-2

My first time using Ubuntu and I think it's really great except I am concerned about the following experience.

I note when I click on the Amazon shopping icon on Ubuntu's icon tab that the Amazon web page that opens does not show the web address at the top. I could not figure out how to get the address to show which was concerning.

I then clicked to log in to Amazon, entered my details correctly only to find upon clicking on my orders and details that nothing showed. completely blank of my shopping details etc.

I quickly exited and Googled Amazon, confirmed the web address and promptly logged in to change my password.

I think Ubuntu attempted Phishing! via it's Amazon icon.

I'm quite sure I downloaded the Ubuntu iso image from links displayed on this site.

George
  • 1
  • 1
  • First I am not clear why you think you have a problem. Second, you should be using https, which is fairly secure, although you should look at http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566 . I do not know of any malware within Ubuntu or why you might think ubuntu is somehow at fault. – Panther Oct 23 '14 at 15:09
  • Note: That vulnerability applies to ssl, and all OS and all browsers, and all servers that use ssl 3 are vulnerable. – Panther Oct 23 '14 at 15:10
  • 1
    it works on mine, no phishing. I think you were just confused by the webapp. – Mateo Oct 23 '14 at 15:13
  • Are you sure the amazon web app you used, and the country you normally log into amazon for, were the same? If you log into amazon for a different region, it will not show your history for other regions, but only for the one which you are currently browsing. – dobey Oct 23 '14 at 15:31
  • I'm confused now. I typed my user name and password in the amazon web page opened by the Ubuntu and there were no details of my account. So obviouly I assumed I had logged into a Phishing site. – George Oct 23 '14 at 16:54
  • I installed and ran Ubuntu from a memory stick. Is there a way I can check the iso image I downloaded has not been tampered with. – George Oct 23 '14 at 17:07
  • See: http://askubuntu.com/q/110463/158442 – muru Oct 24 '14 at 06:40
  • Thank you. :) I checked the image using winMd5Sum and which gave a genuine image. I am also using the trial version of Ubuntu on a memory stick and have set so the image can't change (remains the same after each reboot) would this be a safe way to do online banking etc. Would I need to update the image regularly or could I safely use the image for years? – George Oct 25 '14 at 00:53
  • Moral: Don't use bloatware such as this icon. Use your regular browser instead. The latter is a new question, best answered separately. Short answer: Yes, you should regularly update that image, say every month or every second month. – Rainer Blome Sep 05 '18 at 13:35

2 Answers2

3

No, of course it doesn't.

What happens is that the Amazon Webapp does not use the default browser, but a separate Ubuntu Web Browser. This does not share any data with Firefox or any other browser you're using, so passwords will not be remembered and sessions are not shared between Firefox and the Amazon Webapp.

Unity Webapps is designed to display a simplified view of a single site in a way more similar to how normal applications work in your system. They can also notify you the same way local applications can, using notification bubbles and indicators in your panel. They don't display an address bar or other UI elements such as menus or search boxes, because you're not supposed to use it as a general web browser, but only use it with a specific web application, in this case, Amazon.

Jo-Erlend Schinstad
  • 29,477
  • 6
  • 67
  • 114
  • 1
    To further thwart OP's concern: the Amazon WebApp uses only URLs and domain names that are stored on a local drive usually coming from (official) package repositories. For a phishing attack an attacker would need to manipulate those, which is much more difficult than sending people links to malicious web sites. If an attacker had the possibility to modify your system configuration through a trojan horse or a corrupted software repository, s/he can do much viler things than send you to phishing sites. In such a situation phishing should be a lesser concern. – David Foerster Oct 23 '14 at 16:30
-2

I dont think its intentionally phishing you... Ubuntu and Amazon. Perhaps you restored settings from your browser or your sync brought your own phish back in.

But no... Ubuntu is not conspiring with Amazon.

Im only responding because I think its awful bad decision making for Ubuntu to pollute the default setup with Amazon app. When I noticed it I fervently ripped that amazon all out and sent it packing. If Google isnt welcome in the default search menus of browsers then dafuq was Amazon doin there?

libs
  • 1
  • Who says Google isn't welcome? Google is the default search engine for Firefox, the default browser on Ubuntu (because Google pays Mozilla for that privilege). – muru Oct 24 '14 at 06:38
  • OK, I usually roll with Mint. not full Ubuntu. Mint is particular about who gains default access as search engine. – libs Oct 24 '14 at 06:51
  • 1
    Mint isn't that particular. From the wording [here](http://www.linuxmint.com/searchengines.php), I suspect that Mint also wants to get paid by Google. – muru Oct 24 '14 at 07:11