School of Computer & Security Science Edith Cowan University Say my name, BITCH An Investigation into IDN Homograph Mitigation Strategies Peter Hannay SECAU Security Research Centre Edith Cowan University Greg Baatard Edith Cowan University
Dec 24, 2015
School of Computer & Security ScienceEdith Cowan University
Say my name, BITCH
An Investigation into IDN Homograph Mitigation Strategies
Peter HannaySECAU Security Research Centre
Edith Cowan University
Greg BaatardEdith Cowan University
School of Computer & Security ScienceEdith Cowan University
UNRELATED COMPLAINT SOMEBODY ON THE INTERNET IS WRONG
• People get USB sticks all the time. The problem isn't that people are idiots, that they should know that a USB stick found on the street is automatically bad and a USB stick given away at a trade show is automatically good. The problem is that the OS trusts random USB sticks. The problem is that the OS will automatically run a program that can install malware from a USB stick. The problem is that it isn't safe to plug a USB stick into a computer. Bruce Schneier
School of Computer & Security ScienceEdith Cowan University
School of Computer & Security ScienceEdith Cowan University
People are Idiots
• 20 government agencies
• 70%+ hit rate
• Some sticks phoned home from multiple ‘sensitive’ networks
School of Computer & Security ScienceEdith Cowan University
WHATThis marks the beginning of the section titled
School of Computer & Security ScienceEdith Cowan University
IDN
☃��
School of Computer & Security ScienceEdith Cowan University
Homoglyph
ј j
School of Computer & Security ScienceEdith Cowan University
Homograph
http://gooɡle.com/ http://google.com/
School of Computer & Security ScienceEdith Cowan University
Mitigation• Unicode Punycode• http://gooɡle.com/ http://xn--goole-tmc.com
• Alerts
School of Computer & Security ScienceEdith Cowan University
PICSThis marks the beginning of the section titled
School of Computer & Security ScienceEdith Cowan University
Web
School of Computer & Security ScienceEdith Cowan University
Web
School of Computer & Security ScienceEdith Cowan University
Web
School of Computer & Security ScienceEdith Cowan University
Web
School of Computer & Security ScienceEdith Cowan University
Web
School of Computer & Security ScienceEdith Cowan University
• Phishing
• Better than spoofed address
• You can get replies and everything!
Sweet kiwicon@kiwіcon.org
School of Computer & Security ScienceEdith Cowan University
THE TESTINGThis marks the beginning of the section titled
School of Computer & Security ScienceEdith Cowan University
Tests
• URL Bar
• Certificate Information
• Geolocation Request
School of Computer & Security ScienceEdith Cowan University
Evaluation
School of Computer & Security ScienceEdith Cowan University
Internet Explorer
School of Computer & Security ScienceEdith Cowan University
Firefox
School of Computer & Security ScienceEdith Cowan University
Chrome
School of Computer & Security ScienceEdith Cowan University
Opera
School of Computer & Security ScienceEdith Cowan University
Safari
School of Computer & Security ScienceEdith Cowan University
Comparison
School of Computer & Security ScienceEdith Cowan University
Email Testing
School of Computer & Security ScienceEdith Cowan University
CONCLUSIONIts time for the…