IDN Homograph Attack Example

An IDN Homograph Attack is using unicode to make a domain name that looks similar to another domain name. These threats can be mitigated by using Punycode and by being more careful of clicking on URLS.

Examples:

http://ĝoogle.com -- ĝ not g

http://ḃing.com -- ḃ not b

http://asĸ.com -- ĸ not k

Unprotected Software:

Please keep this list updated! These programs do not escape these unsafe URLs:

1. Mozilla Firefox(43.0.4) partial protection as of January 25th 2016. Bug reports: 0, 1, 2, 3,
2. Microsoft Visual Studio Community Edition(14.0.24720.00) no support as of January 25th 2016
3. SharpDevelop(5.1.0, build 5134) no support as of February 25th 2016. Bug reports: 749
4. Libre Office(5.0.4.2) no support as of January 26th 2016, bug reports: 97438
5. Gnome Terminal(3.14.1) no support as of January 26th 2016

References:

1. https://en.wikipedia.org/wiki/IDN_homograph_attack
2. https://en.wikipedia.org/wiki/Punycode
3. https://en.wikipedia.org/wiki/List_of_Unicode_characters