Chrome & Firefox Phish Attack Uses Domains Identical to

Talk about internet security, computer security, personal security, your social security number...
Post Reply
User avatar
therube
Ambassador
Posts: 7924
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Chrome & Firefox Phish Attack Uses Domains Identical to

Post by therube »

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0 SeaMonkey/2.46 Lightning/.4.46
fatboy
Senior Member
Posts: 82
Joined: Fri Jul 25, 2014 6:56 am
Contact:

Re: Chrome & Firefox Phish Attack Uses Domains Identical to

Post by fatboy »

If to switch network.IDN_show_punycode;true, the Cyrillic domains are displayed incorrectly:
http://xn--80agdepgfuajcazx2e.xn--p1ai/ instead of http://антонгородецкий.рф/ even if network.IDN.use_whitelist;true
and network.IDN.whitelist.xn - p1ai;true.
It is possible to use network.IDN.restriction_profile;strict
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 SM/2.38 NS/2.9.0.12
User avatar
therube
Ambassador
Posts: 7924
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Chrome & Firefox Phish Attack Uses Domains Identical to

Post by therube »

Bug 1332714 IDN Phishing using whole-script confusables on Windows and Linux


@fatboy, thanks for that link. Íňťéŕíšťíňg ŕéáďíňg.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0 SeaMonkey/2.46 Lightning/.4.46
yes_noscript

Re: Chrome & Firefox Phish Attack Uses Domains Identical to

Post by yes_noscript »

Pale Moon unstable add a about:config setting to controll that:
Added an option to display punycode domain for IDN websites to combat phishing.
Preference: browser.identity.display_punycode
0 = Display IDN name in identity panel (previous behavior)
1 = Display punycode name for DV SSL domains (default)
2 = Also display punycode for HTTP sites if IDN name used


from https://www.palemoon.org/unstable/releasenotes.shtml
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:45.9) Gecko/20100101 Goanna/3.2 Firefox/45.9 PaleMoon/27.3.0b1
Post Reply