Google-hosted malvertising leads to fake Keepass site that looks genuine
Google-hosted malvertising leads to fake Keepass site that looks genuine
Google-verified advertiser + legit-looking URL + valid TLS cert = convincing look-alike.
Google-hosted malvertising leads to fake Keepass site that looks genuine
Google-verified advertiser + legit-looking URL + valid TLS cert = convincing look-alike.
You're viewing a single thread.
Wow. Valid cert, matching icon, identical web page, and virtually-identical URL. I absolutely would have fallen for that, and I've been meaning to visit KeePass's website and download the latest version, too.
Valid cert
That means nothing nowadays regarding authenticity
Except when it's an Extended Validation certificate, which requires the requester to go through a manual vetting process.
But apparently for some reason, Firefox doesn't show the EV label in the URL bar anymore.
That's because EV certs were not only a pretty awful idea in hindsight (A, B), but also because humans aren't really good at checking the security and trustworthiness of a website (C) in general, which is why browsers have collectively started to stop signalling HTTPS as something to be trusted all together.