We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Homograph attacks (heads up)
esuhl
Posts: 9,409 Forumite
in Techie Stuff
I just thought I'd mention this, in case any other techies aren't aware. Apparently it's an old problem, but it's the first I'd heard about it.
Look at these two URLs. They are NOT the same!
https://аррӏе.com/
https://apple.com/
The first is a safe link (linking to a blog about the issue)... but it's not the same as the second link to Apple's website.
Apparently letters from non-Latin alphabets that look similar to Latin letters can be substituted in the URL, allowing scammers to register valid-looking domain names.
So, even if you check links to see the address they actually point to (e.g. in the status bar message), and confirm the URL in the browser's address bar, you could still end up on a malicious site.
Maybe this is common knowledge, but I was surprised that I hadn't heard of this before.
https://www.theregister.co.uk/2017/04/18/homograph_attack_again/
Look at these two URLs. They are NOT the same!
https://аррӏе.com/
https://apple.com/
The first is a safe link (linking to a blog about the issue)... but it's not the same as the second link to Apple's website.
Apparently letters from non-Latin alphabets that look similar to Latin letters can be substituted in the URL, allowing scammers to register valid-looking domain names.
So, even if you check links to see the address they actually point to (e.g. in the status bar message), and confirm the URL in the browser's address bar, you could still end up on a malicious site.
Maybe this is common knowledge, but I was surprised that I hadn't heard of this before.
https://www.theregister.co.uk/2017/04/18/homograph_attack_again/
0
Comments
-
This can happen with alphabets like Russian, where the following Latin letters are different thanks to the Greek influence on the Cyrillic alphabet: B = v, H = n, C = s, P = r, X = kh.I just thought I'd mention this, in case any other techies aren't aware. Apparently it's an old problem, but it's the first I'd heard about it.
Look at these two URLs. They are NOT the same!
https://аррӏе.com/
https://apple.com/
The first is a safe link (linking to a blog about the issue)... but it's not the same as the second link to Apple's website.
Apparently letters from non-Latin alphabets that look similar to Latin letters can be substituted in the URL, allowing scammers to register valid-looking domain names.
So, even if you check links to see the address they actually point to (e.g. in the status bar message), and confirm the URL in the browser's address bar, you could still end up on a malicious site.
Maybe this is common knowledge, but I was surprised that I hadn't heard of this before.
https://www.theregister.co.uk/2017/04/18/homograph_attack_again/0 -
This was first reported in the Register several years ago. It's one reason to use auto password filling instead of manual, as browser-remembered links will always match what was first saved (assuming that was the real link...).
But I thought that that issue some years ago had been 'fixed' somehow by the browser app makers...0 -
PS in the comments after the Reg article, a fix for Firefox is detailed:
in about:config, set network.IDN_show_punycode to True
This worked for me when I retested the above fake 'Apple' link.0 -
-
PS in the comments after the Reg article, a fix for Firefox is detailed:
in about:config, set network.IDN_show_punycode to True
Did not work for me in either Waterfox 52.0.2 x64, or firefox 53.0 x32. closed them down, rechecked the value, but they still were both apple.com
Rebooted too and it still did not help0 -
Did not work for me in either Waterfox 52.0.2 x64, or firefox 53.0 x32. closed them down, rechecked the value, but they still were both apple.com
Rebooted too and it still did not help
Weird. It works for me on Win7 Firefox 53.0 (64-bit).
BTW, the links themselves won't change; it'll just be what you see in the status bar when you hover on the link.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.6K Banking & Borrowing
- 253.3K Reduce Debt & Boost Income
- 453.9K Spending & Discounts
- 244.6K Work, Benefits & Business
- 599.9K Mortgages, Homes & Bills
- 177.2K Life & Family
- 258.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards