Up to $41B in World Bank climate finance unaccounted for, Oxfam finds

Posted by wallbrownf 10/27/2024

Up to $41B in World Bank climate finance unaccounted for, Oxfam finds(www.oxfam.org)

344 points | 139 commentspage 2

starttoaster 10/27/2024||

Why not link to the horse's mouth instead of some random site with expiring TLS certs? https://www.oxfam.org/en/press-releases/41-billion-world-ban...

dang 10/27/2024||

Changed from https://www.ifcreview.com/news/2024/october/green-finance-ox... above. Thanks!

1024core 10/27/2024|||

@dang: maybe change the submitted link? Thanks!

93po 10/27/2024||

you have to email the mod team, hn@ycombinator.com. i think?

1024core 10/28/2024||

Nah, @dang is omniscient.

perihelions 10/27/2024||

Yeah, this domain is weird spam.

- "As published on: africa.cgtn.com, Friday 18 October, 2024."

I can confirm the OP text is indeed identical to the text on that CGTN article (Chinese state-owned media). This is simple plagiarism—among other things.

edit: On that tangent, CGTN Africa itself plagiarized Oxfam's press release—it's obviously the same text, run through an LLM for rephrasing. It's SEO spam all the way down!

wallbrownf 10/27/2024||

[dead]

motohagiography 10/27/2024||

Original source: https://www.oxfam.org/en/press-releases/41-billion-world-ban...

dang 10/27/2024|

Changed now (see https://news.ycombinator.com/item?id=41965323). Thanks!

aspenmayer 10/27/2024||

https://archive.is/TJR4l

Site certificiate expired October 25, two days ago.

Site is not authoritative/original link:

https://www.oxfam.org/en/press-releases/41-billion-world-ban...

https://archive.is/5Zhg0

The report itself:

> Download Oxfam’s new report “Climate Finance Unchecked.”

> https://oxfamilibrary.openrepository.com/bitstream/handle/10...

solarpunk 10/27/2024||

getting an invalid cert warning when heading to this domain

dang 10/27/2024||

We've since changed the URL (see https://news.ycombinator.com/item?id=41965323).

edm0nd 10/27/2024|||

>Expires On Friday, October 25, 2024 at 11:20:58 PM

yup. I'm sure the one dude responsible for it will get to it on Monday.

LorenPechtel 10/27/2024||

Yeah--it's expired. One of the pitfalls of the push to encrypt everything.

starttoaster 10/27/2024|||

One of the pitfalls of not using commonly available certificate renewal and rotating services.

beejiu 10/27/2024|||

It's still encrypted and you can still access it.

yarg 10/27/2024|||

It's insane the way that browsers shit the bed if there's any issue with the certificate.

Just throw in a big red exclamation point on top of the little padlock icon next to the URL bar - it's literally only there to inform the user about any potential security issues. Use it and (unless the site is known to be or obviously malicious) load the bloody page.

Honestly, it's absolutely insane that the browser misrepresent out of chain HTTPS as more of a threat than HTTP.

fragmede 10/27/2024|||

I don't know why my bank's website's got this red button, but I really need to transfer my funds right now, so lemme just mash whatever button I need to mash to get to the website. Ugh, why are computers so dumb!

Seems fine.

yarg 10/28/2024||

Well that seems "obviously malicious", feel free to re-read my comment if you're feeling less illiterate than before.

fwip 10/27/2024|||

You'd think they could give a less-scary warning for like, the first week after expiration. It's not really any less secure 2 days past expiry than it was 2 days before, and a grace period would give the host a bit more time to address these issues.

starttoaster 10/27/2024|||

edit: Misinformation, the below user is mostly correct. It IS still less secure than a properly validated TLS connection though.

The certificate is expired, your traffic to and from that site is not encrypted. If it were the case that your traffic could still be encrypted, what would even be the point of expiring the certificate?

You're correct that you can still access it, over an unencrypted connection, however.

BenjiWiebe 10/27/2024||

An expired certificate still encrypts your traffic. You might have to change settings or click through a scary warning in your browser, but other than that a certificate doesn't magically quit working as soon as it expires. The expiration date is arbitrary.

starttoaster 10/27/2024|||

You are correct, I had to do a bit of research. Because Chrome even explicitly states that traffic to a site with an expired certificate is unencrypted. But I guess that's mostly to scare you, because the truth is that it just opens you up to potential MitM attacks and other similar issues with regular ole HTTP, but traffic between you and an unverifiable identity is at least TLS encrypted.

yarg 10/27/2024||

> Because Chrome even explicitly states that traffic to a site with an expired certificate is unencrypted.

If that's the case, then Google's condescension is doing a disservice to its users.

BenjiWiebe 10/29/2024||

(Tested with Chromium, at https://expired.badssl.com) It says "Not Secure" on the left side of the address bar. It says "Privacy error" as the tab title. And then the body of the page:

<bold>Your connection is not private</bold> Attackers might be trying to steal your information from expired.badssl.com (for example, passwords, messages, or credit cards). Learn more about this warning net::ERR_CERT_DATE_INVALID

gyyffghhuh 10/27/2024||

[dead]

gyyffghhuh 10/27/2024||

[dead]

mannyv 10/27/2024||

When it comes to non-profits and NGOs, it's the thought that counts.

dang 10/27/2024||

Maybe so, but please don't post unsubstantive comments here.

jampekka 10/27/2024|||

And corporate accountability.

animal_spirits 10/27/2024||

Applies to government organizations too.

zombiwoof 10/27/2024||

[flagged]

oldpersonintx 10/27/2024|

[dead]

More comments...