IDN Homograph Attack
#1
Hey guys,
Have you heard about this type of attack which affect even the latest version of Firefox and Chrome browsers.
If not, better read this article by wordfence. -> https://www.wordfence.com/blog/2017/04/c...-phishing/
There is a high possibility that someone might exploited a phishing attack using this method before the fix is released.



Note:
Theres an easy fix for firefox
You just need to type "about:config" without quotes on firefox location bar then Enter.
Search for this parameter titled: network.IDN_show_punycode
It is false in default so you need to change it to true and voila!
Thank you Hostigation and FreeVPS for my VPS 18
FREE 250GBps DDoS Protection by HostingFuze Network | https://www.hostingfuze.net
natcp-verify-token-20223
#2
Well. It's not a surprise honestly, people create fake website pages and can see peoples passwords, credit cards, etc. glad there is a fix for one of the browsers.
Thanks For the VPS 7, and the VPS 9 FreeVPS.

My Post Count:

[Image: img.php?v2=1&userid=13454]


FreeVPS Moderation Team - Make a thread in "VPS Help & Support" for any VPS related issues.

#3
Wow. I usually don't take much of an effort to look at my address bar, but seeing that my browser will display a international domain name in such a manner, I guess I'll use Firefox in the time being until Chrome releases a public fix.
Just wandering around, nothing more.

(Wow, it's been years and it took me this long to realize I had a typo in my signature :/)
#4
As i know phising attack, is one of social engineering. So it is from human(visitor)-error.
But that's my first time to know unicode-phising. I've read it from here too https://www.xudongz.com/blog/2017/idn-phishing/
Thanks FreeVPS.us and ZXPlay for VPS7 Smile

Quote:
This Month Post Count =
[Image: img.php?id=%2Ffvps&v1=true&userid=12036]
#5
(2017-04-18, 12:21:04 pm)FlamesRunner Wrote: Wow. I usually don't take much of an effort to look at my address bar, but seeing that my browser will display a international domain name in such a manner, I guess I'll use Firefox in the time being until Chrome releases a public fix.

Chrome is changing it for me now... This is kind of a serious topic that people need to be more aware of.
Affordable Hosting | https://rpark.co!
Staff Member @ https://alphahost.me
Thanks 4 The VPS | https://nouptime.host and https://hostigation.com!
Spoiler: show
[Image: img.php?v2=1&userid=19312]
NoUptime SSD VPS:
[Image: 6072702203.png]
VPS 18:
Thanks to FreeVPS for VPS18
[Image: 6072706927.png]
#6
Update! The issue has been fixed on the latest chrome update, version 58.0.3029.81.
It is advised that every chrome user should update their browser to the latest version. Smile
Thank you Hostigation and FreeVPS for my VPS 18
FREE 250GBps DDoS Protection by HostingFuze Network | https://www.hostingfuze.net
natcp-verify-token-20223
#7
(2017-04-20, 6:40:42 pm)pjay Wrote: Update! The issue has been fixed on the latest chrome update, version 58.0.3029.81.
It is advised that every chrome user should update their browser to the latest version. Smile

Agreed. But firefox still not fix it, and should fix it as OP said.

Quote:Theres an easy fix for firefox
You just need to type "about:config" without quotes on firefox location bar then Enter.
Search for this parameter titled: network.IDN_show_punycode
It is false in default so you need to change it to true and voila!

Its difficult to user (who didn't know that trick , they're easily become victim.
Thanks FreeVPS.us and ZXPlay for VPS7 Smile

Quote:
This Month Post Count =
[Image: img.php?id=%2Ffvps&v1=true&userid=12036]
#8
(2017-04-20, 6:40:42 pm)pjay Wrote: Update! The issue has been fixed on the latest chrome update, version 58.0.3029.81.
It is advised that every chrome user should update their browser to the latest version. Smile


It's also advised that you better amend your OP to exclude Chrome from it.

Now it still shows "affect even the latest version of Chrome browser". It can be a bit confusing.

Anyway thanks for sharing here this critical bug for Firefox. I've been using Firefox as my main browser and I didn't know that before I read your OP.

My comment to the Firefox development team is that they basically should not disable showing punycodes by default.
#9
Wow, spoofing the url using unicode tricks. What a devious attack. No way to tell them apart on the surface as the urls look exactly the same and as the article mentions it's trivial to get an SSL cert via Let's Encrypt so looking for a green lock might not help too.

Apparently this was reported to Chromium and Firefox on January.

To test, go to this test domain mentioned in the article https://xn--e1awd7f.com/. If you're seeing https://epic.com then yes your browser is vulnerable to this.
#10
A sad statement from Mozilla/Firefox. A big update has been shipped out with Firefox 53 including two new compact themes and a new seperate GPU rendering engine. BUT THIS ISSUE HAS NOT BEEN FIXED. They could have atleast bothered to set "network.IDN_show_punycode" to true by default in order to apply Firefoxs workaround for this... But they didn't even do that.

I wonder why I still use it... maybe because Chrome and the alike are full of inbuilt spyware and such but Firefox just won't stop going downhill.




Users browsing this thread: 1 Guest(s)

Switch to mobile version

Sponsors: Ftpit - ZXPlay - GalaxyHostPlus - Verelox- HostUS - HostMada - Host4Fun - Evolution-Host - NodeBlade - HostDare - VPSMost


BitCoin donations: 1DQxbstaTb5SWk6QC2gFeQUTFR64JX4cEo