I was reading an article about phishing attacks, using internationalized domains.
Apparently, for example the cyrillic letter 'a' and the latin letter 'a' are look similar, if not identical. This applies to several Cyrillic characters.
I looked at the test website the article was mentioning (xn--80ak6aa92e.com - In discourse I typed x n - - 8 0 a k 6 a a 9 2 e . c o m without the spaces, but as you can see it shows as apple.com) and noticed my browser did indeed assumed I was looking for the apple website (see screenshot below)
I'm wondering if it would be possible to use pihole (regex?) to protect against these homograph attacks?
edit
added firefox screenshot /edit
Screen shot Edge, when opening the link from within discourse.
I just installed firefox though. Fresh download, latest version, and that one does seem to convert it to apple.
I do believe this is not something Pi-hole or any DNS blocker will be able to filter. For all it cares, Pi-hole (DNS resolver) does it's core function. Translate the name to an IP and back.
It's up the the browser to "auto-convert" those characters or not.
Surprisingly, Microsoft ones, didn't do it...
From what I see, it is something that Mozilla will have to "fix".
That notification is actually the index page on that domain ...
Unless you have the cyrillic support in your locale via Putty, your serch was for the actual roman letter "a".
Here's an extract from the original blog post:
Firefox users can limit their exposure by going to about:config and setting network.IDN_show_punycode to true . This will force Firefox to always display IDN domains in its Punycode form, making it possible to identify malicious domains.
This bug was reported to Chrome and Firefox on January 20, 2017 and was fixed in the Chrome trunk on March 24. The fix is included in Chrome 58 which is currently rolling out to users.
