[UA-discuss] [FYI] Two IDN Homograph blog posts from Farsight Security
Jim DeLaHunt
list+uasg at jdlh.com
Fri Dec 28 20:52:35 UTC 2018
Hello, UA friends:
North America is in the midst of a holiday season right now, and I hope
everyone on this list with holidays has been enjoying them — and that
those without holidays right now get them soon. :-)
I'd like to pass on links to two blog posts from Farsight Security about
Internationalised Domain Name-based homograph attacks. I don't see that
these were shared with this list when they appeared. I don't agree with
everything in these blogs, but I do like to practice my ability to argue
in favour of IDN use and against IND-based fear-mongering. These blogs
are useful practice material.
/Touched by an IDN: Farsight Security shines a light on the Internet's
oft-ignored and undetected security problem
/ Wednesday, January 17, 2018 By Mike Schiffman(Farsight Security)
<https://www.farsightsecurity.com/2018/01/17/mschiffm-touched_by_an_idn/>
"Committed to making online interactions safer for all users, Farsight
Security regularly investigates systemic threats to the Internet. The
design and implementation of the DNS Internationalized Domain Name (IDN)
<https://en.wikipedia.org/wiki/Internationalized_domain_name> system
poses such a threat – one well known by DNS industry insiders and
security professionals but not known or well understood by the wider
public. The purpose of this research is to bridge that knowledge gap –
to offer a keyhole glimpse into the shadowy world of brand lookalike
abuse via IDN homographs.
"Registration of confusing Internet DNS names for the purpose of
misleading consumers is not news. Every user of the Internet learns –
often the hard way – that much of the email they receive is forged, and
many of the World Wide Web links they are prompted to click on are
malicious. Yet IDN, a DNS standard representing non-English domain
names, allows forgeries to be nearly undetectable by either human eyes
or human judgement, or by traditional Internet user interface tools such
as email clients and web browsers.
"Using its real-time DNS network, Farsight Security conducted new
research to determine the prevalence and reach of homographs
<https://en.wikipedia.org/wiki/Homograph>, in the form of IDN lookalike
domains, across the Internet. Specifically, Farsight examined 125 top
brand domain names, including large content providers, social networking
giants, financial websites, luxury brands, cryptocurrency exchanges and
other popular websites. Our findings underscore that the potential
security risk posed by IDN homographs is significant. Any ultimate
defense against this variant of Internet forgery will rely on Internet
governance and security automation. It is to inform the need for such
solutions that we offer the findings below."
/Free Airline Tickets: The Latest Internationalized Domain Name-based
Homograph Scam/
Monday, August 13, 2018 By Mike Schiffman (Farsight Security)
<https://www.farsightsecurity.com/2018/08/13/mschiffm-freeticketsscam/>
"As part of our continuous monitoring of the Internationalized Domain
Name (IDN) space, Farsight recently found evidence of what appears to be
an ongoing IDN homograph-based phishing campaign targeting mobile users.
The suspected phishing websites purport to be those of commercial
airline carriers offering free tickets, but, instead, appear to subject
the user to a bait-and-switch scam."
I will also mention again Farsight Security's report on IDN Homograph
attacks. This was discussed on this list (Subject: /Re: [UA-discuss]
Once again/, Date: Wed, 27 Jun 2018 15:56:37 +0000 etc.)
/
Farsight Security Global Internationalized Domain Name Homograph Report,
Q2/2018/
<https://info.farsightsecurity.com/farsight-idn-research-report>
"IDN ReportInternationalized Domain Names (IDNs) enable a multilingual
Internet. Using IDN standards and protocols, Internet-users are able to
register and use domain names in scripts other than Basic Latin. Yet
IDNs are often abused by cybercriminals to conduct malicious activities,
such as phishing or malware distribution.
In this new research report, "Farsight Security Global Internationalized
Domain Name Homograph Report Q2/2018," Farsight Security examines the
prevalence and distribution of IDN homographs across the Internet. We
examined 100 Million IDN resolutions over a 12-month period with a focus
on over 450 top global brands across 11 sectors including finance,
retail, and technology."
Best regards and happy new year,
—Jim DeLaHunt, Vancouver, Canada
--
--Jim DeLaHunt, jdlh at jdlh.com http://blog.jdlh.com/ (http://jdlh.com/)
multilingual websites consultant
355-1027 Davie St, Vancouver BC V6E 4L2, Canada
Canada mobile +1-604-376-8953
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ua-discuss/attachments/20181228/4191fcbd/attachment.html>
More information about the UA-discuss
mailing list