Good Sam Community

1492 · ‎Apr-19-2017

I thought I'd pass along this potential vulnerability in Firefox and Chrome browsers which is receiving increased attention in online security communities. It involves Unicode phishing vulnerability, where clicking a link to what appears a legit URL, can actually be a fake website.

In fact, if you are using Firefox or Chrome browser right now? Try clicking this link:

https://www.xn--80ak6aa92e.com/

Look at your browser's URL address bar? Does it say https://apple.com. Obviously, not an Apple website? Notice how the browser also appears to indicate a valid site certificate (https://)? Further demonstrating how hackers could potentially clone Apple's site to make it look legit, leaving a door open to steal personal account info?

Now try clicking the link using MS Internet Explorer (IE) browser? Notice that the URL address bar correctly indicates the site address as https://www.xn--80ak6aa92e.com/? IE is not affected by the Unicode vulnerability?

Until patches are available for both Firefox and Chrome browsers, it is advisable not to click links to websites in emails, or other unfamiliar sources. Instead type the URL website link directly into the browser address bar. Or use IE browser in the intern.

For Firefox users who feel comfortable in making browser config changes, you can adjust the following browser setting to temporarily mitigate the Unicode vulnerability:

Type or copy and paste about&colon;config in the URL address bar.
Click the "I'll be careful, I promise!" button.
Type or copy and paste network.IDN_show_punycode in Search bar.
Double mouse click the line network.IDN_show_punycode until Value column changes to true.
Close the browser tab.

Now try clicking the fake URL link above once again as a test? Should now read https://www.xn--80ak6aa92e.com/?

For further reference, see:

This Phishing Attack is Almost Impossible to Detect...

Phishing with Unicode Domains

delwhjr · ‎Apr-19-2017

Just one more reason to never click on a link which you do not know the origin. Fake links are the #1 route into a system including protected systems.
The email may look real but most secure communications from banks or other like sources tell you to go the website and check your messages or announcements. They do not as a rule give you a link to follow.

2022 Rockwood 2109S
2006 Durango HEMI

Chris_Bryant · ‎Apr-19-2017

FWIW, Konqueror and Vivaldi are not affected by this- Vivaldi is pretty nice, interestingly enough, it's a combo of Opera and Chromium, both of which are affected.
vivaldi dot com 🙂
konqueror dot org 😄

-- Chris Bryant

2oldman · ‎Apr-19-2017

happycamper002 wrote:
.. I don't blindfoldedly click on "clickys" that most posters show on their posts..

Quote the post to see the actual url.

"If I'm wearing long pants, I'm too far north" - 2oldman

gbopp · ‎Apr-19-2017

Ouch. Thanks..

1492 · ‎Apr-19-2017

Here is another Firefox and Chrome browser demonstration of this vulnerability. Hover your mouse over the link? If Firefox or Chrome indicates the site is https://www.apple.com in the lower left corner, then your browser is un-patched and vulnerable to this exploit?

www.apple.com

As in this image:

Screenshot from Chrome browser.

The actual website address in the link above is https://www.xn--80ak6aa92e.com/

1492 · ‎Apr-19-2017

ktmrfs wrote:

well, here is what chrome says on my computer, comes up with a very specific warning and won't take you to the site.

Hey there!

This may or may not be the site you are looking for! This site is obviously not affiliated with Apple, but rather a demonstration of a flaw in the way unicode domains are handled in browsers.

See what this is about

I don't think you understand the purpose of the link? It goes to a "test" website to demonstrate the vulnerability. This in not a Chrome or Firefox browser warning, or an AV security message. It is a static page specifically created to show you that this is not apple.com website.

You're not supposed to be re-directed or continue anywhere else? If this were a genuine hacker page, you would have already fallen for the trap. Instead, just a demonstration.

If you see https://www.apple.com in the address bar of either Chrome or Firefox, along with the message:

Then your browser is vulnerable to this flaw!

ktmrfs · ‎Apr-19-2017

1492 wrote:
I thought I'd pass along this potential vulnerability in Firefox and Chrome browsers which is receiving increased attention in online security communities. It involves Unicode phishing vulnerability, where clicking a link to what appears a legit URL, can actually be a fake website.

In fact, if you are using Firefox or Chrome browser right now? Try clicking this link:

https://www.xn--80ak6aa92e.com/

Look at your browser's URL address bar? Does it say https://apple.com. Obviously, not an Apple website? Notice how the browser also appears to indicate a valid site certificate (https://)? Further demonstrating how hackers could potentially clone Apple's site to make it look legit, leaving a door open to steal personal account info?

Now try clicking the link using MS Internet Explorer (IE) browser? Notice that the URL address bar correctly indicates the site address as https://www.xn--80ak6aa92e.com/? IE is not affected by the Unicode vulnerability?

Until patches are available for both Firefox and Chrome browsers, it is advisable not to click links to websites in emails, or other unfamiliar sources. Instead type the URL website link directly into the browser address bar. Or use IE browser in the intern.

For Firefox users who feel comfortable in making browser config changes, you can adjust the following browser setting to temporarily mitigate the Unicode vulnerability:

Type or copy and paste about:config in the URL address bar.
Click the "I'll be careful, I promise!" button.
Type or copy and paste network.IDN_show_punycode in Search bar.
Double mouse click the line network.IDN_show_punycode until Value column changes to true.
Close the browser tab.

Now try clicking the fake URL link above once again as a test? Should now read https://www.xn--80ak6aa92e.com/?

For further reference, see:

This Phishing Attack is Almost Impossible to Detect...

Phishing with Unicode Domains

well, here is what chrome says on my computer, comes up with a very specific warning and won't take you to the site.

Hey there!

This may or may not be the site you are looking for! This site is obviously not affiliated with Apple, but rather a demonstration of a flaw in the way unicode domains are handled in browsers.

See what this is about

2011 Keystone Outback 295RE
2004 14' bikehauler with full living quarters
2015.5 Denali 4x4 CC/SB Duramax/Allison
2004.5 Silverado 4x4 CC/SB Duramax/Allison passed on to our Son!

Homeless_by_Cho · ‎Apr-19-2017

jcpainter wrote:
Followed your instructions and fixed FF.

Thanx for the heads up and the detailed instructions.

X2

Thanks,
LeRoy

Homeless by Choice
FULL TIMER since 2012
2015 Chevy 3500, Duramax, 4X4, DRW, Crew cab, Long bed
2013 Northern Lite 8'11"Q Sportsman truck camper
2015 Polaris RZR Side by Side

happycamper002 · ‎Apr-19-2017

Anytime you click a hyperlink you become vulnerable to phising or whatever malware that are lurking out there.

Call me paranoid.

That's the reason I don't blindfoldedly click on "clickys" that most posters show on their posts. Although offering clicky is well intended, hackers use this as a gate way to wreak havoc on users.

Granted, new patches do offer some protection, their efficacy is short live--that they have to come up with patches all the time.

I've been using Firefox for the most time since its
inception.

Linux does "housekeeping" regularly which to some degree keeps your OS "clean" by switching to new version.

You do have to tell it to do the upgrade.

Now, that would be another avenue to hack your PC. LOL

Hackers are getting smarter, and hotshot programmers are busy fighting them off to no avail.

wingsfan20 · ‎Apr-19-2017

Using Chrome. My protection software F-Secure blocked the site. If you get to the apple site, maybe you should check your protection software.

Jim :W
2007 Silverado 3/4 LTZ Crew Duramax/Allison
2008 Keystone Cougar 311RLS

jcpainter · ‎Apr-19-2017

Followed your instructions and fixed FF.

Thanx for the heads up and the detailed instructions.

magicbus · ‎Apr-19-2017

Tiger02 wrote:
In Chrome you can hover over the link, and the true link will be visible in the bottom left hand corner. I will usually do this on links in forums, and definitely links in emails.

Both FF and Chrome both show https://www,apple.com in the lower left when hovering.

Just fixed FF. Thanks for the heads up!

Dave

Current: 2018 Winnebago Era A
Previous: Selene 49 Trawler
Previous: Country Coach Allure 36

Tiger02 · ‎Apr-19-2017

In Chrome you can hover over the link, and the true link will be visible in the bottom left hand corner. I will usually do this on links in forums, and definitely links in emails.

2006 Keystone Outback Sydney 30 FRKS

1997 Ford F350 Auto, 4.10LS Axle, 160,000 Miles, Crew Cab with DRW.

US Army 1984-2016.

Campfire_Time · ‎Apr-19-2017

Interesting. Not a heck of a lot of info about this out there either.

Chuck D.
“Adventure is just bad planning.” - Roald Amundsen
2013 Jayco X20E Hybrid
2016 Chevy Silverado Crew Cab Z71 LTZ2
2008 GMC Sierra SLE1 Crew Cab Z71 (traded)

Chris_Bryant · ‎Apr-19-2017

:E

Thanks!

-- Chris Bryant

Good Sam Community

Serious Flaw in Firefox and Chrome Browsers!