Explore the security implications of homograph attacks in a 29-minute conference talk from media.ccc.de. Delve into the mechanics of homograph domain registration, their associated risks, and examine practical exploits against Signal, Telegram, and Tor Browser. Learn about potential phishing scenarios and more powerful exploits targeting opsec-aware users. Gain insights into historical Unicode security issues, confusable homographs, and other attack vectors. Cover topics including internationalized domain names, font renderization, visual spoofing, browser handling, email clients, and defense strategies against these threats.
Overview
Syllabus
Intro
INTRO
INTERNATIONALIZED DOMAIN NAMES
HOMOGLYPHS AND HOMOGRAPHS
CONFUSABLE HOMOGRAPHS
FONT RENDERIZATION AND VISUAL SPOOFING
REGISTRATION OF HOMOGRAPH DOMAINS
PRACTICAL ATTACKS
HISTORICAL AND RECENT BUGS
BROWSERS HANDLING
EMAIL CLIENTS AND WEBMAILS
SIGNAL or Android and Windows
DEFENSES
CONCLUSION
REFERENCES
Taught by
media.ccc.de
