SOLVED Firefox Users - Homograph Attack Punycode Flaw - Mitigation.


Data

Chief Operations Officer
Joined
Apr 13, 2017
Messages
427
Reaction score
81
Until browsers such as Firefox/Chrome/Opera etc. are patched, some sophisticated phishing attack almost impossible to detect that takes advantage of the punycode function in browsers.

A couple of demo sites exits to show how this vulnerability is exploited, this is also a good opportunity to find out if your browser is vulnerable.

www.xn--80ak6aa92e.com will appear as www.apple.com
https://www.xn--e1awd7f.com will appear as https://www.еріс.com

Both demo sites are showing valid HTTPS certificates and most users would probably find it difficult to tell the difference, were these demo sites be malicious and also duplicate all content.

A simple method to verify that the site that you are viewing is not the site you intended to visit in such cases where exploits are being used maliciously, is to carefully examine the security certificate.

While Mozilla is still talking about possibilities for a fix, Google has already patched the vulnerability in Chrome Canary 59 and with the release of Chrome Stable 58 a permanent fix is realised.

Meanwhile a a temporary mitigation method for Firefox users exists by setting the network.IDN_show_punycode to true. Follow these steps below:

  1. Type about:config in address bar and press "Enter".
  2. Type Punycode in the search bar.
  3. Look for the parameter titled: network.IDN_show_punycode,
  4. Double-click or right-click and select Toggle to change the value from false to True.
And that it, remember to switch this setting back when a proper fix is released.
With network.IDN_show_punycode set to true the demo sites above will show the true URL domains.

News and fix source at : https://thehackernews.com
 
Ad

Advertisements


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads


Top