{"id":1058,"date":"2017-04-18T16:17:22","date_gmt":"2017-04-18T20:17:22","guid":{"rendered":"http:\/\/paulgurney.com\/whats_new_blog\/?p=1058"},"modified":"2017-04-18T16:18:43","modified_gmt":"2017-04-18T20:18:43","slug":"phishing-attacks-with-unicode-domains","status":"publish","type":"post","link":"https:\/\/paulgurney.com\/whats_new_blog\/2017\/04\/phishing-attacks-with-unicode-domains\/","title":{"rendered":"Phishing Attacks with Unicode Domains"},"content":{"rendered":"<p>One more attack vector to be thinking about!<\/p>\n<blockquote><p>From a security perspective, Unicode domains can be problematic because many Unicode characters are difficult to distinguish from common ASCII characters. It is possible to register domains such as &#8220;xn--pple-43d.com&#8221;, which is equivalent to &#8220;\u0430pple.com&#8221;. It may not be obvious at first glance, but &#8220;\u0430pple.com&#8221; uses the Cyrillic &#8220;\u0430&#8221; (U+0430) rather than the ASCII &#8220;a&#8221; (U+0041). This is known as a <a href=\"https:\/\/goo.gl\/l8qDjk\" target=\"_blank\">homograph attack<\/a>.<\/p><\/blockquote>\n<p><strong>Chrome 59<\/strong> will protect you from these phishing attempts by converting the maliciously-similar name to the Punycode version, thus making you aware of something amiss.<\/p>\n<p><strong>Firefox<\/strong> users can limit their exposure by going to <code>about:config<\/code> and setting<code>network.IDN_show_punycode<\/code> to <code>true<\/code>. This will force Firefox to always display IDN domains in its Punycode form, making it possible to identify malicious domains. Thanks to \/u\/MARKZILLA on reddit for this solution.<\/p>\n<p>Thus, the attack form of apple.com will show as\u00a0https:\/\/www.xn--80ak6aa92e.com<\/p>\n<p>On Twitter <a href=\"https:\/\/goo.gl\/5ZtdWP\" target=\"_blank\">@Xudong_Zheng<\/a>\u00a0 says a\u00a0simple way to limit the risk\u00a0from bugs such as this is to always use a <strong>password manager<\/strong>,\u00a0which can identify that the similar letters are not the same.<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>One more attack vector to be thinking about! From a security perspective, Unicode domains can be problematic because many Unicode characters are difficult to distinguish from common ASCII characters. It is possible to register domains such as &#8220;xn--pple-43d.com&#8221;, which is equivalent to &#8220;\u0430pple.com&#8221;. It may not be obvious at first glance, but &#8220;\u0430pple.com&#8221; uses the &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/paulgurney.com\/whats_new_blog\/2017\/04\/phishing-attacks-with-unicode-domains\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Phishing Attacks with Unicode Domains&#8221;<\/span><\/a><\/p>\n","protected":false},"author":55,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[8,22,9],"tags":[],"class_list":["post-1058","post","type-post","status-publish","format-standard","hentry","category-programming","category-security","category-webhosting"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p415hC-h4","_links":{"self":[{"href":"https:\/\/paulgurney.com\/whats_new_blog\/wp-json\/wp\/v2\/posts\/1058","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/paulgurney.com\/whats_new_blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/paulgurney.com\/whats_new_blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/paulgurney.com\/whats_new_blog\/wp-json\/wp\/v2\/users\/55"}],"replies":[{"embeddable":true,"href":"https:\/\/paulgurney.com\/whats_new_blog\/wp-json\/wp\/v2\/comments?post=1058"}],"version-history":[{"count":2,"href":"https:\/\/paulgurney.com\/whats_new_blog\/wp-json\/wp\/v2\/posts\/1058\/revisions"}],"predecessor-version":[{"id":1060,"href":"https:\/\/paulgurney.com\/whats_new_blog\/wp-json\/wp\/v2\/posts\/1058\/revisions\/1060"}],"wp:attachment":[{"href":"https:\/\/paulgurney.com\/whats_new_blog\/wp-json\/wp\/v2\/media?parent=1058"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/paulgurney.com\/whats_new_blog\/wp-json\/wp\/v2\/categories?post=1058"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/paulgurney.com\/whats_new_blog\/wp-json\/wp\/v2\/tags?post=1058"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}