This Phising Attack is Almost Impossible to Detect...

On Chrome, Firefox and Opera

Anything that doesn't fit anywhere else below.

Moderators: Calilasseia, ADParker

This Phising Attack is Almost Impossible to Detect...

#1  Postby Tangerine Dream » Apr 18, 2017 5:09 am

A Chinese infosec researcher has discovered a new "almost impossible to detect" phishing attack that can be used to trick even the most careful users on the Internet.

He warned, Hackers can use a known vulnerability in the Chrome, Firefox and Opera web browsers to display their fake domain names as the websites of legitimate services, like Apple, Google, or Amazon to steal login or financial credentials and other sensitive information from users.

What is the best defence against phishing attack? Generally, checking the address bar after the page has loaded and if it is being served over a valid HTTPS connection. Right?


Link

If you are a Firefox user you need to make a change in the configuration:

Type about:config in the Firefox address bar and hit the Enter-key.
Confirm that you will be careful.
Search for network.IDN_show_punycode.
Double-click the preference to set it to true.

This forces Firefox to show Punycode when it is used.
If shit was worth something, poor people would be born with no asshole.
-------------------------------------------------------------------------------------------------
"If Jesus had been killed twenty years ago, Catholic school children would be wearing little electric chairs around their necks instead of crosses."
Lenny Bruce
User avatar
Tangerine Dream
THREAD STARTER
 
Posts: 12564
Age: 5
Male

Djibouti (dj)
Print view this post

Ads by Google


Re: This Phising Attack is Almost Impossible to Detect...

#2  Postby Manticore » Apr 18, 2017 6:58 am

Works on PaleMoon too.
The existence of just one racist is proof that there exists at least one person who could be reasonably classified as sub-human.
User avatar
Manticore
 
Posts: 206

Country: Tanzania
Tanzania (tz)
Print view this post

Re: This Phising Attack is Almost Impossible to Detect...

#3  Postby VazScep » Apr 18, 2017 2:14 pm

Oh FFS.

I'd hoped that the HTTPs-everywhere plugin would have caught this, but no, I was vulnerable.
Here we go again. First, we discover recursion.
VazScep
 
Posts: 4589

United Kingdom (uk)
Print view this post

Re: This Phising Attack is Almost Impossible to Detect...

#4  Postby Alan B » Apr 18, 2017 2:17 pm

Firefox now configured 'true'.
I have NO BELIEF in the existence of a God or gods. I do not have to offer evidence nor do I have to determine absence of evidence because I do not ASSERT that a God does or does not or gods do or do not exist.
User avatar
Alan B
 
Posts: 8501
Age: 81
Male

Country: UK (Birmingham)
United Kingdom (uk)
Print view this post

Re: This Phising Attack is Almost Impossible to Detect...

#5  Postby Papa Smurf » Apr 18, 2017 2:42 pm

The demo page results in 'Firefox can't find the server at аррӏе.com.'. Maybe my old Draytek router is not able to handle the Unicode characters in the DNS request? I'll have to try this at home too.
User avatar
Papa Smurf
 
Posts: 238

Netherlands (nl)
Print view this post

Re: This Phising Attack is Almost Impossible to Detect...

#6  Postby VazScep » Apr 18, 2017 2:55 pm

In formal verification, where you build unhackable systems by presenting a mathematical proof that your system is as secure as mathematics itself, there is a well-known concept called "Pollack-consistency." A Pollack-inconsistency is a proof that's presented, but you did something like fuck up the theorem display code so that it makes out that you proved something you didn't.

Out-of-the-box, HTTPs is Pollack inconsistent.
Here we go again. First, we discover recursion.
VazScep
 
Posts: 4589

United Kingdom (uk)
Print view this post

Re: This Phising Attack is Almost Impossible to Detect...

#7  Postby NineBerry » Apr 18, 2017 3:29 pm

A general rule to follow to prevent this kind of attack: Never enter credentials on a website unless you entered the web address manually or navigated there from your own bookmark. Best to never enter credentials manually. Have your browser store the credentials and auto-fill the login fields. The browser stores the password only for a certain domain, so it will never automatically fill the credentials for a wrong website.
User avatar
NineBerry
RS Donator
 
Posts: 5675
Age: 39
Male

Country: nSk
Print view this post

Ads by Google


Re: This Phising Attack is Almost Impossible to Detect...

#8  Postby crank » Apr 18, 2017 5:22 pm

VazScep wrote:In formal verification, where you build unhackable systems by presenting a mathematical proof that your system is as secure as mathematics itself, there is a well-known concept called "Pollack-consistency." A Pollack-inconsistency is a proof that's presented, but you did something like fuck up the theorem display code so that it makes out that you proved something you didn't.

Out-of-the-box, HTTPs is Pollack inconsistent.

Remember the problem we discussed about links in gmail would just die in chrome, turns out it was conflicts with HTTPS Everywhere and Ghostery. They both were trying redirects and this caused conflicts.

HTTPS is still a good idea though, it might not be foolproof, but every bit of extra protection helps, one more hurdle for the exploits to deal with.
“When you're born into this world, you're given a ticket to the freak show. If you're born in America you get a front row seat.”
-George Carlin, who died 2008. Ha, now we have human centipedes running the place
User avatar
crank
RS Donator
 
Name: Sick & Tired
Posts: 10362
Age: 2
Male

Country: 2nd miasma on the left
Pitcairn (pn)
Print view this post

Re: This Phising Attack is Almost Impossible to Detect...

#9  Postby VazScep » Apr 18, 2017 6:25 pm

crank wrote:
VazScep wrote:In formal verification, where you build unhackable systems by presenting a mathematical proof that your system is as secure as mathematics itself, there is a well-known concept called "Pollack-consistency." A Pollack-inconsistency is a proof that's presented, but you did something like fuck up the theorem display code so that it makes out that you proved something you didn't.

Out-of-the-box, HTTPs is Pollack inconsistent.

Remember the problem we discussed about links in gmail would just die in chrome, turns out it was conflicts with HTTPS Everywhere and Ghostery. They both were trying redirects and this caused conflicts.

HTTPS is still a good idea though, it might not be foolproof, but every bit of extra protection helps, one more hurdle for the exploits to deal with.
Don't get me wrong. I like my HTTPs (nudge, nudge, Rationalskepticism.org)
Here we go again. First, we discover recursion.
VazScep
 
Posts: 4589

United Kingdom (uk)
Print view this post


Return to General Science & Technology

Who is online

Users viewing this topic: No registered users and 1 guest