Thursday, June 28, 2012



HOMOGRAPH ATTACK AND CONFUSABILITY


Homograph is a letter or string that has enough of a visual similarity to a different letter or string that the two may be confused for one another.

www.аmazon.com  

Looks like amazon.com of course, but it’s not. The first ‘a’ is the Cyrillic small letter a, not the English, or Latin rather, small letter ‘a’, although they look identical they are from two different languages. In your browser’s status bar you should see the Punycode encoded version of the domain name:

http://www.xn--mazon-3ve.com/

Because DNS does not support Unicode (only a subset of ASCII characters are allowed), we have IDN standards which define how domain names with Unicode characters should be encoded. Punycode is the name of the encoding mechanism. The above is often referred to as an IDN homograph attack.

We have included another two examples below which look identical to a human and they will still appear to be the same if you copy them into your address bar:

www.google.com

and

www.goοgle.com

The second URL has one character which has been replaced. We have shown the URL below using the Unicode values of the second ’o’ is the Greek small letter.

http://www.xn--gogle-sce.com/

These are very simple examples but hopefully you can see the potential dangers of clicking on a link just because it looks genuine. Aside from spoofing with lookalike characters from completely different alphabets, we can do a bunch of spoofing just within our own alphabets. For example, certain fonts make combinations of characters hard to determine. Just like the letter’s ‘r’ and ‘n’ together can look like the letter ‘m’: rn = m Zero’s can look like ‘O’ and the number 1 can look like a lower case ‘l’. 

  • www.rnu11ets.com looks a lot like www.mullets.com
  • www.rnu11ets.com looks a lot like www.mullets.com
  • www.rnu11ets.com looks a lot like www.mullets.com
  • www.rnu11ets.com looks a lot like www.mullets.com
  • www.rnu11ets.com looks a lot like www.mullets.com
  • www.rnu11ets.com looks a lot like www.mullets.com
  • www.rnu11ets.com looks a lot like www.mullets.com
  • www.rnu11ets.com looks a lot like www.mullets.com

I have listed the same text here in several different fonts, because in some fonts, you wouldn’t be able to tell the visual difference between the two words. The visual appearance of characters has a lot to do with the fonts used to display the glyph, not just the alphabet.

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)