What You See Is Not What You Get - When Homographs Attack
Offered By: media.ccc.de via YouTube
Course Description
Overview
Explore the security implications of homograph attacks in a 29-minute conference talk from media.ccc.de. Delve into the mechanics of homograph domain registration, their associated risks, and examine practical exploits against Signal, Telegram, and Tor Browser. Learn about potential phishing scenarios and more powerful exploits targeting opsec-aware users. Gain insights into historical Unicode security issues, confusable homographs, and other attack vectors. Cover topics including internationalized domain names, font renderization, visual spoofing, browser handling, email clients, and defense strategies against these threats.
Syllabus
Intro
INTRO
INTERNATIONALIZED DOMAIN NAMES
HOMOGLYPHS AND HOMOGRAPHS
CONFUSABLE HOMOGRAPHS
FONT RENDERIZATION AND VISUAL SPOOFING
REGISTRATION OF HOMOGRAPH DOMAINS
PRACTICAL ATTACKS
HISTORICAL AND RECENT BUGS
BROWSERS HANDLING
EMAIL CLIENTS AND WEBMAILS
SIGNAL or Android and Windows
DEFENSES
CONCLUSION
REFERENCES
Taught by
media.ccc.de
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network