Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  login

* dpkg ponders: 'C++' should have been called 'D' -- #Debian


computers / rocksolid.shared.security / 2 year old phishing vuln still open

SubjectAuthor
* 2 year old phishing vuln still openAnonUser
`- Re: 2 year old phishing vuln still openAnonUser

1
2 year old phishing vuln still open
  rocksolid.shared.security
Path: i2pn2.org!rocksolid2!.POSTED.localhost!not-for-mail
From: AnonUser@rslight.i2p (AnonUser)
Newsgroups: rocksolid.shared.security
Subject: 2 year old phishing vuln still open
Date: Sun, 10 Nov 2019 22:08:23 -0000 (UTC)
Organization: Rocksolid Light
Message-ID: <e559a77f9fe0122e609f566061d1f4cf$1@rslight.i2p>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 10 Nov 2019 22:08:23 -0000 (UTC)
Injection-Info: novabbs.com; posting-account="retrobbs1"; posting-host="localhost:127.0.0.1";
logging-data="6346"; mail-complaints-to="usenet@novabbs.com"
User-Agent: rslight (http://news.novabbs.com)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on novabbs.com
X-Rslight-Site: $2y$10$jvHZGW/CjaMuzZ7zdxYRz.WeqwiqnaE9yD01t19POL/9uYegwCjPe
Xref: rslight2 rocksolid.shared.security:81
 by: AnonUser - Sun, 10 Nov 2019 22:08 UTC

https://thehackernews.com/2017/04/unicode-Punycode-phishing-attack.html

I tested that with tbb and firefox and sure enough, both were vulnerable.

this domain here:
https://xn--80ak6aa92e.com/
displays as
https://apple.com

I guess ssl on the whole is just fucked, even if this one here is not
linked directly to it. Wonder if this could work with onion addresses as
well ?
--
Posted on Rocksolid Light

Re: 2 year old phishing vuln still open
  rocksolid.shared.security
Path: i2pn2.org!rocksolid3!.POSTED.localhost!not-for-mail
From: anonuser@retrobbs.rocksolidbbs.com.remove-p1r-this (AnonUser)
Newsgroups: rocksolid.shared.security
Subject: Re: 2 year old phishing vuln still open
Date: Sun, 10 Nov 2019 23:59:37 +0000
Organization: RetroBBS
Message-ID: <3ad1b68f40b4ea63b1aab4ab1b36be2c$1@retrobbs.i2p>
References: <e559a77f9fe0122e609f566061d1f4cf$1@rslight.i2p>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: rocksolidbbs.com; posting-host="localhost:127.0.0.1";
logging-data="7881"; mail-complaints-to="usenet@rocksolidbbs.com"
User-Agent: rslight (http://news.novabbs.com)
To: AnonUser
X-Comment-To: AnonUser
In-Reply-To: <e559a77f9fe0122e609f566061d1f4cf$1@rslight.i2p>
X-FTN-PID: Synchronet 3.17a-Linux Dec 29 2018 GCC 6.3.0
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on rocksolidbbs.com
X-Rslight-Site: $2y$10$DT3SgorDnCRvnygH8K3scOmlbBs/tZTbkDTtipQpfnrpDNgDgkOzW
X-Gateway: retrobbs.rocksolidbbs.com [Synchronet 3.17a-Linux NewsLink 1.110]
Xref: rslight2 rocksolid.shared.security:82
 by: AnonUser - Sun, 10 Nov 2019 23:59 UTC

To: AnonUser
This is terrible design...

>Wonder if this could work with onion addresses as well ?
Doubt it. I think Tor can only resolve onion hashes and the browser would
translate the utf8 to the punycode equivalent and try to pass that to Tor.
Tor would then not be able to resolve that hash.

This would only partially work for registered I2P domain names but not the
b32 hash.

If you enter xn--80ak6aa92e.i2p into your I2P browser right now, it will
translate it to "apple.i2p" but it isn't in your addressbook so it will
ask if you want to use a jump service. There you get two options (with
I2PD):

inr.i2p:
http://joajgazyztfssty4w2on5oaqksz6tqoxbduy553y34mf4byv6gpq.b32.i2p/search/?q=xn--80ak6aa92e.i2p
stats.i2p:
http://7tbay5p4kzeekxvyvbf6v7eauazemsnnl2aoyqhg5jzpr5eke7tq.b32.i2p/cgi-bin/jump.cgi?a=xn--80ak6aa92e.i2p

If you follow stats.i2p then it displays the punycode in the error "Your
attempt to jump to "xn--80ak6aa92e.i2p" failed", so I assume it would do
the same on success. Though if it is successful at finding it, then IIRC
it will automatically jump after a few seconds while displaying something
like "found ${insert hostname}! redirecting..." so it would work with
someone not paying attention. With inr.i2p I don't know, because you would
have to register xn--80ak6aa92e.i2p for it to show up in the list to find
out.

Maybe someone is curious enough to set up an eepsite and register it to
find out :).
--
Posted on RetroBBS

1
server_pubkey.txt

rocksolid light 0.9.1
clearnet tor