Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2017-04-17 14:14:00

Destry
Moderator
From: Alemannia
Registered: 2004-08-04
Posts: 3,300
Website

New Phishing attack: unicode variants of domain.

Spotted this insightful article in Twitter today, Chrome and Firefox Phishing Attack Uses Domains Identical to Known Safe Sites

Talks about a clever use of using unicode characters to spoof a domain and get a Let’s Encrypt cert too, which is then impossible to tell is fake.

Doesn’t affect IE or Safari, but does FF and Chrome. The article gives a fix for FF. No word for Opera.

Offline

#2 2017-04-17 15:22:38

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 7,637
Website

Re: New Phishing attack: unicode variants of domain.

Thanks for the info, Destry. I thought this vulnerability had been fixed years ago! Shows what I know…


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#3 2017-04-18 08:22:30

phiw13
Plugin Author
From: Japan
Registered: 2004-02-27
Posts: 1,092
Website

Re: New Phishing attack: unicode variants of domain.

Bloke wrote #305371:

I thought this vulnerability had been fixed years ago! Shows what I know…

Me thought the same thing when I first heard that news. Puzzled.

Destry wrote #305370:

No word for Opera.

Same behaviour as Chrome of course. Same rendering engine etc.

Offline

Board footer

Powered by FluxBB