[UA-discuss] [FYI] Two IDN Homograph blog posts from Farsight Security

Jim DeLaHunt list+uasg at jdlh.com
Fri Dec 28 20:52:35 UTC 2018


Hello, UA friends:

North America is in the midst of a holiday season right now, and I hope 
everyone on this list with holidays has been enjoying them — and that 
those without holidays right now get them soon. :-)

I'd like to pass on links to two blog posts from Farsight Security about 
Internationalised Domain Name-based homograph attacks. I don't see that 
these were shared with this list when they appeared. I don't agree with 
everything in these blogs, but I do like to practice my ability to argue 
in favour of IDN use and against IND-based fear-mongering. These blogs 
are useful practice material.


/Touched by an IDN: Farsight Security shines a light on the Internet's 
oft-ignored and undetected security problem
/ Wednesday, January 17, 2018 By Mike Schiffman(Farsight Security)
<https://www.farsightsecurity.com/2018/01/17/mschiffm-touched_by_an_idn/>
"Committed to making online interactions safer for all users, Farsight 
Security regularly investigates systemic threats to the Internet. The 
design and implementation of the DNS Internationalized Domain Name (IDN) 
<https://en.wikipedia.org/wiki/Internationalized_domain_name> system 
poses such a threat – one well known by DNS industry insiders and 
security professionals but not known or well understood by the wider 
public. The purpose of this research is to bridge that knowledge gap – 
to offer a keyhole glimpse into the shadowy world of brand lookalike 
abuse via IDN homographs.

"Registration of confusing Internet DNS names for the purpose of 
misleading consumers is not news. Every user of the Internet learns – 
often the hard way – that much of the email they receive is forged, and 
many of the World Wide Web links they are prompted to click on are 
malicious. Yet IDN, a DNS standard representing non-English domain 
names, allows forgeries to be nearly undetectable by either human eyes 
or human judgement, or by traditional Internet user interface tools such 
as email clients and web browsers.

"Using its real-time DNS network, Farsight Security conducted new 
research to determine the prevalence and reach of homographs 
<https://en.wikipedia.org/wiki/Homograph>, in the form of IDN lookalike 
domains, across the Internet. Specifically, Farsight examined 125 top 
brand domain names, including large content providers, social networking 
giants, financial websites, luxury brands, cryptocurrency exchanges and 
other popular websites. Our findings underscore that the potential 
security risk posed by IDN homographs is significant. Any ultimate 
defense against this variant of Internet forgery will rely on Internet 
governance and security automation. It is to inform the need for such 
solutions that we offer the findings below."


/Free Airline Tickets: The Latest Internationalized Domain Name-based 
Homograph Scam/
Monday, August 13, 2018 By Mike Schiffman (Farsight Security)
<https://www.farsightsecurity.com/2018/08/13/mschiffm-freeticketsscam/>
"As part of our continuous monitoring of the Internationalized Domain 
Name (IDN) space, Farsight recently found evidence of what appears to be 
an ongoing IDN homograph-based phishing campaign targeting mobile users. 
The suspected phishing websites purport to be those of commercial 
airline carriers offering free tickets, but, instead, appear to subject 
the user to a bait-and-switch scam."


I will also mention again Farsight Security's report on IDN Homograph 
attacks. This was discussed on this list (Subject: /Re: [UA-discuss] 
Once again/, Date: Wed, 27 Jun 2018 15:56:37 +0000 etc.)

/
Farsight Security Global Internationalized Domain Name Homograph Report, 
Q2/2018/
<https://info.farsightsecurity.com/farsight-idn-research-report>
"IDN ReportInternationalized Domain Names (IDNs) enable a multilingual 
Internet. Using IDN standards and protocols, Internet-users are able to 
register and use domain names in scripts other than Basic Latin. Yet 
IDNs are often abused by cybercriminals to conduct malicious activities, 
such as phishing or malware distribution.

In this new research report, "Farsight Security Global Internationalized 
Domain Name Homograph Report Q2/2018," Farsight Security examines the 
prevalence and distribution of IDN homographs across the Internet. We 
examined 100 Million IDN resolutions over a 12-month period with a focus 
on over 450 top global brands across 11 sectors including finance, 
retail, and technology."

Best regards and happy new year,
      —Jim DeLaHunt, Vancouver, Canada

-- 
     --Jim DeLaHunt, jdlh at jdlh.com     http://blog.jdlh.com/ (http://jdlh.com/)
       multilingual websites consultant

       355-1027 Davie St, Vancouver BC V6E 4L2, Canada
          Canada mobile +1-604-376-8953

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ua-discuss/attachments/20181228/4191fcbd/attachment.html>


More information about the UA-discuss mailing list