Forkish Posted April 18, 2017 Posted April 18, 2017 Found this on Lobste.rs: https://www.xudongz.com/blog/2017/idn-phishing/ A nugget Punycode makes it possible to register domains with foreign characters. It works by converting individual domain label to an alternative format using only ASCII characters. For example, the domain "xn--s7y.co" is equivalent to "短.co". From a security perspective, Unicode domains can be problematic because many Unicode characters are difficult to distinguish from common ASCII characters. It is possible to register domains such as "xn--pple-43d.com", which is equivalent to "аpple.com". It may not be obvious at first glance, but "аpple.com" uses the Cyrillic "а" (U+0430) rather than the ASCII "a" (U+0041). This is known as a homograph attack. Chrome was the only broswer on my iPhone that gave me an apple.com url. Might be an interesting thing to use on the pineapple if possible. Quote
Forkish Posted April 19, 2017 Author Posted April 19, 2017 Found it at ycombinator apparently: https://news.ycombinator.com/item?id=14130241 also found these which may be of relevance: https://news.ycombinator.com/item?id=14132066 https://news.ycombinator.com/item?id=14119713 I only ever link click so I don't know if these are replies to the main one or how that works there but looks like a good toilet read. Quote
digip Posted April 19, 2017 Posted April 19, 2017 I had posted a link about this on twitter, there are ways to block these phishing sites. FF has an about:config setting, while Opera and Chrome, you need an extension to warn you. Quote
Forkish Posted April 19, 2017 Author Posted April 19, 2017 6 hours ago, digip said: I had posted a link about this on twitter, there are ways to block these phishing sites. FF has an about:config setting, while Opera and Chrome, you need an extension to warn you. Thanks for the chrome heads up Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.