Fork me on GitHub

IDN Homograph Attack Example

An IDN Homograph Attack is using unicode to make a domain name that looks similar to another domain name. These threats can be mitigated by using Punycode and by being more careful of clicking on URLS.

Examples:

http://ĝoogle.com -- ĝ not g

http://ḃing.com -- ḃ not b

http://asĸ.com -- ĸ not k

Unprotected Software:

Please keep this list updated! These programs do not escape these unsafe URLs:

  1. Mozilla Firefox(43.0.4) partial protection as of January 25th 2016. Bug reports: 0, 1, 2, 3,
  2. Microsoft Visual Studio Community Edition(14.0.24720.00) no support as of January 25th 2016
  3. SharpDevelop(5.1.0, build 5134) no support as of February 25th 2016. Bug reports: 749
  4. Libre Office(5.0.4.2) no support as of January 26th 2016, bug reports: 97438
  5. Gnome Terminal(3.14.1) no support as of January 26th 2016

References:

  1. https://en.wikipedia.org/wiki/IDN_homograph_attack
  2. https://en.wikipedia.org/wiki/Punycode
  3. https://en.wikipedia.org/wiki/List_of_Unicode_characters