To be very clear, your statement "Rainmeter has been mentioned as a possible source for Man in the Middle attacks on Windows machines" is not correct. The "source" is actually the compromised internet service provider (not named in the article). The attacker is then using the compromised ISP to insert himself between the ISP and the Rainmeter update. That said, this does not mean the Rainmeter update mechanism couldn't use some additional security.Hi,
Thank you for this excellent piece of software, have been using it for many years as Windows' Conky equivalent.
Recently, Rainmeter has been mentioned as a possible source for Man in the Middle attacks on Windows machines:
https://arstechnica.com/security/2024/08/hacked-isp-infects-users-receiving-unsecure-software-updates/
(Rainmeter mentioned in second paragraph)
Just wondering if there have been any developments to mitigate this with a more secure update mechanism?
Thanks again for a really well designed application.
Statistics: Posted by SilverAzide — Today, 4:36 pm