• JakenVeina@lemm.ee
    link
    fedilink
    arrow-up
    36
    ·
    1 year ago

    Wow. Valid cert, matching icon, identical web page, and virtually-identical URL. I absolutely would have fallen for that, and I’ve been meaning to visit KeePass’s website and download the latest version, too.

    • Exec
      link
      fedilink
      arrow-up
      17
      ·
      1 year ago

      Valid cert

      That means nothing nowadays regarding authenticity

      • m-p{3}@lemmy.ca
        link
        fedilink
        arrow-up
        10
        ·
        1 year ago

        Except when it’s an Extended Validation certificate, which requires the requester to go through a manual vetting process.

        But apparently for some reason, Firefox doesn’t show the EV label in the URL bar anymore.

        • NekuSoul@lemmy.nekusoul.de
          link
          fedilink
          arrow-up
          7
          ·
          edit-2
          1 year ago

          That’s because EV certs were not only a pretty awful idea in hindsight (A, B), but also because humans aren’t really good at checking the security and trustworthiness of a website (C) in general, which is why browsers have collectively started to stop signalling HTTPS as something to be trusted all together.