As some people know, I run a web development agency called Cohoda LTD.
As part of our service, like most development agencies, we offer web hosting. To keep things as lean as possible, we deliberately don’t try to host email servers ourselves, instead we set up clients with email on Google GSuite (or Office 365 if the client prefers)
I always (where possible) use CloudFlare for DNS, and found myself repeatedly entering the same MX records for each domain, time and time again.
CloudFlare has a handy “Upload DNS File” feature tucked under ‘Advanced’ at the bottom of your DNS entries.
Here, you can specify any file to upload (which must conform to the BIND format to work)
On upload, those DNS entries will be added.
Here’s one for quickly adding GSuite (Google Apps / Gmail) mx records to CloudFlare:
Simply save this as (for example) gsuite-cloudflare.txt and upload that when you want to quickly add Google Apps mx records to your domain in CloudFlare.
While on a train this morning, one of my close friends sent me this WhatsApp message:
The person who sent it to me is not usually someone to send out scams or spam, but, to me at least, this message, did not look legit. It smelled strongly of a phishing scam.
However, it was a link to adidas.com/shoes – so how was this going to phish me?
Of course they are not giving away 3000 free pairs of shoes! Are they?
Cautiously, I pressed on the link.
Obviously, I didn’t end up on adidas.com
Clicking on the link, I’m redirected to http://xn--adids-m11b.com/shoes – which contained a registration form, asking for all manner of personal details to claim my ‘free pair of shoes’
But, how did they get the link http://adidas.com/shoes to redirect to this dodgy site from WhatsApp?
Was Adidas hacked? No.
Can you change the text of a hyperlink in WhatsApp? No. (I tried)
The thing is, it’s not a link to adidas.com
It’s a link to adidạs.com
You can try that out with this Punycode converter:
Just how dangerous is it?
For example, Chrome, and most other browsers will display the puny-code domain in the status bar when hovering over an href:
Safari, for example, can’t display the IDN at all:
However, some chat-applications (WhatsApp included at the time of writing) display the link as it was written.
The first warning sign something is up – the redirection, or perceived redirection from adidạs.com to the punycode equivalent.
But for a lot of people, particularly those who are not tech-savvy, this small detail may go unnoticed. Particularly if the URL bar is hidden on some mobiles.
So the vector of attack (at least successful attack) relies on the user not noticing the punycode domain it is actually resolved to (or not caring – because they’re excited to receive the promised offer for example)
Or, more likely, them not understanding the correlation between what they click on, and where they end up.
Another technique IDN attacks deploy is a quick redirect to a similar but believable domain name.
In our adidạs.com/shoes example, the attacker could have registered something such as adidas-shoes.gifts
.gifts is a generic top level domain, just like .com .co.uk .org etc…
Now, setting the puny-code domain (xn--adids-m11b.com) to redirect to adidas-shoes.gifts – would create something that looks more realistic – at least to those a little less tech-savvy.
As I mentioned, in the Adidas example, they were phishing my personal data.
But these sites could quite easily display an official looking login page to that site (capturing your username / password)
Or a ‘buy now’ page – harvesting your credit card details.
The fact they have their victims trust that they are on the legitimate brand site means they are free to essentially do what they want.
Looking for a particular branch, and git branch -a returns a LOT of branches?
If on Windows, you could use the Search feature in cmder (you’re using cmder, right?)
Or on mac, cmd+f and then search the outputted text…
OR you could use one of these two approaches:
1) git branch takes a --list argument , which in turn takes a search arg.
git branch -a --list *something*
Will return only the branches containing the word “something” (note the wildcard character)
The alternative, if in bash / bash compatible terminal (git bash / cmder etc… on Windows – normal Command Prompt won’t work – unless you’ve got bash extensions installed) is to pipe the result to grep:
git branch -a | grep something
Both methods here will yield the same results.
Side note: -a shows all local and remote branches -r shows only remote branches