The 2011 IDN Homograph Attack Mitigation Survey

The advent of internationalized domain names (IDNs) has introduced a new threat, with the non-English character sets allowing for visual mimicry of domain names. Whilst this potential for this form of attack has been well recognized, many applications such as Internet browsers and e-mail clients have been slow to adopt successful mitigation strategies and countermeasures. This research examines those strategies and countermeasures, identifying areas of weakness that allow for homograph attacks. As well as examining the presentation of IDNs in e-mail clients and Internet browser URL bars, this year’s study examines the presentation of IDNs in browser-based security certificates and requests for locational data access

Assessment of Internationalised Domain Name Homograph Attack Mitigation

With the advent of internationalised domains the threat posed by non-english character sets has eventuated. Whilst this phenomenon remains well known in the development and internet industry the actual implementations of popular applications have been tested to determine their resilience to homograph based attack. The research found that most provided features that overcome such attacks, but there remain a few notable exceptions. Should an attacker take advantage of such oversights a victim would likely not be able to spot a fraudulent site or email and thus provide a perfect platform for subsequent attack