when apple.com != apple.com – Phishing with Unicode Domains – Xudong Zheng
Posted by jpluimers on 2017/04/21
Vulnerability in Chrome, Firefox, and Opera makes users susceptible to phishing with Unicode domains.
Basically these are not the same sites:
Depending on the font used, you might notice it if you look very careful.
Keywords: Unicode codepoints, visual similarity, codepoint to character mapping in fonts, Punycode
- [WayBack] Punycode – Wikipedia
- [WayBack] IDN homograph attack – Wikipedia
- [WayBack] IDN in Google Chrome – The Chromium Projects
- [WayBack] The Go Playground – comparing
- [WayBack] 683314 – Security: Whole-script confusable domain label spoofing – chromium – Monorail
- [WayBack] 1332714 – IDN Phishing using whole-script confusables on Windows and Linux