Broken Web

Phishing and Certificate Transparency

Many people are at a large risk of a phishing attack. In this scenario the person may receive an email that looks like it came from a legitimate source (e.g. their bank) and encourages them to click a link that presents them with their bank login page. The user then attempts to login… Except that site isn’t their banking site. It’s a mockup that looks like the real one. And they’ve now told their banking password to the attacker.

How does the web still work?

I hit a web page which, naturally, refused to work properly. So I looked at the NoScript report. This one page ws pulling in scripts from (hand-typed so maybe tpyos) adobedtm.com cdna-assets.com chartbeat.com cloudfront.net criteo.com disqus.com disquscdn.com doubleclick.net dunhilltraveldeals.com effectivemeasure.net facebook.com gigya.com google.com googlesyndication.com googletagservices.com imrworldwide.com inksinmedia.com krxd.net mediavoice.com mmcdn.us ooyala.com optimizely.com outbrain.com parsly.com quantserve.com qubitproducts.com revsci.net scorecardresearch.com skimresources.com visualrevenue.com whistleout.com Boggle!