Phishing Attack Uses Domains Identical to Known Safe Sites
Phishing Attack Uses Domains Identical to Known Safe Sites
https://www.wordfence.com/blog/2017/04/ ... -phishing/
Pale Moon is affected too and the fix
network.IDN_show_punycode
Change the value from false to true
works.
Pale Moon is affected too and the fix
network.IDN_show_punycode
Change the value from false to true
works.
Re: Phishing Attack Uses Domains Identical to Known Safe Sites
Amazing attack. So simple, so efficient. Thank you for the info!
Re: Phishing Attack Uses Domains Identical to Known Safe Sites
We already have the most common bases covered with blacklisted characters (e.g. exchanging hyphens with soft hyphens or –); it's not that simple to blacklist all letter-homographs because international domain names WILL be using them legitimately for unicode domain names. This kind of thing has been around for quite a while, actually. It's not new.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Phishing Attack Uses Domains Identical to Known Safe Sites
Thanks darkmoon for the heads up.!
user of multiple puppy linuxes..upup,fossapup.scpup,xenialpup.....
Pale moon 29.4.1
Pale moon 29.4.1
Re: Phishing Attack Uses Domains Identical to Known Safe Sites
I do actually have an idea at least for https sites: we display domain-verified domains in the identity panel - showing punycode there would make things unambiguously clear when it's an IDN.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Phishing Attack Uses Domains Identical to Known Safe Sites
Sounds nice, Moonchild!
Re: Phishing Attack Uses Domains Identical to Known Safe Sites
I can actually do it one better display punycode for http as well if it's an IDN, and not display anything if not...
- Attachments
-
- idn-https.png (17.03 KiB) Viewed 1928 times
-
- normal-http.png (18.19 KiB) Viewed 1928 times
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Phishing Attack Uses Domains Identical to Known Safe Sites
So what's the bottom line? Should we change the setting or leave it alone? Thanks.
Windows 10 Pro x64 v22H2 8GB i5-4570|Pale Moon v33.0.1 x64
Re: Phishing Attack Uses Domains Identical to Known Safe Sites
You can change the setting if you're worried about this, don't want to check the certificate, and want to do something about this right now - downside is that you can't enter internationalized domain names in the address bar.
As said, this kind of spoofing has been around for a long time, it's nothing new.
Otherwise, leave it alone and wait for the next version of Pale Moon.
Of note, any financial institution will always have an EV (green) certificate that will display the certificate owner's name -- that can't be spoofed this way.
As said, this kind of spoofing has been around for a long time, it's nothing new.
Otherwise, leave it alone and wait for the next version of Pale Moon.
Of note, any financial institution will always have an EV (green) certificate that will display the certificate owner's name -- that can't be spoofed this way.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Phishing Attack Uses Domains Identical to Known Safe Sites
Simple and efficient!Moonchild wrote:I can actually do it one better display punycode for http as well if it's an IDN, and not display anything if not...