• Welcome to Religious Forums, a friendly forum to discuss all religions in a friendly surrounding.

    Your voice is missing! You will need to register to get access to the following site features:
    • Reply to discussions and create your own threads.
    • Our modern chat room. No add-ons or extensions required, just login and start chatting!
    • Access to private conversations with other members.

    We hope to see you as a part of our community soon!

Security Risk. Flaw in Chrome, Firefox and Opera.

Jeremiahcp

Well-Known Jerk
Thought people might like to know about this:

A Chinese infosec researcher has reported about an "almost impossible to detect" phishing attack that can be used to trick even the most careful users on the Internet.

He warned, hackers can use a known vulnerability in the Chrome, Firefox and Opera web browsers to display their fake domain names as the websites of legitimate services, like Apple, Google, or Amazon to steal login or financial credentials and other sensitive information from users.

What is the best defence against phishing attack? Generally, checking the address bar after the page has loaded and if it is being served over a valid HTTPS connection. Right?


Okay, then before going to the in-depth details, first have a look at this demo web page (note: you may experience downtime due to high traffic on demo server), set up by Chinese security researcher Xudong Zheng, who discovered the attack.
“It becomes impossible to identify the site as fraudulent without carefully inspecting the site's URL or SSL certificate.” Xudong Zheng said in a blog post.If your web browser is displaying "apple.com" in the address bar secured with SSL, but the content on the page is coming from another server (as shown in the above picture), then your browser is vulnerable to the homograph attack.

This Phishing Attack is Almost Impossible to Detect On Chrome, Firefox and Opera
 

Jeremiahcp

Well-Known Jerk
I had no problems accessing the site on any of my devices, at any rate I doubt the quoted text is blocked by chrome and it contains everything you really need to know.
 

Jayhawker Soule

-- untitled --
Premium Member
The title is interesting: by listing specific browsers one is tempted to infer that others are not similarly vulnerable, but this does not appear to be the case.
 

Jeremiahcp

Well-Known Jerk
The fact that some people are being blocked and that I have never heard of this before and it references the Chinese I am going to assume that going to either web site is dangerous to me.

I will be on the look out for other information concerning this though, thanks
Assume whatever you wish although it does not reference the Chinese, it reference a Chinese researcher. That is a touch racist of you.

They are probably both getting a security warning due to a targeted shared add, or something of the sort. However the site itself seems fine and information good.

I was actually informed about this risk from a name I trust on a computer forum site that I have been a member of since 2001. But RF rules prevent me from posting links to other forums. So I traced his info back to this source.
 
Last edited:

bobhikes

Nondetermined
Premium Member
Assumes whatever you wish although it does not reference the Chinese, it reference a Chinese researcher. That is a touch racist of you.

They are probably both getting a security warning due to a targeted shared add, or something of the sort. However the site itself seems fine and information good.

I was actually informed about this risk from a name I trust on a computer forum site that I have been a member of since 2001. But RF rules prevent me from posting links to other forums. So I traced his info back to this source.

As I said thanks, the reference to Chinese is not racist but because it makes it hard for me to cross reference. Like when you get those e-mails about African royalty or English banks that have money for me.

As to the security warning no doubt that it could be a shared add, which makes me question the site as I have high security settings on both Mozilla and chrome and there are quite a few sites I get warnings about and I like that as I get very few viruses and have never been phished or ransomed(knock wood).
 

Jeremiahcp

Well-Known Jerk
When I get some time I can post the conversation from the tech forums and a list of his reference. I'll just have to leave the site name and link out as last time I had a post talking about another forum it was deleted and I got a don't do that PM.

It is a bigger security risk to remain in the dark over issues like this. Having worked for a bank I know how easily people get decived by phishing scams and if they can mask their website like this then they could make a fake banksite that looks just like the real thing.
 

Jeremiahcp

Well-Known Jerk
As I said thanks, the reference to Chinese is not racist but because it makes it hard for me to cross reference. Like when you get those e-mails about African royalty or English banks that have money for me.

As to the security warning no doubt that it could be a shared add, which makes me question the site as I have high security settings on both Mozilla and chrome and there are quite a few sites I get warnings about and I like that as I get very few viruses and have never been phished or ransomed(knock wood).

Well I have been to the site several times on multiple devices and I have had no problems. Wait what is happening?! My keyboard! My mouse. . . . I am losing cont. . . .

tHiS ChiN353 hoxar aLL ur int3rn3t5 r b3l0ng 2 us!

56071770.jpg
 

meghanwaterlillies

Well-Known Member
As I said thanks, the reference to Chinese is not racist but because it makes it hard for me to cross reference. Like when you get those e-mails about African royalty or English banks that have money for me.

As to the security warning no doubt that it could be a shared add, which makes me question the site as I have high security settings on both Mozilla and chrome and there are quite a few sites I get warnings about and I like that as I get very few viruses and have never been phished or ransomed(knock wood).
don't say English bank that's racist!
Don't say Chinese or mex or whatever restaurant. That's racist too...just joking. I thought that was funny though.
 
Top