Software Development, IT Services, IT Security

This link does not go to apple.com

apple.com

<Update> Most browsers seem to have the problem fixed, if you still see the issue, check for updates to your browser</Update>

If you click on this link and you are using Chrome or Firefox you will probably see that it looks like a perfectly secure connection to apple.com, only it isn’t.

The bug lies with the way the browsers handle Unicode, the actual URL is https://www.xn--80ak6aa92e.com/ but the browsers process this as though it is different to the normal ASCII character set used in English, for example domain names may now include Chinese characters, some of those alternative character sets such as Cyrillic also contain characters that look like some of the standard English characters, so the browser does it’s best to display the URL correctly.

The URL in the example is perfectly valid, with a valid security certificate, but could obviously used in dangerous ways, should the URL be pointing to a domain that looks like your bank but is a cloned site.

The odd thing about this Homograph Attack , is that it was identified over ten years ago, and used against paypal.com iin 2001, yet the problem still exists.

The only way you can see there is something wrong, is by copying and pasting the URL back into the URL bar, that shows the real URL, until you load the page.

Newer versions of Chrome and Firefox will fix the issue, so keep your browsers updated and until then, be careful what you click.

 

 

 

WhatsApp chat