WhatsApp users targeted by homoglyph attack peddling free tickets to theme park

Many WhatsApp users would probably view the message as innocent enough, appearing to offer free tickets to Britain’s Alton Towers theme park. But in truth they are being targeted by fraudsters deploying a homoglyph attack.
Read more in my article on t… Continue reading WhatsApp users targeted by homoglyph attack peddling free tickets to theme park

Look-Alike Domains and Visual Confusion

How good are you at telling the difference between domain names you know and trust and imposter or look-alike domains? The answer may depend on how familiar you are with the nuances of internationalized domain names (IDNs), as well as which browser or Web application you’re using.

For example, how does your browser interpret the following domain? I’ll give you a hint: Despite appearances, it is most certainly not the actual domain for software firm CA Technologies (formerly Computer Associates Intl Inc.), which owns the original ca.com domain name:

https://www.са.com/

Go ahead and click on the link above or cut-and-paste it into a browser address bar. If you’re using Google Chrome, Apple’s Safari, or some recent version of Microsoft’s Internet Explorer or Edge browsers, you should notice that the address converts to “xn--80a7a.com.” This is called “punycode,” and it allows browsers to render domains with non-Latin alphabets like Cyrillic and Ukrainian.

Below is what it looks like in Edge on Windows 10; Google Chrome renders it much the same way. Notice what’s in the address bar (ignore the “fake site” and “Welcome to…” text, which was added as a courtesy by the person who registered this domain): Continue reading Look-Alike Domains and Visual Confusion

“Killer text bomb” crashed iPhones, iPads, Macs, and Apple Watches

Apple has confirmed that it is working on a bug fix that will stop apps like Messages from crashing when they attempt to display a Unicode symbol representing a letter from the south Indian language of Telugu. The Unicode-based bug has been exploited b… Continue reading “Killer text bomb” crashed iPhones, iPads, Macs, and Apple Watches