IDN Homograph Attack and Phishing
•
1 like•710 views
1. IDN (Internationalized Domain Name) allows domain names in local languages using local characters. However, attackers can exploit similarities between characters from different alphabets or languages to conduct IDN homograph attacks for social engineering and phishing. 2. For example, the Greek letter "Alpha" looks similar to the Latin letter "a", so an attacker could register the domain www.αslanbank.com to spoof the legitimate domain www.aslanbank.com. 3. To prevent such attacks, commercial companies should proactively register common IDN variations of their domains containing similar-looking characters from other scripts or languages.
Report
Share
Report
Share
Download to read offline
Recommended
Linux Networking Commands
This document provides an overview of common Linux networking commands such as ifconfig, route, traceroute, nslookup, arp, dig, and netstat that are used to configure network interfaces, display routing tables, trace network routes, lookup domain names, manage address resolution, query DNS servers, and view network statistics. It also discusses how to use ifconfig to assign IP addresses to interfaces, route to view routing tables, arp to manage the address resolution cache, and dig for more powerful DNS lookups than nslookup.
Telnet & Secure Shell
Telnet is an early network protocol that allows text-based access to remote systems but lacks security features. It works at the application layer and provides bidirectional interactive text communication through a virtual terminal connection. SSH was developed as a secure replacement for Telnet, supporting encryption, authentication, and integrity to prevent eavesdropping and spoofing. It uses public/private key cryptography to securely transmit data and authenticate systems. While still used occasionally, SSH is now generally preferred over Telnet for remote access due to its enhanced security.
C# File IO Operations
Provides basic file and directory support classes
Contains types that enable you to read and write files and data streams
Many of the types or classes defined as part of the System.IO namespace are designed around streams
Document Object Model
The document discusses the Document Object Model (DOM), which defines a standard for accessing and manipulating HTML, XML, and SVG documents. It defines the nodes that make up an HTML document as well as the relationships between the nodes. The DOM represents an HTML document as nodes and objects that can be manipulated programmatically. Key points covered include the DOM node tree structure, common node types like elements and attributes, and methods for accessing nodes like getElementById() and getElementsByTagName().
Xml Lecture Notes
This document provides an overview of XML, including:
- XML is not a replacement for HTML, a presentation format, programming language, or network transfer protocol, but can be used with these.
- XML examples demonstrating tags, elements, attributes, and how XML documents form ordered trees.
- Key aspects of XML like namespaces, DTDs, schemas, and how XML documents are linked to external definitions.
Ipsec
This document provides an overview of IPSec, including:
- IPSec aims to secure IP communications by providing authentication, integrity, and confidentiality. It operates in transport and tunnel modes.
- The Internet Key Exchange (IKE) negotiates and establishes security associations to secure communications between two endpoints.
- IPSec policy defines which encryption, hashing, and authentication methods apply to different network traffic using protection suites and proposals.
Introduction to CSS
CSS is used to style and lay out web pages. It allows separation of document content from page layout and design. CSS declarations are made up of selectors and properties. Selectors identify elements on the page and properties set specific styles for those elements, like color, font, size, and layout. CSS rules cascade based on specificity and source, with more specific and inline rules taking precedence over broader and external rules. Inheritance passes down text-based styles by default.
Basics of Denial of Service Attacks
This document discusses denial of service (DoS) attacks, including their history and types. It explains that a DoS attack is a malicious attempt to deny service to customers of a target site or network. The first major DoS attack was the 1988 Morris Worm, which infected 10% of internet computers and cost millions to clean up. Common types of DoS attacks are penetration attacks, eavesdropping, man-in-the-middle attacks, and flooding attacks, which overwhelm a target with traffic. While nothing can entirely prevent DoS attacks, defenses include firewalls, routers, switches, bandwidth limitations, and keeping systems patched. The document concludes that future DoS attacks may aim for broad destabilization rather
Recommended
Linux Networking Commands
This document provides an overview of common Linux networking commands such as ifconfig, route, traceroute, nslookup, arp, dig, and netstat that are used to configure network interfaces, display routing tables, trace network routes, lookup domain names, manage address resolution, query DNS servers, and view network statistics. It also discusses how to use ifconfig to assign IP addresses to interfaces, route to view routing tables, arp to manage the address resolution cache, and dig for more powerful DNS lookups than nslookup.
Telnet & Secure Shell
Telnet is an early network protocol that allows text-based access to remote systems but lacks security features. It works at the application layer and provides bidirectional interactive text communication through a virtual terminal connection. SSH was developed as a secure replacement for Telnet, supporting encryption, authentication, and integrity to prevent eavesdropping and spoofing. It uses public/private key cryptography to securely transmit data and authenticate systems. While still used occasionally, SSH is now generally preferred over Telnet for remote access due to its enhanced security.
C# File IO Operations
Provides basic file and directory support classes
Contains types that enable you to read and write files and data streams
Many of the types or classes defined as part of the System.IO namespace are designed around streams
Document Object Model
The document discusses the Document Object Model (DOM), which defines a standard for accessing and manipulating HTML, XML, and SVG documents. It defines the nodes that make up an HTML document as well as the relationships between the nodes. The DOM represents an HTML document as nodes and objects that can be manipulated programmatically. Key points covered include the DOM node tree structure, common node types like elements and attributes, and methods for accessing nodes like getElementById() and getElementsByTagName().
Xml Lecture Notes
This document provides an overview of XML, including:
- XML is not a replacement for HTML, a presentation format, programming language, or network transfer protocol, but can be used with these.
- XML examples demonstrating tags, elements, attributes, and how XML documents form ordered trees.
- Key aspects of XML like namespaces, DTDs, schemas, and how XML documents are linked to external definitions.
Ipsec
This document provides an overview of IPSec, including:
- IPSec aims to secure IP communications by providing authentication, integrity, and confidentiality. It operates in transport and tunnel modes.
- The Internet Key Exchange (IKE) negotiates and establishes security associations to secure communications between two endpoints.
- IPSec policy defines which encryption, hashing, and authentication methods apply to different network traffic using protection suites and proposals.
Introduction to CSS
CSS is used to style and lay out web pages. It allows separation of document content from page layout and design. CSS declarations are made up of selectors and properties. Selectors identify elements on the page and properties set specific styles for those elements, like color, font, size, and layout. CSS rules cascade based on specificity and source, with more specific and inline rules taking precedence over broader and external rules. Inheritance passes down text-based styles by default.
Basics of Denial of Service Attacks
This document discusses denial of service (DoS) attacks, including their history and types. It explains that a DoS attack is a malicious attempt to deny service to customers of a target site or network. The first major DoS attack was the 1988 Morris Worm, which infected 10% of internet computers and cost millions to clean up. Common types of DoS attacks are penetration attacks, eavesdropping, man-in-the-middle attacks, and flooding attacks, which overwhelm a target with traffic. While nothing can entirely prevent DoS attacks, defenses include firewalls, routers, switches, bandwidth limitations, and keeping systems patched. The document concludes that future DoS attacks may aim for broad destabilization rather
STRUCTURE OF SQL QUERIES
This document defines SQL data definition statements and basic SQL query structure. It discusses DDL statements like CREATE, ALTER, and DROP that are used to define and manage database structures. It also explains the typical components of an SQL query including the SELECT, FROM, and WHERE clauses. Finally, it outlines several set operations in SQL like UNION, UNION ALL, INTERSECT, and MINUS.
Cascading Style Sheet (CSS)
CSS (Cascading Style Sheets) is a markup language used to style and lay out web documents. There are three types of CSS: external style sheets, internal style sheets, and inline styles. External style sheets are ideal for applying styles to many pages, internal style sheets are used for styling a single document with unique styles, and inline styles are applied directly to HTML elements but lose advantages of style sheets.
HTTP Request and Response Structure
https://www.youtube.com/watch?v=lKrbeJ7-J98
HTTP messages are how data is exchanged between a server and a client. There are two types of messages: requests sent by the client to trigger an action on the server, and responses, the answer from the server.
Json
The document provides an overview of working with JSON (JavaScript Object Notation). It introduces JSON, explaining its need and comparing it to XML. It describes JSON syntax rules, data types, objects, and arrays. It discusses how JSON uses JavaScript syntax and can be used in files. The document also covers JSON security concerns, using JSON with JavaScript functions, client-side frameworks, server-side frameworks, replacing XML with JSON, and parsing and AJAX with JSON and jQuery.
Chapter 1 - INTRODUCTION TO PYTHON -MAULIK BORSANIYA
Introduction to Python:
The basic elements of Python, Objects, expressions and numerical Types, Variables and assignments, IDLE, Branching programs, Strings and Input, Iteration
Structured Types, Mutability and Higher-order Functions:
Tuples, Lists and Mutability, Functions as Objects, Strings, Tuples and Lists, Dictionaries
Authentication techniques
The document discusses various authentication techniques, including:
- Password-based authentication using clear text passwords, message digests of passwords, and adding randomness with challenges.
- Authentication tokens, which generate one-time passwords based on a seed value stored in the token and authentication server database.
- Multifactor authentication using passwords, biometrics, and authentication tokens or smart cards.
- Certificate-based authentication using digital certificates issued in a public key infrastructure for verifying user identities.
Kali Linux
Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It contains over 300 security tools and can run on various hardware architectures. Kali is an updated version of BackTrack, which it replaced in 2013 to address dependency issues. Some key tools included are nmap, Wireshark, John the Ripper, and Aircrack-ng. It is maintained by Offensive Security and intended to perform tests from an attacker's perspective to evaluate system vulnerabilities.
Domain Name System (DNS)
A presentation on DNS concepts. It covers the topics DNS Introduction, DNS Hierarchy, DNS Resolution Process,
DNS Components, DNS Types, DNSSEC, DNS over TLS (DoT) & HTTPS (DoH), Oblivious DNS (ODoH).
Php mysql ppt
PHP is a server-side scripting language used to create dynamic web pages. It allows embedding PHP code within HTML pages and interacting with databases. Key elements of PHP include variables, control structures, functions, and sessions. Sessions store user data on the server instead of the client to avoid cookies and allow tracking users across multiple pages.
C#.NET
C# is an object-oriented programming language that is part of Microsoft's .NET framework. It can be used to create web applications, Windows applications, web services, and more. Some key features of C# include being modern, object-oriented, type-safe, and providing cross-platform interoperability through the .NET runtime. It is similar to but also has differences from languages like C++ and Java.
Css Ppt
This document provides an overview of various CSS topics including comments, colors, text formatting, positioning, and cross-browser compatibility. It explains concepts like using hexadecimal color codes, text properties like alignment and decoration, positioning elements with static, relative, absolute and fixed positioning, and strategies for aligning elements and dealing with browser inconsistencies.
android sqlite
The document discusses using SQLite as the database for Android applications, including its history, advantages for mobile use, features, architecture, and examples of creating SQLite databases and performing basic CRUD operations in Android code. It provides an overview of SQLite's lightweight and portable design that makes it suitable for embedded systems like mobile devices.
Javascript
JavaScript is a scripting language used primarily for client-side web development. It is based on the ECMAScript standard but browsers support additional objects like Window and DOM objects. JavaScript can be used to create dynamic and interactive effects on web pages like menus, alerts, and updating content without reloading. It is commonly used for form validation, AJAX applications, and other interactive features. The document provides examples of basic JavaScript concepts like variables, data types, operators, and control structures and how to embed scripts in HTML.
Visual Basic IDE Introduction
Important parts to remember on VB Express or Visual Studio Professional.
What are controls and how to use them and their properties
Windows form application - C# Training
This document provides an overview and instructions for creating a Windows Form Application using C# and Microsoft Visual Studio. It discusses concepts related to Windows Forms and how to add items like forms, controls, properties and events. Code examples are provided for handling events, linking between forms, and accessing the code behind a form. The speaker information and a table of contents are also included.
Linux operating system
Introduction to Linux , Performance and Utilities , Linux pieces, Linux Flavors, Chrome Operating System
Lecture 1 introduction to vb.net
This document provides an overview of Visual Basic .NET (VB.NET):
- VB.NET is an object-oriented programming language developed by Microsoft that is implemented on the .NET framework. It is not backwards compatible with older VB versions.
- VB.NET supports object-oriented concepts and everything is an object that inherits from the base Object class. It has full access to libraries in the .NET Framework.
- The .NET Framework consists of components like the Common Language Runtime and Class Library that enable multi-platform applications to be developed from languages like VB.NET.
Dns ppt
The document is a presentation on DNS (Domain Name System) given by Mauood Hamidi for his dissertation. It covers definitions of DNS, different types of DNS servers, tools used for DNS queries, DNS records, how DNS works to resolve domain names to IP addresses, and components of the DNS system like zones, name servers, and security considerations. It aims to provide an overview of the key concepts and functioning of DNS.
Arrays in python
Arrays in Python can hold multiple values and each element has a numeric index. Arrays can be one-dimensional (1D), two-dimensional (2D), or multi-dimensional. Common operations on arrays include accessing elements, adding/removing elements, concatenating arrays, slicing arrays, looping through elements, and sorting arrays. The NumPy library provides powerful capabilities to work with n-dimensional arrays and matrices.
Php.ppt
PHP is a server-side scripting language used for web development. It allows developers to add dynamic content and functionality to websites. Some key points about PHP from the document:
- PHP code is embedded into HTML and executed on the server to create dynamic web page content. It can be used to connect to databases, process forms, and more.
- PHP has many data types including strings, integers, floats, booleans, arrays, objects, null values and resources. Variables, operators, and conditional statements allow for control flow and data manipulation.
- Common PHP structures include if/else statements for conditional logic, loops like for/while/foreach for iteration, and functions for reusability. Ar
Component Technologies of E-Commerce
The document discusses the key components of an online business, including web servers, web browsers, database software, IP addresses, domain names, and download speeds. It explains that web servers supply website content to users, browsers are needed to view websites, databases store customer information, IP addresses and domain names identify devices and websites, and download speeds impact the user experience. Ensuring platform and browser compatibility is also discussed.
Phishing
The document describes 16 features that are commonly present in phishing emails. These features include non-matching URLs between text and links, use of IP addresses in URLs, differences between sender domains and embedded link domains, high numbers of links, domains or pictures used as links, presence of HTML, JavaScript or forms, small message sizes, use of non-standard ports or hexadecimal/special characters in URLs, and being classified as spam. Each feature is analyzed programmatically and assigned a binary value to determine the likelihood that an email is phishing attempt.
More Related Content
What's hot
STRUCTURE OF SQL QUERIES
This document defines SQL data definition statements and basic SQL query structure. It discusses DDL statements like CREATE, ALTER, and DROP that are used to define and manage database structures. It also explains the typical components of an SQL query including the SELECT, FROM, and WHERE clauses. Finally, it outlines several set operations in SQL like UNION, UNION ALL, INTERSECT, and MINUS.
Cascading Style Sheet (CSS)
CSS (Cascading Style Sheets) is a markup language used to style and lay out web documents. There are three types of CSS: external style sheets, internal style sheets, and inline styles. External style sheets are ideal for applying styles to many pages, internal style sheets are used for styling a single document with unique styles, and inline styles are applied directly to HTML elements but lose advantages of style sheets.
HTTP Request and Response Structure
https://www.youtube.com/watch?v=lKrbeJ7-J98
HTTP messages are how data is exchanged between a server and a client. There are two types of messages: requests sent by the client to trigger an action on the server, and responses, the answer from the server.
Json
The document provides an overview of working with JSON (JavaScript Object Notation). It introduces JSON, explaining its need and comparing it to XML. It describes JSON syntax rules, data types, objects, and arrays. It discusses how JSON uses JavaScript syntax and can be used in files. The document also covers JSON security concerns, using JSON with JavaScript functions, client-side frameworks, server-side frameworks, replacing XML with JSON, and parsing and AJAX with JSON and jQuery.
Chapter 1 - INTRODUCTION TO PYTHON -MAULIK BORSANIYA
Introduction to Python:
The basic elements of Python, Objects, expressions and numerical Types, Variables and assignments, IDLE, Branching programs, Strings and Input, Iteration
Structured Types, Mutability and Higher-order Functions:
Tuples, Lists and Mutability, Functions as Objects, Strings, Tuples and Lists, Dictionaries
Authentication techniques
The document discusses various authentication techniques, including:
- Password-based authentication using clear text passwords, message digests of passwords, and adding randomness with challenges.
- Authentication tokens, which generate one-time passwords based on a seed value stored in the token and authentication server database.
- Multifactor authentication using passwords, biometrics, and authentication tokens or smart cards.
- Certificate-based authentication using digital certificates issued in a public key infrastructure for verifying user identities.
Kali Linux
Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It contains over 300 security tools and can run on various hardware architectures. Kali is an updated version of BackTrack, which it replaced in 2013 to address dependency issues. Some key tools included are nmap, Wireshark, John the Ripper, and Aircrack-ng. It is maintained by Offensive Security and intended to perform tests from an attacker's perspective to evaluate system vulnerabilities.
Domain Name System (DNS)
A presentation on DNS concepts. It covers the topics DNS Introduction, DNS Hierarchy, DNS Resolution Process,
DNS Components, DNS Types, DNSSEC, DNS over TLS (DoT) & HTTPS (DoH), Oblivious DNS (ODoH).
Php mysql ppt
PHP is a server-side scripting language used to create dynamic web pages. It allows embedding PHP code within HTML pages and interacting with databases. Key elements of PHP include variables, control structures, functions, and sessions. Sessions store user data on the server instead of the client to avoid cookies and allow tracking users across multiple pages.
C#.NET
C# is an object-oriented programming language that is part of Microsoft's .NET framework. It can be used to create web applications, Windows applications, web services, and more. Some key features of C# include being modern, object-oriented, type-safe, and providing cross-platform interoperability through the .NET runtime. It is similar to but also has differences from languages like C++ and Java.
Css Ppt
This document provides an overview of various CSS topics including comments, colors, text formatting, positioning, and cross-browser compatibility. It explains concepts like using hexadecimal color codes, text properties like alignment and decoration, positioning elements with static, relative, absolute and fixed positioning, and strategies for aligning elements and dealing with browser inconsistencies.
android sqlite
The document discusses using SQLite as the database for Android applications, including its history, advantages for mobile use, features, architecture, and examples of creating SQLite databases and performing basic CRUD operations in Android code. It provides an overview of SQLite's lightweight and portable design that makes it suitable for embedded systems like mobile devices.
Javascript
JavaScript is a scripting language used primarily for client-side web development. It is based on the ECMAScript standard but browsers support additional objects like Window and DOM objects. JavaScript can be used to create dynamic and interactive effects on web pages like menus, alerts, and updating content without reloading. It is commonly used for form validation, AJAX applications, and other interactive features. The document provides examples of basic JavaScript concepts like variables, data types, operators, and control structures and how to embed scripts in HTML.
Visual Basic IDE Introduction
Important parts to remember on VB Express or Visual Studio Professional.
What are controls and how to use them and their properties
Windows form application - C# Training
This document provides an overview and instructions for creating a Windows Form Application using C# and Microsoft Visual Studio. It discusses concepts related to Windows Forms and how to add items like forms, controls, properties and events. Code examples are provided for handling events, linking between forms, and accessing the code behind a form. The speaker information and a table of contents are also included.
Linux operating system
Introduction to Linux , Performance and Utilities , Linux pieces, Linux Flavors, Chrome Operating System
Lecture 1 introduction to vb.net
This document provides an overview of Visual Basic .NET (VB.NET):
- VB.NET is an object-oriented programming language developed by Microsoft that is implemented on the .NET framework. It is not backwards compatible with older VB versions.
- VB.NET supports object-oriented concepts and everything is an object that inherits from the base Object class. It has full access to libraries in the .NET Framework.
- The .NET Framework consists of components like the Common Language Runtime and Class Library that enable multi-platform applications to be developed from languages like VB.NET.
Dns ppt
The document is a presentation on DNS (Domain Name System) given by Mauood Hamidi for his dissertation. It covers definitions of DNS, different types of DNS servers, tools used for DNS queries, DNS records, how DNS works to resolve domain names to IP addresses, and components of the DNS system like zones, name servers, and security considerations. It aims to provide an overview of the key concepts and functioning of DNS.
Arrays in python
Arrays in Python can hold multiple values and each element has a numeric index. Arrays can be one-dimensional (1D), two-dimensional (2D), or multi-dimensional. Common operations on arrays include accessing elements, adding/removing elements, concatenating arrays, slicing arrays, looping through elements, and sorting arrays. The NumPy library provides powerful capabilities to work with n-dimensional arrays and matrices.
Php.ppt
PHP is a server-side scripting language used for web development. It allows developers to add dynamic content and functionality to websites. Some key points about PHP from the document:
- PHP code is embedded into HTML and executed on the server to create dynamic web page content. It can be used to connect to databases, process forms, and more.
- PHP has many data types including strings, integers, floats, booleans, arrays, objects, null values and resources. Variables, operators, and conditional statements allow for control flow and data manipulation.
- Common PHP structures include if/else statements for conditional logic, loops like for/while/foreach for iteration, and functions for reusability. Ar
What's hot (20)
Chapter 1 - INTRODUCTION TO PYTHON -MAULIK BORSANIYA
Chapter 1 - INTRODUCTION TO PYTHON -MAULIK BORSANIYA
Similar to IDN Homograph Attack and Phishing
Component Technologies of E-Commerce
The document discusses the key components of an online business, including web servers, web browsers, database software, IP addresses, domain names, and download speeds. It explains that web servers supply website content to users, browsers are needed to view websites, databases store customer information, IP addresses and domain names identify devices and websites, and download speeds impact the user experience. Ensuring platform and browser compatibility is also discussed.
Phishing
The document describes 16 features that are commonly present in phishing emails. These features include non-matching URLs between text and links, use of IP addresses in URLs, differences between sender domains and embedded link domains, high numbers of links, domains or pictures used as links, presence of HTML, JavaScript or forms, small message sizes, use of non-standard ports or hexadecimal/special characters in URLs, and being classified as spam. Each feature is analyzed programmatically and assigned a binary value to determine the likelihood that an email is phishing attempt.
Discussion Task #1 Research· Scan and analyze the infogra.docx
Discussion Task
#1 Research
· Scan and analyze the infographic about CRM:
https://www.salesforce.com/crm/what-is-crm-infographic/
·
Links to an external site.
·
· Scan and analyze this article about CRM:
https://www.salesforce.com/crm/what-is-crm/
·
Links to an external site.
·
· Scan and analyze this article about Cloud Computing:
https://www.salesforce.com/products/platform/best-practices/cloud-computing/
·
Links to an external site.
·
· Scan through Chapter 15: Integrating Google Analytics with CRM Data
· Search online to learn more about Customer relationship management (CRM).#2 Answer the Following Question
· What is a CRM system? Basically in your own words explain how a CRM works.
· What is Cloud Computing and what are the benefits of cloud computing (list at least 3 benefits)?
· List 4 kinds of your customer's data CRM systems will collect.
· List 4 benefits of a cloud-based CRM platform
· What do you think is the future of CRM and CRM platforms?#3 Include Your Sources at the Bottom of Your Post
· Be sure to give credit to any resource that you might have used to help you answer these questions, share the website URL.#4 Comment on 2 Classmates Post by Sunday
· Say something that will contribute to a meaningful discussion--this requires time and thought! Thoroughly reflect on and think about the point you are making.
· Fully explain and elaborate your points, using examples, evidence, and logic to explain.
· Speak with precision regarding your meaning, rather than being vague or general.
1st classmate comment :
A CRM system is a way to collect and use a person's information regarding that brand. This can be from signup sheets that are being used for voting, or even for ordering products online.
Cloud computing is a way to access information and implementations online instead of having to access all this information through a company's/person's personal hard drive. It allows for free use of storage and does not limit the people who need all the information they can have. It also is completely autonomous meaning that a person who wanted to access the cloud would not need to bring their floppy disk with them to access the data, but rather can have complete access to it through the cloud. Another great take away is the cloud computing is scalable allowing companies or users to intentionally cut down, or up how much usage they want from the cloud provider unlike floppy disks or even memory cards that have a set number of Gigabytes in them.
However, CRM is also great for collecting data from its customers to help create a greater relationship between the brand, and their customers. Some of the data collected includes client's personal preference of communication, email, phone number, and social media data.
Not just for customers are their benefits, but also for the companies that use Cloud based CRM platforms to. A couple of those being affordabi.
Internationalised Domain Names & Internet Investigations
English is not the only language that the Internet “speaks.” Internationalised Domain Names (IDNs) now allow for domain names in Arabic, Cyrillic, Chinese, and other non-Latin characters. This session will show how to trace IDNs and will examine some of the IDN info security issues. There will be a quick introduction to working with foreign language Websites and useful tips for using online search and translation tools.
Chapter 12 A Manager’s Guide to the Internetand Telecommuni
Chapter 12: A Manager’s Guide to the Internet
and Telecommunications
12.1 Introduction
12.2 Internet 101: Understanding How the Internet Works
12.3 Getting Where You’re Going
12.4 Last Mile: Faster Speed, Broader Access
363
12.1 Introduction
There’s all sorts of hidden magic happening whenever you connect to the Internet. But what really makes it
possible for you to reach servers halfway around the world in just a fraction of a second? Knowing this is not only
flat-out fascinating stuff; it’s also critically important for today’s manager to have at least a working knowledge
of how the Internet functions.
That’s because the Internet is a platform of possibilities and a business enabler. Understanding how the Internet
and networking works can help you brainstorm new products and services and understand roadblocks that might
limit turning your ideas into reality. Marketing professionals who know how the Internet reaches consumers have
a better understanding of how technologies can be used to find and target customers. Finance firms that rely on
trading speed to move billions in the blink of an eye need to master Internet infrastructure to avoid being swept
aside by more nimble market movers. And knowing how the Internet works helps all managers understand where
their firms are vulnerable. In most industries today, if your network goes down then you might as well shut your
doors and go home; it’s nearly impossible to get anything done if you can’t get online. Managers who know
the Net are prepared to take the appropriate steps to secure their firms and keep their organization constantly
connected.
364
12.2 Internet 101: Understanding How the Internet Works
Learning Objectives
After studying this section you should be able to do the following:
1. Describe how the technologies of the Internet combine to answer these questions: What are you
looking for? Where is it? And how do we get there?
2. Interpret a URL, understand what hosts and domains are, describe how domain registration works,
describe cybersquatting, and give examples of conditions that constitute a valid and invalid domain-
related trademark dispute.
3. Describe certain aspects of the Internet infrastructure that are fault-tolerant and support load
balancing.
4. Discuss the role of hosts, domains, IP addresses, and the DNS in making the Internet work.
The Internet is a network of networks—millions of them, actually. If the network at your university, your
employer, or in your home has Internet access, it connects to an Internet service provider (ISP). Many (but not all)
ISPs are big telecommunications companies like Verizon, Comcast, and AT&T. These providers connect to one
another, exchanging traffic, and ensuring your messages can get to any other computer that’s online and willing
to communicate with you.
The Internet has no center and no one owns it. That’s a good thing. The Internet was designed to be redundant
and fault-tolerant—meaning that ...
Low Cost Page Quality Factors To Detect Web Spam
This document presents 32 low-cost page quality factors for detecting web spam pages that can be classified into three categories: URL features, content features, and link features. An experiment was conducted using these factors as inputs to a neural network classifier based on resilient backpropagation learning. The classifier achieved 92% accuracy, 91% efficiency, 93% precision, and 90% F1 score when using all 32 factors, demonstrating their effectiveness at detecting web spam with low computational requirements.
Low Cost Page Quality Factors To Detect Web Spam
Web spam is a big challenge for quality of search engine results. It is very important for search engines to detect web spam accurately. In this paper we present 32 low cost quality factors to classify spam and ham pages on real time basis. These features can be divided in to three categories: (i) URL features, (ii) Content features, and (iii) Link features. We developed a classifier using Resilient Back-propagation learning algorithm of neural network and obtained good accuracy. This classifier can be applied to search engine results on real time because calculation of these features require very little CPU resources.
Low Cost Page Quality Factors To Detect Web Spam
Web spam is a big challenge for quality of search engine results. It is very important for search engines to detect web spam accurately. In this paper we present 32 low cost quality factors to classify spam and ham pages on real time basis. These features can be divided in to three categories: (i) URL features, (ii) Content features, and (iii) Link features. We developed a classifier using Resilient Back-propagation learning
algorithm of neural network and obtained good accuracy. This classifier can be applied to search engine results on real time because calculation of these features require very little CPU resources.
iOS vs android .pptx
The document compares development for Android and iOS platforms. It discusses differences in development costs, screen sizes and resolutions, user experience, physical buttons, supported coding languages, navigation patterns, and target audience reach for each platform. Overall, iOS development typically costs more but offers a more uniform experience across devices, while Android development has more variable costs and experiences due to variations in hardware and customizations from manufacturers.
Normshield 2018 Airlines Phishing Report
This document summarizes a report on phishing domains targeting major airlines in 2018. It finds that over 1,300 phishing domains have been registered in 2018 so far, a 15% reduction from 2017. However, hackers are improving their techniques, as the number of phishing domains with valid SSL certificates doubled from 2017 to 2018. The top registrars used by hackers to register phishing domains are GoDaddy, NameCheap, and DropCatch. Knowing an organization's cyber risk score through tools like NormShield can help identify and remedy vulnerabilities to phishing attacks.
Internet service provider(ISP)An organization or firm th.docx
Internet service provider
(ISP)
An organization or firm that
provides access to the
Internet.
C H A P T E R 1 2
A Manager’s Guide to the
Internet and
Telecommunications
1. INTRODUCTION
There’s all sorts of hidden magic happening whenever you connect to the Internet. But what really
makes it possible for you to reach servers halfway around the world in just a fraction of a second?
Knowing this is not only flat-out fascinating stuff; it’s also critically important for today’s manager to
have at least a working knowledge of how the Internet functions.
That’s because the Internet is a platform of possibilities and a business enabler. Understanding
how the Internet and networking works can help you brainstorm new products and services and un-
derstand roadblocks that might limit turning your ideas into reality. Marketing professionals who
know how the Internet reaches consumers have a better understanding of how technologies can be
used to find and target customers. Finance firms that rely on trading speed to move billions in the blink
of an eye need to master Internet infrastructure to avoid being swept aside by more nimble market
movers. And knowing how the Internet works helps all managers understand where their firms are vul-
nerable. In most industries today, if your network goes down then you might as well shut your doors
and go home; it’s nearly impossible to get anything done if you can’t get online. Managers who know
the Net are prepared to take the appropriate steps to secure their firms and keep their organization
constantly connected.
2. INTERNET 101: UNDERSTANDING HOW THE
INTERNET WORKS
L E A R N I N G O B J E C T I V E S
1. Describe how the technologies of the Internet combine to answer these questions: What are
you looking for? Where is it? And how do we get there?
2. Interpret a URL, understand what hosts and domains are, describe how domain registration
works, describe cybersquatting, and give examples of conditions that constitute a valid and
invalid domain-related trademark dispute.
3. Describe certain aspects of the Internet infrastructure that are fault-tolerant and support load
balancing.
4. Discuss the role of hosts, domains, IP addresses, and the DNS in making the Internet work.
The Internet is a network of networks—millions of them, actually. If the network at your university,
your employer, or in your home has Internet access, it connects to an Internet service provider
(ISP). Many (but not all) ISPs are big telecommunications companies like Verizon, Comcast, and
AT&T. These providers connect to one another, exchanging traffic, and ensuring your messages can
get to any other computer that’s online and willing to communicate with you.
The Internet has no center and no one owns it. That’s a good thing. The Internet was designed to
be redundant and fault-tolerant—meaning that if one network, connecting wire, or server stops work-
ing, everything else should keep on running. Rising from military research and wor.
RansomCloud O365: Pay por your Office 365 e-mail
This paper describes how next generation of ransonware could attack Office 365 users. The idea is that just stealing an OAuth Token, attacker could encrypt all victim´s inbox.
Xamarin the good, the bad and the ugly
Xamarin is a popular tool for building cross-platform mobile apps that allows developers to share up to 80% of code across platforms. It uses C# and provides access to native APIs and libraries. Some benefits include simplified development, faster coding through code reuse, and access to portable class libraries and components. However, Xamarin also has some drawbacks like high licensing costs, delays in supporting latest platform versions, and limited community support and documentation. The document also discusses how Xamarin was used to build an automated asset management app with RFID scanning capabilities that achieved 85% code reuse across platforms.
Web Hosting Terminology
Professional domains are used in terms of relevancy to your business. You can use professional domains that are consistent to your business. Professional domains are generally used with proper research. Many company owners use professional domains to connect customers. For long run business owners prefer using professional domains. Professional domains also refer to .pro extension. .pro extension is used in accountancy, medical, engineers and even lawyers use .pro extension.
A REPORT On DETECTION OF PHISHING WEBSITE USING MACHINE LEARNING
1. The document describes a project to detect phishing websites using machine learning. It discusses using k-means clustering algorithms and features like URLs and domain information to classify websites as legitimate or phishing.
2. A web application was developed with a front-end GUI and a machine learning model as the back-end server. The model analyzes URLs and identifies them as legitimate or phishing sites.
3. Python, NumPy, scikit-learn, and WHOIS databases are used as tools in the detection model to classify websites based on URL and domain features. Screenshots show examples of the web app identifying phishing and legitimate URLs.
School updated
This document contains confidential information about Target Soft Systems, including corporate details, implementation processes, training methods, costs and quality processes. Any disclosure of this confidential information without permission would damage Target Soft Systems. The document also contains an introduction to object-oriented programming concepts like objects, classes, inheritance, polymorphism, abstraction and encapsulation.
Unit8 a1 student_template
This document discusses various aspects of e-commerce websites including: global marketplaces that allow 24/7 trading with low startup costs; search facilities and fluid pricing to build consumer trust; potential issues with lack of human contact, inaccurate product descriptions, and security breaches; and technical components like browsers, web authoring software, databases, IP addresses, domain names, ports and protocols, and browser/platform compatibility. It also covers topics like paying for search engine prominence, newsgroups and forums, banners and popups, spam, effective user interfaces, customer loyalty, site names, direct marketing, hacking and virus prevention, identity theft protection, and using strong passwords.
Domain name
A domain name identifies a website and consists of a name and suffix (e.g. webclincher.com). Domain names must be registered and renewed periodically. In 1985 the first .com domain was registered. Over time, demand led to domain names no longer being free and the introduction of new generic top-level domains. The organization ICANN now manages and introduces new top-level domains.
A novel way of integrating voice recognition and one time passwords to preven...
Phishing is a threat to all users of the internet who intend to use the web for secure transactions. In the
recent years the number of phishing attacks have increased drastically especially since the advent of ecommerce,
net banking and other services that have an emphasis on security. Phishing is characterized as
any malicious attack aided by a spoofed webpage to encourage users to input their security details.
Phishing is largely done to retrieve passwords and security details of unsuspecting users. This paper
details a new and more secure way to counteract the method of phishing
Amazon & E Bay
This document discusses security risks in e-commerce. It outlines several points of vulnerability for attackers, including tricking shoppers, snooping their computers by exploiting security weaknesses, sniffing traffic on unencrypted networks, guessing passwords through automation, and launching denial of service attacks to overwhelm servers. The risks include theft of personal and financial information, disruption of services, and potential shutdown of e-commerce businesses.
Similar to IDN Homograph Attack and Phishing (20)
Discussion Task #1 Research· Scan and analyze the infogra.docx
Discussion Task #1 Research· Scan and analyze the infogra.docx
Internationalised Domain Names & Internet Investigations
Internationalised Domain Names & Internet Investigations
Chapter 12 A Manager’s Guide to the Internetand Telecommuni
Chapter 12 A Manager’s Guide to the Internetand Telecommuni
Internet service provider(ISP)An organization or firm th.docx
Internet service provider(ISP)An organization or firm th.docx
A REPORT On DETECTION OF PHISHING WEBSITE USING MACHINE LEARNING
A REPORT On DETECTION OF PHISHING WEBSITE USING MACHINE LEARNING
A novel way of integrating voice recognition and one time passwords to preven...
A novel way of integrating voice recognition and one time passwords to preven...
Recently uploaded
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Building Production Ready Search Pipelines with Spark and Milvus
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...Edge AI and Vision Alliance
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Removing Uninteresting Bytes in Software Fuzzing
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
UiPath Test Automation using UiPath Test Suite series, part 6
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.
Essentials of Automations: The Art of Triggers and Actions in FME
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Microsoft - Power Platform_G.Aspiotis.pdf
Revolutionizing Application Development
with AI-powered low-code, presentation by George Aspiotis, Sr. Partner Development Manager, Microsoft
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
ここ3000字までしか入らないけどタイトルの方がたくさん文字入ると思います。
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Pushing the limits of ePRTC: 100ns holdover for 100 days
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
How to Get CNIC Information System with Paksim Ga.pptx
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Recently uploaded (20)
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
IDN Homograph Attack and Phishing
- 1. 1
- 2. 2 1. Introduction “The weakest ring of the chain in cyber security is human.” Internationalized Domain Name (IDN) allows people around the world to use domain names in local languages using local letters in the alphabet. IDNs consist of different languages components such as Arabic, Chinese, or Cyrillic, briefly, it is a spoofing method for a domain name. IDNs are encoded by the Unicode standard and are additionally used as allowed by the corresponding IDN protocols. 2. IDN Homograph Attack In some cases, using simple fraud methods, and considering the victim perception for social engineering, the attacker prefers to use similar letters or numbers in alphabets in domain addresses. For instance: Figure 1 As it can be seen from Figure 1, the attacker has preferred to use "0" number instead of "o" letter. A more realistic example is that in an IDN homograph attack, for social engineering methods, an attacker can form one or more fake domain addresses using at least one similar character from a different dildo. Hypothetically, Omicron (U + 03BF), a lowercase letter in Greek, and "o" (U + 006F), a Latin lowercase letter, are very similar and difficult to discern. Figure 2 As it can be seen from Figure 2, obviously, both characters are similar.
- 3. 3 Figure 3 Figure 3 demonstrates the difference between two URLs. Figure 4 Figure 3 demonstrates the fake IDN homograph attack via WhatsApp and unfortunately, the demonstration of the domain name is cleartext, not Punycode, still many apps supports IDN characters and it is a good way for social engineering especially using mobile devices. For instance, let's think about we have a bank and the main domain of the bank is www.aslanbank.com. Utilizing IDN Characters (https://www.unicode.org/reports/tr36/idn- chars.html), it is possible to form similar domain addresses. I prefer to use the first letter of the Greek, Alpha, α instead of a and then form the new domain of www.αslanbank.com. Figure 5
- 4. 4 In normally, due to the Alpha, the domain is converted into www.xn--slanbank-d9f.com and Figure 4 demonstrates it. It is the perfect method for phishing and the other social engineering methods. An interesting point is that considering popular social media platforms, apps, the biggest banks, it is possible to buy many IDN's when I check their domain names utilizing IDN characters. The domain prices are really cheap and for attackers, it, undoubtedly, is a better way for phishing to achieve high phishing rates. 3. Real Case Instances Figure 6 As it can be seen in Figure 6, the "l" is converted into "ı" for apple.com. Figure 7 Figure 7 shows the websites of the big companies' IDN conversion.
- 5. 5 4. Conclusion Browsers such as Google Chrome tries to protect individuals from IDN homograph attack using some policies. Therefore, it is an important element to use the updated browsers or to set options. In the below URLs, there is more detail info about the Chrome and Mozilla IDN Display Algorithm and policies. https://wiki.mozilla.org/IDN_Display_Algorithm https://www.chromium.org/developers/design-documents/idn-in-google-chrome#TOC- Google-Chrome-s-IDN-policy However, for big commercial companies, it is not a solution, it is a solution for just end users. Figure 8 Therefore, taking into consideration of each letters IDN characters combinations, the big companies should buy possible IDNs before the attackers or if the company is small-size or medium-size, can generate each IDN for their main domain addresses, and add them their blacklist.
- 6. 6 For instance, for aslanbank.com example, there are more than 100 IDN possibilities, to protect the customers, it is more logical to buy these possible IDNs, and for the other possible IDNs such as subdomains, it is a solution to add them to the blacklist and report them as a spam. Therefore, for big commercial companies' customers, the generation of the possible IDNs is the key element for the homograph attack.
- 7. 7 5. Some IDN Generators: https://www.irongeek.com/homoglyph-attack-generator.php https://github.com/UndeadSec/EvilURL https://github.com/phishai/idn_generator 6. References: https://www.unicode.org/reports/tr36/idn-chars.html https://www.punycoder.com/ Figure 3: https://www.casaba.com/products/UCAPI/ Figure 5: https://www.pcworld.com/article/3191539/security/phishing-attacks-using- internationalized-domains-are-hard-to-block.html Figure 7: https://www.forensicmag.com/news/2018/02/virtual-case-notes-homograph- phishing-attacks-make-near-perfect-copies-popular-domain-names