Can’t imagine why ublock is so popular
Google-hosted malvertising leads to fake Keepass site that looks genuine
Submitted 1 year ago by gammarays@lemm.ee to privacyguides@lemmy.one
https://arstechnica.com/?p=1977141
Comments
crypticthree@lemmy.world 1 year ago
Maeve@kbin.social 1 year ago
Tl;dr google is a cancer
bluGill@kbin.social 1 year ago
They have failed one of their code jobs: validating advertisements are legitimate. I don't know why any legitimate company would advertise with google as you get associated with the scams they allow on their ad platform.
JoeKrogan@lemmy.world 1 year ago
Another reason to stick to your distro repositories. This should totally be disabled by default for modern browsers.
Melatonin@lemmy.dbzer0.com 1 year ago
The program doesn’t even need to change much. Just be keepass with a backdoor. Yikes.
ruination@discuss.tchncs.de 1 year ago
Say it louder for the people at the back: adblock is a basic cybersecurity measurs
autotldr@lemmings.world [bot] 1 year ago
This is the best summary I could come up with:
Google has been caught hosting a malicious ad so convincing that there’s a decent chance it has managed to trick some of the more security-savvy users who encountered it.
Combining the ad on Google with a website with an almost identical URL creates a near perfect storm of deception.
“Users are first deceived via the Google ad that looks entirely legitimate and then again via a lookalike domain,” Jérôme Segura, head of threat intelligence at security provider Malwarebytes, wrote in a post Wednesday that revealed the scam.
The ads were paid for by an outfit called Digital Eagle, which the transparency page says is an advertiser whose identity has been verified by Google.
When in doubt, people can open a new browser tab and manually type the URL, but that’s not always feasible when they’re long.
Another option is to inspect the TLS certificate to make sure it belongs to the site displayed in the address bar.
The original article contains 422 words, the summary contains 157 words. Saved 63%. I’m a bot and I’m open source!
Wistful@discuss.tchncs.de 1 year ago
That’s kinda crazy, as it would look like a speck on the screen. I wish I could see the actual site, and see if there is something else sus about it. When I download important things like password managers, I usually try to be extra careful, double check the URL and do the hash check.
ares35@kbin.social 1 year ago
disable unicode representation of these types of domains in firefox by flipping this setting (in about:config) from the default 'false' to TRUE:
network.IDN_show_punycode
so you see xn--80ak6aa92e.com instead of аррӏе.com
compare to (the real deal): apple.com
MangoPenguin@lemmy.blahaj.zone 1 year ago
Looks like it’s already flipped to true in Librewolf, glad they seem to have some common sense compared to mozilla.
Turun@feddit.de 1 year ago
Yes, because the internet is not restricted to English letters.
Just imagine you had to visit アップル instead of apple.com! And most importantly, would you trust yourself to see the difference that and say プッアル consistently without seeing the real reference?
Just to be clear, I hate it when the browsers hides part of the url too. Show me the https god damn! But internationalization is a good thing, as it makes the internet accessible to more people.
Bitrot@lemmy.sdf.org 1 year ago
People who use those characters benefit from it. I imagine 點看 is more useful than xn–c1yn36f to a Chinese person. That’s also why Google displays them that way.
It would be nice if browsers warned when International Domain Names were in use, and provided the option to disable punycode when first encountered.
Rentlar@lemmy.ca 1 year ago
To have other languages able to be displayed in the title… e.g. wiki.ポケモン.com/wiki/メインページ
HubertManne@kbin.social 1 year ago
You may have gotten me to switch browsers
AeroLemming@lemm.ee 1 year ago
Any way to fix this on mobile? about:config isn’t a thing.
ademir@lemmy.eco.br 1 year ago
In Firefox Nightly you can iirc
shotgun_crab@lemmy.world 1 year ago
Oh so that’s what punycode means, I always wondered what it meant
RealFknNito@lemmy.world 1 year ago
Wouldn’t you also be able to hover the link and check the URL in the bottom left?