zlacker

[return to "The browser catches homograph attacks, the terminal doesn't"]
1. Downri+dib[view] [source] 2026-02-06 15:21:18
>>MrBudd+(OP)
A simpler solution: examine the URL displayed in the browser window before copying terminal commands from the page. E.g. "starts with github.com" -> "trusted GitHub UI indicates the repo is the official one for this project" -> "URL points to the official project README" -> "terminal commands are most likely not malicious, and if they are, there's a bigger problem here".

Of course, more secure installation methods should be preferred, but those are not always available. I am simply comparing the provided solution to homograph attacks with another solution to the same problem.

◧◩
2. queenk+Ahd[view] [source] 2026-02-07 05:24:09
>>Downri+dib
The whole point is that someone could put a Cyrillic "i" in "github" and your eyes can't tell the difference. The actual GitHub link might be real and valid and you checked; you might still hit "g[cyrillic i]thub.com" and not the real GitHub.
[go to top]