this post was submitted on 19 Oct 2023
227 points (100.0% liked)

Technology

37527 readers
351 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
alyaza@beehaw.org
TheRtRevKaiser@beehaw.org
gyrfalcon@beehaw.org
rs5th@beehaw.org
coldredlight@beehaw.org
Los@beehaw.org
SemioticStandard@beehaw.org
TheRtRevKaiser@kbin.social
remington@beehaw.org
227
Google-hosted malvertising leads to fake Keepass site that looks genuine (arstechnica.com)
submitted 10 months ago by sylverstream@lemmy.nz to c/technology@beehaw.org
25 comments fedilink hide all child comments
all 33 comments
sorted by: hot top controversial new old
[–] fxr0d@feddit.de 68 points 10 months ago

"... please deactivate your adblocker ...." they said.

[–] JakenVeina@lemm.ee 36 points 10 months ago (1 children)

Wow. Valid cert, matching icon, identical web page, and virtually-identical URL. I absolutely would have fallen for that, and I've been meaning to visit KeePass's website and download the latest version, too.

[–] Exec@pawb.social 17 points 10 months ago (1 children)

Valid cert

That means nothing nowadays regarding authenticity

[–] mp3@lemmy.ca 10 points 10 months ago (1 children)

Except when it's an Extended Validation certificate, which requires the requester to go through a manual vetting process.

But apparently for some reason, Firefox doesn't show the EV label in the URL bar anymore.

[–] nekusoul@lemmy.nekusoul.de 7 points 10 months ago* (last edited 10 months ago)

That's because EV certs were not only a pretty awful idea in hindsight (A, B), but also because humans aren't really good at checking the security and trustworthiness of a website (C) in general, which is why browsers have collectively started to stop signalling HTTPS as something to be trusted all together.

[–] TheTimeKnife@beehaw.org 26 points 10 months ago (1 children)

We need radical criminal penalties on the books for facilitating malware with ads. You shouldn't be able to wash your hands of being a major malware distributor.

[–] Nath@aussie.zone 2 points 10 months ago (1 children)

As an admin on a Lemmy instance, I don't like this idea. If I were to be personally, criminally held responsible for something one of our users put on the web...

Well, let's just say I'd be getting out of the Lemmy admin game. So would everyone else.

[–] TheTimeKnife@beehaw.org 3 points 10 months ago

If you aren't making decisions about ad serving, obviously it wouldn't effect you. If you are choosing ads to serve, and don't care about their reputation, that's a problem regardless of how much it bothers you.

This is far more important then a few lazy web admins that want to profit from scamming their users.

[–] AnonStoleMyPants@sopuli.xyz 21 points 10 months ago (2 children)

The bot skips an important point. The site looks really close to the genuine site, only difference being "ķeepass dot info" and not "keepass". Definitely easy to miss.

[–] teawrecks@sopuli.xyz 32 points 10 months ago (3 children)

I feel like browsers should flag urls with unicode in their domains as suspicious by default. Maybe they already do, not sure. It's honestly surprising to me in 2023 if they don't.

I wouldn't mind if FF popped up and said "hey, take another look at that URL" and very clearly drew attention to the weird k character. Of course it would have a "I'm absolutely sure this isn't a scam, I own this domain or know who owns it and you don't need to warn me about it in the future" button, but better safe than sorry.

[–] Bazz@feddit.de 1 points 10 months ago

I thought that they only show unicode chars if they are used in one of the installed languages of the browser and if not they show the punycode instead 🤔

[–] douglasg14b@beehaw.org 5 points 10 months ago

Incredibly easy to miss, damn.

[–] b9chomps@beehaw.org 18 points 10 months ago

This is how you get ~~ants~~ adblockers

[–] dannym@lemmy.escapebigtech.info 12 points 10 months ago

As time marches on, my skepticism about there being ONE smart google employee only grows.

[–] autotldr@lemmings.world 3 points 10 months ago

🤖 I'm a bot that provides automatic summaries for articles:

Click here to see the summaryGoogle has been caught hosting a malicious ad so convincing that there’s a decent chance it has managed to trick some of the more security-savvy users who encountered it.

Combining the ad on Google with a website with an almost identical URL creates a near perfect storm of deception.

“Users are first deceived via the Google ad that looks entirely legitimate and then again via a lookalike domain,” Jérôme Segura, head of threat intelligence at security provider Malwarebytes, wrote in a post Wednesday that revealed the scam.

The ads were paid for by an outfit called Digital Eagle, which the transparency page says is an advertiser whose identity has been verified by Google.

When in doubt, people can open a new browser tab and manually type the URL, but that’s not always feasible when they’re long.

Another option is to inspect the TLS certificate to make sure it belongs to the site displayed in the address bar.

Saved 63% of original text.

[–] Doener@feddit.de 2 points 10 months ago (2 children)

"Paid for by an outfit" what does that mean?

[–] Mini_Moonpie@startrek.website 15 points 10 months ago

You know, a cute blouse with a kicky pair of trousers. An outfit.

[–] ram 6 points 10 months ago

Company