Hello, UA friends:
North America is in the midst of a holiday season right now, and I hope everyone on this list with holidays has been enjoying them — and that those without holidays right now get them soon. :-)
I'd like to pass on links to two blog posts from Farsight Security about Internationalised Domain Name-based homograph attacks. I don't see that these were shared with this list when they appeared. I don't agree with everything in these blogs, but I do like to practice my ability to argue in favour of IDN use and against IND-based fear-mongering. These blogs are useful practice material.
Touched by an IDN: Farsight Security shines a light on the
Internet's oft-ignored and undetected security problem
Wednesday, January 17, 2018 By Mike Schiffman
(Farsight Security)
<https://www.farsightsecurity.com/2018/01/17/mschiffm-touched_by_an_idn/>
"Committed to making online interactions safer
for all users, Farsight Security regularly investigates systemic
threats to the Internet. The design and
implementation of the DNS Internationalized
Domain Name (IDN) system poses such a threat – one well
known by DNS industry insiders and security professionals but not
known or well understood by the wider public. The purpose of this
research is to bridge that knowledge gap – to offer a keyhole
glimpse into the shadowy world of brand lookalike abuse via IDN
homographs.
"Registration of confusing Internet DNS names for the purpose of misleading consumers is not news. Every user of the Internet learns – often the hard way – that much of the email they receive is forged, and many of the World Wide Web links they are prompted to click on are malicious. Yet IDN, a DNS standard representing non-English domain names, allows forgeries to be nearly undetectable by either human eyes or human judgement, or by traditional Internet user interface tools such as email clients and web browsers.
"Using its real-time DNS network, Farsight Security conducted new research to determine the prevalence and reach of homographs, in the form of IDN lookalike domains, across the Internet. Specifically, Farsight examined 125 top brand domain names, including large content providers, social networking giants, financial websites, luxury brands, cryptocurrency exchanges and other popular websites. Our findings underscore that the potential security risk posed by IDN homographs is significant. Any ultimate defense against this variant of Internet forgery will rely on Internet governance and security automation. It is to inform the need for such solutions that we offer the findings below."
Free Airline Tickets: The Latest Internationalized Domain
Name-based Homograph Scam By Mike
Schiffman (Farsight Security)
<https://www.farsightsecurity.com/2018/08/13/mschiffm-freeticketsscam/>
"As part of our continuous monitoring of the Internationalized
Domain Name (IDN) space, Farsight recently found evidence of
what appears to be an ongoing IDN homograph-based phishing
campaign targeting mobile users. The suspected phishing
websites purport to be those of commercial airline carriers
offering free tickets, but, instead, appear to subject the
user to a bait-and-switch scam."
I will also mention again Farsight Security's report on IDN Homograph attacks. This was discussed on this list (Subject: Re: [UA-discuss] Once again, Date: Wed, 27 Jun 2018 15:56:37 +0000 etc.)
Farsight Security Global Internationalized Domain Name
Homograph Report, Q2/2018
<https://info.farsightsecurity.com/farsight-idn-research-report>
"IDN ReportInternationalized Domain Names (IDNs) enable a
multilingual Internet. Using IDN standards and protocols,
Internet-users are able to register and use domain names in
scripts other than Basic Latin. Yet IDNs are often abused by
cybercriminals to conduct malicious activities, such as
phishing or malware distribution.
In this new research report, "Farsight Security Global
Internationalized Domain Name Homograph Report Q2/2018,"
Farsight Security examines the prevalence and distribution of
IDN homographs across the Internet. We examined 100 Million
IDN resolutions over a 12-month period with a focus on over
450 top global brands across 11 sectors including finance,
retail, and technology."
Best
regards and happy new year,
—Jim DeLaHunt, Vancouver, Canada
--
--Jim DeLaHunt, jdlh@jdlh.com http://blog.jdlh.com/ (http://jdlh.com/)
multilingual websites consultant
355-1027 Davie St, Vancouver BC V6E 4L2, Canada
Canada mobile +1-604-376-8953