Punycode Exploit Puts One Billion Chrome & Firefox Users at Catastrophic Risk for Undetectable Phishing Attacks / Epic Privacy Browser Users are Safe

Epic users, you’re all safe :-D !

The Punycode exploit uses the way unicode is handled by the address bar of some browsers to appear to be a website it isn’t. You can test your browser by pasting this url in its address bar:

https://www.xn--80ak6aa92e.com/

If the address bar says Apple.com as it does in Chrome and in Firefox, then you’re vulnerable. Google and Mozilla have known about this bug since late January but yet to rectify it for the billion or so Firefox and Chrome users. It’s a relatively simple issue to fix so it’s mystifying why Mozilla and Google would delay or refrain from protecting their users from potentially devastating, undetectable attacks that could steal their banking and other login credentials.

Here’s an example of the exploit.

Epic Privacy Browser is Safe on the left.  Chrome on the right is vulnerable.

Epic Privacy Browser is Safe on the Left. Chrome on the Right is Vulnerable.

This vulnerability was discovered by a brilliant Chinese researcher Xudong Zheng and he details it here:

https://www.xudongz.com/blog/2017/idn-phishing/

For any concerned internet users, it’s an ideal moment to try our Epic Privacy Browser which is immune to the Punycode exploit. We take security and privacy extremely seriously — all Epic users are safe!

The Epic Privacy Browser is the world’s only comprehensive, private and secure web browser. Epic is built on Chromium and blocks ads, trackers, Google tracking, and many fingerprinting techniques. Epic includes a built-in free, unlimited VPN (our encrypted proxy) with eight countries (Germany, France, the UK, the Netherlands, Singapore, India, Canada, and the US) to choose from for Windows users. We protect hundreds of thousands of users around the world every single day. Epic takes less than a minute to install and is a free download via epicbrowser.com — give it a spin and let us know how it feels to browse privately and securely!

Comments
  1. Anonymous

Leave a Reply

Your email address will not be published.


1 + eight =