Chrome & Firefox Phish Attack Uses Domains Identical to

Talk about internet security, computer security, personal security, your social security number...

Chrome & Firefox Phish Attack Uses Domains Identical to

Postby therube » Sat Apr 15, 2017 11:37 am

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0 SeaMonkey/2.46 Lightning/.4.46
User avatar
therube
Ambassador
 
Posts: 6583
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Chrome & Firefox Phish Attack Uses Domains Identical to

Postby fatboy » Sat Apr 15, 2017 8:11 pm

If to switch network.IDN_show_punycode;true, the Cyrillic domains are displayed incorrectly:
http://xn--80agdepgfuajcazx2e.xn--p1ai/ instead of http://антонгородецкий.рф/ even if network.IDN.use_whitelist;true
and network.IDN.whitelist.xn - p1ai;true.
It is possible to use network.IDN.restriction_profile;strict
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 SM/2.38 NS/2.9.0.12
fatboy
Junior Member
 
Posts: 28
Joined: Fri Jul 25, 2014 6:56 am

Re: Chrome & Firefox Phish Attack Uses Domains Identical to

Postby therube » Tue Apr 18, 2017 1:19 am

Bug 1332714 IDN Phishing using whole-script confusables on Windows and Linux


@fatboy, thanks for that link. Íňťéŕíšťíňg ŕéáďíňg.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0 SeaMonkey/2.46 Lightning/.4.46
User avatar
therube
Ambassador
 
Posts: 6583
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Chrome & Firefox Phish Attack Uses Domains Identical to

Postby yes_noscript » Thu Apr 20, 2017 8:09 pm

Pale Moon unstable add a about:config setting to controll that:
Added an option to display punycode domain for IDN websites to combat phishing.
Preference: browser.identity.display_punycode
0 = Display IDN name in identity panel (previous behavior)
1 = Display punycode name for DV SSL domains (default)
2 = Also display punycode for HTTP sites if IDN name used


from https://www.palemoon.org/unstable/releasenotes.shtml
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:45.9) Gecko/20100101 Goanna/3.2 Firefox/45.9 PaleMoon/27.3.0b1
yes_noscript
Senior Member
 
Posts: 124
Joined: Fri Sep 26, 2014 6:52 pm


Return to Security

Who is online

Users browsing this forum: No registered users and 1 guest