Internationalized Domain Names… and its possible bad uses
2022-09-25, 13:50–14:30, Tesla

Internationalized Domain Names, or IDNs, exist for a good reason : ASCII is not the only alphabet in the world. But could IDNs be exploited to lure users on bad websites?

We'll go through DNS and IDNs naming history, past exploitations of homograph attacks, some attacks I've done, and ways to protect you against homograph attacks.


Plan of the presentation (subjected to change):

Domain names

  • A bit of history
  • What is IDN?
  • Punycode?

Let’s play a game :)

In the wild
- Some historical examples of IDN squatting in the wild
- What about bad guys?
- A bad idea later... my funny IDN squatting
- Consequences

How to patch/protec/prevent?