Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prevent "public gateway phishing" in migration screens #22

Open
gnarea opened this issue Jan 13, 2021 · 0 comments
Open

Prevent "public gateway phishing" in migration screens #22

gnarea opened this issue Jan 13, 2021 · 0 comments
Labels
apps-private-gateways Applicable to the desktop and Android gateways enhancement New feature or request

Comments

@gnarea
Copy link
Member

gnarea commented Jan 13, 2021

Describe the problem

An attacker may set up public gateways on domains that look like one from Relaycorp (e.g., frankfurt-relaycorp.cloud) and then convince their victims to migrate to that gateway. Or they may use domain names containing the word "Relaynet" (e.g., relaynet-gateway.com) to pass off as an "official" gateway.

Describe the solution you'd like

Block domain names containing the words "Relaycorp" and "Relaynet", but allow subdomains of .relaycorp.cloud. Also block misspellings of the two words (e.g., "Relaycopr", "Relyanet", "relay-net"). Punctuation should also be ignored, meaning that a domain like relay.net or relay.corp.cloud should still be blocked.

@gnarea gnarea added enhancement New feature or request apps-private-gateways Applicable to the desktop and Android gateways labels Jan 13, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
apps-private-gateways Applicable to the desktop and Android gateways enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

1 participant