A new security threatsteemCreated with Sketch.

in security •  8 years ago 

Punycode makes it possible to register domains with foreign characters. It works by converting individual domain label to an alternative format using only ASCII characters. For example, the domain "xn--s7y.co" is equivalent to "短.co".

That basically means if you don't eliminate this threat ( which I will explain how to do below) it is very easy to be targeted. You could either be lured on a fake slack, with fake profiles, a fake online wallet (to steal your login credentials) etc.

But luckily you have me, and I can tell you how to make it impossible to fall for such an attack, all you have to do is use Firefox, enter "about:config" in your url bar, hit enter, then search for "puny" and double click the upcoming entry, so it is true, instead of false. Keep your coins safe guys : )

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Using a password manager like Lastpass can help as it won't be fooled by the fake domain.

If someone gets into your PC they can steal the passwords, because the manager saves them in a file :)

Not necessarily. A good manager encrypts the file. Lastpass is cloud based, but there are alternatives if you want more control. The important thing is that it checks the domain matches the password and doesn't try to log into a fake site. If you do it manually you may be fooled.

Of course it is not necessarily vulnerable, but encryptions can be cracked, and do you still trust online services? After MtGox? After LinkedIn? After Dropbox?I could give you many more examples. I think it is the easiest solution to just change the setting, it takes about 10 seconds, and doesn't have any negative side effects