“Click this link (don’t fret, nothing malicious),” Kieren McCarthy reports for The Register. “Chances are your browser displays ‘apple.com’ in the address bar. What about this one? Goes to ‘epic.com,’ right?”
“Wrong. They are in fact carefully crafted but entirely legitimate domains in non-English languages that are designed to look exactly the same as common English words,” McCarthy reports. “The real domains for the two above links are: xn--80ak6aa92e.com and xn--e1awd7f.com.”
“In quick testing by El Reg, Chrome 57 on Windows 10 and macOS 10.12, and Firefox 52 on macOS, display apple.com and epic.com rather than the actual domains,” McCarthy reports. “We’re told Chrome 57 and Firefox 52 are vulnerable while Safari and Internet Explorer are in the clear. Bleeding-edge Chrome 60 on macOS 10.12 was not vulnerable.”
“This domain disguising, which tricks people into visiting a site they think is legit but really isn’t, is called a ‘homograph attack’ – and we were supposed to have fixed it more than a decade ago when the exact same problem was noticed with respect to the address ‘paypal.com,'” McCarthy reports. “So what is this, how does it work, and why does it still exist?”
Read more in the full article here.
MacDailyNews Take: Ⅼеτ’ѕ Ье ϲагеғυⅼ оυτ τһеге. ⋃ѕе а геаⅼ Ьгоѡѕег!