Week-6
Threat of Unicode Domain Spoofing Fix Addressed
For Chrome
On Wednesday April 19,
2017 Google released Chrome 58 to help address 29 known vulnerabilities. One of
these vulnerabilities was known as “Unicode Domain Phishing”. The issue resides
in Unicode characters in hostnames through what is called Punycode. Punycode
can take characters and change them in a way to allow a hacker to spoof
legitimate websites for the purpose of phishing attacks. According to the Security week article by Ionut
Arghire “The issue was also demonstrated by Avanan researchers in December
2016, when they stumbled upon live phishing attacks targeting Office 365
business email users. Using Unicode characters, attackers could create a site
looking like http://www.pŠ°ypal.com/, but which actually resolved to http://www.xn--pypal-4ve.com/,
thus bypassing Office 365’ anti-phishing defenses, the researchers explained.” (Arghire, 2017)
References
Arghire, I. (2017, April 20). Chrome
Addresses Threat of Unicode Domain Spoofing. Retrieved from Security Week:
http://www.securityweek.com/chrome-addresses-threat-unicode-domain-spoofing
No comments:
Post a Comment