US-CERT Cyber Security Tip ST05-016 -- Understanding Internationalized Domain Names

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                     Cyber Security Tip ST05-016
               Understanding Internationalized Domain Names

   You may have been exposed to internationalized domain names (IDNs)
   without realizing it. While they typically do not affect your browsing
   activity, IDNs may give attackers an opportunity to redirect you to a
   malicious web page.

What are internationalized domain names?

   To  decrease  the amount of confusion surrounding different languages,
   there is a standard for domain names within web browsers. Domain names
   are included in the URL (or web address) of web site. This standard is
   based  on  the Roman alphabet (which is used by the English language),
   and  computers convert the various letters into numerical equivalents.
   This  code  is  known as ASCII (American Standard Code for Information
   Interchange).  However, other languages include characters that do not
   translate  into this code, which is why internationalized domain names
   were introduced.

   To  compensate for languages that incorporate special characters (such
   as  Spanish,  French  or  German)  or  rely  completely  on  character
   representation  (such  as Asian or Arabic languages), a new system had
   to  be  developed.  In this new system, the base URL (which is usually
   the  address  for  the  home  page)  is dissected and converted into a
   format  that  is  compatible  with  ASCII.  The  resulting  URL (which
   contains  the  string  "xn--"  as well as a combination of letters and
   numbers)  will  appear in your browser's status bar. In newer versions
   of many browsers, it will also appear in the address bar.

What are some security concerns?

   Attackers  may  be  able to take advantage of internationalized domain
   names  to  initiate  phishing attacks (see Avoiding Social Engineering
   and  Phishing Attacks for more information). Because there are certain
   characters  that  may  appear  to be the same but have different ASCII
   codes  (for  example, the Cyrillic "a" and the Latin "a"), an attacker
   may  be  able  to  "spoof"  a  web  page  URL.  Instead  of going to a
   legitimate  site, you may be directed to a malicious site, which could
   look  identical  to  the real one. If you submit personal or financial
   information  while  on  the malicious site, the attacker could collect
   that information and then use and/or sell it.

How can you protect yourself?

     * Type  a  URL  instead  of  following  a link - Typing a URL into a
       browser  rather  than  clicking  a link within a web page or email
       message  will  minimize  your  risk.  By  doing this, you are more
       likely  to  visit the legitimate site rather than a malicious site
       that substitutes similar-looking characters.
     * Keep  your browser up to date - Older versions of browsers made it
       easier  for  attackers  to  spoof  URLs,  but  most newer browsers
       incorporate  certain  protections.  Instead  of displaying the URL
       that  you  "think" you are visiting, most browsers now display the
       converted  URL  with the "xn--" string. Internet Explorer does not
       currently  support  IDNs,  so you will see an error message if you
       try to visit a URL that includes non-ASCII characters.
     * Check  your  browser's  status bar - If you move your mouse over a
       link  on  a  web page, the status bar of your browser will usually
       display  the  URL  that the link references. If you see a URL that
       has  an unexpected domain name (such as one with the "xn--" string
       mentioned above), you have likely encountered an internationalized
       domain name. If you were not expecting an internationalized domain
       name or know that the legitimate site should not need one, you may
       want to reconsider visiting the site. Browsers such as Mozilla and
       Firefox include an option in their security settings about whether
       to  allow the status bar text to be modified. To prevent attackers
       from taking advantage of JavaScript to make it appear that you are
       on a legitimate site, you may want to make sure this option is not
       enabled.
     _________________________________________________________________

     Authors: Mindi McDowell, Will Dormann, Jason McCormick
     _________________________________________________________________

     Produced 2005 by US-CERT, a government organization.
  
     Terms of use
 
     <http://www.us-cert.gov/legal.html>
  
     This document can also be found at
 
     <http://www.us-cert.gov/cas/tips/STYY-XXX.html>
 

     For instructions on subscribing to or unsubscribing from this
     mailing list, visit <http://www.us-cert.gov/cas/signup.html>.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBQzG6VxhoSezw4YfQAQIS8QgAhFIAtoSMo7hGv63lof18+5f5+4bqIksg
xmgLDbbrBa+RjIleigWa++qYXD+AJdTt73oJ0zZl8RztHbbNjCbk3i05uz+VUtxX
ecVrPL9/6An+lcKXYjd/6zNL8qWmEPl26GRjMXGvBlM21cGAODr2NDIfDM4Ic46j
ukt01rTdUkR7Bo0hKo4bgH+iYJiEK5Db4ox9f3re8SquVyolm2hq1Yb0oZ3E/1UA
XL3TVP89KSmrvXUlPfsLfMomgh5YvQAY4F7bo6CeTVrefLODHsiP3qUgxW7jn0sY
co6Dt/+u8QDItC+HnaA6lhT5R9xkLOH5uyfDuv421MTxFODDIPBWlw==
=WU0L
-----END PGP SIGNATURE-----

[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux