Phishing an Apple with IDN-Domains · 1 March 05

I just couldn’t resist to demonstrate the possibilities with IDN-Domains. Phishing made easy. On the one hand the new chars that become possible with IDN-Domains should make the Web break out of the boundaries of the ancient ASCII times… on the other hand it opens a complete new door to Phishing attacks.

See my example : http://www.apple.com

The site is also a hint to apple to integrate some intelligent solution to protect the Safari user without destroying the hole new market of IDN-Domains (like FireFox 1.01 does!). My idea would be a blacklist of chars that look very similar to the known ASCII Symbols… these Symbols should be marked in a different color… or brought to attention of the user in some other way (Saft Lite Style).

Also we could trust sites that came up by direct userinput.
Because then we know that somebody intended to see this IDN-Domain.

Update!

Apple fixed the problem in the latest Security update! So make sure to install it (via Software update)! Read about it here ... well I’ll put this one in a pictureframe on my wall!

How does this work

(A)

• the malicious Phisher makes a fake website looking the same as the original availble.
  
• the Phisher sends you the link by mail or links it into a website.

(B)

• the user clicks on the link and opens a fake website that contains password fields.
• the user trusts the website and fills them out.

(C)

• the stolen passwords get submited to the fake server…
  
• the Phisher is happy.

How to fix this …

• Install Saft Lite which is free and fixes the problem on Safari by showing an alertbox with the PunyCode ( but only once while entering such a site).
• Update FireFox to version 1.01 which disables IDN-Domain-features by always showing the PunyCode (this can’t be the solution! There are people out there that have paid money to use IDN’s without any bad intention… example: German Umlaute)

Further links to the topic

If you still don’t grasp what this article is talking about read this

• The Homograph Attack
• Wikipedia : Internationalized domain names
• The PayPal-Example
• Mac-TV : Videostream about Phishing
• Opera Calls for Consortium on IDN Fix

Discussion about this on other sites…

• mactechnews in german
• In the boxer-forum in german
• macnn in english

Announcement

Once Apple’s Safari-Team fixes the issus with an intelligent solution I will be transfering the Domainname to them.

* * *

ONLINESTATUS:

FLASH

Flash based cropping tool released (LGPL)
Flash based Content Management System
Flash based cropping tool
protos@layer51

TXP's

Textpattern Open Source Blog-CMS
Textpattern Flash Satay
Textpattern RewriteRule
Textpattern Textile Tag
Textpattern Run LeveL
Textpattern Gallery
Forum Posts

PRIVAT

Skype rocks...
flashConference Stuftgart 2005
Phishing an Apple with IDN-Domains
The future of mobile computing
Love BOB
wordOptimizer
2 Weeks Berlin ahead!
In the Berlin-Metro
Building a new stable
Welcome to flashrocket news

EXPERIMENTS

Great XMLSA Tutorial!. Checkout this nice tutorial from Jens C. Brynildsen at flashmagazine about a prototype I once wrote to parse XML into an Array-Structure.

flashback. A Flashers Toolbox with just on php-file to install. Adds BrowserHistory and Filesaving to flash projects.

flashzoom. With this little experiment you can zoom into high resolution pictures at low loading costs...

PROJECTS

berlinerklamotten. This site is base on SueperContentCMS… The Project offers young german Designers a plattform to present there label and sell there cloth in Salesrooms.

formentera.eu.com. An interactive mapguide to the island of formentera. Still under development.

MUSIC

Modeselektor tesa

MIXED PICKELS

Dragon Worm. Simple mouse trailer for the Flashkit community

RUNLEVEL

Worldoptimizer Runlevel Framework

CONTACT

contact me by mail

RELATED