[UA-discuss] [UA-International] IDNs and homographs attacks

Andre Schappo A.Schappo at lboro.ac.uk
Thu May 28 13:40:28 UTC 2015


On 27 May 2015, at 21:30, Tan Tanaka, Dennis wrote:

1.       IDN treatment from browsers comes in different flavors. One of them is to display the IDN in Unicode if the browser is set to support the language of the IDN. Example: My browser is set up with the Chinese language, then all Chinese IDNs will be displayed in Chinese, the rest will be shown as ascii labels (i.e. xn--asdjk3d2sa).

With Chrome one needs to whitelist an IDN language in order for the unicode form to be displayed instead of the punycode form. One whitelists a language by adding it in Chrome settings.  But few people know this and so most users will see the punycode form.

2.       I’d like to think that registry policies are preventing registration of mix-script names, but I don’t have hard data on this.

Verisign have very clear and exacting registration requirements. For some languages they have a set of allowable codepoints.

http://www.verisigninc.com/en_US/channel-resources/domain-registry-products/idn/idn-policy/registration-rules/index.xhtml

Compare, say, KOR with RUS. KOR allows mixing of LDH (Letters, Digits & Hyphen) which is fine because LDH are not confusable with Hangeul Syllables. RUS on the other hand, only allows mixing of DH & Cyrillic to prevent mixing of Scripts (and confusables)

CHI is interesting as for the CJK Compatibility Ideographs block they allow just one character U+FA28

Then we can go to the opposite extreme which is the .ws registry which, currently, appears to allow the registration of most anything. But that does make possible IDNs such as http://😇.ws

With a symbol/emoji IDN such as above or http://🍺.ws one cannot whitelist in Chrome which I suppose is fair enough because according to IDNA2008 they are not allowable characters but it does spoil the fun 😜

André Schappo


From: Don Hollander [mailto:don.hollander at icann.org]
Sent: Wednesday, May 27, 2015 3:20 PM
To: Tan Tanaka, Dennis; c.dillon at ucl.ac.uk<mailto:c.dillon at ucl.ac.uk>; ua-international at icann.org<mailto:ua-international at icann.org>; UA-discuss at icann.org<mailto:UA-discuss at icann.org>
Subject: Re: [UA-International] IDNs and homographs attacks

Thanks Dennis.

Interest that the article also attempts to answer the question, “Why” - and attributes some of the low numbers to the way that browsers display the name – in full punycode form.

I wonder if policies at the registry level have had any impact?

Don

From: Dennis Tan <dtantanaka at verisign.com<mailto:dtantanaka at verisign.com>>
Date: Thursday, 28 May 2015 5:17 am
To: "c.dillon at ucl.ac.uk<mailto:c.dillon at ucl.ac.uk>" <c.dillon at ucl.ac.uk<mailto:c.dillon at ucl.ac.uk>>, "ua-international at icann.org<mailto:ua-international at icann.org>" <ua-international at icann.org<mailto:ua-international at icann.org>>, "UA-discuss at icann.org<mailto:UA-discuss at icann.org>" <UA-discuss at icann.org<mailto:UA-discuss at icann.org>>
Subject: [UA-International] IDNs and homographs attacks

ICYMI: the APWG released its Global Phishing Survey 2H2014. In it they state “From January 2007 to June 2014 we found only nine true homographic phishing attacks. […] One hundred and three IDN domain names were used for phishing in 2H2014. None were homographic attacks.”

Clearly, those claiming to watch out for IDNs for spoofing attacks are overstating the problem.

Link to the article and survey: http://www.circleid.com/posts/20150527_phishing_in_the_new_gtlds/


From: Dillon, Chris [mailto:c.dillon at ucl.ac.uk]
Sent: Tuesday, May 26, 2015 10:11 AM
To: Tan Tanaka, Dennis
Cc: ua-international at icann.org<mailto:ua-international at icann.org>
Subject: RE: Meeting notes group call 5/26

Dear colleagues,

I’ve checked the GoDaddy article I mentioned. Actually it’s a general article about the small number of law enforcement cases, disputes etc., rather than just IDNs:
www.ionmag.asia/2015/02/the-right-rights-balance<http://www.ionmag.asia/2015/02/the-right-rights-balance>

Regards,

Chris.
--
Research Associate in Linguistic Computing, Centre for Digital Humanities, UCL, Gower St, London WC1E 6BT Tel +44 20 7679 1599 (int 31599)www.ucl.ac.uk/dis/people/chrisdillon<http://www.ucl.ac.uk/dis/people/chrisdillon>

From: ua-international-bounces at icann.org<mailto:ua-international-bounces at icann.org> [mailto:ua-international-bounces at icann.org] On Behalf Of Tan Tanaka, Dennis
Sent: 26 May 2015 15:02
To: ua-international at icann.org<mailto:ua-international at icann.org>
Subject: [UA-International] Meeting notes group call 5/26

Attendees:
- Chris Dillon
- Dusan
- Don
- Dennis

Notes:
1.       Re-cap i18n charter: no comments
2.       Review of DRAFT working plan:
a.       Change title of “telling” to “identifying” on work stream titles
b.      Chris Dillon: GoDaddy published some stats on IDN phishing. Cases are rare.
c.       Dennis will develop “confusable characters” item on work stream 1.
d.      Dusan will develop “create test cases to identify UA/IDN gaps in applications” item on work stream 2
e.      Repository of practices, gap assessment, etc. should be maintained in ICANN wiki (Action item: Dennis to set up page and share link to group members)
3.       Next group meeting: Tuesday, June 9 @ 13:00 UTC

End of notes


From:ua-international-bounces at icann.org<mailto:ua-international-bounces at icann.org> [mailto:ua-international-bounces at icann.org] On Behalf Of Tan Tanaka, Dennis
Sent: Tuesday, May 26, 2015 8:50 AM
To: ua-international at icann.org<mailto:ua-international at icann.org>
Subject: [UA-International] Meeting agenda 5/26


Agenda items:
1.       Roll call
2.       Re-cap i18n charter https://docs.google.com/document/d/1wO9ubXdg02iptqwMhacFR1UsWKjPiMizXU5M5XmWzZc/edit?usp=sharing
3.       Review and discuss DRAFT i18n working plan https://docs.google.com/document/d/183UHeDMvdXVUk1W_4WJOhfFqUGx0DGWa9UeReKcCfOE/edit?usp=sharing
4.       Other items
5.       Adjourn


I18n Project Group co-Lead
Universal Acceptance: https://icann.org/universalacceptance
Join the conversation:  https://mm.icann.org/mailman/listinfo/ua-international
Project group archive: http://mm.icann.org/pipermail/ua-international/

“This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed, and may contain information that is non-public, proprietary, privileged, confidential and exempt from disclosure under applicable law or may be constituted as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this message in error, notify sender immediately and delete this message immediately.”
“This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed, and may contain information that is non-public, proprietary, privileged, confidential and exempt from disclosure under applicable law or may be constituted as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this message in error, notify sender immediately and delete this message immediately.”
“This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed, and may contain information that is non-public, proprietary, privileged, confidential and exempt from disclosure under applicable law or may be constituted as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this message in error, notify sender immediately and delete this message immediately.”

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ua-discuss/attachments/20150528/ad2eed90/attachment.html>


More information about the UA-discuss mailing list