top | item 46852467

(no title)

sodality2 | 28 days ago

How do you deal with the opposite, software that you forget to update but contains vulnerabilities discovered/exploited later?

discuss

Lammy|28 days ago

I use a package manager that checks the hash of the downloaded installer against what's recorded in the package listing for that version. WinGet has been built in to Windows since one of the 2018-era releases of Windows 10: https://i.ibb.co/VYGXdc56/2026-02-01-20-46-28-Greenshot.png

hypeatei|28 days ago

Integrity checks say nothing about the package authenticity, though. State sponsored actors could just... change the hash on the listing in a hypothetical attack.