Rocksolid Light

Welcome to Rocksolid Light

register   nodelist   faq  


rocksolid / rocksolid.shared.security / 2 year old phishing vuln still open

SubjectAuthor
* 2 year old phishing vuln still openAnonUser
`- Re: 2 year old phishing vuln still openAnonUser

Subject: 2 year old phishing vuln still open
From: AnonUser@rslight.i2p (AnonUser)
Newsgroups: rocksolid.shared.security
Organization: Rocksolid Light
Date: Sun, 10 Nov 2019 22:08 UTC
https://thehackernews.com/2017/04/unicode-Punycode-phishing-attack.html

I tested that with tbb and firefox and sure enough, both were vulnerable.

this domain here:
https://xn--80ak6aa92e.com/
displays as https://apple.com

I guess ssl on the whole is just fucked, even if this one here is not linked directly to it. Wonder if this could work with onion addresses as well ?
--
Posted on Rocksolid Light



Subject: Re: 2 year old phishing vuln still open
From: anonuser@retrobbs.rocksolidbbs.com.remove-p1r-this (AnonUser)
Newsgroups: rocksolid.shared.security
Organization: RetroBBS
Date: Sun, 10 Nov 2019 23:59 UTC
  To: AnonUser
This is terrible design...

Wonder if this could work with onion addresses as well ?
Doubt it. I think Tor can only resolve onion hashes and the browser would translate the utf8 to the punycode equivalent and try to pass that to Tor. Tor would then not be able to resolve that hash.

This would only partially work for registered I2P domain names but not the b32 hash.

If you enter xn--80ak6aa92e.i2p into your I2P browser right now, it will translate it to "apple.i2p" but it isn't in your addressbook so it will ask if you want to use a jump service. There you get two options (with I2PD):

inr.i2p:
http://joajgazyztfssty4w2on5oaqksz6tqoxbduy553y34mf4byv6gpq.b32.i2p/search/?q=xn--80ak6aa92e.i2p
stats.i2p:
http://7tbay5p4kzeekxvyvbf6v7eauazemsnnl2aoyqhg5jzpr5eke7tq.b32.i2p/cgi-bin/jump.cgi?a=xn--80ak6aa92e.i2p

If you follow stats.i2p then it displays the punycode in the error "Your attempt to jump to "xn--80ak6aa92e.i2p" failed", so I assume it would do the same on success. Though if it is successful at finding it, then IIRC it will automatically jump after a few seconds while displaying something like "found ${insert hostname}! redirecting..." so it would work with someone not paying attention. With inr.i2p I don't know, because you would have to register xn--80ak6aa92e.i2p for it to show up in the list to find out.

Maybe someone is curious enough to set up an eepsite and register it to find out :).
--
Posted on RetroBBS



1
rocksolid light 0.6.5e
clearnet i2p tor