Skip to main content

This spoof Apple site illustrates the sophistication of today’s phishing attacks

Most phishing attacks – links that send you to a fake website in the hope that you’ll login with your real credentials – are usually easy to detect. Emails are often generic, rather than using your registered name. Grammar is poor or the wording is weird. The email will threaten closure of your account if you don’t take urgent action, and so on.

If you did miss all these clues and click on the link, the URL would show that it’s not really the site that it claims to be. But one demonstration site created by a Chinese security researcher shows how it’s possible to visit a fake website that seemingly shows the correct https://www.apple.com URL in a browser window …

The trick employed by the site is to use Unicode characters that look the same as the appropriate ASCII characters for the site impersonated, explains researcher Xudong Zheng.

It is possible to register domains such as “xn--pple-43d.com”, which is equivalent to “аpple.com”. It may not be obvious at first glance, but “аpple.com” uses the Cyrillic “а” (U+0430) rather than the ASCII “a” (U+0061). This is known as a homograph attack.

Safari isn’t fooled by this, but Chrome, Firefox and Opera all are. You can see this for yourself by using any of them to visit https://www.xn--80ak6aa92e.com (this is perfectly safe, it’s a site created by Zheng as a proof of concept). In Safari, you’ll see this URL as it appears here – but in the other browsers it will look exactly like https://www.apple.com.

Of course, to take full advantage of the exploit a phisher would have to make the email directing you there look as convincing as the site, but many people are fooled by even halfway-convincing emails.

The trick strengthens the usual advice: always visit websites from your own bookmarks or by typing the URL, never from a link in an unexpected email, even if it appears to be from someone you know. You can find more tips here.

Phishing was one of two methods used to obtain the iCloud logins used in the celebrity nudes attack back in 2014.


SOURCE
Labels:

Comments

Post a Comment

Popular posts from this blog

So this is basically / Asi que esto es basicamente... [SPANISH TEXT]

Si amigos, basicamente la idea del blog fue introducir a todos en el mundo de la tecnologia y hacer que esta no fuera tan "compleja" o "complicada" para todos. Ultimamente no hago reviews propios, ya que me tomo la molestia de elegir buenas noticias (que considero) para su placer informativo (bueno, las visitas me dicen que lo estoy haciendo bien) Pero, y si algun dia llegase a terminar todo? Regalar el dominio? Vender el blog? Nah, muchas veces me lo he preguntado pero... por algo senti el deseo de escribirles, desde mi misma mano y tecla, porque esto es lo que me apasiona: la tecnologia, la programacion, el llevar todo niveles superiores, exponenciar mi capacidad de analisis. De esto se trata todo, esto es basicamente el alma del blog: tecnologia. Actualmente me encuentro en otra ciudad, desde hace ya 1 mes. Las cosas han estado normales, pues dentro de lo que alguien podria definir de "normal". Gracias a Dios no me hace falta lo basico, desafortunad...
Post a Comment
Read more

Child-friendly Galaxy Tab 3 Kids listed in Korean brochure

We're no experts in Korean back-to-school literature, but it looks as if one retailer has tipped Samsung's plans a little early. If the documents above are legitimate, then the company will launch a kiddie-focused Galaxy Tab in short order. The Galaxy Tab 3 Kids is said to be an 8.5-inch slate with a 1.2GHz dual-core CPU, a 1,024 x 600 WSVGA display, 8GB storage, 1GB RAM and Jelly Bean. The company has also seen fit to include 802.11 a/b/g/n WiFi, Bluetooth 3.0, a microSD card slot (no word on capacity) and a 4,000mAh battery. One thing that lends weight to the listing is that the device's model number is SM-T2105, which evleaks tersely described as a "Galaxy Tab for children" a month ago. There's more pictures over at the source, but not a single spec saying that this new device is resistant to jam-smeared fingers. Source: ENGADGET
Post a Comment
Read more

The Ford Fiesta 2011 Was the Budget Hacker’s Dream (And No One Noticed)

The Ford Fiesta 2011 Was the Budget Hacker’s Dream (And No One Noticed) If you ever drove a Ford Fiesta 2011 SE and felt like it had hidden potential, you weren’t wrong — it was a software-defined vehicle before that was even a buzzword . While most saw it as a humble economy car, tinkerers and enthusiasts quickly discovered that the Fiesta was actually modular, reprogrammable, and surprisingly future-proof . With the right tools (and a bit of nerve), you could unlock features typically reserved for higher trims, all with minor hardware tweaks and some clever software work. Here’s a deep dive into the hidden arsenal of the 2011 Fiesta — and why it deserves a cult status among modders. The Secret Weapon: Shared Architecture Ford built the Fiesta using a highly modular electronic architecture . Many trims — from the base SE to the Titanium — shared the same PCM, wiring harnesses, and core modules . That meant you could: Add hardware from higher trims (like steering wheel...
Post a Comment
Read more