How to protect your browser from Unicode domain phishing attacks

Discussion in 'other security issues & news' started by Minimalist, Feb 22, 2018.

  1. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    4,797
    Same here. Changes to red.
     
  2. NiteRanger

    NiteRanger Registered Member

    Joined:
    Nov 15, 2016
    Posts:
    651
    Location:
    Far East
    Thanks
     
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,384
    Location:
    Slovenia
    Well they did add an option in about:config ( network.IDN_show_punycode ) to address this problem, they just didn't enable it by default. So most users are most likely not protected.
     
  4. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    17,283
    Location:
    UK
  5. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,155
    Location:
    Slovakia
    Not to mention, that a vulnerability might disable it in order to deceive users, I wonder, if the extension would still reveal the fake address or if it simply uses Chrome's settings?
     
  6. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    5,129
    Location:
    USA still the best. But barely.
    I enabled this. So do I need IDN Safe anymore?
     
  7. Cache

    Cache Registered Member

    Joined:
    May 20, 2016
    Posts:
    432
    Location:
    Mercia
    I am in the same boat. I have the about:config network.IDN_show_punycode set as true and that seems to prevent accessing any dubious pages. I have also recently added IDN Safe but feel that it is probably redundant. The only difference is that with IDN Safe clicking on a link nothing happens apart from the red icon, whereas without the extension Firefox loads a "Server not found" message showing the URL
     
    Last edited: Feb 24, 2018
  8. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,384
    Location:
    Slovenia
    As far as I understand, IDN safe blocks access to those domains. Firefox setting OTOH only prevents domain obfuscation.
     
  9. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    8,904
    Location:
    Among the gum trees
    IDN Safe Firefox version just updated on my machine.

    Edit: Chrome version too.
     
    Last edited: Feb 25, 2018
  10. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,155
    Location:
    Slovakia
    Not Opera though, but I guess if it works, there is nothing to update, some of my extensions have not been updated for years.

    But I should have read the description to answer my own question, this extension is usefull. It blocks IDN domains, browser only displays the correct URL, if that setting is not disabled.
     
  11. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    2,085
    Location:
    Italy
  12. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,537
    IDN Safe 1.4 already works with lastest Vivaldi 1.14.1077.55...
     
  13. 142395

    142395 Guest

    Since nobody mentioned, I say: punycode is not a realistic phishing pathway if you follow the best practice (and you should!).
    i.e. Always check the corporate name shown in next to TLS lock icon as long as your site uses EV or CV certificate. If your site doesn't use them, you can still dig through certificate to see registered domain name but that shouldn't be important sites for you.
    On mobile browser which won't directly show corporate name, it's a problem. Another problem is some sites use EV in problematic way, using it on so called shared TLS sites which is meaningless...but again that shouldn't be important site.
    Anyway, never rely solely on displayed domain name! IIRC in the past there's other UI vulnerability.
     
  14. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
  15. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I've had an IDN extension for Firefox for a couple of weeks
     
  16. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,607
    Location:
    U.S.A. (South)
    I envy you guys who devoted months to years dedication in browser protections, catching reports via news or thru the forum exchanges of issues and solutions. This is been a sore weakness which simply I couldn't piece together enough study to firebrand my own browser(s) but you all in your ongoing endless discussions have left trail of great information i'm only now just starting to catch on by bits and pieces.

    My personal thanks to you all who know what to look for, what works best for which browser and the setting elements and configs you do best at sealing as many loopholes in them as can be found.

    You guys are masters at this.
     
  17. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    39,417
    Chrome Extension Detects URL Homograph (Unicode) Attacks
    March 26, 2018
    https://www.bleepingcomputer.com/ne...ension-detects-url-homograph-unicode-attacks/
     
  18. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    39,417
    Registry to ban Cyrillic .eu addresses even if you've paid for them
    June 29, 2018
    https://www.theregister.co.uk/2018/06/29/eurid_dumps_cyrillic/
     
  19. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    39,417
    Chrome 74
    Chrome to Display Warnings About Similar or Lookalike URLs
    February 3, 2019
    https://www.bleepingcomputer.com/ne...lay-warnings-about-similar-or-lookalike-urls/
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.