BACK TO LIST

From Emoji to Zero-Day: Latin Homoglyphs in Domains and Subdomains

Matt Hamilton
on Mar 4, 2020 8:35:55 AM

ADVISORY SUMMARY

Security researcher Matt Hamilton (a Bishop Fox alumnus, now with Soluble) published a new security advisory about homograph domain names on gTLDs (.com, .net, etc) as well as subdomains within some SaaS companies using homoglyph characters. The attack is similar to an IDN Homograph attack and presents all the same risks. An attacker could register a domain or subdomain which appears visually identical to its legitimate counterpart and perform social-engineering or insider attacks against an organization.
 

Hamilton announced that between 2017 and today, more than a dozen homograph domains have had active HTTPS certificates. This included prominent financial, internet shopping, technology, and other Fortune 100 sites.

In a partnership between Soluble and Bishop Fox, Verisign and SaaS services (Google, Amazon, Wasabi, DigitalOcean) were notified of the vulnerability and have received continuous updates on the ongoing research. The full disclosure timeline and technical details are available here.
Technical details are available here.

Keywords

Related Content

Advisories SolarWinds Log & Event Manager - Improper Access Control
Advisories SolarWinds Serv-U Managed File Transfer – Denial of Service
Advisories SolarWinds Serv-U Managed File Transfer – Insufficient Session ID Entropy

MANAGED SERVICES

CONSULTING SERVICES

PARTNER PROGRAMS

LABS | RESEARCH & RESOURCES

CAREERS

COMPANY

COMMUNITY

CONTACT

ADDRESS

8240 S. Kyrene Rd.
Suite A113
Tempe, AZ
85284
United States

Copyright © 2020   Bishop Fox Privacy Statement