English
Español
Français
Home | News | ICANN comments on IDN homograph attacks
ICANN comments on IDN homograph attacks
Thursday, 3 March 2005The Internet Corporation for Assigned Names and Numbers (ICANN) has released a statement on homograph domain name spoofing following growing recent publicity around the vulnerability of certain web browsers to URI and domain name spoofing, relying on the use of Internationalised Domain Name (IDN) resolution.
ICANN expressed concern about the vulnerability of certain web browsers to homograph domain name spoofing. The organisation highlights the fact that the total number of characters made available for domain names will increase opportunities for character confusion, but wants to ensure that any countermeasures introduced will not unfairly place restrictions on the use and availability of international domain names.
Homograph domain name spoofing works by exploiting the visual resemblance, or near resemblance of certain characters and symbols, including characters in the standard ASCII character set (such as the resemblance between the numeral '1' and the lower-case letter 'l'), characters taken from different languages, such as the Greek capital letter Beta and the character Latin capital letter B, or the potential confusion amongst Chinese, Japanese, and Korean character sets. The new style of attack takes advantage of changes supported by Internet standards bodies to allow domain names to be registered in national alphabets using non-English characters. The IDN resolution makes it easier for non-English speakers to use the web, but also creates opportunities for malicious hackers.
In light of these concerns, ICANN is requesting comment from the Internet community regarding homograph vulnerability and proposed countermeasures
ICANN expressed concern about the vulnerability of certain web browsers to homograph domain name spoofing. The organisation highlights the fact that the total number of characters made available for domain names will increase opportunities for character confusion, but wants to ensure that any countermeasures introduced will not unfairly place restrictions on the use and availability of international domain names.
Homograph domain name spoofing works by exploiting the visual resemblance, or near resemblance of certain characters and symbols, including characters in the standard ASCII character set (such as the resemblance between the numeral '1' and the lower-case letter 'l'), characters taken from different languages, such as the Greek capital letter Beta and the character Latin capital letter B, or the potential confusion amongst Chinese, Japanese, and Korean character sets. The new style of attack takes advantage of changes supported by Internet standards bodies to allow domain names to be registered in national alphabets using non-English characters. The IDN resolution makes it easier for non-English speakers to use the web, but also creates opportunities for malicious hackers.
In light of these concerns, ICANN is requesting comment from the Internet community regarding homograph vulnerability and proposed countermeasures