21

If you're creating an application that displays URLs to users (chat app for example), please make sure to apply spoof checks to avoid use of UTF-8 confusables in IDN homograph attacks. You may want to (infosec.exchange)

submitted 2 days ago by harrysintonen@infosec.exchange to c/cybersecurity@fedia.io

0 comments fedilink hide all child comments

If you're creating an application that displays URLs to users (chat app for example), please make sure to apply spoof checks to avoid use of UTF-8 confusables in IDN homograph attacks. You may want to block URLs with hostnames that get flagged, or display them in #punycode instead.

As an example, see https://github.com/chromium/chromium/tree/main/components/url_formatter/spoof_checks

In particular https://github.com/chromium/chromium/blob/8e070073d47861b8bfc7548dce8fcfc708a356fb/components/url_formatter/spoof_checks/idn_spoof_checker.cc#L177 is quite interesting read.

#cybersecurity #infosec

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here

this post was submitted on 12 May 2025

21 points (100.0% liked)

Cybersecurity

2 readers

12 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Rules

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

founded 2 years ago

MODERATORS

shellsharks@fedia.io

tweedge@fedia.io