Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

What You See Is Not What You Get - When Homographs Attack

media.ccc.de via YouTube

Overview

Explore the security implications of homograph attacks in a 29-minute conference talk from media.ccc.de. Delve into the mechanics of homograph domain registration, their associated risks, and examine practical exploits against Signal, Telegram, and Tor Browser. Learn about potential phishing scenarios and more powerful exploits targeting opsec-aware users. Gain insights into historical Unicode security issues, confusable homographs, and other attack vectors. Cover topics including internationalized domain names, font renderization, visual spoofing, browser handling, email clients, and defense strategies against these threats.

Syllabus

Intro
INTRO
INTERNATIONALIZED DOMAIN NAMES
HOMOGLYPHS AND HOMOGRAPHS
CONFUSABLE HOMOGRAPHS
FONT RENDERIZATION AND VISUAL SPOOFING
REGISTRATION OF HOMOGRAPH DOMAINS
PRACTICAL ATTACKS
HISTORICAL AND RECENT BUGS
BROWSERS HANDLING
EMAIL CLIENTS AND WEBMAILS
SIGNAL or Android and Windows
DEFENSES
CONCLUSION
REFERENCES

Taught by

media.ccc.de

Reviews

Start your review of What You See Is Not What You Get - When Homographs Attack

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.