That apple.com link you clicked on? Yeah, it’s actually Russian

“Click this link (don’t fret, nothing malicious),” Kieren McCarthy reports for The Register. “Chances are your browser displays ‘apple.com’ in the address bar. What about this one? Goes to ‘epic.com,’ right?”

“Wrong. They are in fact carefully crafted but entirely legitimate domains in non-English languages that are designed to look exactly the same as common English words,” McCarthy reports. “The real domains for the two above links are: xn--80ak6aa92e.com and xn--e1awd7f.com.”

“In quick testing by El Reg, Chrome 57 on Windows 10 and macOS 10.12, and Firefox 52 on macOS, display apple.com and epic.com rather than the actual domains,” McCarthy reports. “We’re told Chrome 57 and Firefox 52 are vulnerable while Safari and Internet Explorer are in the clear. Bleeding-edge Chrome 60 on macOS 10.12 was not vulnerable.”

“This domain disguising, which tricks people into visiting a site they think is legit but really isn’t, is called a ‘homograph attack’ – and we were supposed to have fixed it more than a decade ago when the exact same problem was noticed with respect to the address ‘paypal.com,'” McCarthy reports. “So what is this, how does it work, and why does it still exist?”

Read more in the full article here.

MacDailyNews Take: Ⅼеτ’ѕ Ье ϲагеғυⅼ оυτ τһеге. ⋃ѕе а геаⅼ Ьгоѡѕег!

35 Comments

    1. Trump is the one being investigated by the FBI and congress for collusion with the Russians that could lead to treason. Several members of Trump’s people had contacted the Russians even before Trump was sworn in.

        1. You mean you can’t find any where on the web of Trump being investigated by the FBI and the two houses of congress for Russian hacking of the elections and other charges?

          I suppose you also can’t find on the web that the attorney general lied to congress about meeting with the Russians 3 times before being sworn in.

          I suppose you can’t find on the web that Trump’s former national security advisor had spoken to the Russians before Trump was sworn in. Not to mention he was on the Russian and Turkish payroll while serving Trump. He has agreed to testify for immunity.

            1. Yeah, responding to botty is a waste of time. Even if you provide verifiable evidence and links, he would disregard them because the truth would conflict with his preferred worldview.

              The same goes for Fwhatever and kent. They believe what they want to believe, cite ridiculous hearsay/supposition that supports their beliefs, and circle jerk to the results in a wild fit of verbose alt-right ecstasy.

              They are all a waste of time and a cancer on this country and society, in general.

          1. Not a one of those support your accusation of “Trump is the one being investigated by the FBI and congress for collusion with the Russians that could lead to treason.”

            BBC link: “So far, no single piece of evidence has been made public proving that the Trump campaign joined with Russia to steal the US presidency – nothing.”

            FOX link: That story is irrelevant as Flynn was fired by The President.

            I do not even comment on any story from Fake News Central, aka PuffHo.

            try again, punk.

          2. Just relax and give it time, bjr001. As with Watergate, the truth will eventually be revealed and action will be taken. It remains to be seen whether Trump was simply stupid and oblivious, or also complicit.

  1. The FBI has said the Russians are behind most of the fake news especially leading up to the elections. Social media is a toilet of fake news including youtube. Everything from Pizzagate to Hillary being arrested. Republicans are Russian patsy’s.

    1. There are no examples of “Russian fake news”, though. You are just parroting the establishment propaganda. Neither Pizzagate nor Hillary’s arrest “news” have anything to do with the Russians.

  2. Safari and Internet Explorer are in the clear. Well I use Safari only so that said not an issue. Also you shouldn’t click on links from other sources that you don’t know of anyways.

    1. Been using Opera lately because of its free VPN feature. Hoping Apple does that for Safari soon. I don’t want my ISP knowing what sites I visit and what I do there, let alone selling that information to whomever they want. And I don’t like scumbag sites tracking me by IP address and browser fingerprinting, so the VPN addresses most of that.

      Opera’s a bit buggy, but is filling most of my privacy needs.

      Not currently using Opera for viewing MDN as the default setting I have on it is to block ads and MDN denies you access if you do that. However, my intent is not to block ads, just all the tracking beacons and other BS associated with them.

    1. Safari did’t fall for it, but Chrome did.
      Not sure what you are using.

      A real eye opener. Can’t think of a better reason to keep using Safari.

      1. For Chrome (Version 57.0.2987.133 (64-bit)) the “apple.com” results in “Server could not be reached; аррӏе.com’s server DNS address could not be found.” The “www.epic.com” however went through. Pasting the latter provided URL in notepad makes it obvious the “www” portion of the URL is not ‘normal’.

  3. MDN: yes, but when Safari just doesn’t work for a website (happens a lot) users will get fed up and use something else.

    Why do I have to use Chrome instead of Safari for dime sites (quite a lot if sites actually)?

Add Your Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.