• JakenVeina@lemm.ee
    cake
    link
    fedilink
    arrow-up
    36
    ·
    9 months ago

    Wow. Valid cert, matching icon, identical web page, and virtually-identical URL. I absolutely would have fallen for that, and I’ve been meaning to visit KeePass’s website and download the latest version, too.

      • m-p{3}A
        link
        fedilink
        arrow-up
        11
        ·
        9 months ago

        Except when it’s an Extended Validation certificate, which requires the requester to go through a manual vetting process.

        But apparently for some reason, Firefox doesn’t show the EV label in the URL bar anymore.

        • NekuSoul@lemmy.nekusoul.de
          link
          fedilink
          arrow-up
          7
          ·
          edit-2
          9 months ago

          That’s because EV certs were not only a pretty awful idea in hindsight (A, B), but also because humans aren’t really good at checking the security and trustworthiness of a website (C) in general, which is why browsers have collectively started to stop signalling HTTPS as something to be trusted all together.