226

Google-hosted malvertising leads to fake Keepass site that looks genuine(arstechnica.com)

posted
by
Avatar
sylverstream@lemmy.nz
in
Avatar
technology@beehaw.org
25 comments
hidereport
Sort:
HotTopControversialNewOld
You are viewing a single thread.
View all comments View context
Avatar
cwagner@lemmy.cwagner.me
14 points
*
Deleted by creator
permalink
report
parent
reply
Avatar
rayon@lemm.ee
5 points
*

This should be ON by default, in my opinion. Also, I believe Mozilla has a massive opportunity here to demarcate themselves as the more security-conscious browser vendor. “This phishing trick works on all major browsers except Firefox” would be great publicity material.

permalink
report
parent
reply
Avatar
cwagner@lemmy.cwagner.me
7 points
*
Deleted by creator
permalink
report
parent
reply
Avatar
BurningnnTree@lemmy.one
2 points

They could add some kind of warning message that notifies you when the URL has unicode in it. Then the user can decide if they want to disable the warning or not.

permalink
report
parent
reply
Avatar
rayon@lemm.ee
2 points

That’s true. Also I guess domain names in most ideogram-based languages cannot be meaningfully converted to ASCII. The best detection method I’m aware of is detecting a mix of different alphabets in the domain, but I imagine even this has a lot of false positives

permalink
report
parent
reply
Avatar
X3I@lemmy.x3i.tech
1 point

Seems to be on by default in Librewolf(I just checked mine from the AUR on Arch), maybe consider that one!

permalink
report
parent
reply
Avatar
gnzl@nc.gnzl.cl
1 point

Turning it on by default would be a massive disservice to the work that domain registries and registrars have been doing to allow Unicode to be used in domain names. In Spanish speaking countries the ñ character is pretty ubiquitous for example, and the workaround of replacing it with an n creates many problems like misdirected web traffic and typos in email addresses. Unicode in URLs and domain names is a feature, abuse should be attacked by means other than disabling it.

permalink
report
parent
reply
Avatar
NiaTheCat@lemmy.blahaj.zone
4 points
*
Deleted by creator
permalink
report
parent
reply
Avatar
teawrecks@sopuli.xyz
3 points

FF Android redirects me to the real keepass page and I have no idea why :D

Lol are you sure?

permalink
report
parent
reply
Avatar
cwagner@lemmy.cwagner.me
2 points
*
Deleted by creator
permalink
report
parent
reply
Avatar
Aniki 🌱🌿@lemm.ee
3 points
Deleted by creator
permalink
report
parent
reply

Technology

!technology@beehaw.org

Create post

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:

This community’s icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

Community stats

  • 2.8K

    Monthly active users

  • 3.4K

    Posts

  • 78K

    Comments

Community moderators