Chrome, Firefox, and Opera Vulnerable to Undetectable Phishing Attack

Forum|Forum|8 years ago
April 17, 2017
1 reply
2 views

+54

Jasper_The_Rasper
Moderator

17th April 2017 By Catalin Cimpanu

Browsers such as Chrome, Firefox, and Opera are vulnerable to a new variation of an older attack that allows phishers to register and pass fake domains as the websites of legitimate services, such as Apple, Google, eBay, and others.
Discovered by Chinese security researcher Xudong Zheng, this is a variation of a homograph attack, first identified by Israeli researchers Evgeniy Gabrilovich and Alex Gontmakher, and known since 2001.

A homograph attack

A few years back, ICANN voted to allow non-ASCII (Unicode) characters in web domains. Because some Unicode characters look the same, such as Cyrillic "?" (U+0430) and Latin "a" (U+0041), ICANN ruled that using Unicode characters would have led to confusions, and made it harder to distinguish legitimate domains from phishing sites.

Full Article

Baldrick
Gold VIP
Forum|Forum|8 years ago
April 17, 2017

Thanks for posting, Jasper...worthing being aware of this given the nature of the threat and what it affects. It is sad that this old & known loophole would appear to not have been completely mitigated. 😞

Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2

J

Like

A homograph attack

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded