A Chinese researcher has found an exploit that can be leveraged for phishing attacks on Chrome, Firefox, and Opera. Here’s the kicker, there’s no way you can protect yourself. Here’s the details from The Hacker News:
Hackers can use a known vulnerability in the Chrome, Firefox and Opera web browsers to display their fake domain names as the websites of legitimate services, like Apple, Google, or Amazon to steal login or financial credentials and other sensitive information from users.
And:
Okay, then before going to the in-depth details, first have a look at this demo web page, set up by Chinese security researcher Xudong Zheng, who discovered the attack.
“It becomes impossible to identify the site as fraudulent without carefully inspecting the site’s URL or SSL certificate.” Xudong Zheng said in a blog post.
If your web browser is displaying “apple.com” in the address bar secured with SSL, but the content on the page is coming from another server (as shown in the above picture), then your browser is vulnerable to the homograph attack.
Homograph attack has been known since 2001, but browser vendors have struggled to fix the problem. It’s a kind of spoofing attack where a website address looks legitimate but is not because a character or characters have been replaced deceptively with Unicode characters.
Lovely. Google (via Engadget) says that they have a fix on the way for this. Firefox users can mitigate the attack by doing the following:
- Type about:config in address bar and press enter.
- Type Punycode in the search bar.
- Browser settings will show parameter titled: network.IDN_show_punycode, double-click or right-click and select Toggle to change the value from false to true.
Opera and Chrome users have no mitigation strategies available at this time. Hopefully, all three browsers will be fixed shortly as this is extremely dangerous.
Like this:
Like Loading...
Related
This entry was posted on April 17, 2017 at 11:04 am and is filed under Commentary with tags Chrome, Firefox, Opera, Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
An Exploit That Is “Impossible To Detect” Exists On Chrome, Firefox, & Opera
A Chinese researcher has found an exploit that can be leveraged for phishing attacks on Chrome, Firefox, and Opera. Here’s the kicker, there’s no way you can protect yourself. Here’s the details from The Hacker News:
Hackers can use a known vulnerability in the Chrome, Firefox and Opera web browsers to display their fake domain names as the websites of legitimate services, like Apple, Google, or Amazon to steal login or financial credentials and other sensitive information from users.
And:
Okay, then before going to the in-depth details, first have a look at this demo web page, set up by Chinese security researcher Xudong Zheng, who discovered the attack.
If your web browser is displaying “apple.com” in the address bar secured with SSL, but the content on the page is coming from another server (as shown in the above picture), then your browser is vulnerable to the homograph attack.
Homograph attack has been known since 2001, but browser vendors have struggled to fix the problem. It’s a kind of spoofing attack where a website address looks legitimate but is not because a character or characters have been replaced deceptively with Unicode characters.
Lovely. Google (via Engadget) says that they have a fix on the way for this. Firefox users can mitigate the attack by doing the following:
Opera and Chrome users have no mitigation strategies available at this time. Hopefully, all three browsers will be fixed shortly as this is extremely dangerous.
Share this:
Like this:
Related
This entry was posted on April 17, 2017 at 11:04 am and is filed under Commentary with tags Chrome, Firefox, Opera, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.