay Wigger Admirers of Donald (GayWAD)! GayWADs worldwide are happy that you'd like to become part of our

constantly enlarging member ship (come sail away 8=====D~)

Unlike other fraternities you might have heard about, GayWAD accepts members of all races, creeds, and colors, as long as you're a white Christian male. As our founders stated in the Annals of GayWAD, Chapter 8: "You don't have to be capable of critical thinking, as long as you like it Greek." They were, of course, referring to the Russian penis in your anus style of sexual relations. Don't despair, as attaining full fabulous lifetime status in GayWAD is easy. The only prerequisites for membership in Gay Wigger Admirers of Donald are that you meet all of the following conditions:

1. 1. Unwavering cult-like worship of Donald Trump, who does no wrong and speaks only truth

To submit your official Gay Wigger Admirers of Donald membership application, simply do nothing. Congratulations, you're now a GayWAD! Your membership kit* is on its way**.

If you require a specific membership number for purposes such as framing, docking, or prestigious inclusion upon your VKontakte profile and coal-mining uniform, please take down this number: 69.

Optionally, you may complete the following survey by replying to this post, indicating affirmative responses with an X in each appropriate box:

GayWAD Membership Survey (OPTIONAL)

[ ] I am secretly gay, but hate gay people because Donald does
[ ] I am a wigger, but hate non-white people because Donald does
[ ] I have used BREITBART.COM to find a sex partner

After completion of this optional survey, your Slashdot post ID shall serve as your unique Gay Wigger Admirers of Donald membership ID.

*Sorry, GayWAD membership kit no longer includes Ivanka Trump brand panties.

**Arrival not guaranteed due to cuts in Postal Service budget.

Re: Vault 7

Bigly

Re:Vault 7

"The Economist" recommends: "Just look for someone who is obviously too clever for their job."

Fuck. That's me. Now I'm a target for every counter espionage effort.

Re:Vault 7

notepad++ can't fix issue themselves, it's upstream in a library of http://scintilla.org/

Re:Vault 7

[WD]

Except there isn't a DLL hijacking vulnerability at all. The CIA "issue" is that on an already-compromised computer, an administrator-privileged attacker can replace a Notepad++ DLL with one that does something else.

Notepad++ itself cannot do anything to protect itself from being hijacked in such a way.

Re: Vault 7

This is why software signatures matter

Re:Vault 7

Yeah, it won't stop the CIA; it won't even slightly get in their way. The reason for this is that HE JUST TOLD THEM WHAT HE WAS DOING. If all of a sudden all of the compromised Notepad++ instances popped up a "You've been hacked by the CIA - click here for more information" it would probably do something.

Re: Vault 7

An honest question: is it safe to use anything? If not, why care about it? Do we just assume everything not in high encryption is in the CIA database? Why the fuck do they care to see my crap?

And as a software developer, should I do something for my hobby projects source code? What about if its for a Saas company?

Where to start? How to manAge it? Or don't even bother?

Re: Vault 7

[dilvish_the_damned]

They are all differently corrupt.

Re:Vault 7

I'll bite, what did CNN lie about?

Re:Vault 7

[ ] I have used BREITBART.COM to find a sex partner

I just threw up a little in my mouth

Re: Vault 7

Everything. Sad!

Re:Vault 7

Why don't we eliminate the CIA instead? They are the problem.

The CIA was created in large part to remedy the problem that the United States had suffered in the opening phases of the last two world wars, namely that we were caught with our pants down by enemy attacks due to lack of professional and coordinated intelligence gathering. During the first world war, the United States was caught woefully unprepared by the initiation of unrestricted submarine warfare by Germany and the Zimmerman telegram, which attempted to entice Mexico into invading the United States. At the beginning of the second world war we were caught almost completely by surprise at Pearl Harbor in Hawaii when naval and air forces of the Empire of Japan wrecked our Pacific Fleet. In both cases, some measure of good fortune prevented these incidents from becoming unmitigated disasters, but after being snookered twice by our enemies at the outbreak of war it was decided that in the future we would maintain a professional intelligence gathering and analysis capability so that we would be better prepared both to respond to threats and to preempt them before they led to war. Furthermore, since existing military intelligence was focused on tactical matters and military affairs, and given the long aversion in the United States towards military control of key government functions, it was decided that this Central Intelligence Agency (CIA) was to be staffed and run by civilians and not under military control. Thus the CIA, generally an honorable and necessary institution serving the legitimate democratic interests of the American people, was born. Now, have there been mistakes and missteps over the years? Certainly, we're all only human after all, but an honest analysis of the publicly available information overwhelmingly supports the conclusion that the benefits have outweighed the drawbacks when considered as a whole since the founding of the agency.

Re:Vault 7

That is just the mainstream bullshit story. Learn some real history. The same people who funded the Nazi founded the CIA.

Re:Vault 7

That's because you're a pathetic little snowflake who is ill-equipped to deal with the real world.

Go grab your play-dough and coloring books and snuggle your teddy bear while you suck your thumb.

Re: Vault 7

They lied about not giving Hillary debate questions four fucking times before debates against Sanders and later Trump.

They then had the fucking audacity to accuse her opponents of being unprepared.

Go fuck yourself, you shill piece of shit.

Re: Vault 7

Is that what they call it now? 'Suckling your thumb'?

Re:Vault 7

Why would she again?

Re:Vault 7

[sexconker]

At the beginning of the second world war we were caught almost completely by surprise at Pearl Harbor in Hawaii when naval and air forces of the Empire of Japan wrecked our Pacific Fleet.

Fucking wrong. We were warned by the British well in advance. We let the attack happen so we could finally get public support for the war.

Re:Vault 7

[sexconker]

notepad++ could not rely on external DLLs. Monolithic executables should make a comeback. Storage and memory are cheap, and we'll never see an end to the attacks that rely on manipulating shared memory. Using shared memory for anything important is like using a public bulletin board to file your taxes.

Re:Vault 7

[rew]

Imagine you have a sixyearold who doesn't want to go to school, so he hides the car keys. This morning he hid the keys in the honey pops box. So you decide to put an alarm on the honey pops. Not the fruitloops next to them, not the sugar bowl, not the fridge! Thousands of other places to hide the item, but you put an alarm on the ONE spot he used this time (And you tell him about the alarm!).

This is very similar to how this "FIX" affects the CIA from "hiding the keys" again.

It is wrong to publish about this issue calling this a "FIX".

A "fix" would pose a significant barrier to entry, or at least close this one issue that would allow entry.

Re:Vault 7

I'm pretty sure the exact same thing happened on 9/11

Re:Vault 7

[ptaff]

Monolithic executables should make a comeback. Storage and memory are cheap

Saving memory and storage is only one of the reasons shared libraries constitute a better idea. Say they find a vulnerability in one shared library; after an update of said library, all programs using it are automagically updated. You don't have to update each and every program (and wait for each and every program's maintainer to fix the vulnerability and release a new version).

Re:Vault 7

"Also interesting is, remember, it’s illegal to possess these stolen documents. It’s different for the media. So everything you learn about this, you’re learning from us."

Re: Vault 7

[Archangel+Michael]

Qualitative vs Quantitative subjective determination!

Re:Vault 7

[Archangel+Michael]

The whole Russians Hacked the Elections story line, which was false from the beginning, and now we know the extent of that lie.

Made for great fodder against Trump for the last 9 months though. Great coverup for the Democrats being incapable of securing anything.

Re: Vault 7

[coteriescavenger]

Or, this when CNN lied about the size of Hillary's crowds as if she was doing well, and then acting surprised when Trump won in a landslide, as if they didn't know it was probable. http://www.truthrevolt.org/new...

Re:Vault 7

Go home GNAA, you're drunk!

Re:Vault 7

In addition, I'd like to say that Trump will be the greatest precedent since Anthony Jackson and I expect that we'll see him on currency within the decade.

- Archangel Michael -

In Soviet 'Russia'

In Soviet 'Russia' notepads hack you

Features == vulnerabilities

[Waffle+Iron]

This is why I still do all of my development work in edlin.

Re:Features == vulnerabilities

[OffTheLip]

I agree that simplicity is best. I prefer vim but props to the Notepad++ team for fixing this.

Re:Features == vulnerabilities

[Gravis+Zero]

This is why I still do all of my development work in edlin.

Ha! You millennials and your newfangled volatile memory! I'll stick to punched tape, thanks. ;)

Re:Features == vulnerabilities

[Jeremi]

I agree that simplicity is best. I prefer vim but props to the Notepad++ team for fixing this.

Vim is the most secure editor, because so far nobody at the CIA has been able to figure out how it works.

Re:Features == vulnerabilities

[pz]

Ed is the standard. Edlin is, of course, based on ed.

https://www.gnu.org/fun/jokes/...

"Ed is for those who can remember what they are working on." - patl.

Re: Features == vulnerabilities

Pressing the escape key then a bunch of sndon keypresses usually works for me.

I am secure

[Billly+Gates]

I just use cat. I guess Ed is secure too since no one else's it anymore

Re: I am secure

'I just use Visual Studio.'
FTFY

Re:I am secure

Weren't you supposed to be leaving /.? Just fuck off already...
https://slashdot.org/journal/7...

In USA

[jamander4]

In peace and freedom loving USA secret police hack you and your TV and phone and car and computer.

Some people have to jump on new technology!

[Futurepower(R)]

"... punched tape..."

Punched tape!!! Some people have to jump on new technology. I engrave characters in stone. Let the CIA try to modify that remotely.

Re:Some people have to jump on new technology!

[sconeu]

You had stone engraving?

We had to make mud tablets, and wait for metamorphic pressure to turn them into rock.

Chrome is with the CIA

https://wikileaks.org/ciav7p1/...
Chrome Portable DLL Hijack

Chromelooks for "DWrite.dll", a system DLL, adjacent to itself (under \app\Chrome-bin) before correctly finding it

This DLL is ideal for hijacking as it only exports one function (at ordinal #1) with the following prototype:

HRESULT DWriteCreateFactory(DWRITE_FACTORY_TYPE, REFIID, IUnknown**)

The DWRITE_FACTORY_TYPE is an enum defined in Dwrite.h, however we cannot #include this header as doing so will declare the function as an extern.

Instead, we can either create a dummy enum with only two values (as the real DWRITE_FACTORY_TYPE only has two options) or simply use a INT variable in its place.

Trojan Notepad++

Yeah, but who checks the checkers?

(How do you know that you're running the real Notepad++?)

Re:Trojan Notepad++

How do you know you aren't in the Matrix, and that computer you think you're operating isn't just sending characters directly to THEM?

WTF LibreOffice

LibreOffice Portable DLL Hijack shows a huge wall of DLL loads.

Procmon screenshot of some vulnerable DLL loads:

TL;DR: use dbgcore.dll in \app\libreoffice\program

Do we have a mole?

This is idiotic.

[WD]

From the Notepad++ page (and even the Slashdot summary): "Note that once usersâ(TM) PCs are compromised, the hackers can do anything on the PCs."

Repeat after me: If my computer is compromised, there's nothing that any individual app on the system can do to protect itself from being hijacked.

There's nothing to see here.

Re:This is idiotic.

[eyenot]

If it's so idiotic, maybe you shouldn't be grandstanding your version of saying the same god damned thing, you chum huffer.

Could just use Geany instead

[TheOuterLinux]

Geany (Linux/Mac/Window$) is a lot better than Notepad++ anyway. And guess who doesn't use dll's? Unix. Stop with the Window$ already. Linux is free and other than video games and deliberately installed spyware, it does everything Window$ does. And for anyone that's tried Linux and had problems, it's because of all the 64-bit Qt eye candy running on a motherboard that just a few years ago, was impossible to install anything else but Window$ or ChromeOS on and they both did it on purpose. If your computer came with Windows 7 or earlier or any MacBook, it'll run Linux just fine. If you're a graphics gaming weirdo trying to hack your card, what you break or crash out of impatience is your own fault. I dare anyone to tell me what Window$ does better, besides video games (duh). And even then, that's really a Direct issue. OpenGL has come a long way. Though, be aware that Visual Basic is now available for Linux, as well as Unreal Engine. Both Game Maker Studio and Unity3D export to Ubuntu (64-bit). Daz Studio and Office 2013 run via WINE on Linux as well. There's not a whole lot it can't do, it's just there's not as much money in developing for Linux at the moment unless you do server work. Linux and open source software have a lot more documentation too.

Re:Could just use Geany instead

[Opyros]

I dare anyone to tell me what Window$ does better

You can get decent OCR software for Windows; open-source substitutes are laughable when you look at their error rates.

Re:Could just use Geany instead

What incoherent rambling bullshit.
"If you tried Linux and ran into any problems, it's your own fault. If you did basically anything at all, yeah, that's your fault too."

WTF? Whatever it is you're taking, you need to either take more or less of it.
Also, the unix version of dlls is so, and injection happens with e.g. LD_LIBRARY_PATH. Why exactly is that different again?

Re: Could just use Geany instead

UNIX uses shared object files (.so extension). They are just the same as .dll files. You can use "ldd" to see the list of dependencies and check if anything is missing from your load path (LD_LIBRARY_PATH).

Re: Spying

I just went to lookseek. Looks like they don't have even close to the search results - they aren't indexing what google is and can't even be close.

Sooooo, I don't get the results I need. Back to google. Nice try for marketing but like AMD , you fall short.

Obligatory: Intel CPU Backdoor Alert

Intel CPU Backdoor Alert (Updated Mar 12, 2017)

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge.
What we know about the Intel backdoor so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak:

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware is in the chipset flash chip (Intel Management Engine).

ccc.de: "Our presentation covers a DMA malware that benefits from an isolated network channel to update the attack code and to exfiltrate captured data. To be more precise, we show how to conduct a DMA attack using Intel's Manageability Engine (ME)."

30C3 Intel ME live hack, @21m43s, keystrokes leaked from Intel ME outside the OS, wireshark cannot detect packets:
[Video Link] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware

The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal is tricky and requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort. If you are skilled in BIOS/Firmware, download some of the Intel ME firmware from this collection have a go at it (Intel used various decode counter measures, explained below).

Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops

1. Introduction, what is Intel ME

Short version, from Intel staff:

Re: What Intel CPUs lack Intel ME secondary processor?
Amy_Intel Feb 8, 2016 9:27 AM

The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional part in all current Intel chipsets, I even checked with the engineering department and they confirmed it.

Long version:

ME: Management Engine

The Intel Management Engine (ME) is a separate computing environment physically located in the MCH chip or PCH chip replacing ICH.

The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating system's memory as well as to reserve a region of protected external memory to supplement the ME's limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or PCH).

The Intel Management Engine with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the networ

Re:Obligatory: Intel CPU Backdoor Alert

APK will save me with shadow stacks!

Re:Obligatory: Intel CPU Backdoor Alert

30C3 Intel ME live hack, @21m43s, keystrokes leaked from Intel ME outside the OS, wireshark cannot detect packets:

Because wireshark was installed on the same machine being investigated. If wireshark is at the gateway or installed at the router, there's no way the packet can escape undetected, unless if your router has an intel CPU with IME then it is possible the packet can leave your gateway/router undetected. But most cheap generic routers would pick up the packet even by the simplest of tools under Linux like netfilter.

Re:Obligatory: Intel CPU Backdoor Alert

The ME packets can also be captured by a $5 DIY ethernet splitter.

The hack was to demonstrate:
1. Intel ME works out-of-band.
2. Intel ME as a backdoor, has its own backdoors (intentional or not).

And what if CIA/NSA hackers use WiFi or Wireless Display packets? All you'll capture over the air is encrypted stuff only they have the key to.

Cheating spouse?

Hi, I'm Leslie ..I had my friend help me hack into my spouse's hotmail , SMS , facebook,Skype ,WhatsApp,call logs,when I suspected he was cheating. If u need help,Feel free to shoot him an email at (charlescyberwiz@gmail.com).870-513-0365. Tell him Leslie reffered u to him and he'll help. Goodluck.

How is this a hack?

[FeelGood314]

The CIA had to get me to install and register a malicious DLL. If they can get me to do that then they can do worse than this. It just seems like the DLL is a place for them to have hidden a malicious payload. They could have chosen a number of other places and likely will just switch now.

Re:How is this a hack?

[eyenot]

Um, can we say "war of attrition"?

Is that too much work (to say)?

Better link / better explanation of what happened

[FeelGood314]

This isn't a hack of notepad++

Better link

[FeelGood314]

http://web.archive.org/web/201...

Re:It's why I built this as a standalone .exe

Quit spamming fuckboy, nobody cares about your useless shit.

Score:0, Informative

NSA/CIA minions working overtime.

Re:It's why I built this as a standalone .exe

I submit you do care. Your fear of your admoney or botnet being taken out is palpable and obvious.

Monolithic executables?

[Larsen+E+Whipsnade]

Got mixed feelings about this. There's a real security risk that this would help a lot with. But... user desires and code bloat always expand to take all available resources. So, there is a downside.

What if the executable itself is compromised? Really, we need a coherent philosophy re digital signing. Do we cede control to the owners of the certificates, or to hackers? I say neither. If the signature is broken, always inform the user and always let the user make a command decision.

If the owner of a host signs his own executables, that's fine - if he builds them himself from source. Make sure we allow this on all binaries. Don't mandate a particular signing authority. But then we must inform always inform the user at runtime just who signed what he's about to load. Because hackers can sign, too.

Informed consent, and the user beware.

/.ers make U EAT UR WORDS skulking ac worm

I'm going to continue using the Host File Engine. Your software is well written, functional. The Host File Engine performs exactly as promised by mmell

his hosts program is actually pretty good by xenotransplant

I've never tried to belittle (APK's) work, I've flat out said it's good by BronsCon

APK is kinda right. I've tried his hosts file generating software. It works by bmo

I like your host file system by Karmashock

I find your hosts file admirable by vel-ex-tech

his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg

APK is totally right on this count. Adblock Plus on Firefox mobile is a dog on older, or lower end, phones. A hostfile based adblocker makes for a much better experience by chihowa

* Recommended & hosted by Malwarebytes' hpHosts!

APK

P.S.=> What's that u said UNIDENTIFIABLE anonymous cowardly no balls skullking worm?... apkI like your host file system

Clueless hacker

Wow, that CIA user does seem a bit clueless. From the leak:

"Notepad++ loads Scintilla, a "code editing component" [...] This DLL exports only one funciton named "Scintilla_DirectFunction" at ordinal #1 [...]
For the life of me, I couldn't get this function to be called – I even installed additional plugins that were supposed to interact with Scintilla directly."

How about googling? The exported function is just a workaround for languages that don't support fetching the function pointer via SendMessage(), so it really shouldn't come as a surprise Notepad++ never calls it.

Certificates != Security

Can we PLEASE, PLEASE, PLEASE stop with this crap about how certificates create security? Just because things are signed by a trusted certificate doesn't mean they are secure. We know this is true because those who issue certificates are not themselves trustworthy, as they play for the CIA/NSA/FBI/GSA team.

Every Windows PC installed comes with a bunch of "trusted" certificates in their certificate stores, which automatically trust certs signed by Verisign and dozens of other untrustworthy certificate issuers.

Every HTTPS connection out there can be MITMed by anyone with a back door into a "trusted" CA.

There is no such thing as security on today's Internet. None at all. Let's just dispense with the myth of security today and figure out what to do next.

doesn't that make DOS easier?

Wouldn't this make it really easy for an attacker to "deny" Notepad++? Presumably cause them the users will switch to CiaHacksULongTimeEditor ?

It's why I built this as a standalone .exe

NO DEPENDENCIES on faulty 3rd party dlls (hostman may via SQLite) in APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/

Ads/script & malware rob speed/security/privacy

Hosts add speed (via hardcodes/adblocks), security (vs. bad sites/malware/poisoned dns), reliability (vs. dns down), & anonymity (vs. dns requestlogs/trackers).

Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity & faster vs. addons/routers/remote dns!

Avoids DNSChangers in routers/IP settings & dns redirects (99.999% of ISP DNS != patched vs. it) + lightens DNS load & resolves faster from local system RAM!

* Via what u NATIVELY have built into the IP stack in FASTER kernelmode!

APK

P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/