628 bulles
""The site above is not the real Apple domain but rather a domain that I was able to purchase. You can see for yourself by visiting the proof-of-concept. The security issue has been fixed as of Chrome 59 though it still exists in all versions of Firefox.
//Punycode makes it possible to register domains with foreign characters. It works by converting individual domain label to an alternative format using only ASCII characters. For example, the domain "xn–s7y.co" is equivalent to "短.co".
Pour aller plus loin :
https://arstechnica.com/information-technology/2017/04/chrome-firefox-and-opera-users-beware-this-isnt-the-apple-com-you-want/
...
Voir aussi ZeroFont Pishing : https://www.avanan.com/blog/zerofont-phishing-attack
...
Visual Spoofing* :
http://websec.github.io/unicode-security-guide/visual-spoofing/
Similaire aux "homograph attack" :
https://en.wikipedia.org/wiki/IDN_homograph_attack
...
La page Wikipédia sur le web spoofing
https://en.wikipedia.org/wiki/Website_spoofing
---
*"spoofing" ça veut dire parodie
//Punycode makes it possible to register domains with foreign characters. It works by converting individual domain label to an alternative format using only ASCII characters. For example, the domain "xn–s7y.co" is equivalent to "短.co".
Pour aller plus loin :
https://arstechnica.com/information-technology/2017/04/chrome-firefox-and-opera-users-beware-this-isnt-the-apple-com-you-want/
...
Voir aussi ZeroFont Pishing : https://www.avanan.com/blog/zerofont-phishing-attack
...
Visual Spoofing* :
http://websec.github.io/unicode-security-guide/visual-spoofing/
Similaire aux "homograph attack" :
https://en.wikipedia.org/wiki/IDN_homograph_attack
...
La page Wikipédia sur le web spoofing
https://en.wikipedia.org/wiki/Website_spoofing
---
*"spoofing" ça veut dire parodie
Phishing with Unicode Domains - Xudong Zheng
Vous pouvez mettre en forme vos commentaires avec Markdown !
Replier
Replier tout
Déplier
Déplier tout
Êtes-vous sûr de vouloir supprimer ce lien ?
Le gestionnaire de marque-pages personnel, minimaliste, et sans base de données par la communauté Shaarli