[TF-AIDN] Fwd: [UA-discuss] [FYI] Two IDN Homograph blog posts from Farsight Security

Abdalmonem Tharwat Galila agalila at mcit.gov.eg
Sat Dec 29 09:18:45 CET 2018


FYI

Sent from my iPhone

Begin forwarded message:

Resent-From: <atharwat at tra.gov.eg<mailto:atharwat at tra.gov.eg>>
From: Jim DeLaHunt <list+uasg at jdlh.com<mailto:list+uasg at jdlh.com>>
Date: December 28, 2018 at 10:52:35 PM GMT+2
To: ua-discuss <ua-discuss at icann.org<mailto:ua-discuss at icann.org>>
Subject: [UA-discuss] [FYI] Two IDN Homograph blog posts from Farsight Security


Hello, UA friends:

North America is in the midst of a holiday season right now, and I hope everyone on this list with holidays has been enjoying them — and that those without holidays right now get them soon. :-)

I'd like to pass on links to two blog posts from Farsight Security about Internationalised Domain Name-based homograph attacks. I don't see that these were shared with this list when they appeared. I don't agree with everything in these blogs, but I do like to practice my ability to argue in favour of IDN use and against IND-based fear-mongering. These blogs are useful practice material.


Touched by an IDN: Farsight Security shines a light on the Internet's oft-ignored and undetected security problem
 Wednesday, January 17, 2018 By Mike Schiffman (Farsight Security)
<https://www.farsightsecurity.com/2018/01/17/mschiffm-touched_by_an_idn/>
"Committed to making online interactions safer for all users, Farsight Security regularly investigates systemic threats to the Internet. The design and implementation of the DNS Internationalized Domain Name (IDN)<https://en.wikipedia.org/wiki/Internationalized_domain_name> system poses such a threat – one well known by DNS industry insiders and security professionals but not known or well understood by the wider public. The purpose of this research is to bridge that knowledge gap – to offer a keyhole glimpse into the shadowy world of brand lookalike abuse via IDN homographs.

"Registration of confusing Internet DNS names for the purpose of misleading consumers is not news. Every user of the Internet learns – often the hard way – that much of the email they receive is forged, and many of the World Wide Web links they are prompted to click on are malicious. Yet IDN, a DNS standard representing non-English domain names, allows forgeries to be nearly undetectable by either human eyes or human judgement, or by traditional Internet user interface tools such as email clients and web browsers.

"Using its real-time DNS network, Farsight Security conducted new research to determine the prevalence and reach of homographs<https://en.wikipedia.org/wiki/Homograph>, in the form of IDN lookalike domains, across the Internet. Specifically, Farsight examined 125 top brand domain names, including large content providers, social networking giants, financial websites, luxury brands, cryptocurrency exchanges and other popular websites. Our findings underscore that the potential security risk posed by IDN homographs is significant. Any ultimate defense against this variant of Internet forgery will rely on Internet governance and security automation. It is to inform the need for such solutions that we offer the findings below."


Free Airline Tickets: The Latest Internationalized Domain Name-based Homograph Scam
Monday, August 13, 2018 By Mike Schiffman (Farsight Security)
<https://www.farsightsecurity.com/2018/08/13/mschiffm-freeticketsscam/>
"As part of our continuous monitoring of the Internationalized Domain Name (IDN) space, Farsight recently found evidence of what appears to be an ongoing IDN homograph-based phishing campaign targeting mobile users. The suspected phishing websites purport to be those of commercial airline carriers offering free tickets, but, instead, appear to subject the user to a bait-and-switch scam."


I will also mention again Farsight Security's report on IDN Homograph attacks. This was discussed on this list (Subject: Re: [UA-discuss] Once again, Date: Wed, 27 Jun 2018 15:56:37 +0000 etc.)

Farsight Security Global Internationalized Domain Name Homograph Report, Q2/2018
<https://info.farsightsecurity.com/farsight-idn-research-report>
"IDN ReportInternationalized Domain Names (IDNs) enable a multilingual Internet. Using IDN standards and protocols, Internet-users are able to register and use domain names in scripts other than Basic Latin. Yet IDNs are often abused by cybercriminals to conduct malicious activities, such as phishing or malware distribution.

In this new research report, "Farsight Security Global Internationalized Domain Name Homograph Report Q2/2018," Farsight Security examines the prevalence and distribution of IDN homographs across the Internet. We examined 100 Million IDN resolutions over a 12-month period with a focus on over 450 top global brands across 11 sectors including finance, retail, and technology."

Best regards and happy new year,
     —Jim DeLaHunt, Vancouver, Canada

--
    --Jim DeLaHunt, jdlh at jdlh.com<mailto:jdlh at jdlh.com>     http://blog.jdlh.com/ (http://jdlh.com/)
      multilingual websites consultant

      355-1027 Davie St, Vancouver BC V6E 4L2, Canada
         Canada mobile +1-604-376-8953

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.meswg.org/pipermail/tf-aidn/attachments/20181229/4bee480b/attachment.html>


More information about the TF-AIDN mailing list