The service classified the website of the non-profit association deSEC as dangerous. This is committed to DNSSEC security technology.
NortonLifeLock, provider of the Safe Web browser extension, has mistakenly classified the website of the DNS specialist deSEC.io as a source of phishing attacks. In the meantime, Norton has checked the classification at c’t’s request, acknowledged an incorrect classification and corrected the error.
Alerts about phishing sites are not uncommon for service providers like Norton’s Safe Web, and some disappear after a few days when the trigger is turned off. However, other malware and phishing scanners notify the operator of a website classified as dangerous by email (e.g. Netcraft) so that they can react immediately if their server has actually been hacked. Norton Safe Web does not do this yet, so that both correct warning messages and false alarms may go untreated for a very long time.
Many of the websites classified as dangerous are only encountered by chance on forays into the world and after a phishing warning are avoided without further ado. In the current case, this is difficult for some Internet users, because the non-profit Berlin association of the same name offers DNS hosting services via deSEC.io and is one of the first providers to offer signed, i.e. specially secured DynDNS domains for its customers. It would be devastating if just such a website were misused as a source of phishing emails. Neither we nor the association asked for a statement could find any signs of phishing activities on deSEC.io.
About three days after our request, Norton finally withdrew the erroneous phishing classification; now the service classifies the site as safe. A spokesman for the company stated that since the domain was registered in 2014, “no signs of irregularities” have been found. “The flag could be due to website analysis, which led to the domain being mislabeled,” Norton told c’t.