Monday, October 31, 2011

IDNA security concerns

During my recent webinar of October 25th regarding IPv6 and internationalized domain names (IDNs), I promised to post a few links on my blog regarding security considerations when deploying IDNA. These security concerns stem primarily from homographs, where characters are visually identical but have in fact different unicode and therefore IDN representations.

The issue that may arise is that a link may appear "legitimate" or intended by a user but the IDNA-translated URL may result in a DNS lookup mapping to an attacker's DNS zone file which could result in phishing and similar attacks. This of course is not an issue unique to IDNA as it occurs on a daily basis within the Latin alphabetic representation in DNS. Attackers publish links that substitute "1" for "l" or "0" for "O", etc. or outright misspell otherwise familiar words or company names. But IDNA adds an additional layer of obscurity as homographs will be indistinguishable to the otherwise careful reader.

Here are some links on the topic for details:
If you'd like to view a replay of the webinar or any of those within the IPv6 webinar series, please navigate here and you will have access to all webinars within the series as they are completed and posted.

No comments:

Post a Comment