Data
Chief Operations Officer
- Joined
- Apr 13, 2017
- Messages
- 427
- Reaction score
- 81
Until browsers such as Firefox/Chrome/Opera etc. are patched, some sophisticated phishing attack almost impossible to detect that takes advantage of the punycode function in browsers.
A couple of demo sites exits to show how this vulnerability is exploited, this is also a good opportunity to find out if your browser is vulnerable.
www.xn--80ak6aa92e.com will appear as www.apple.com
https://www.xn--e1awd7f.com will appear as https://www.еріс.com
Both demo sites are showing valid HTTPS certificates and most users would probably find it difficult to tell the difference, were these demo sites be malicious and also duplicate all content.
A simple method to verify that the site that you are viewing is not the site you intended to visit in such cases where exploits are being used maliciously, is to carefully examine the security certificate.
While Mozilla is still talking about possibilities for a fix, Google has already patched the vulnerability in Chrome Canary 59 and with the release of Chrome Stable 58 a permanent fix is realised.
Meanwhile a a temporary mitigation method for Firefox users exists by setting the network.IDN_show_punycode to true. Follow these steps below:
With network.IDN_show_punycode set to true the demo sites above will show the true URL domains.
News and fix source at : https://thehackernews.com
A couple of demo sites exits to show how this vulnerability is exploited, this is also a good opportunity to find out if your browser is vulnerable.
www.xn--80ak6aa92e.com will appear as www.apple.com
https://www.xn--e1awd7f.com will appear as https://www.еріс.com
Both demo sites are showing valid HTTPS certificates and most users would probably find it difficult to tell the difference, were these demo sites be malicious and also duplicate all content.
A simple method to verify that the site that you are viewing is not the site you intended to visit in such cases where exploits are being used maliciously, is to carefully examine the security certificate.
While Mozilla is still talking about possibilities for a fix, Google has already patched the vulnerability in Chrome Canary 59 and with the release of Chrome Stable 58 a permanent fix is realised.
Meanwhile a a temporary mitigation method for Firefox users exists by setting the network.IDN_show_punycode to true. Follow these steps below:
- Type about:config in address bar and press "Enter".
- Type Punycode in the search bar.
- Look for the parameter titled: network.IDN_show_punycode,
- Double-click or right-click and select Toggle to change the value from false to True.
With network.IDN_show_punycode set to true the demo sites above will show the true URL domains.
News and fix source at : https://thehackernews.com