Forkish Posted April 18, 2017 Share Posted April 18, 2017 Found this on Lobste.rs: https://www.xudongz.com/blog/2017/idn-phishing/ A nugget Punycode makes it possible to register domains with foreign characters. It works by converting individual domain label to an alternative format using only ASCII characters. For example, the domain "xn--s7y.co" is equivalent to "短.co". From a security perspective, Unicode domains can be problematic because many Unicode characters are difficult to distinguish from common ASCII characters. It is possible to register domains such as "xn--pple-43d.com", which is equivalent to "аpple.com". It may not be obvious at first glance, but "аpple.com" uses the Cyrillic "а" (U+0430) rather than the ASCII "a" (U+0041). This is known as a homograph attack. Chrome was the only broswer on my iPhone that gave me an apple.com url. Might be an interesting thing to use on the pineapple if possible. Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.