Tuesday, 18 April 2017

Phishing with Unicode Domains - scary stuff!


If I told you that "www.apple.com" (see above) could be a phishing site, would you believe me? Check out the proof-of-concept - works in Chrome & Firefox.

Punycode makes it possible to register domains with foreign characters. It works by converting individual domain label to an alternative format using only ASCII characters. For example, the domain "xn--s7y.co" is equivalent to "短.co".

From a security perspective, Unicode domains can be problematic because many Unicode characters are difficult to distinguish from common ASCII characters. It is possible to register domains such as "xn--pple-43d.com", which is equivalent to "аpple.com". It may not be obvious at first glance, but "аpple.com" uses the Cyrillic "а" (U+0430) rather than the ASCII "a" (U+0041). This is known as a homograph attack.

Be careful out there, readers. 
On the Web, make sure that you truly are on the site that you want to visit.
There are some bad people out there!