@lcamtuf Gotta love unicode. It has every superscripted lower-case letter except q.

@lcamtuf STRICTLY EQUIVALENT TO an icon to open the settings dialog is what they mean tho

@lcamtuf I believe you.

@lcamtuf I agree that the attackers would have kept looking to exploit some other vulnerability, I'm saying if either the download notification page or the individual update binaries were signed by a key not stored on the server breaching the server wouldn't have provided the attackers any additional exploitation potential (save a watering hole attack/swapping binaries to attack new users)