ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Using Unicode for Homograph Attacks

    News
    security web browsers ascii unicode idn phishing homograph
    3
    3
    692
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • mlnewsM
      mlnews
      last edited by

      https://www.xudongz.com/blog/2017/idn-phishing/

      This is a really interesting one and should be paid attention to. Using Unicode encoding, it is possible to make links that look just like other links but use homographs, letters that look the same between different alphabets, in order to disguise that two domains don't really have the same name. This is a shortcoming in the DNS system, or at least in domain registrations, because what is displayed to humans is indistinguishable but represents different letters. It makes it nearly trivial to make it impossible to prove that a website is really the right website as there is no mechanism, short of human vision, to validate it.

      F 1 Reply Last reply Reply Quote 2
      • F
        Francesco Provino @mlnews
        last edited by

        @mlnews said in Using Unicode for Homograph Attacks:

        It makes it nearly trivial to make it impossible to prove that a website is really the right website as there is no mechanism, short of human vision, to validate it.

        I disagree with that.

        A simple switch on the web browser config can force strict ASCII decoding and evidence the homography issue.

        The feature it's already in place and should be the default from now on.

        1 Reply Last reply Reply Quote 1
        • triple9T
          triple9
          last edited by

          new Chrome has patch for this already.

          1 Reply Last reply Reply Quote 3
          • 1 / 1
          • First post
            Last post