If you're creating an application that displays URLs to users (chat app for example), please make sure to apply spoof checks to avoid use of UTF-8 confusables in IDN homograph attacks. You may want to

Harry Sintonen@infosec.exchange to Cybersecurity@fedia.io · 2 days ago

If you’re creating an application that displays URLs to users (chat app for example), please make sure to apply spoof checks to avoid use of UTF-8 confusables in IDN homograph attacks. You may want to block URLs with hostnames that get flagged, or display them in #punycode instead.

As an example, see https://github.com/chromium/chromium/tree/main/components/url_formatter/spoof_checks

In particular https://github.com/chromium/chromium/blob/8e070073d47861b8bfc7548dce8fcfc708a356fb/components/url_formatter/spoof_checks/idn_spoof_checker.cc#L177 is quite interesting read.

#cybersecurity #infosec

You must log in or register to comment.

Chat