A common technique to lure you via your browser to an unsafe site is to use character encoding so the Universal Resource Locator (URL) is rendered in the browser's address bar as a site you intend, but do not want. Techniques in the past include backspacing.
Recently new techniques called Punnycode (use a search engine to see more details).
An example:
What makes this technique dangerous, the Punnycode can be registered and a certificate issued.
If/when this is done the user has little chance of catching the technique to lure you and your browser to an unsafe site.
Most browsers are vulnerable to this technique.
No comments:
Post a Comment