• webghost0101@sopuli.xyz
      link
      fedilink
      arrow-up
      7
      ·
      1 year ago

      Their youtube policy are also a complete joke because of it.

      Swearwords : oh lord someone think of the advertisers, who would want to do bussiness like that…

      Actual scams, illegal practices and gambling: 👍

  • JakenVeina@lemm.ee
    link
    fedilink
    arrow-up
    36
    ·
    1 year ago

    Wow. Valid cert, matching icon, identical web page, and virtually-identical URL. I absolutely would have fallen for that, and I’ve been meaning to visit KeePass’s website and download the latest version, too.

      • m-p{3}@lemmy.ca
        link
        fedilink
        arrow-up
        9
        ·
        1 year ago

        Except when it’s an Extended Validation certificate, which requires the requester to go through a manual vetting process.

        But apparently for some reason, Firefox doesn’t show the EV label in the URL bar anymore.

        • NekuSoul@lemmy.nekusoul.de
          link
          fedilink
          arrow-up
          7
          ·
          edit-2
          1 year ago

          That’s because EV certs were not only a pretty awful idea in hindsight (A, B), but also because humans aren’t really good at checking the security and trustworthiness of a website (C) in general, which is why browsers have collectively started to stop signalling HTTPS as something to be trusted all together.

  • TheTimeKnife@beehaw.org
    link
    fedilink
    arrow-up
    25
    ·
    1 year ago

    We need radical criminal penalties on the books for facilitating malware with ads. You shouldn’t be able to wash your hands of being a major malware distributor.

    • Nath@aussie.zone
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      As an admin on a Lemmy instance, I don’t like this idea. If I were to be personally, criminally held responsible for something one of our users put on the web…

      Well, let’s just say I’d be getting out of the Lemmy admin game. So would everyone else.

      • TheTimeKnife@beehaw.org
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        If you aren’t making decisions about ad serving, obviously it wouldn’t effect you. If you are choosing ads to serve, and don’t care about their reputation, that’s a problem regardless of how much it bothers you.

        This is far more important then a few lazy web admins that want to profit from scamming their users.

  • AnonStoleMyPants@sopuli.xyz
    link
    fedilink
    arrow-up
    20
    ·
    1 year ago

    The bot skips an important point. The site looks really close to the genuine site, only difference being “ķeepass dot info” and not “keepass”. Definitely easy to miss.

    • teawrecks@sopuli.xyz
      link
      fedilink
      arrow-up
      32
      ·
      1 year ago

      I feel like browsers should flag urls with unicode in their domains as suspicious by default. Maybe they already do, not sure. It’s honestly surprising to me in 2023 if they don’t.

      I wouldn’t mind if FF popped up and said “hey, take another look at that URL” and very clearly drew attention to the weird k character. Of course it would have a “I’m absolutely sure this isn’t a scam, I own this domain or know who owns it and you don’t need to warn me about it in the future” button, but better safe than sorry.

      • cwagner@lemmy.cwagner.me
        link
        fedilink
        arrow-up
        14
        ·
        edit-2
        1 year ago

        FF Desktop shows xn–eepass-vbb[.]info for me. (Edit: Was just told on HN that I have a non-default flag, in about:config set network.IDN_show_punycode to true if you want this behavior)

        FF Android redirects me to the real keepass page and I have no idea why :D

        • rayon@lemm.ee
          link
          fedilink
          arrow-up
          2
          ·
          edit-2
          1 year ago

          This should be ON by default, in my opinion. Also, I believe Mozilla has a massive opportunity here to demarcate themselves as the more security-conscious browser vendor. “This phishing trick works on all major browsers except Firefox” would be great publicity material.

          • cwagner@lemmy.cwagner.me
            link
            fedilink
            arrow-up
            6
            ·
            edit-2
            1 year ago

            Not that easy, imo. I’m pretty sure there are countries, especially with non-latin alphabets, who regularly use IDNs.

            edit: Including Germany, where FF on Desktop is still a mainstream browser at around 20% (and I’d bet FF gets regularly undercounted because FF users are more likely to block trackers).

            • BurningnnTree@lemmy.one
              link
              fedilink
              English
              arrow-up
              2
              ·
              1 year ago

              They could add some kind of warning message that notifies you when the URL has unicode in it. Then the user can decide if they want to disable the warning or not.

            • rayon@lemm.ee
              link
              fedilink
              arrow-up
              2
              ·
              1 year ago

              That’s true. Also I guess domain names in most ideogram-based languages cannot be meaningfully converted to ASCII. The best detection method I’m aware of is detecting a mix of different alphabets in the domain, but I imagine even this has a lot of false positives

          • X3I@lemmy.x3i.tech
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            Seems to be on by default in Librewolf(I just checked mine from the AUR on Arch), maybe consider that one!

          • gnzl@nc.gnzl.cl
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            Turning it on by default would be a massive disservice to the work that domain registries and registrars have been doing to allow Unicode to be used in domain names. In Spanish speaking countries the ñ character is pretty ubiquitous for example, and the workaround of replacing it with an n creates many problems like misdirected web traffic and typos in email addresses. Unicode in URLs and domain names is a feature, abuse should be attacked by means other than disabling it.

          • cwagner@lemmy.cwagner.me
            link
            fedilink
            arrow-up
            2
            ·
            1 year ago

            You are probably joking, but yes. Someone else using curl also got redirected to a Rick Roll YT video, apparently the creator of the malware had some fun with it before they shut it down, their “Look I’m on TV moment” ;)

  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    🤖 I’m a bot that provides automatic summaries for articles:

    Click here to see the summary

    Google has been caught hosting a malicious ad so convincing that there’s a decent chance it has managed to trick some of the more security-savvy users who encountered it.

    Combining the ad on Google with a website with an almost identical URL creates a near perfect storm of deception.

    “Users are first deceived via the Google ad that looks entirely legitimate and then again via a lookalike domain,” Jérôme Segura, head of threat intelligence at security provider Malwarebytes, wrote in a post Wednesday that revealed the scam.

    The ads were paid for by an outfit called Digital Eagle, which the transparency page says is an advertiser whose identity has been verified by Google.

    When in doubt, people can open a new browser tab and manually type the URL, but that’s not always feasible when they’re long.

    Another option is to inspect the TLS certificate to make sure it belongs to the site displayed in the address bar.


    Saved 63% of original text.