Udon Thani Thailand Forum - Udon Thani, Thailand

Posted: **April 19, 2017, 7:50 am**

There are reports of a Browser flaw that is/was effecting all the major browsers.

Chrome & Firefox have yet to release a fix but it is quite easy to do a manual fix in Firefox to eliminate it.

The flaw is centered on Punnycode.
https://en.wikipedia.org/wiki/Punycode

Using it a hacker can create an alternative web site that looks exactly like an original official web site with no indication by the browser that you are actually not on the official site. Usernames & passwords used to access that site can then be captured by the hacker.
It is, obviously, a fair bit of work on the part of the hacker to replicate the official site, but rewarding if they do get hits.

To remove the problem in Firefox do the following..

Type
about:config
in the address bar & approve the 'here be dragons' warning message.
Search for
punycode
the line
network.IDN_show_punycode
will appear with a Value of False
Right mouse click on this line & select Toggle
The value will change from False to True

Security firm Wordfence set up a dummy site to prove the flaw..
https://www.wordfence.com/blog/2017/04/ ... -phishing/

With punycode set to False this is what the URL of their dummy site looks like in Firefox

: epic 1.png (4.02 KiB) Viewed 1071 times

Once punycode is set to True the real URL of the site is revealed..

: epic 2.png (4.99 KiB) Viewed 1071 times

Posted: **April 19, 2017, 11:23 am**

Is there a way to do that in Chrome so that you always see the real URL instead of the abbreviated one?

Posted: **April 19, 2017, 12:34 pm**

Google say v59 will stop this type of attack..
in the meantime maybe this extension..

PunyCode Domain Detection

I have not tried that though as I normally use Firefox..

Posted: **April 21, 2017, 10:55 am**

Just did the FF fix.

Checked Chrome which was running v57 and it just updated itself to v58.

Posted: **April 26, 2017, 5:41 pm**

Which Browser can I use Chrome or Firefox? Any suggestion which one is the best?

Posted: **April 27, 2017, 10:35 pm**

Bob searched but can't find punnycode
Is it embedded in a string of words or on its own as cant find alphabetically

Posted: **April 27, 2017, 10:40 pm**

Hi Bob found it & now set to True
Does that mean I'm now safe to browse?
How can I see the URL NN-e1 etc.......?

Posted: **April 27, 2017, 10:42 pm**

Sorry xn--e1a etc?

Posted: **April 28, 2017, 6:53 am**

Any site you visit will now show its' actual URL code in the browser bar.
So if you are in HSBC web site (for example) it will say that. A false site set up to resemble the HSBC web site using Punycode will now show its' actual URL in the address bar.

To see that in action go to the
https://www.xn--e1awd7f.com/
URL.

If you have not set punycode to = True then the address in the browser will appear to be
https://www.epic.com
If you have set punycode to = True then it will show its' true address, which is
https://www.xn--e1awd7f.com/

Posted: **April 28, 2017, 1:14 pm**

Many thanks Bob

Udon Thani Thailand Forum - Udon Thani, Thailand

New Browser flaw

New Browser flaw

Re: New Browser flaw

Re: New Browser flaw

Re: New Browser flaw

Re: New Browser flaw

Re: New Browser flaw

Re: New Browser flaw

Re: New Browser flaw

Re: New Browser flaw

Re: New Browser flaw