Domain Spoofing Mutiny Wallet’s Websitewww.psacramento.com/domain-spoofing-mutiny-a-web-based-bitcoin-wallet/
4926 sats \ 5 comments \ @psacramento 15 Feb bitcoin freebie
In this article, I will address one potential danger of browser-based wallets called domain spoofing.
More specifically, I want to use Mutiny to give a practical example of the risks of a specific type of domain spoofing called a homographic attack.
write
preview
related posts
833 sats \ 1 reply \ @ek 15 Feb
Don't want to downplay the attack but just want to mention that every nostr client that asks for nsec's is also vulnerable to this as mentioned in my post here: #371422
reply
209 sats \ 0 replies \ @nerd2ninja 16 Feb
Are nostr middle men websites actually nostr clients tho?
reply
77 sats \ 0 replies \ @rblb 16 Feb
This is the same as spoofing the download page for native apps. True, app stores solve it to an extent, however malicious homonym apps sometimes end up on app stores too.
If we consider this model to be good enought, then it is just a matter of building a link directory for Web Apps and tell the users to open the link from there and bookmark/install the web app.
reply
0 sats \ 0 replies \ @DarthCoin 16 Feb
But why do you run Mutiny on the demo page and not run your own mutiny node with apk installed instead of pwa?
Using Mutiny with PWA on pointing to mutinywallet.com is not more different than WoS or Alby.
reply
0 sats \ 0 replies \ @DiedOnTitan 16 Feb
"Damus being forced by Apple to remove the zap feature"
Insidious. Certainly solidifies the case for browser based apps and wallets to bypass these walled gardens. Feeling less like a garden and more like a prison.
Zapping and the supporting economic model appears to be a threat to Apple. Not just banks. This is going to get interesting...
reply