Phishing HTTPS www.apple.com (esempio)
Inviato: ven, 21 apr 2017 10:41
You Think You can’t be Phished?
https://hackaday.com/2017/04/19/you-thi ... e-phished/" onclick="window.open(this.href);return false;
Well, think again. At least if you are using Chrome or Firefox. Don’t believe us? Well, check out Apple new website then, at https://www.apple.com . Notice anything? If you are not using an affected browser you are just seeing a strange URL after opening the webpage, otherwise it’s pretty legit. This is a page to demonstrate a type of Unicode vulnerability in how the browser interprets and show the URL to the user. Notice the valid HTTPS. Of course the domain is not from Apple…
Phishing with Unicode Domains:
https://www.xudongz.com/blog/2017/idn-phishing/" onclick="window.open(this.href);return false;
Screenshots:
https://www.xudongz.com/cache/2f378473d ... 3f4e9b.png" onclick="window.open(this.href);return false;
https://www.xudongz.com/cache/81c780f81 ... d7bf34.png" onclick="window.open(this.href);return false;
https://www.xudongz.com/cache/346736203 ... cafd6d.png" onclick="window.open(this.href);return false;
https://www.xudongz.com/cache/271546c9c ... 210daa.png" onclick="window.open(this.href);return false;
https://www.xudongz.com/cache/95b7f81c1 ... bd442b.png" onclick="window.open(this.href);return false;
Post su Facebook:
https://www.facebook.com/groups/2210554 ... 999924564/" onclick="window.open(this.href);return false;
dal Gruppo Facebook su OpenBSD:
https://www.facebook.com/groups/2210554563/" onclick="window.open(this.href);return false;
https://hackaday.com/2017/04/19/you-thi ... e-phished/" onclick="window.open(this.href);return false;
Well, think again. At least if you are using Chrome or Firefox. Don’t believe us? Well, check out Apple new website then, at https://www.apple.com . Notice anything? If you are not using an affected browser you are just seeing a strange URL after opening the webpage, otherwise it’s pretty legit. This is a page to demonstrate a type of Unicode vulnerability in how the browser interprets and show the URL to the user. Notice the valid HTTPS. Of course the domain is not from Apple…
Phishing with Unicode Domains:
https://www.xudongz.com/blog/2017/idn-phishing/" onclick="window.open(this.href);return false;
Screenshots:
https://www.xudongz.com/cache/2f378473d ... 3f4e9b.png" onclick="window.open(this.href);return false;
https://www.xudongz.com/cache/81c780f81 ... d7bf34.png" onclick="window.open(this.href);return false;
https://www.xudongz.com/cache/346736203 ... cafd6d.png" onclick="window.open(this.href);return false;
https://www.xudongz.com/cache/271546c9c ... 210daa.png" onclick="window.open(this.href);return false;
https://www.xudongz.com/cache/95b7f81c1 ... bd442b.png" onclick="window.open(this.href);return false;
Post su Facebook:
https://www.facebook.com/groups/2210554 ... 999924564/" onclick="window.open(this.href);return false;
dal Gruppo Facebook su OpenBSD:
https://www.facebook.com/groups/2210554563/" onclick="window.open(this.href);return false;
