Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
New Phishing attack: unicode variants of domain.
Spotted this insightful article in Twitter today, Chrome and Firefox Phishing Attack Uses Domains Identical to Known Safe Sites
Talks about a clever use of using unicode characters to spoof a domain and get a Let’s Encrypt cert too, which is then impossible to tell is fake.
Doesn’t affect IE or Safari, but does FF and Chrome. The article gives a fix for FF. No word for Opera.
Offline
Re: New Phishing attack: unicode variants of domain.
Thanks for the info, Destry. I thought this vulnerability had been fixed years ago! Shows what I know…
The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.
Txp Builders – finely-crafted code, design and Txp
Offline
Re: New Phishing attack: unicode variants of domain.
Bloke wrote #305371:
I thought this vulnerability had been fixed years ago! Shows what I know…
Me thought the same thing when I first heard that news. Puzzled.
Destry wrote #305370:
No word for Opera.
Same behaviour as Chrome of course. Same rendering engine etc.
Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern
Offline