15 Years, and We're Still Reporting Homograph Attacks - Web Domains Using Non-Latin Characters

by
martyb
from SoylentNews on (#508VN)

Arthur T Knackerbracket has found the following story:

Researchers at Soluble today said they worked with Verisign to thwart the registration of domain names that use homoglyphs - non-Latin characters that look just like letters of the Latin alphabet - to masquerade as legit domains.

[...] There have been a number of efforts over the years, most recently in 2017, we reckon, to rid the internet of homograph abuse once and for all.

In the most recent case, it was found that the Unicode Latin IPA Extension characters could and were being exploited to setup lookalike domains.

"Between 2017 and today, more than a dozen homograph domains have had active HTTPS certificates," noted Soluble researcher Matt Hamilton. "This included prominent financial, internet shopping, technology, and other Fortune 100 sites. There is no legitimate or non-fraudulent justification for this activity."

Normally, it would not be possible to register domains with mixed scripts, as Verisign put protections in place years ago. However, the researchers found that those protections did not extend to Unicode Latin IPA, meaning that prior to Verisign updating its filters after being tipped off by Soluble, the characters could be used to set up lookalike URLs.

[...] "While it is unlikely that you, the reader, were attacked with this technique," Hamilton notes, "it is likely that this technique was used in highly targeted social-engineering campaigns."

-- submitted from IRC

The most notable of these confusables are:

Latin:agl
IPA:EEE(C)

It is much easier to tell them apart when the confusables are shown adjacent to each other. In the spoiler below, only one of the entries is correct... how long does it take you to figure out which one it is?

  1. google.Epis
  2. Eoogle.Epis
  3. Eoogle.apis
  4. gooEle.apis
  5. google.apis
  6. EooEle.Epis
  7. EooEle.apis
  8. gooEle.Epis

Are you sure? This is the number of the correct entry:

Are you really sure?Did you pick number 6?That was wrong. It was number 5.

Original Submission

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments