Norway


How to protect your browser from Unicode domain  phishing attacks  - browser idn - How to protect your browser from Unicode domain phishing attacks

Do you trust аpple.com?

Of course you do! So, do you feel okay about visiting the website at https://www.аpple.com?

The URL I̵;ve linked to isn̵;t the real technology company that makes shiny iPhones, Homepods, and iMacs. Instead, it’s a domain which –
rather than using the conventional ASCII characters that make up the vast majority of websites you’re likely to visit – contains foreign characters.

So the “а” of аpple.com is actually a Cyrillic “а” (U+0430) rather than the ASCII character “a” (U+0061).

What’s that? You couldn’t tell the difference? No, neither can I. And, as we’ve described before, that’s a problem that phishers and crooks are only too happy to take advantage of in their pursuit of your passwords and other sensitive information.

You see, it’s not just “а” and “a” that can be mixed up. There are countless ways in which bad guys can take advantage of the many Unicode characters that look remarkably similar to common ASCII characters. Which means that you and I are at risk of visiting a site believing it to be legitimate, when in fact it’s designed to scam us in what is known as an IDN Homograph attack.

Browsers are beginning to get better at warning users when they visit a site with an internationalized domain name (IDN), with some now displaying the URL in the browser bar in its Punycode form. That means you might spot you’re visiting xn–pple-43d.com rather than the real apple.com

But human nature means that we will more-often-than-not fail to check the browser bar, and not notice that we’re not on the website we intended.

For that reason, I strongly recommend that you get some help.

There are a range of browser extensions and plugins that can warn you when you visit a website with an internationalized domain name. Having tried a few solutions, my preference is for a browser add-on called IDN Safe.

IDN Safe not only warns you that you are visiting a URL with an internationalized domain name, but it also *blocks* the webpage (which is far more likely to grab your attention!).

Website blocked  - website blocked - How to protect your browser from Unicode domain phishing attacks

Of course, if you *did* want to visit that URL it would be a nuisance if you were now being blocked from reaching it. So, IDN Safe includes a whitelist feature to allow you to visit specific sites that you decide are legitimate.

IDN Safe isn’t for everyone. In particular, if you are – say – Chinese and in the habit of visiting websites that take advantage of internationalized domain names you may find it a ruddy nuisance. But, for most of us, I think it’s a sensible addition to our security toolbox – and may stop you from being phished or scammed one day.

Furthermore, Firefox users may benefit from making a change to their browser settings which will force the Punycode version of the URL to be displayed in their browser bar.

I talk more about IDN Safe in the latest edition of the “Smashing Security” podcast. You can listen via the player below, or check out the “Smashing Security” website for show notes.

Subscribe: Apple Podcasts | Google Play | Overcast | Stitcher | RSS for you nerds.

- aa9ea0686c5d1aa9086d4b12c3aa05f2 s 80 d mm r g - How to protect your browser from Unicode domain phishing attacks

About the author, Graham Cluley

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and gives presentations on the topic of computer security and online .

Follow him on Twitter at @gcluley, Google Plus, Facebook, or drop him an email.

Follow @gcluley





Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here