Punycode is one of the ways to represent the Unicode character set using limited ASCII characters, and Unicode is an extended character set used to represent many other types of non-alpha numeric characters. Unfortunately, a Chinese researcher found vulnerabilities in the way Chrome and Firefox handle punycode that could allow attackers to create some pretty legitimate looking domain names for their phishing attacks. Watch today’s video to learn more about this new technique and how it helps phishers.
Episode Runtime: 2:42
Direct YouTube Link: https://www.youtube.com/watch?v=6Wr5zFNyAEU
EPISODE REFERENCES:
- PunyCode Phishing vulnerability can fool even savvy users – gHacks
- New Chrome extension alerts on PunyCode – Google
- Google promises to patch Chrome phishing flaw – Engadget
Corey Nachreiner, CISSP (@SecAdept)
Leave a Reply