SSL-Enabled Site Sending Malware Disguised as Meltdown/Spectre Fix
Just one more example why the current security indicators have to go.
As we covered last week, Meltdown and Spectre have computer owners scrambling to patch their systems. Many of those patches work. Some slow down performance. Others are just malware.
That’s right, as is wont to happen on the internet, some people have followed up a bad decision by choosing to actively do even more harm. In this case, Malware Bites reports one site that targets German users is sending Smoke Loader malware disguised as a patch.
We identified a recently registered domain that is offering an information page with various links to external resources about Meltdown and Spectre and how it affects processors. While it appears to come from the German Federal Office for Information Security (BSI), this SSL-enabled phishing site is not affiliated with any legitimate or official government entity.
Right up top, this shows that this website had an active SSL certificate. This one was issued by Comodo through Cloudflare (who, to their credit shut this site down within minutes of being notified). Once again, it’s time to beat this dead horse.
The Current SSL Visual Indicators MUST Change
Last year Google changed its visual indicators, it added the word “Secure” next to the green padlock that used to represent a secure connection on its own. This change, putting “Secure” prominently in the address bar, has not worked out like I’m sure Google probably planned. While having your website say “Secure” is certainly an attractive reason to adopt HTTPS, the truth is that it lulls internet users into a false sense of security.
The evidence is there, both anecdotal and statistical. Phishing is at an all-time high, HTTPS phishing is at an all-time (with direct correlation to Google and Mozilla’s UI change). Putting the word “Secure” in an address bar simply for having working SSL is making life easier for hackers and cybercriminals. It is actively aiding them in their malfeasance. That’s just a fact.
And it’s a problem because you don’t know who is on the other end of that connection. Secure doesn’t mean safe in the context of the internet. But in the context of an internet user’s mind, those two words can equate. And that’s a huge problem for the current UI.
Case in point, today’s example. German internet users are being told they have to go patch, they have to go patch. This site looks legitimate, and now because it says “Secure” more people than normally would are just going to trust it.
How is this in the best interest of the user?
(It’s not).
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018
in Hashing Out Cyber SecurityHow to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chrome
in Everything EncryptionRe-Hashed: How to Fix SSL Connection Errors on Android Phones
in Everything EncryptionCloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid
in ssl certificatesThis is what happens when your SSL certificate expires
in Everything EncryptionRe-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message
in Hashing Out Cyber SecurityReport it Right: AMCA got hacked – Not Quest and LabCorp
in Hashing Out Cyber SecurityRe-Hashed: How to clear HSTS settings in Chrome and Firefox
in Everything EncryptionRe-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms
in Everything EncryptionThe Difference Between Root Certificates and Intermediate Certificates
in Everything EncryptionThe difference between Encryption, Hashing and Salting
in Everything EncryptionRe-Hashed: How To Disable Firefox Insecure Password Warnings
in Hashing Out Cyber SecurityCipher Suites: Ciphers, Algorithms and Negotiating Security Settings
in Everything EncryptionThe Ultimate Hacker Movies List for December 2020
in Hashing Out Cyber Security Monthly DigestAnatomy of a Scam: Work from home for Amazon
in Hashing Out Cyber SecurityThe Top 9 Cyber Security Threats That Will Ruin Your Day
in Hashing Out Cyber SecurityHow strong is 256-bit Encryption?
in Everything EncryptionRe-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3
in Everything EncryptionHow to View SSL Certificate Details in Chrome 56
in Industry LowdownA Call To Let’s Encrypt: Stop Issuing “PayPal” Certificates
in Industry Lowdown