Skip to main content

Here's what a VPN can't protect you from (but you need to use it)

By Administrator
The abbreviation " VPN " has slowly become established among average Internet users, which is certainly good, but the problem is that people have started to see VPN as the ultimate solution to all problems.
Post a Comment

"Unicode domain" phishing attacks and the problem with Cyrillic domains

By Administrator
"Unicode domain" phishing attacks and the problem with Cyrillic domains

Do you trust this URL: www.apple.com? It looks like a link to the Apple site, but it's not! Don't you see what's wrong with that link? Don't worry, you're not the only one, most people won't notice the difference, and here's what it's all about.

https://www.apple.com looks like a link to the Apple site, but it's actually another link that looks a lot like the original and leads to another site. The difference is in the letter "a", which is actually Unicode Cyrillic "a" (U + 0430), and not the standard ASCII "a" (U + 0061).

Fake apple.com domain / original apple.com domain
Fake apple.com domain / original apple.com domain

IDN Homograph attack

The word "a" is just one such case, there are many examples. We from the Balkans know that because we also have Cyrillic, which is widely used on the Internet. Hackers register domains that are the same as the domains of known sites, but instead of ASCII letters, they insert a similar Unicode letter (as in this example Cyrillic "a"). We can't see the difference and that's why this type of phishing is called "IDN Homograph attack" - more.

However, luckily for us, web browser developers are installing protection that essentially displays the domain in "Punycode" format. This means that, in this example, the link "apple.com" will be displayed as "xn-pple-43d.com" (but will not load because it is not currently registered). Punycode, therefore, converts Unicode characters to ASCII by assigning them some of the available characters from that table. If you want you can try an online converter that does it - punycoder.com

Chrome has converted a Unicode domain to ASCII
Chrome has converted a Unicode domain to ASCII

To protect yourself from these attacks, you can use the "IDN blocker" add-on for your web browser - Chrome, Firefox, Opera. Plugins of this type recognize Unicode characters in domains and block access to them. This is the only way, for now, to protect users from "Unicode domain" phishing attacks.

Cyrillic domains?

You may be wondering what about our Cyrillic domains? Well, they are made up entirely of Unicode characters! Here is one well-known Cyrillic domain that I will use as an example for this article -  њњњ.срб

The first thing you will notice if you copy the link is that it will be converted to Punycode! So I couldn't copy and paste the link њњњ.срб into the article, because it converts immediately, I already had to manually compile the link word for word.

Cyrillic domains?

The good thing is that it doesn't convert to Punycode when you click on it (at least not visually, maybe something in the background happens before re-displaying the original - I haven't tested it), and also the converted domain works. Example: http://њњњ.срб will be converted to http://xn--g2aaa.xn--90a3ac/ when copying, and if you try to go to that Punycode domain, the web browser will convert it back to њњњ.срб and load.

Then where is the problem?

Web browsers, for now, only have protection in the form of converting Unicode characters to ASCII so that the user can see that the domain is not original.

The problem is that "Unicode domain" phishing protection is also blocked by valid domains, ie all our Cyrillic ones (among other things). These filters detect Unicode characters in domains and block them all because they simply do not know whether the domain was created for phishing purposes or not.

The plugin blocked the Cyrillic domain
The plugin blocked the Cyrillic domain

If we try to visit the domain I took as an example in this article - њњњ.срб - with protection enabled, it will be blocked!

The solution?

Of course, most of these plugins also offer a whitelist, so you can add the domain you want and it won't be blocked. But, that is certainly not the solution, because who will add every Cyrillic domain to the list? There may not be many of them, but what about the domains in other countries that are on their alphabet?

Even if a rule/law is introduced according to which all .срб (and other national) domains have the right to "pass" through these filters, hackers can certainly then register a fake .срб, or some other national, domain of a company (what, that the company opened its headquarters in Serbia and registered a domestic domain - who will suspect) and thus "bypass" protection.

I don't see any solution for now, and it seems that the creators of popular web browsers don't see it either, because I see they are not in a hurry with the implementation of more specific protection.

However, I am not so expert in the field of domains and all these procedures of their registration and law, so I would still leave it to you to suggest possible solutions in the comments below.

Labels:

Comments

Post a Comment

Popular this month

New Google mobile internet saving application - Datally

By Administrator
I wrote an article on how to save internet traffic on an Android device and I suggested the Onavo Extend and Opera Max apps because they were the most popular back then. Meanwhile, Opera Max has been discontinued and Onavo has been completely redesigned and is now a VPN application with the option to save internet traffic. Their compression technology is probably now used by Facebook in its application because they bought Onavo - link . Google has decided to seize the opportunity and "push" with a new application called " Datally ".
Post a Comment
Read more

SOPA and PIPA are slowly losing support, the protest yielded results

By Administrator
Controversial U.S. anti-piracy laws, known by the acronyms SOPA and PIPA lost the support of eight members of Congress after major protests by the Internet community. Support was denied, among others, by Marco Rubio of Florida, a rising star of the Republican Party, and his party colleague Roy Blunt of Missouri - who were among the signatories of the bills.
Post a Comment
Read more

How to change IMEI number on Android phone?

By Administrator
IMEI is an abbreviation of "international mobile equipment identity" and each mobile phone should have a unique IMEI number. You cannot change this number with the operator, but you can temporarily change it on your device. It allows the operator to accurately identify your device and thus enable/disable network services. Also, you can use the possibility of changing the IMEI number, at least for a short time, if you know exactly what you want, but I leave those ideas to you because this is an educational article.
Post a Comment
Read more

Twitter is celebrating its sixth birthday

By Administrator
Exactly six years ago, one of the founders of Twitter posted his first tweet - " just setting up my twttr ". Although the popularity of this service was modest in the first few years, today Twitter has over 500 million users who send tweets, and messages 140 characters long.
Post a Comment
Read more

Wireless phone chargers - where, which and how to buy?

By Administrator
Wireless chargers are purchased separately from the device itself, and the user often does not know which Wireless charger to buy or where. Of course, they can be bought from us, not everywhere, but some stores sell them,  which I already wrote about .
Post a Comment
Read more