Please point me to the introduction/FAQ...
-
Hi,
I haven't downloaded Vivaldi yet. I'm not a super-code/tech guy. And I don't have enough time/energy to keep up with all of the things that I'd like to. I do read thehackernews.com newsletter a few times a month. But I'm much more proficient with mechanical engineering, design, inventing, etc.
I'm using Maxthon/MX5 to post this and I'm looking for something better.
A reason I haven't installed Vivaldi yet is this article (https://thehackernews.com/2017/04/unicode-Punycode-phishing-attack.html):
"(small clip) A Chinese infosec researcher has reported about an 'almost impossible to detect' phishing attack that can be used to trick even the most careful users on the Internet.
He warned, hackers can use a known vulnerability in the Chrome, Firefox and Opera web browsers to display their fake domain names as the websites of legitimate services, like Apple, Google, or Amazon to steal login or financial credentials and other sensitive information from users."
If I'm not mistaken Vivaldi is an Opera fork. Does that mean it's vulnerable to this attack?
Also, if any of you super smart coders and users can extinguish some of my fears and/or point me to posts that show me that the Vivaldi developers are on top of patches, security, etc. I would really appreciate your help!
Best, Rocklin
Windows 10 & 7, Android
-
@rockinroll69 Vivaldi is not an Opera fork. It uses the Chromium engine and has access to Google phishing protection. The vulnerability you are worried about has been patched in Chromium code since version 59. Vivaldi is currently on Chromium 65, with the security patches from 66 backported.
The thing to do if you want to know how on-the-ball the Vivaldi team are is to read the Team Blog, especially the several posts on internet security.
Take some time, educate yourself, make your decision.
-
@ayespy Thanks much!
-
This is how http://аррӏе.com is rendered in vivaldi:
It is not vulnerable to punycode phishing.
Also of note, is that if you hover over such links, the status bar will show the same decoded URL to offer additional safety without you even needing to visit the site first.
-
And this is what it looks like in Firefox for Android. Much less safe:
-
-