school of computer & security science edith cowan university say my name, bitch an investigation...
TRANSCRIPT
![Page 1: School of Computer & Security Science Edith Cowan University Say my name, BITCH An Investigation into IDN Homograph Mitigation Strategies Peter Hannay](https://reader035.vdocuments.us/reader035/viewer/2022062716/56649dd05503460f94ac4b42/html5/thumbnails/1.jpg)
School of Computer & Security ScienceEdith Cowan University
Say my name, BITCH
An Investigation into IDN Homograph Mitigation Strategies
Peter HannaySECAU Security Research Centre
Edith Cowan University
Greg BaatardEdith Cowan University
![Page 2: School of Computer & Security Science Edith Cowan University Say my name, BITCH An Investigation into IDN Homograph Mitigation Strategies Peter Hannay](https://reader035.vdocuments.us/reader035/viewer/2022062716/56649dd05503460f94ac4b42/html5/thumbnails/2.jpg)
School of Computer & Security ScienceEdith Cowan University
UNRELATED COMPLAINT SOMEBODY ON THE INTERNET IS WRONG
• People get USB sticks all the time. The problem isn't that people are idiots, that they should know that a USB stick found on the street is automatically bad and a USB stick given away at a trade show is automatically good. The problem is that the OS trusts random USB sticks. The problem is that the OS will automatically run a program that can install malware from a USB stick. The problem is that it isn't safe to plug a USB stick into a computer. Bruce Schneier
![Page 3: School of Computer & Security Science Edith Cowan University Say my name, BITCH An Investigation into IDN Homograph Mitigation Strategies Peter Hannay](https://reader035.vdocuments.us/reader035/viewer/2022062716/56649dd05503460f94ac4b42/html5/thumbnails/3.jpg)
School of Computer & Security ScienceEdith Cowan University
![Page 4: School of Computer & Security Science Edith Cowan University Say my name, BITCH An Investigation into IDN Homograph Mitigation Strategies Peter Hannay](https://reader035.vdocuments.us/reader035/viewer/2022062716/56649dd05503460f94ac4b42/html5/thumbnails/4.jpg)
School of Computer & Security ScienceEdith Cowan University
People are Idiots
• 20 government agencies
• 70%+ hit rate
• Some sticks phoned home from multiple ‘sensitive’ networks
![Page 5: School of Computer & Security Science Edith Cowan University Say my name, BITCH An Investigation into IDN Homograph Mitigation Strategies Peter Hannay](https://reader035.vdocuments.us/reader035/viewer/2022062716/56649dd05503460f94ac4b42/html5/thumbnails/5.jpg)
School of Computer & Security ScienceEdith Cowan University
WHATThis marks the beginning of the section titled
![Page 6: School of Computer & Security Science Edith Cowan University Say my name, BITCH An Investigation into IDN Homograph Mitigation Strategies Peter Hannay](https://reader035.vdocuments.us/reader035/viewer/2022062716/56649dd05503460f94ac4b42/html5/thumbnails/6.jpg)
School of Computer & Security ScienceEdith Cowan University
IDN
☃��
![Page 7: School of Computer & Security Science Edith Cowan University Say my name, BITCH An Investigation into IDN Homograph Mitigation Strategies Peter Hannay](https://reader035.vdocuments.us/reader035/viewer/2022062716/56649dd05503460f94ac4b42/html5/thumbnails/7.jpg)
School of Computer & Security ScienceEdith Cowan University
Homoglyph
ј j
![Page 8: School of Computer & Security Science Edith Cowan University Say my name, BITCH An Investigation into IDN Homograph Mitigation Strategies Peter Hannay](https://reader035.vdocuments.us/reader035/viewer/2022062716/56649dd05503460f94ac4b42/html5/thumbnails/8.jpg)
School of Computer & Security ScienceEdith Cowan University
Homograph
http://gooɡle.com/ http://google.com/
![Page 9: School of Computer & Security Science Edith Cowan University Say my name, BITCH An Investigation into IDN Homograph Mitigation Strategies Peter Hannay](https://reader035.vdocuments.us/reader035/viewer/2022062716/56649dd05503460f94ac4b42/html5/thumbnails/9.jpg)
School of Computer & Security ScienceEdith Cowan University
Mitigation• Unicode Punycode• http://gooɡle.com/ http://xn--goole-tmc.com
• Alerts
![Page 10: School of Computer & Security Science Edith Cowan University Say my name, BITCH An Investigation into IDN Homograph Mitigation Strategies Peter Hannay](https://reader035.vdocuments.us/reader035/viewer/2022062716/56649dd05503460f94ac4b42/html5/thumbnails/10.jpg)
School of Computer & Security ScienceEdith Cowan University
PICSThis marks the beginning of the section titled
![Page 11: School of Computer & Security Science Edith Cowan University Say my name, BITCH An Investigation into IDN Homograph Mitigation Strategies Peter Hannay](https://reader035.vdocuments.us/reader035/viewer/2022062716/56649dd05503460f94ac4b42/html5/thumbnails/11.jpg)
School of Computer & Security ScienceEdith Cowan University
Web
![Page 12: School of Computer & Security Science Edith Cowan University Say my name, BITCH An Investigation into IDN Homograph Mitigation Strategies Peter Hannay](https://reader035.vdocuments.us/reader035/viewer/2022062716/56649dd05503460f94ac4b42/html5/thumbnails/12.jpg)
School of Computer & Security ScienceEdith Cowan University
Web
![Page 13: School of Computer & Security Science Edith Cowan University Say my name, BITCH An Investigation into IDN Homograph Mitigation Strategies Peter Hannay](https://reader035.vdocuments.us/reader035/viewer/2022062716/56649dd05503460f94ac4b42/html5/thumbnails/13.jpg)
School of Computer & Security ScienceEdith Cowan University
Web
![Page 14: School of Computer & Security Science Edith Cowan University Say my name, BITCH An Investigation into IDN Homograph Mitigation Strategies Peter Hannay](https://reader035.vdocuments.us/reader035/viewer/2022062716/56649dd05503460f94ac4b42/html5/thumbnails/14.jpg)
School of Computer & Security ScienceEdith Cowan University
Web
![Page 15: School of Computer & Security Science Edith Cowan University Say my name, BITCH An Investigation into IDN Homograph Mitigation Strategies Peter Hannay](https://reader035.vdocuments.us/reader035/viewer/2022062716/56649dd05503460f94ac4b42/html5/thumbnails/15.jpg)
School of Computer & Security ScienceEdith Cowan University
Web
![Page 16: School of Computer & Security Science Edith Cowan University Say my name, BITCH An Investigation into IDN Homograph Mitigation Strategies Peter Hannay](https://reader035.vdocuments.us/reader035/viewer/2022062716/56649dd05503460f94ac4b42/html5/thumbnails/16.jpg)
School of Computer & Security ScienceEdith Cowan University
• Phishing
• Better than spoofed address
• You can get replies and everything!
Sweet kiwicon@kiwіcon.org
![Page 17: School of Computer & Security Science Edith Cowan University Say my name, BITCH An Investigation into IDN Homograph Mitigation Strategies Peter Hannay](https://reader035.vdocuments.us/reader035/viewer/2022062716/56649dd05503460f94ac4b42/html5/thumbnails/17.jpg)
School of Computer & Security ScienceEdith Cowan University
THE TESTINGThis marks the beginning of the section titled
![Page 18: School of Computer & Security Science Edith Cowan University Say my name, BITCH An Investigation into IDN Homograph Mitigation Strategies Peter Hannay](https://reader035.vdocuments.us/reader035/viewer/2022062716/56649dd05503460f94ac4b42/html5/thumbnails/18.jpg)
School of Computer & Security ScienceEdith Cowan University
Tests
• URL Bar
• Certificate Information
• Geolocation Request
![Page 19: School of Computer & Security Science Edith Cowan University Say my name, BITCH An Investigation into IDN Homograph Mitigation Strategies Peter Hannay](https://reader035.vdocuments.us/reader035/viewer/2022062716/56649dd05503460f94ac4b42/html5/thumbnails/19.jpg)
School of Computer & Security ScienceEdith Cowan University
Evaluation
![Page 20: School of Computer & Security Science Edith Cowan University Say my name, BITCH An Investigation into IDN Homograph Mitigation Strategies Peter Hannay](https://reader035.vdocuments.us/reader035/viewer/2022062716/56649dd05503460f94ac4b42/html5/thumbnails/20.jpg)
School of Computer & Security ScienceEdith Cowan University
Internet Explorer
![Page 21: School of Computer & Security Science Edith Cowan University Say my name, BITCH An Investigation into IDN Homograph Mitigation Strategies Peter Hannay](https://reader035.vdocuments.us/reader035/viewer/2022062716/56649dd05503460f94ac4b42/html5/thumbnails/21.jpg)
School of Computer & Security ScienceEdith Cowan University
Firefox
![Page 22: School of Computer & Security Science Edith Cowan University Say my name, BITCH An Investigation into IDN Homograph Mitigation Strategies Peter Hannay](https://reader035.vdocuments.us/reader035/viewer/2022062716/56649dd05503460f94ac4b42/html5/thumbnails/22.jpg)
School of Computer & Security ScienceEdith Cowan University
Chrome
![Page 23: School of Computer & Security Science Edith Cowan University Say my name, BITCH An Investigation into IDN Homograph Mitigation Strategies Peter Hannay](https://reader035.vdocuments.us/reader035/viewer/2022062716/56649dd05503460f94ac4b42/html5/thumbnails/23.jpg)
School of Computer & Security ScienceEdith Cowan University
Opera
![Page 24: School of Computer & Security Science Edith Cowan University Say my name, BITCH An Investigation into IDN Homograph Mitigation Strategies Peter Hannay](https://reader035.vdocuments.us/reader035/viewer/2022062716/56649dd05503460f94ac4b42/html5/thumbnails/24.jpg)
School of Computer & Security ScienceEdith Cowan University
Safari
![Page 25: School of Computer & Security Science Edith Cowan University Say my name, BITCH An Investigation into IDN Homograph Mitigation Strategies Peter Hannay](https://reader035.vdocuments.us/reader035/viewer/2022062716/56649dd05503460f94ac4b42/html5/thumbnails/25.jpg)
School of Computer & Security ScienceEdith Cowan University
Comparison
![Page 26: School of Computer & Security Science Edith Cowan University Say my name, BITCH An Investigation into IDN Homograph Mitigation Strategies Peter Hannay](https://reader035.vdocuments.us/reader035/viewer/2022062716/56649dd05503460f94ac4b42/html5/thumbnails/26.jpg)
School of Computer & Security ScienceEdith Cowan University
Email Testing
![Page 27: School of Computer & Security Science Edith Cowan University Say my name, BITCH An Investigation into IDN Homograph Mitigation Strategies Peter Hannay](https://reader035.vdocuments.us/reader035/viewer/2022062716/56649dd05503460f94ac4b42/html5/thumbnails/27.jpg)
School of Computer & Security ScienceEdith Cowan University
CONCLUSIONIts time for the…