Pictures and further references at the address: https://www.heise.de/news/Neue-Angriffsmasche-auf-GitHub-und-Co-Zeichentausch-mit-Unicode-in-URLs-10387719.htmlWhen attackers replace letters in URLs with Unicode characters that look the same, this is difficult to detect. A new CI job provides a remedy.
In his blog, security researcher and curl maintainer Daniel Stenberg has drawn attention to a security problem caused by Unicode fraud that is difficult for reviewers, mergers and CI jobs to recognize.
In his blog, Stenberg shows how an attacker replaces a common ASCII character in the code with an almost identical one from the Unicode table. This is not recognizable in the code editor, but results in a different URL, for example, behind which malicious code can be hidden. As an example, the blogger uses an Armenian g. […]
Here is an example of the possibilities for overriding the “i2p” extension:
https://util.unicode.org/UnicodeJsps/confusables.jsp?a=i2p&r=None
IDN homograph attack: http://wikiless.i2p/w/index.php?title=I ... aph_attack
