beaware of the fake urls encoded as like the real thing

[hotcoffe]

See: https://thehackernews.com/2017/04/unicode-Punycode-phishing-attack.html

Note from Skuzzy:  I had to remove this post as it could have caused a lot of problems for people who might have actually clicked on those links in the post.  Instead, the above link will describe the problem and if someone clicks on something at that site, then they will not come back to us complaining about how their computer was taken over by some hacker group.

[guncrasher]

Really you posted bad links?


Semp

[hotcoffe]

Really you posted bad links?


Semp

no i posted a warming article about bad links ... (basically copy paste)

[hotcoffe]

just got the word from our security team that google has also released a fix:

`Some of you have already spotted that Google have released the relevant update for Chrome web browser yesterday (after we started writing the below bulletin), so Chrome users should update now via (triple-dot-menu)->help->About Google Chrome – and “relaunch” Chrome (click the button) after the updated version (release 58 or later) has installed.`

[shotgunneeley]

When you have a hyperlink directing you to click "here" or something, simply hover your mouse over it without clicking - The url will then become visible.

So for example, you get an email supposedly from Bank of America stating click "here" to view your account, but the URL reads "fastcashfakes" - it ain't Bank of America!

[Vulcan]

When you have a hyperlink directing you to click "here" or something, simply hover your mouse over it without clicking - The url will then become visible.

So for example, you get an email supposedly from Bank of America stating click "here" to view your account, but the URL reads "fastcashfakes" - it ain't Bank of America!

Nope.

[Bizman]

Nope.

I'd rather call it better than nothing. For most people that would be a huge step forward towards safer networking.

I'd also very much like to hear from better alternatives since that is an area where the crooks always seem to be one step ahead.

[Vulcan]

I'd rather call it better than nothing. For most people that would be a huge step forward towards safer networking.

I'd also very much like to hear from better alternatives since that is an area where the crooks always seem to be one step ahead.

Well it is nothing.

IF you two read the links what happens is the punycode URLs look exactly like real URLs. You hover over them and they look correct. Hence the nope.

I believe most browsers are about to be patched.

Otherwise a good firewall (appliance) doing content inspection (web content, SSL decrypt, application, IPS, sandbox analysis).

Or perhaps a good Next Gen AV (don't ask me which one for consumer sorry).

ALWAYS assume that the people factor will fail you. "I only visit safe websites" = bollocks, safe websites get compromised all the time. "I can spot phishing emails" = bollocks, last year image exploits were used in emails to auto-execute java vulnerabilities with no user action required. And so on.

[JimmyC]

Hang on....
Is this real fake news?

[shotgunneeley]

All that I intended to point out is that if you are suspicious you have a spam/phishing email with a hyperlink, you can simply hover over the hyperlink without clicking on it to see its true url destination. Sure, hackers may have a way around this - but this narrows things down a lot when I get questionable work emails. To my knowledge, there is no harm in simply checking the targeted url link by this method.

[Bizman]

Actually not all browsers show the destination URL if the Status Bar has been disabled. Firefox does, PaleMoon doesn't, for example. Also, the larger the monitor the less you take notice of what reads in the bottom corners.

[Beefcake]

My question is does this affect bookmarks and the like? Or is it clicking links from emails or websites? I generally never click anything in emails and I usually go direct to the site to do my business.

Guess I'll have to start checking certificates on alot of sites I use.

[Bizman]

Now that you mentioned bookmarks...

Every now and then I've noticed that a bookmark no longer works, i.e. the page it links to doesn't exist. That has proved true especially for big companies like banks, ISP's etc. who provide a lot of online services. They change the looks and functionality of their websites sometimes very drastically, like a bank who quit using Java on their online banking system. After a transition period the Java related page stopped working and people having that saved as a bookmark called for help. What if someone found a way to fake those obsolete pages. I don't know if that were even possible, after all the bookmarks direct to the right domain/server to their 404 page. Further, critical services most likely don't get on the "this domain is available" marketing pages. But who knows, there's people out there looking for flaws and backdoors, maybe one day an old bookmark can lead to a fake site. In a world of alternative facts we're more and more getting into the philosophical question of existence: Do we exist or are we just element's in someone else's dream?

[Vulcan]

My question is does this affect bookmarks and the like? Or is it clicking links from emails or websites? I generally never click anything in emails and I usually go direct to the site to do my business.

Guess I'll have to start checking certificates on alot of sites I use.

Bookmarks no, emails yes most definitely. All the major browsers have patched or are patching to mitigate this problem. So give it a week or two and you'll be safe.