Dev/videos
Donate
Video Drafts for Kicksecure
Open Drafts[edit]
What does Open Drafts mean? - These are scripts for videos which have not been produced yet. Therefore any feedback (edit suggestions) are more likely to make it in the video which is due to be produced soon.
There may be some inaccuracies in the Open Drafts.
Open Drafts should not be considered Documentation or factual statements until finalized.
Documentation for this is incomplete. Contributions are happily considered! See this for potential alternatives.
Finalized Drafts[edit]
What does Finalized Drafts mean? - These drafts are not very useful to modify because the video has already been produced, pending upload. Unless there are critical issues, no changes will be recorded.
IDN Homograph Attacks[edit]
Beware of URL Impersonation: How Scammers Trick You with Lookalike Letters
Imagine you're visiting what you believe to be your bank's website. You verify the web address in the URL bar, and it appears to be exactly as expected. However, you're actually on a fake website created by scammers. This fake website looks identical to your bank's website, but it's designed to trick you into revealing sensitive information such as your password, credit card number, or other personal data.
This exact attack is not only possible but has been demonstrated by a security researcher using apple.com. Surprisingly, this attack cannot be spotted with the human eye by looking at the link. The URL clearly shows "apple.com," but instead of the sleek, polished brand website, you'll be greeted, luckily, by a friendly warning message from the researcher instead of a scammer. The link to the researchers attack demonstration and further information can be found in the video description.
[bumper : How the scam works]
Scammers create fake websites that look and function exactly like the real ones. But for their scam to work, they also often create URLs that resemble those of well-known brands to trick users into being careless. They use "lookalike letters" called "homoglyphs" from different languages to replace English letters and create "lookalike words" called "homographs". For example, they might use a Greek "a" instead of an English "a" to create a fake homograph that makes the browser render "apple.com". However, instead of the legitimate website, users will be visiting a domain that the attacker controls. This is how they deceive users and trick them into revealing sensitive information such as their passwords and 2FA logins.
Fortunately, you can avoid falling victim to this attack. Internal to the browser, the plain text version of apple.com is converted by the browser into a strange letter salad, called punycode, because URLs don't allow foreign characters. If your browser would show this punycode you would clearly see it's not the real apple.com (https://www.xn—80ak6aa92e.com). However, many browsers unfortunately, for your convenience and at the expense of your security, do not display you this punycode.
[bumper: Defending yourself]
If you come across a suspicious URL in an email, chat, or website, don't click on it. Instead take precautions.
One. You could simply type the URL into the address bar yourself. This might be inconvenient, but it's extremely safe.
[ In the video, show the URL bar and demonstrate typing the URL by hand. ]
Two. You can also change browser settings to always show punycode, but this only works well for Latin languages and not international audiences.
[ Show how to change the browser settings to show punycode in Firefox. ]
Three. You can copy and paste the URL and can add another layer of security by sanitizing the copied URL first before pasting it. What you think you copied might not be what you really copied, depending on your browser. To learn how to sanitize URLs and protect yourself from hidden text attacks, check out our previous video.
[ show previous video and link https://www.youtube.com/watch?v=6nHufztdkUI
]
In summary, URL impersonation is a common tactic used by scammers to steal sensitive information from unsuspecting users. To protect yourself, remember to:
- Manually type URLs into the address bar: This is a safer way to access websites.
- Enable punycode-only in your browser settings: This will prevent homoglyphs from being used in URLs to deceive you. Note that this may not work well for non-Latin languages.
- Alternatively Right-click the URL, copy it, and sanitize it to make sure it's safe before pasting it into the address bar.
How to defend yourself from this attack is also documented in our wiki.
[ scroll through https://www.kicksecure.com/wiki/Social_Engineering#IDN_Homograph_Attacks ]
To learn more about how to protect yourself from this and other attacks, take a look at our wiki at https://www.kicksecure.com/wiki/Documentation. Stay vigilant and be safe!
* fake apple.com security researcher demonstration website: https://www.xn--80ak6aa92e.com/ * https://thehackernews.com/2017/04/unicode-Punycode-phishing-attack.html * https://www.xudongz.com/blog/2017/idn-phishing/ * https://forums.whonix.org/t/very-hard-to-notice-phishing-scam-firefox-tor-browser-url-not-showing-real-domain-name-homograph-attack-punycode/8373 * https://twitter.com/Whonix/status/1189513958488711169 * https://mothereff.in/punycode * https://www.jamf.com/blog/punycode-attacks/ * https://github.com/mathiasbynens/punycode.js * https://www.gnu.org/software/libidn/libidn2/manual/html_node/Invoking-idn2.html * https://supertekboy.com/2020/07/15/url-impersonation-homoglyph-attacks/ * https://github.com/em-te/webextension-no-homographs phishing,scam,scammer,homoglyph,homograph,homoglyph attack,homograph attack,url impersonation,lookalike letters,unicode,punycode
Vid #001 : OOPS! They tricked me to install MALWARE! Clipboard Hidden Text Attacks explained[edit]
Show Script
We've all done it before, even if we're reluctant to admit it: we scour the internet for a quick code solution or terminal instruction, find a page, locate the code box, without even thinking we copy the code or even more conveniently click the copy button. Hastely we insert the text into our terminal and hit enter - only to realize ... there's something wrong. We just installed malware and corrupted your system.
[bumper]
Hopefully the last part didn't happen to you. But clipboard hidden text attacks are a common danger on the internet, although they're often overshadowed by phishing hidden text attacks. Nonetheless, they pose a real threat and should remind us not to get too comfortable copying text from unconfirmed sources on the internet, especially when it comes to our most sensitive systems.
[bumper]
First, let's have a look at phishing hidden text because that's what you will find first when you search the internet.
In recent years, phishing with hidden text and zero font attacks have become increasingly popular. Scammers use HTML emails and CSS to hide characters and bypass spam filters used by email providers. Typically, words that indicate major brand corporations would trigger heightened scrutiny of the email filter. However, by splitting up these words with hidden letters and characters, the spam filter can't recognize them. Unfortunately, the user can be tricked because they can't see this hidden obfuscation and only see the plain brand name meant to trick them.
[bumper]
Scammers also use a similar technique called clipboard hidden text attacks, often utilizing code boxes. They may have corrupted a website or created a mockup site to lure in unsuspecting victims who are eager to copy code from code boxes. The user sees the code they need in the code box, but once they click the copy button, a little bit more than just the code is copied to their clipboard – usually something malicious.
Here's how it works: the code box is filled with a cover text that the user can see. However, the area surrounding the cover text is also filled with malicious code that's hidden by CSS instructions on the webpage. When the JavaScript copy command is executed, the entire clipboard is copied as plain text, including the cover text and the malware.
Once you insert this text into your terminal and hit enter or, worse, have your terminal auto-execute it, you're in trouble.
[bumper]
The good news is that this attack isn't very common and can easily be avoided if you are willing to sacrifice a tiny bit of convenience.
We highly recommend making this sacrifice because, for scammers, this attack is also very low risk and very convenient. So although the success rate might be fairly low, the effort is so low that they might as well try if they have the opportunity.
[bumper]
Here are four ways you can protect yourself:
1. Be vigilant everytime you copy code from the internet, especially with regards to shell commands, and even more so if those commands grant super user rights.
2. Never have your terminal set to automatically execute pasted commands. Find this option in your operating system or terminal settings and turn it off.
3. Consider using a clipboard manager, which is available on all operating systems, to check the actual content of your clipboard conveniently.
4. For high security, follow these six steps: (1) Copy the text into a graphical text editor first. (2) Read and understand all the commands. (3) Save the file as a local text file. (4) Scan this file for any malicious Unicode characters. (5) Only then copy the text from this local file, as the text editor may have automatically omitted some Unicode characters that were initially in your clipboard. (6) Now you can safely paste the command into the terminal and execute it.
We hope this helped you avoid becoming a victim out of convenience. Be vigilant and be save.
To learn more read the resources provided in the video description. Like and subscribe. And have a great day!
Don’t ever blindly trust screenshots #shorts[edit]
In the age of AI, you may have encountered amusing deepfaked videos and sound bites, such as Joe Rogan discussing his love for Bionicle. AI can also be a threat as deepfaked disinformation.
Disinformation using screenshots is even easier and requires less effort than using Photoshop. Everyone can do it in less than a minute.
Most desktop browsers come with integrated developer tools to edit HTML modifying the page you're on. In the browser, press F12 or simply highlight a phrase on a webpage, right-click, and choose "Inspect element". In the tools, double-click on the HTML element you want to change and type whatever you desire.
This method works on Twitter, Facebook, YouTube, TikTok and elsewhere and can be easily abused by scammers. So avoid jumping to conclusions based solely on unconfirmed screenshots. Use other sources and critical thinking.
For more about computer security and hacked safety check out the Kicksecure wiki.
[ B: Show Kicksecure Documentation and a few pages such as Malware, Mental Model and Social_Engineering. ]]
Good source: https://nymag.com/intelligencer/2015/11/how-to-fake-a-screenshot.html
screenshot,deepfake,ai,artificial intelligence,fake news,sources,fact check,fabrication,joe rogan,browser,Chrome,Firefox,Edge,developer tools,webpage,website,Twitter,Facebook,Youtube,TikTok
Unfinished: This wiki is a work in progress. Please do not report broken links until this notice is removed, use Search Engines First and contribute improving this wiki.
At Kicksecure we value freedom and trust, supporting Open Source and Freedom Software
ENCRYPTED SUPPORT LP,
2023
We believe security software like Kicksecure needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 10 year success story and maybe DONATE!