I tested a number of popular (and some less well-known) macOS browsers, downloaded from their English-language homepages and installed in an US English configuration of macOS. How does my favorite browser handle Punycode IDNs? If you don’t read or visit sites in multiple languages, you may want to ensure that your browser doesn’t hide the "real" domain name behind Punycode, to avoid potentially getting scammed by lookalike domains. Punycode is a way of encoding such characters within the ASCII character set permitted for domain names, and an Internationalized Domain Name (IDN) contains Punycode strings prepended by the four characters "xn-". But what if you want a domain to represent a language that uses characters not contained in the English alphabet? You may want a domain containing a character with a diacritical mark such as the ñ from Spanish, the ç from French, or the ü from German, or you may want a domain with Japanese, Chinese, or other characters. What are Punycode and IDNs?ĭomain names (for example, ) can only contain standard English alphabet letters, numbers, and hyphens. This type of attack is known as an IDN homograph attack. In this case, the attackers used "bravė" in their lookalike domain instead of "brave"-which may be difficult to distinguish, in some cases.
But another part of the attack has to do with a feature in some browsers related to Internationalized Domain Names (IDN), which use Punycode encoding. Part of the attack was enabled by various peculiarities of Google Ads (namely, the ability to display one domain in an ad, but actually go to another domain when clicked) and Google Search (which places ads that look very similar to search results above the actual results).
Malware Lookalike domains are spreading malware here’s how to stay safeĪ recent report from Ars Technica indicated that, "with help from Google ," scammers were able to impersonate the Brave browser’s homepage to distribute malware to unsuspecting victims.
0 kommentar(er)
