search

brush701 / keechallenge

A plugin for KeePass2 to add Yubikey challenge-response capability.
GNU General Public License v3.0
212 stars 26 forks source link

Google reports KeeChallenge ZIP file download as phishing site. #26

Closed ghost closed 7 years ago

ghost commented 7 years ago

I see no option to contact the author (brush701) directly. Today I tried to download the KeeChallenge ZIP file from its main page: http://brush701.github.io/keechallenge. Google Safe Browsing reported a phishing attempt:

image

There was an attempt to redirect the browser to URL: https: // github-production-release-asset-2e65be.s3.amazonaws.com/36414 ... ... disposition=attachment%3B%20filename%3DKeeChallenge_1.5.zip&response-content-type=application%2Foctet-stream

robert-claypool commented 7 years ago

Thanks for the report! I'm not sure why your instance of Chrome flagged this; mine doesn't.

  1. The redirect appears legit from GitHub's HTTPS endpoint: 
    
$ wget https://github.com/brush701/keechallenge/releases/download/1.5/KeeChallenge_1.5.zip
--2017-07-25 20:47:38--  https://github.com/brush701/keechallenge/releases/download/1.5/KeeChallenge_1.5.zip
Loaded CA certificate '/etc/ssl/certs/ca-certificates.crt'
Resolving github.com... 192.30.253.113, 192.30.253.112
Connecting to github.com|192.30.253.113|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://github-production-release-asset-2e65be.s3.amazonaws.com/36414094/b15ca150-175b-11e6-9c0e-c886566c4668?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20170726%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20170726T014622Z&X-Amz-Expires=300&X-Amz-Signature=75913ee8a75306013d17bfb914a8c703254863b58193d56baf8aa58cb2aebb85&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3DKeeChallenge_1.5.zip&response-content-type=application%2Foctet-stream [following]
--2017-07-25 20:47:38--  https://github-production-release-asset-2e65be.s3.amazonaws.com/36414094/b15ca150-175b-11e6-9c0e-c886566c4668?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20170726%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20170726T014622Z&X-Amz-Expires=300&X-Amz-Signature=75913ee8a75306013d17bfb914a8c703254863b58193d56baf8aa58cb2aebb85&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3DKeeChallenge_1.5.zip&response-content-type=application%2Foctet-stream
Resolving github-production-release-asset-2e65be.s3.amazonaws.com... 52.216.226.88
Connecting to github-production-release-asset-2e65be.s3.amazonaws.com|52.216.226.88|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 506980 (495K) [application/octet-stream]
Saving to: ‘KeeChallenge_1.5.zip.1’

KeeChallenge_1.5.zip.1 100%[====================================================================================================>] 495.10K 817KB/s in 0.6s

2017-07-25 20:47:39 (817 KB/s) - ‘KeeChallenge_1.5.zip.1’ saved [506980/506980]

2. More importantly, the `sha1` and `md5` digests [check out](http://robertclaypool.info/2014/03/19/checking-md5-sha1-and-sha256-digests-on-windows/) for my download, so I'm closing this issue. Please reopen if your download does not match the [published checksums](https://github.com/brush701/keechallenge/blob/master/README.md).
```Shell
$ gpg --print-md sha1 KeeChallenge_1.5.zip
KeeChallenge_1.5.zip: 06C3 B96E D674 E561 7F0D  AFF5 101E 23EF 95AF F71C
$ gpg --print-md md5 KeeChallenge_1.5.zip
KeeChallenge_1.5.zip: 80 A7 EA DA 1C 86 33 2B  3F 91 B7 5E 4E 83 17 F0