loading...

Discussion on: Homographs, Attack!

Collapse
defman profile image
Sergey Kislyakov πŸ‡·πŸ‡ΊπŸ‡ΊπŸ‡Έ

Firefox users: you can go to about:config and switch network.IDN_show_punycode to true.

pic

Collapse
logan profile image
Logan McDonald Author

Yep! Unfortunately this always shows punycode for all IDNs not just malicious ones. Wish they'd come up with a solution as a default for just the potentially malicious ones like Chrome did!

Collapse
defman profile image
Sergey Kislyakov πŸ‡·πŸ‡ΊπŸ‡ΊπŸ‡Έ

Or they could show it like https://pΠ°ypal.com/ (punycode there)

Thread Thread
logan profile image
Logan McDonald Author

Yes! This is similar to what IE does with IDNs, by showing an informational alert that you're on one as a pop up. (Not sure which IE version does this). Some have suggested color coating non-ASCII text as well. Lots of potential solutions 😊