|
The internationalized domain name (IDN) homograph attack is a means by which a malicious party may seek to deceive computer users about what remote system they are communicating with, by exploiting the fact that many different characters may have nearly (or wholly) indistinguishable glyphs. Wikipedia does not have an article with this exact name. ...
It has been suggested that this article or section be merged with IDN homograph attack. ...
These are the astrological glyphs as most commonly used in Western Astrology A glyph is a carved figure or character, incised or in relief; a carved pictograph; hence, a pictograph representing a form originally adopted for sculpture, whether carved or painted. ...
Homographs
Computing veterans used to cross zeros (Ø) in program listings to avoid confusing them with the letter O, in order to make sure the operator would type the program correctly into the computer. The underlying problem is that two different characters may look alike, and it has not gone away since the days of punched cards and coding sheets; indeed, it has become worse.
In many fonts, especially at the low resolutions common to almost all computer displays at present, there is little or no visible difference between "www.google.com" and "www.googIe.com". (The latter has a capital I where the former has a lowercase L.) If I can somehow defraud you or compromise your computer's security by inducing you to visit the latter website rather than the former, then you had better have a web browser that makes the difference clear.
Two glyphs that look alike despite representing different characters (as, in this example, lowercase L and uppercase I look alike) are called homographs. Fortunately, there are few homographs within the very limited ASCII character set used for domain names. In typography, a homoglyph is one of a pair of characters with shapes that are visually identical or nearly identical. ...
For other uses, see ASCII (disambiguation). ...
It has been suggested that this article or section be merged into Domain Name System. ...
Homographs in internationalized domain names The limitation of domain names to ASCII characters, however, is very unlikely to last for ever. Why should a Russian newspaper's website have to live at gazeta.ru rather than газета.ру? The mechanism known as Internationalizing Domain Names in Applications provides a backward-compatible way for domain names to use the full Unicode character set, and it is already widely supported. For other uses, see ASCII (disambiguation). ...
Internationalizing Domain Names in Applications (IDNA) is a mechanism defined in 2003 for handling internationalized domain names containing non-ASCII characters. ...
Technical note: Due to technical limitations, some web browsers may not display some special characters in this article. ...
But now look again at that Russian domain name. The Russian letters а,е,р,у are indistinguishable in writing from their English counterparts. Some of the letters (such as a) are close etymologically, while others look similar by sheer coincidence. For instance, Russian letter р is actually pronounced like English r, but the glyphs of the two letters are identical.
This opens a rich vein of opportunities for phishing and other varieties of fraud. An attacker registers a domain name that looks just like that of a major bank, but in which some of the letters have been replaced by homographs in the Russian or Greek alphabet; sends out e-mail messages purporting to come from personnel at the bank, directing people to the bogus site; and steals their account details, while passing traffic through to the real bank's site. The victims will never notice the difference, until all the money disappears from their accounts. This phishing attempt, disguised as an official email from a bank, attempts to trick the banks members into giving away their account information by confirming it at the phishers linked website. ...
Defending against the attack The simplest defence is for web browsers not to support IDNA or other similar mechanisms, or for users to turn off whatever support their browsers have. That could mean either blocking access to IDNA sites, or permitting access but displaying URLs in Punycode. Either way, this amounts to abandoning non-ASCII domain names. This article or section may be confusing for some readers, and should be edited to be clearer. ...
The Opera web browser has adopted a compromise: specific sites can be "whitelisted", allowing their domain names to be shown in internationalized form, and Latin-1 characters are allowed unconditionally. Opera is an Internet suite which handles common internet-related tasks, including visiting web sites, sending and receiving e-mail messages, managing contacts, and online chat. ...
ISO 8859-1, more formally cited as ISO/IEC 8859-1 or less formally as Latin-1, is part 1 of ISO/IEC 8859, a standard character encoding originally developed by ISO, but later jointly maintained by ISO and IEC. The standard, when supplemented with additional character assignments, is the...
Another possible defence would be for web browsers to display non-ASCII characters in URLs distinctively, perhaps by changing their colour or that of their background. This wouldn't provide protection against spoofing by changing one non-ASCII character to another similar-looking one.
This approach was adopted, as of June 9, 2005, by the plug-in Quero Toolbar for Internet Explorer. Besides IDN highlighting Quero has implemented several other techniques to mitigate IDN spoofing attacks like mixed-script/missing glyph detection, IDN/digit indication and "core domain" highlighting. June 9 is the 160th day of the year in the Gregorian calendar (161st in leap years), with 205 days remaining. ...
2005 (MMV) was a common year starting on Saturday of the Gregorian calendar. ...
A plugin (or plug-in) is a computer program that can, or must, interact with another program to provide a certain, usually very specific, function. ...
Internet Explorer, abbreviated IE or MSIE, is a proprietary graphical web browser made by Microsoft and included as part of the Microsoft Windows line of operating systems. ...
There is not yet (as of March 2005) a clear consensus as to the best way to balance the needs of the international community with protection against domain-name spoofing.
See also In typography, a homoglyph is one of a pair of characters with shapes that are visually identical or nearly identical. ...
Internationalizing Domain Names in Applications (IDNA) is a mechanism defined in 2003 for handling internationalized domain names containing non-ASCII characters. ...
This phishing attempt, disguised as an official email from a bank, attempts to trick the banks members into giving away their account information by confirming it at the phishers linked website. ...
This article or section may be confusing for some readers, and should be edited to be clearer. ...
External links - http://www.shmoo.com/idn/homograph.txt The state of homograph attacks, by Eric Johanson.
- http://secunia.com/advisories/14163/, http://secunia.com/advisories/14209/ Secunia advisories about IDN spoofing
- http://www.centr.org/docs/2005/02/homographs.html CENTR statement on IDN homograph attacks, issued by the Council of European National TLD registries.
- The Homograph Attack, Evgeniy Gabrilovich and Alex Gontmakher, Communications of the ACM, 45(2):128, February 2002
- Quero Toolbar - An IDN-enabling plug-in for Internet Explorer with anti-spoofing techniques.
|
Feeds |
Contact