Don't Click ..... |Rajat Poonia Rajasthjan
IDN homography is a way a malicious party may deceive computer users about what
remote systems they are communicating with,by exploding the fact that many different
characters look alike.
Simply it is way in which a person is forcing to click on that link which look like a famous domain names like-google.com or facebook.com
But they are not actual domain names, they only looks like that.this kind of spoofing attack is also known as script spoofing.
How it is done::
>BY collecting different type of letters which are same in other languages.
a person frequenting citibank.com may be lured to click a link in which the Latin C is replaced with the Cyrillic С.
>www.amazon.com
It looks like amazon.com of course,but it's not.The first ‘a’ is the Cyrillic small letter a, not the English, or Latin rather, small letter ‘a’, although they look identical – they’re from two different languages. Confused? Good.
Now hover your mouse over the link above, don’t click it because I don’t know where it goes but it probably isn’t nice. In your browser’s status bar you should see the Punycode encoded version of the domain name:
http://www.xn--mazzon-3ve.com/
>These occur when letters from the same alphabet, or script, are used to give the same visual appearance.
>Homograph domain name spoofing works by exploiting the visual resemblance, or near resemblance of certain characters and symbols. These can be characters in the standard ASCII character set (such as the resemblance between the numeral "1" and the lower-case letter "l" or the letter "O" and the numeric zero ("0") in some fonts), or characters taken from different languages (such as the character "Β" [Greek capital letter Beta], and the character "B" [Latin capital letter B], or the potential confusion amongst Chinese, Japanese, and Korean character sets). The vulnerability identified by the recently published advisory (http://www.shmooo.com/idn/homograph.txt) is focused on how standard puny code-based IDNs offer additional opportunities for homograph attacks. The Internet community recognizes that homograph domain name and URI spoofing is a problem that pre-exists the adoption of IDN implementation standards, but increasing the total number of characters available for domain names inevitably increases the opportunities for character confusion.
Detection:-
>
There are a few methods to detect that you are under a spoof attack.One easy method is to cut & paste the url you are accessing into notepad or some other tool (under OSX, paste into a terminal window) which will allow you to view what character set/page code the string is in. You can also view the details of the SSL cert, to see if it's using a puny code wrapped version of the domain (starting with the string 'xn-').
remote systems they are communicating with,by exploding the fact that many different
characters look alike.
Simply it is way in which a person is forcing to click on that link which look like a famous domain names like-google.com or facebook.com
But they are not actual domain names, they only looks like that.this kind of spoofing attack is also known as script spoofing.
How it is done::
>BY collecting different type of letters which are same in other languages.
a person frequenting citibank.com may be lured to click a link in which the Latin C is replaced with the Cyrillic С.
>www.amazon.com
It looks like amazon.com of course,but it's not.The first ‘a’ is the Cyrillic small letter a, not the English, or Latin rather, small letter ‘a’, although they look identical – they’re from two different languages. Confused? Good.
Now hover your mouse over the link above, don’t click it because I don’t know where it goes but it probably isn’t nice. In your browser’s status bar you should see the Punycode encoded version of the domain name:
http://www.xn--mazzon-3ve.com/
>These occur when letters from the same alphabet, or script, are used to give the same visual appearance.
>Homograph domain name spoofing works by exploiting the visual resemblance, or near resemblance of certain characters and symbols. These can be characters in the standard ASCII character set (such as the resemblance between the numeral "1" and the lower-case letter "l" or the letter "O" and the numeric zero ("0") in some fonts), or characters taken from different languages (such as the character "Β" [Greek capital letter Beta], and the character "B" [Latin capital letter B], or the potential confusion amongst Chinese, Japanese, and Korean character sets). The vulnerability identified by the recently published advisory (http://www.shmooo.com/idn/homograph.txt) is focused on how standard puny code-based IDNs offer additional opportunities for homograph attacks. The Internet community recognizes that homograph domain name and URI spoofing is a problem that pre-exists the adoption of IDN implementation standards, but increasing the total number of characters available for domain names inevitably increases the opportunities for character confusion.
>
There are a few methods to detect that you are under a spoof attack.One easy method is to cut & paste the url you are accessing into notepad or some other tool (under OSX, paste into a terminal window) which will allow you to view what character set/page code the string is in. You can also view the details of the SSL cert, to see if it's using a puny code wrapped version of the domain (starting with the string 'xn-').
Comments
Post a Comment
If you have any doubt, Please let me know