|
In multilingual computer systems, different logical characters may have identical or very similar appearances. For example, Unicode character U+0430, Cyrillic small letter a ("а"), can look identical to Unicode character U+0061, Latin small letter a, ("a") which is the lowercase "a" used in English. Technically, characters that look alike in this way are known as homographs (strictly, homoglyphs). Spoofing attacks based on these similarities are known as homograph spoofing attacks. Wikipedia does not have an article with this exact name. ...
The internationalized domain name (IDN) homograph attack is a means by which a malicious party may seek to deceive computer users about what remote system they are communicating with, by exploiting the fact that many different characters may have nearly (or wholly) indistinguishable glyphs. ...
The term multilingualism can refer to rather different phenomena. ...
Unicode is an industry standard whose goal is to provide the means by which text of all forms and languages can be encoded for use by computers. ...
The Cyrillic alphabet (or azbuka, from the old name of the first letters) is an alphabet used to write six natural Slavic languages (Belarusian, Bulgarian, Macedonian, Russian, Serbian, and Ukrainian) and many other languages of the former Soviet Union, Asia and Eastern Europe. ...
The Latin alphabet, also called the Roman alphabet, is the most widely used alphabetic writing system in the world today. ...
Homonyms (in Greek homoios = identical and onoma = name) are words which have the same form (orthographic/phonetic) but unrelated meaning. ...
In typography, a homoglyph is one of a pair of characters with shapes that are visually identical or nearly identical. ...
A spoofing attack, in computer security terms, refers to a situation in which one person or program is able to masquerade successfully as another. ...
The problem arises from the different treatment of the characters in the users mind and the computer's programming. From the viewpoint of the user, a Cyrillic "а" within a Latin string is a Latin "a"; there is literally no difference in the glyphs for these characters in most fonts. However, the computer treats them differently when processing the character string as an identifier. Thus, the user's assumption of a one-to-one correspondence between the visual appearance of a name, and the named entity, breaks down. These are the astrological glyphs as most commonly used in Western Astrology A glyph is a carved figure or character, incised or in relief; a carved pictograph; hence, a pictograph representing a form originally adopted for sculpture, whether carved or painted. ...
In a typical example of a hypothetical attack, someone could register a domain name that appears identical to an existing domain but goes somewhere else. For example, the spoofed domain "pаypal.com" contains a Cyrillic a, not a Latin a. In many ways, this is not a new thing. For example, even staying within the old character set of A-Z, 0-9 and hyphen, G00GLE.COM looks much GOOGLE.COM in some fonts; or, using a mix of uppercase and lowercase characters, googIe.com (capital I, not small ell) looks much like google.com in some fonts. Or, displaying characters in lowercase alone, rnicrosoft.com ("RNICROSOFT.COM") looks very much like microsoft.com in many fonts. What is new was that the expansion by the internationalized domain name system of the character repertoire from a few dozen characters in a single alphabet to many thousands of characters in many scripts greatly increased the scope for homograph attacks. It has been suggested that this article or section be merged into Domain Name System. ...
Example of Arabic IDN Example of Chinese IDN An internationalized domain name (IDN) is an Internet domain name that (potentially) contains non-ASCII characters. ...
External links
- RFC 3743: addresses bundling issues in Chinese, Japanese and Korean
- Erik van der Poel's Unofficial Nameprep/IDNA/Stringprep website
- [http://www.cs.technion.ac.il/~gabr/papers/homograph_full.pdf 'The Homograph Attack
|
Feeds |
Contact