• Login
    • Search
    • Categories
    • Recent
    • Tags
    • Users
    • Groups
    • Rules
    • Help

    Do more on the web, with a fast and secure browser!

    Download Opera browser with:

    • built-in ad blocker
    • battery saver
    • free VPN
    Download Opera

    Opera and Unicode domains PSA

    Opera for Windows
    2
    4
    1725
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jito463
      jito463 last edited by

      So, I just saw this on another website. Apparently, there's a unicode phishing bug that's exploitable in multiple browsers. The linked article specifically mentions Chrome and Firefox, but Opera is also affected (obviously, as it uses the Chrome engine), as well as classic Opera v12 and a couple other browsers (ironically, Edge was not affected, but I still would never recommend it). It relies on using unicode characters in the domain, which the browser converts to appear as a different domain name. Add an SSL cert, and it's possible to make a phishing site appear to be completely legit, unless you actually check the SSL cert manually.

      https://www.wordfence.com/blog/2017/04/chrome-firefox-unicode-phishing/

      Reply Quote 0
        1 Reply Last reply
      • jito463
        jito463 last edited by

        Just wanted to add, that I tested the bug on an earlier build of Opera (10.54), and while it still displayed the incorrect domain, the "Secure" icon in the address bar did list the actual correct domain name.

        Unicode Bug

        Reply Quote 0
          1 Reply Last reply
        • sgunhouse
          sgunhouse Moderator Volunteer last edited by

          https://tech.slashdot.org/story/17/04/17/1329200/chrome-59-to-address-punycode-phishing-attack

          Of course, when Chrome releases their update Opera will get it automatically.

          Reply Quote 0
            1 Reply Last reply
          • jito463
            jito463 last edited by

            https://tech.slashdot.org/story/17/04/17/1329200/chrome-59-to-address-punycode-phishing-attack
            Of course, when Chrome releases their update Opera will get it automatically.

            True, and I intended to mention that in my post, but forgot (thanks for catching that for me). My intent was simply to alert people to the phishing bug, so they can be aware of it.

            Reply Quote 0
              1 Reply Last reply
            • First post
              Last post

            Computer browsers

            • Opera for Windows
            • Opera for Mac
            • Opera for Linux
            • Opera beta version
            • Opera USB

            Mobile browsers

            • Opera for Android
            • Opera Mini
            • Opera Touch
            • Opera for basic phones

            • Add-ons
            • Opera account
            • Wallpapers
            • Opera Ads

            • Help & support
            • Opera blogs
            • Opera forums
            • Dev.Opera

            • Security
            • Privacy
            • Cookies Policy
            • EULA
            • Terms of Service

            • About Opera
            • Press info
            • Jobs
            • Investors
            • Become a partner
            • Contact us

            Follow Opera

            • Opera - Facebook
            • Opera - Twitter
            • Opera - YouTube
            • Opera - LinkedIn
            • Opera - Instagram

            © Opera Software 1995-