Monthly Archives: December 2008

Unicode attacks and test cases: IDN and IRI display, normalization and anti-spoofing

Posted on December 16, 2008 by Chris Weber

Internationalized Resource Identifiers (IRI’s) are a new take on the old URI (Uniform Resource Identifier), which through RFC 3986 restricted domain names to a subset of ASCII characters – mainly lower and upper case letters, numbers, and some punctuation. IRI’s … Continue reading →

Posted in Unicode, testing | Tagged confusables, testing | 1 Comment

Unicode attacks and test cases – Visual Spoofing, IDN homograph attacks, and the Whole Script Confusables

Posted on December 11, 2008 by Chris Weber

More on lookalikes, confusables, IDN homograph attacks, and other fun stuff, continued from the previous post. To recap, the three classes of confusables are: Single-script Mixed-script Whole-script Whole-script confusables It’s starting to make sense now. Let’s look at the Unicode … Continue reading →

Posted in Unicode | Tagged confusables, testing, Unicode | Leave a comment

Unicode attacks and test cases – Visual Spoofing, IDN homograph attacks, and the Mixed Script Confusables

Posted on December 9, 2008 by Chris Weber

More on lookalikes, confusables, IDN homograph attacks, and other fun stuff, continued from the previous post. Mixed-script confusables These occur when letters from one alphabet or script, are used to give the same visual appearance as letters from a completely … Continue reading →

Posted in Unicode, security, testing | Tagged confusables, testing, Unicode | Leave a comment

Word mirrors, mirrored words

Posted on December 6, 2008 by Chris Weber

While researching the confusables it became apparent that this was just the sort of thing 13 year-old jokers would love. And still, there was more confusion to be had, so I started with Mark Davis’s mirrored ASCII Unicode mappings, modified … Continue reading →

Posted in Unicode | Tagged confusables, Unicode | 1 Comment

Unicode attacks and test cases – Visual Spoofing, IDN homograph attacks, and the Single Script Confusables

Posted on December 3, 2008 by Chris Weber

More on lookalikes, confusables, IDN homograph attacks, and other fun stuff, continued from the previous post. The Confusables These types of visual attacks are attributed to what’s known as ‘the confusables‘ and have been documented in Unicode’s Technical Report 36 … Continue reading →

Posted in Unicode, security | Tagged confusables, testing, Unicode | 5 Comments