Slyck.com
 
Slyck Chatbox - And More

This Weird Trick Lets Hackers Hide Phishing URLs

What's happening in the technology world! Please submit stories for this forum here.
Forum rules
PLEASE READ BEFORE POSTING: Slyck Forum Rules

This Weird Trick Lets Hackers Hide Phishing URLs

Postby sunnyd » Wed Apr 19, 2017 11:18 am

Story : https://www.theguardian.com/technology/2017/apr/19/phishing-url-trick-hackers





Here’s a challenge for you: you click on a link in your email, and find yourself at the website https://аррӏе.com. Your browser shows the green padlock icon, confirming it’s a secure connection; and it says “Secure” next to it, for added reassurance. And yet, you’ve been phished. Do you know how?

The answer is in that URL. It may look like it reads “apple”, but that’s actually a bunch of Cyrillic characters: A, Er, Er, Palochka, Ie. The security certificate is real enough, but all it confirms is that you have a secure connection to аррӏе.com – which tells you nothing about whether you’re connected to a legitimate site or not.

The proof-of-concept domain was put together by Xudong Zheng, a security researcher who wanted to demonstrate the problem with the way domain names can be registered and displayed. For a long time, domain names could only be written in Latin characters without diacritics, but since 1998 it’s actually been possible to write them in other alphabets too. That’s useful if you want to register a domain name in Chinese or Arabic script, or even just correctly spelled French or German – anything that can be represented with the Unicode standard can be registered, even emoji – but it’s also opened up a whole new avenue of misdirection for malicious actors to take advantage of, by finding characters in other alphabets which look similar to Latin ones.

“From a security perspective, Unicode domains can be problematic because many Unicode characters are difficult to distinguish from common ASCII characters,” Zheng writes. “It is possible to register domains such as ‘xn--pple-43d.com’, which is equivalent to ‘аpple.com’. It may not be obvious at first glance, but ‘аpple.com’ uses the Cyrillic ‘а’ (U 0430) rather than the ASCII “a” (U 0041). This is known as a homograph attack.”







Follow Slyck on Twitter @SlyckDotCom
Join Slyck's Facebook Fan Page
User avatar
sunnyd
 
Posts: 30027
Joined: Mon Jan 21, 2008 2:34 pm

Return to Tech/Internet/Other News

Who is online

Users browsing this forum: No registered users and 4 guests

© 2001-2008 Slyck.com