View Single Post
Old April 25th, 2018, 11:20 AM   #13
Alex
ninjette.org dude
 
Alex's Avatar
 
Name: 1 guess :-)
Location: SF Bay Area
Join Date: Jun 2008

Motorcycle(s): '13 Ninja 300 (white, the fastest color!), '13 R1200RT, '14 CRF250L, '12 TT-R125LE, '15 CRF110F, '13 TT-R50E

Posts: Too much.
Blog Entries: 7
So this is how users at MyEtherWallet were hacked yesterday.

News story: https://www.theverge.com/2018/4/24/1...tolen-ethereum

Someone was able to corrupt/co-opt some DNS entries for the site, set up a new site, and the DNS took some users right to the phishing site. Once there, they had the credentials they needed to then go to the real site and start emptying wallets. Users who were robbed had to click through that "this site cert ain't right" error, did so, and were taken to the malicious site - the site that they landed on couldn't provide a valid SSL cert and the browsers would have warned them.

I only add this for some context about those cert errors. That use case above is pretty much the whole point of the technology. The site that you're going to might not be the one you expect, because the cert can't be validated - be cautious with where you go and what you enter if you do click past those warnings. In 99% of the cases, it's going to be something like happened here on Ninjette, with an expired cert due to an incompetent admin (like me). But every once in awhile, that cert error can be a real tip-off that something bad is about to happen because the site you're going to isn't the one you expect, either because it has been hacked directly, or you're being redirected to an entirely different location than you expected.
__________________________________________________
Montgomery Street Motorcycle Club / cal24.com / crf250l.org / ninjette.org

ninjette.org Terms of Service

Shopping for motorcycle parts or equipment? Come here first.

The friendliest Ninja 250R/300/400 forum on the internet! (especially Unregistered)
Alex is offline   Reply With Quote