Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > Kutha kulembetsa madera a phishing okhala ndi zilembo zofananira za unicode m'dzina

Kutha kulembetsa madera a phishing okhala ndi zilembo zofananira za unicode m'dzina

Ofufuza osungunuka kuwululidwa njira yatsopano yolembera madambwe ndi ma homoglyphs, omwe amawoneka ofanana ndi madambwe ena, koma amasiyana chifukwa cha kupezeka kwa zilembo zomwe zili ndi tanthauzo losiyana. Madomeni ofanana padziko lonse lapansi (IDN) poyang'ana koyamba sizingasiyane ndi madera amakampani ndi mautumiki odziwika bwino, zomwe zimawalola kugwiritsidwa ntchito ngati chinyengo, kuphatikiza kupeza ziphaso zolondola za TLS kwa iwo.

Kulowa m'malo mwachikale kudzera mu domain lofanana la IDN kwatsekedwa kale mu asakatuli ndi olembetsa, chifukwa choletsa kusakaniza zilembo za zilembo zosiyanasiyana. Mwachitsanzo, dzina labodza apple.com ("xn--pple-43d.com") silingapangidwe pochotsa liwu lachilatini "a" (U+0061) ndi Cyrillic "a" (U+0430), kuyambira kusakanizikana. zilembo mu ankalamulira kuchokera zilembo zosiyanasiyana saloledwa. Mu 2017 anali anapeza njira yolambalala chitetezo chotere pogwiritsa ntchito zilembo za unicode padomeni, osagwiritsa ntchito zilembo zachilatini (mwachitsanzo, kugwiritsa ntchito zilembo za chilankhulo chokhala ngati Chilatini).

Tsopano njira ina yodutsira chitetezo yapezeka, kutengera kuti olembetsa amaletsa kusakanikirana kwa Chilatini ndi Unicode, koma ngati zilembo za Unicode zomwe zafotokozedwa mu domain ndi gulu la zilembo zachilatini, kusakanikirana kotereku ndikololedwa, popeza zilembozo ndi za ku zilembo zomwezo. Vuto ndilokuti kuwonjezera Unicode LatinIPA pali ma homoglyphs ofanana m'malembedwe ku zilembo zina za zilembo zachilatini:
chizindikiro"Ι‘"kufanana" ndi "a", "Ι‘"- "g", "Ι©"-"l".

Kutha kulembetsa madera a phishing okhala ndi zilembo zofananira za unicode m'dzina

Kuthekera kolembetsa madera omwe zilembo zachilatini zimasakanizidwa ndi zilembo za Unicode zidadziwika kwa Verisign registrar (olembetsa ena sanafufuzidwe), ndipo ma subdomain adapangidwa ku Amazon, Google, Wasabi ndi DigitalOcean services. Vutoli lidapezeka mu Novembala chaka chatha ndipo, ngakhale zidziwitso zidatumizidwa, miyezi itatu pambuyo pake, panthawi yomaliza, idangokhazikitsidwa ku Amazon ndi Verisign.

Panthawi yoyeserera, ofufuzawo adawononga $400 kuti alembetse madera otsatirawa ndi Verisign:

  • amzon.com
  • chsese.com
  • ochita.com
  • Ι‘mΙ‘il.com
  • .comppΙ©e.com
  • ebyy.com
  • Ι‘matsenga.com
  • zambita.com
  • almakhadze.com
  • maguchi.com
  • chintanamama.com
  • magwire.com
  • mochita.com
  • wssbisys.com
  • yuhoo.com
  • cΙ©mafhadi.com
  • anayankha
  • gmΙ‘i.com
  • gooleapis.com
  • chinthansap
  • achimango.com
  • microsoftonΙ©ine.com
  • mΙ‘zonΙ‘ws.com
  • roidndroid.com
  • netfix.com
  • nvidiΙ‘.com
  • @alirezatalischioriginal

Ofufuzawo adayambitsanso utumiki wapaintaneti kuti muwone madera awo kuti mupeze njira zina zogwiritsira ntchito ma homoglyphs, kuphatikizapo kuyang'ana madera omwe adalembetsedwa kale ndi ziphaso za TLS zokhala ndi mayina ofanana. Ponena za satifiketi za HTTPS, madambwe 300 okhala ndi ma homoglyphs adawunikidwa kudzera mu zipika za Certificate Transparency, zomwe m'badwo wa satifiketi unalembedwa 15.

Asakatuli apano a Chrome ndi Firefox amawonetsa madera oterowo mu ma adilesi omwe ali ndi mawu oyambira "xn--", komabe, mu maulalo, madambwe amawoneka osasinthika, omwe angagwiritsidwe ntchito kuyika zinthu zoyipa kapena maulalo m'masamba, mobisa. zotsitsa kuchokera kumasamba ovomerezeka. Mwachitsanzo, pa limodzi la madera odziwika omwe ali ndi ma homoglyphs, mtundu woyipa wa laibulale ya jQuery unagawidwa.

Source: opennet.ru

Kuwonjezera ndemanga