Old spoofing attack presents issues for web browsers

Everyone is susceptible to deception.  Recently, it’s come out that web browsers Chrome (Version 57), Firefox, and Opera are not properly displaying ASCII and Unicode characters.  This leaves users vulnerable to IDN homographic attacks according to web developer Xudong Zheng

As Zheng explains, homographic attacks use letters from non Latin languages that look similar to those that are Latin based.  The vulnerability comes into play as some Unicode characters are difficult to discern from ACSII.  When registering a domain using foreign characters, punycode is used to create the domain name by changing it to a format using ASCII characters.  In Zheng’s proof of concept, the registered domain was xn--pple-43d.com, which translates to apple.com where the “a” in apple is Cyrillic and not an ASCII “a.” [Source: Xudong Zheng]

The vulnerability in Chrome, Firefox, and Opera would allow someone to construct phishing sites whose domain looks legitimate, such as the apple.com proof of concept by Zheng.  Without further investigating, a user could think that they are legitimately logging into an account, but actually are providing their credentials to an attacker.  The phishing page could also install malicious code in the background on the victim’s device.  So, what can you do to better protect yourself?

If you use Google Chrome, ensure that you upgrade to Version 58.

If you’re a Firefox user, Mozilla, as of this writing, is not putting out a fix.  There is a workaround that will help.

First, launch Firefox and then in the browser bar enter “about:config” without the quotes.

After hitting enter you’ll see the following warning.

Click on “I accept the risk” and on the next page, in the search box enter “punycode” and look for network.IDN_show_punycode in the search results

The default setting is set to “False.”  In order to enable this setting, double click on the line to change it to “True.”

If you use Opera, their advisory states that they “added a whitelist of top-level domains that are trusted to enforce a safe policy on domain names.” [Source: Opera Security Advisory]  The advisory also states that as domain registrars update their lists of trusted top level domains, Opera will check said lists on  regular basis.

As far as other browsers such as Safari , Microsoft Edge, and Internet Explorer, they are not affected by this vulnerability. [Source: ars technica ]

Another step you can take is to view the SSL certificate of the site you’re visiting to see if the domain you seen in your browser bar is the same in the SSL certificate.