ProHoster > Ibhulogi > iindaba ze-intanethi > Ukukwazi ukubhalisa imimandla ye-phishing eneempawu ze-unicode ezifanayo egameni

Ukukwazi ukubhalisa imimandla ye-phishing eneempawu ze-unicode ezifanayo egameni

Abaphandi abavela kwi-Soluble tyhiniwe indlela entsha yokubhalisa imimandla nge iihomoglyphs, iyafana ngenkangeleko kweminye imimandla, kodwa eneneni yahlukile ngenxa yobukho babalinganiswa abanentsingiselo eyahlukileyo. Imimandla efanayo yamazwe ngamazwe (IDN) inokuthi ekuqaleni ingohlukanga kwimida yeenkampani ezaziwayo-kakuhle kunye neenkonzo, ezivumela ukuba zisetyenziselwe ukukhohlisa, kubandakanya ukufumana izatifikethi ezichanekileyo ze-TLS kubo.

Ukutshintshwa kweClassic ngokusebenzisa i-IDN ebonakala ngathi i-domain ivaliwe ixesha elide kwiiphequluli kunye neerejistra, ngenxa yokuvinjelwa kokuxuba abalinganiswa kwiialfabhethi ezahlukeneyo. Umzekelo, idomeyini eyidummy apple.com (β€œxn--pple-43d.com”) ayinakwenziwa ngokususa isiLatini β€œa” (U+0061) ngesiCyrillic β€œa” (U+0430), ekubeni iileta kwidomeyini zixutywe ukusuka kwialfabhethi ezahlukeneyo azivumelekanga. Ngo-2017 kwakukho ifunyenwe indlela yokulugqitha olo khuseleko ngokusebenzisa oonobumba beyunicode kuphela kummandla, ngaphandle kokusebenzisa ialfabhethi yesiLatini (umzekelo, ukusebenzisa iisimboli zolwimi ezinoonobumba abafana nesiLatini).

Ngoku enye indlela yokugqithisa ukhuseleko ifunyenwe, ngokusekelwe kwinto yokuba iirejistra zivimba ukuxuba isiLatini kunye ne-Unicode, kodwa ukuba iimpawu ze-Unicode ezichazwe kwi-domain zeqela leempawu zesiLatini, ukuxuba okunjalo kuvunyelwe, ekubeni iimpawu zingabo. ialfabhethi efanayo. Ingxaki kukuba kulwandiso Unicode Latin IPA kukho ii-homoglyphs ezifanayo ngokubhaliweyo kwabanye oonobumba bealfabhethi yesiLatini:
uphawu "Ι‘"ifana no"a", "Ι‘"- "g", "Ι©"-"l".

Ukukwazi ukubhalisa imimandla ye-phishing eneempawu ze-unicode ezifanayo egameni

Ithuba lokubhalisa i-domain apho i-alfabhethi yesiLatini ixutywe kunye neempawu ze-Unicode ezichaziweyo zichongiwe ngumbhalisi u-Verisign (abanye ababhalisi abazange bavavanywe), kwaye i-subdomains yenziwa kwiinkonzo ze-Amazon, i-Google, i-Wasabi kunye ne-DigitalOcean. Ingxaki yafunyanwa ngoNovemba kulo nyaka uphelileyo kwaye, nangona izaziso zithunyelwe, kwiinyanga ezintathu kamva yalungiswa ngomzuzu wokugqibela kuphela e-Amazon naseVerisign.

Ngexesha lovavanyo, abaphandi bachithe i-400 yeedola ukubhalisa le mimandla ilandelayo ngeVerisign:

  • amzon.com
  • chsese.com
  • slesolinenecuba.com
  • Ndibulele.com
  • .comppΙ©e.com
  • ebyy.com
  • .comstatic.com
  • zintsi.com
  • elokuni.com
  • leendek.com
  • lucangcube.com
  • oyifumi.com
  • lungelcom.com
  • wssbisys.com
  • yuhoo.com
  • lungelojk.com
  • deΙ©Ι©.com
  • yifumni.com
  • www.gooΙ‘leapis.com
  • huffinkhangela.com
  • zeksiva.com
  • microsoftonΙ©ine.com
  • Ι‘mΙ‘zonΙ‘ws.com
  • roidndroid.com
  • netfix.com
  • nvidiΙ‘.com
  • .comoogΙ©e.com

Abaphandi baye baqalisa inkonzo ye-intanethi ukukhangela iindawo zakho zokhetho olunokwenzeka ngeehomoglyphs, ukuquka ukujonga imimandla esele ibhalisiwe kunye nezatifikethi zeTLS ezinamagama afanayo. Ngokubhekiselele kwizatifikethi ze-HTTPS, imimandla ye-300 ene-homoglyphs yatshekishwa ngokusebenzisa iilogi zeSatifikethi sokuNgafihli, apho ukuveliswa kwezatifikethi zabhalwa kwi-15.

Iibhrawuza zangoku zeChrome kunye neFirefox zibonakalisa imimandla enjalo kwibha yedilesi kwinqaku elinesimaphambili β€œxn--β€œ, nangona kunjalo, kumakhonkco amakhonkco avela ngaphandle koguqulo, anokusetyenziswa ukufaka izixhobo eziyingozi okanye amakhonkco kumaphepha, ngokufihlakeleyo. zokukhuphela kwiisayithi ezisemthethweni . Ngokomzekelo, kwelinye lemimandla echongiweyo ene-homoglyphs, ukuhanjiswa kwenguqulelo engalunganga yelayibrari ye-jQuery yarekhodwa.

umthombo: opennet.ru

Yongeza izimvo