• JakenVeina@lemm.ee
    link
    fedilink
    arrow-up
    35
    ·
    1 year ago

    Wow. Valid cert, matching icon, identical web page, and virtually-identical URL. I absolutely would have fallen for that, and I’ve been meaning to visit KeePass’s website and download the latest version, too.

      • m-p{3}@lemmy.ca
        link
        fedilink
        arrow-up
        9
        ·
        1 year ago

        Except when it’s an Extended Validation certificate, which requires the requester to go through a manual vetting process.

        But apparently for some reason, Firefox doesn’t show the EV label in the URL bar anymore.

        • NekuSoul@lemmy.nekusoul.de
          link
          fedilink
          arrow-up
          4
          ·
          edit-2
          1 year ago

          That’s because EV certs were not only a pretty awful idea in hindsight (A, B), but also because humans aren’t really good at checking the security and trustworthiness of a website (C) in general, which is why browsers have collectively started to stop signalling HTTPS as something to be trusted all together.