[dba-Tech] "almost impossible to detect" phishing attack

John R Bartow jbartow at winhaven.net
Mon Apr 17 12:00:16 CDT 2017

A Chinese infosec researcher has discovered a new "almost impossible to
detect" phishing attack that can be used to trick even the most careful
users on the Internet.

He warned, Hackers can use a known vulnerability in the Chrome, Firefox and
Opera web browsers to display their fake domain names as the websites of
legitimate services, like Apple, Google, or Amazon to steal login or
financial credentials and other sensitive information from users.

Firefox uses can follow below-mentioned steps to manually apply temporarily
1. Type about:config in address bar and press enter.
2. Type Punycode in the search bar.
3. Browser settings will show parameter titled: network.IDN_show_punycode,
double-click or right-click and select Toggle to change the value from false
to true.

Unfortunately, there is no similar setting available in Chrome or Opera to
disable Punycode URL conversions manually, so Chrome users have to wait for
next few weeks to get patched Stable 58 release.

More information about the dba-Tech mailing list