funny accents exploring genuine interest in
play

Funny Accents: Exploring Genuine Interest in Internationalized - PowerPoint PPT Presentation

Feb 06, 2023 •734 likes •1.04k views

Funny Accents: Exploring Genuine Interest in Internationalized Domain Names Victor Le Pochat , Tom Van Goethem, Wouter Joosen PAM 2019 , 29 March 2019 What do these brands have in common? 2 What do these brands have in common? 3

  1. Funny Accents: Exploring Genuine Interest in Internationalized Domain Names Victor Le Pochat , Tom Van Goethem, Wouter Joosen PAM 2019 , 29 March 2019

  2. What do these brands have in common? 2

  3. What do these brands have in common? 3

  4. Internationalized Domain Names (IDNs) allow Unicode characters in domain names DNS köln.de xn--kln-sna.de google.com google.com xn--d1acpjx3f.xn--p1ai User agent Punycode яндекс . рф 4

  5. 5

  6. IDNs can be abused due to visual similarity [Hol06, Liu18] www.google.com www.go ọ gle.com ≠ www.nestle.com www.nestl é .com ? www.google.com www.goog I e.com ≠ www.google.com ≠ www.go о gle.com 6

  7. Brands may want to use IDNs with genuine interest ... › corresponds to brand › easier to read and understand 7

  8. ... but malicious actors might want to do so too › corresponds to brand › easier to read and understand › more difficult to distinguish legitimate site from phishing › abuse typed domain with accents 8

  9. Generating candidate domains Ownership, use and abuse User agent behavior 9

  10. Generating candidate domains Ownership, use and abuse User agent behavior 10

  11. nestle.com Home | Nestlé Global home nestlé global home nestle global Root page title Original domain Convert to lowercase, remove punctuation Remove accents 11 (Apply substitutions) (köln → koeln)

  12. nestle .com Home | Nestlé Global home nestlé global home nestle global 12

  13. nestle .com Home | Nestlé Global home nestlé global home nestle global 13

  14. nestle .com nestlé .com Home | Nestlé Global home nestlé global home nestle global 14

  15. Generating candidate domains Ownership, use and abuse User agent behavior 15

  16. Have these IDNs already been registered? unavailable/ 1 000 000 Tranco [LeP19] 16 readily available 6 608 (54.7%) restrictions additional 4 116 (34.1%) 15 276 with TLD policy non-compliant 1 363 (11.3%) unregistered 12 087 (79.1%) registered 3 189 (20.9%) candidates ↓

  17. Who owns the registered IDNs? 17 59.1% 34.6% (likely) same different

  18. How are the registered IDNs being used? 18 26.8% 41.6% 23.5% 'forgotten' parked/for sale same content

  19. Are the registered IDNs being abused? Phishing domains can evade blacklisting Parked domains only sometimes redirect to malicious content [Vis15, Tia18] 19 › No known malicious activity (blacklists) › Some questionable behavior

  20. pokémongo.com 20

  21. Generating candidate domains Ownership, use and abuse User agent behavior 21

  22. Browsers display IDNs differently (even on popularity) 22 pokémon.com xn--pokmon-dva.com Unicode Unicode unless popular Punycode Email clients: similar inconsistencies, even within vendors

  23. IDNA standard revision introduced “deviations” strasse.de xn--strae-oqa.de IDNA2003 IDNA2008 ≠ straße.de 23 A 89.31.143.1 A 81.169.145.78

  24. IDNA standard revision introduced “deviations” strasse.de xn--strae-oqa.de IDNA2003 IDNA2008 ≠ straße.de 24 A 89.31.143.1 A 81.169.145.78

  25. iOS Mail before 12.1.1 was vulnerable to phishing 25 victor@straße.de From: Subject: Test of IDN support by Victor Hello This is a test for IDN support by email Awesome Email Client [CVE-2018-4429] From: <victor@xn--strae-oqa.de> Date: Tue, 2 Oct 2018 14:22:27 +0200 Subject: Test of IDN support by Victor

  26. iOS Mail before 12.1.1 was vulnerable to phishing Hello here. You can trust us ;) Please input your bank credentials Important mail from your bank it@sparkasse-giessen.de Awesome Email Client Please input your bank credentials here. Important mail from your bank 26 Subject: it@sparkasse-gießen.de From: Sparkasse IT From: <it@xn--sparkasse-gieen-2ib.de> Date: Tue, 2 Oct 2018 14:22:27 +0200 Subject: Important mail from your bank

  27. Shortcomings of key actors limit IDN uptake but not widely implemented but they sometimes 'forget' them and many also leave them to squatters but inconsistent support 27 › Registries: guidelines to prohibit or limit registrations of IDNs › Brand owners: some own their 'genuine interest' IDNs › User agents: primary point of interaction with IDNs for users

  28. Thank you! Datasets: https://osf.io/s96dg/ Victor.LePochat@cs.kuleuven.be

  29. References Distributed System Security Symposium, February 2019. https://doi.org/10.14722/ndss.2019.23386 https://doi.org/10.1145/3278532.3278569 phishing domains in the wild. In: Internet Measurement Conference, pp. 429–442. ACM (2018). [Tia18] Tian, K., Jan, S.T.K., Hu, H., Yao, D., Wang, G.: Needle in a haystack: tracking down elite 5. (2015) domains. In: 22nd Annual Network and Distributed System Security Symposium. Internet Society [Vis15] Vissers, T., Joosen, W., Nikiforakis, N.: Parking sensors: analyzing and detecting parked 4. research-oriented top sites ranking hardened against manipulation. In: 26th Annual Network and 1. [LeP19] Le Pochat, V., Van Goethem, T., Tajalizadehkhoob, S., Korczyński, M., Joosen, W.: Tranco: a 3. 654–665 (2018). https://doi.org/10.1109/DSN.2018.00072 ugly. In: 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pp. [Liu18] Liu, B., et al.: A reexamination of internationalized domain names: the good, the bad and the 2. (2006) of homograph attacks. In: USENIX Annual Technical Conference, pp. 261–266. USENIX Association [Hol06] Holgers, T., Watson, D.E., Gribble, S.D.: Cutting through the confusion: a measurement study 29

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Evidence for lexically driven adaptation to novel accents in early development CIMSA April 7,

Evidence for lexically driven adaptation to novel accents in early development CIMSA April 7,

Evidence for lexically driven adaptation to novel accents in early development CIMSA April 7, 2013 The problem with accents The goal: understand meaning The task: BALL Adults and accents Role of top-down feedback in driving

646 views • 29 slides
Why Choose Child Development? You have a genuine interest in babies and children You want

Why Choose Child Development? You have a genuine interest in babies and children You want

Why Choose Child Development? You have a genuine interest in babies and children You want to understand how they are conceived, born and develop from birth to aged 5yrs Want to work with small children post 16 Want to work as a

321 views • 3 slides
ACCENT PANEL III ACCENTS OF SOUTH ASIA VASTA 2014 LONDON 3 SOUTH ASIAN ACCENTS TAMIL

ACCENT PANEL III ACCENTS OF SOUTH ASIA VASTA 2014 LONDON 3 SOUTH ASIAN ACCENTS TAMIL

ACCENT PANEL III ACCENTS OF SOUTH ASIA VASTA 2014 LONDON 3 SOUTH ASIAN ACCENTS TAMIL ENGLISH BANDRA ENGLISH PANJABI ENGLISH SAMPLES &amp; BREAKDOWNS: WWW.YORKU.CA/EARMSTRO/SOUTHASIA/ HMMMM.... COMMON FEATURES LABIODENTAL [ ] FOR

444 views • 15 slides
Genuine Parts 2Q20 Earnings Presentation July 30, 2020 Genuine Parts Company Snapshot (NYSE: GPC)

Genuine Parts 2Q20 Earnings Presentation July 30, 2020 Genuine Parts Company Snapshot (NYSE: GPC)

Genuine Parts 2Q20 Earnings Presentation July 30, 2020 Genuine Parts Company Snapshot (NYSE: GPC) KEY STATISTICS 1 GLOBAL FOOTPRINT TTM 2020 Revenue by Region 1,2 Founded 1928 Headquarters Atlanta, GA Countries Served 14 Locations 10,575

592 views • 25 slides
P honotactics Darrell Larsen Linguistics 101 Phonotactics A Note on Foreign Accents O utline 1

P honotactics Darrell Larsen Linguistics 101 Phonotactics A Note on Foreign Accents O utline 1

Phonotactics A Note on Foreign Accents P honotactics Darrell Larsen Linguistics 101 Phonotactics A Note on Foreign Accents O utline 1 P honotactics Syllable Structure Constraints Sound Sequence Constraints Resolving Constraint Violations 2 A

439 views • 16 slides
No conflicts of interest related to this Exploring Brain Connectivity in Autism presentation and

No conflicts of interest related to this Exploring Brain Connectivity in Autism presentation and

No conflicts of interest related to this Exploring Brain Connectivity in Autism presentation and Sensory Processing Disorders Funding Dr. Muhkerjee: General Electric Board Member &amp; Research Support (mild UCSF Developmental

588 views • 14 slides
P honotactics Darrell Larsen Linguistics 101 Phonotactics A Note on Foreign Accents Notes O

P honotactics Darrell Larsen Linguistics 101 Phonotactics A Note on Foreign Accents Notes O

Phonotactics A Note on Foreign Accents Notes P honotactics Darrell Larsen Linguistics 101 Phonotactics A Note on Foreign Accents Notes O utline 1 P honotactics Syllable Structure Constraints Sound Sequence Constraints Resolving Constraint

512 views • 8 slides
BBN-ANG-243 Advanced Phonology: Phonological Analysis Variation, Accents Kiss Zoltn /

BBN-ANG-243 Advanced Phonology: Phonological Analysis Variation, Accents Kiss Zoltn /

Page 1 of 18 BBN-ANG-243 Advanced Phonology: Phonological Analysis Variation, Accents Kiss Zoltn / Szigetvri Pter / Trkenczy Mikls Dept of English Linguistics, Etvs Lornd University (1) Topics discussed in this lecture

506 views • 18 slides
Hello kids! Welcome to Gadouras Dam. I know the name sounds funny, but I like it a lot as the dam

Hello kids! Welcome to Gadouras Dam. I know the name sounds funny, but I like it a lot as the dam

Hello kids! Welcome to Gadouras Dam. I know the name sounds funny, but I like it a lot as the dam and the river that starts here have my name. You see, in the old days, when people were carrying things with donkeys, they were having trouble

807 views • 8 slides
Attitudes to Accents in Britain Ideologies, phonetic detail and the reproduction of accent bias

Attitudes to Accents in Britain Ideologies, phonetic detail and the reproduction of accent bias

Attitudes to Accents in Britain Ideologies, phonetic detail and the reproduction of accent bias Erez Levon, Devyani Sharma, Amanda Cardoso, Yang Ye &amp; Dominic Watt LSA Annual Meeting | 2 January 2020 The moment an Englishman opens his

818 views • 23 slides
1 WIS 2 WIS 3 WIS 4 WIS 5 WIS Funny! Good storyline! Fantastic

1 WIS 2 WIS 3 WIS 4 WIS 5 WIS Funny! Good storyline! Fantastic

1 WIS 2 WIS 3 WIS 4 WIS 5 WIS Funny! Good storyline! Fantastic Animation! 6 WIS 7 WIS Horrible plot! Exiting story! 8 WIS

692 views • 14 slides
Information Structure Annotation and Secondary Accents Arndt Riester 1 Stefan Baumann 2 1

Information Structure Annotation and Secondary Accents Arndt Riester 1 Stefan Baumann 2 1

Information Structure Annotation and Secondary Accents Arndt Riester 1 Stefan Baumann 2 1 Institute for Natural Language Processing University of Stuttgart 2 IfL Phonetics University of Cologne DGfS Workshop Beyond Semantics 24.2.2011 Riester

939 views • 56 slides
CATEGORICAL VS. EPISODIC MEMORY FOR PITCH ACCENTS IN ENGLISH by Amelia E. Kimball, Jennifer Cole,

CATEGORICAL VS. EPISODIC MEMORY FOR PITCH ACCENTS IN ENGLISH by Amelia E. Kimball, Jennifer Cole,

CATEGORICAL VS. EPISODIC MEMORY FOR PITCH ACCENTS IN ENGLISH by Amelia E. Kimball, Jennifer Cole, Gery Dell &amp; Stefanie Shattuck-Hufnagel Presented by Ben Posner for the Seminar Exemplar Theorie by Prof. Dr. Bernd Mbius Categorical Memory

762 views • 47 slides
ROBBERS ROOST Oil is a funny thing. It is likely to turn up in the most unlikely places. -J.

ROBBERS ROOST Oil is a funny thing. It is likely to turn up in the most unlikely places. -J.

LC NEVADA OIL WELL PROSPECT ROBBERS ROOST Oil is a funny thing. It is likely to turn up in the most unlikely places. -J. PAUL GETTY Wildcatter, Billionaire ROBBERS ROOST $25 /Bbl. ECONOMIC PROJECTION An Ely formation wildcat, drilled by RAM

587 views • 16 slides
WHY PICKLEBALL? An Introductory Guide to Pickleball The fun sport with the funny name Prepared by

WHY PICKLEBALL? An Introductory Guide to Pickleball The fun sport with the funny name Prepared by

WHY PICKLEBALL? An Introductory Guide to Pickleball The fun sport with the funny name Prepared by Dave Whitefield USA Pickleball Association Ambassador for the Greater Carson City Area 09. 20200309 CTA Agenda Report Pickleball Presentation Page 1

614 views • 16 slides
Exploring &amp; Visualizing Hot &amp; Cold Game metaphor Picture as exploration Most of the

Exploring &amp; Visualizing Hot &amp; Cold Game metaphor Picture as exploration Most of the

Fedor Andreev Western Illinois University Exploring &amp; Visualizing Hot &amp; Cold Game metaphor Picture as exploration Most of the polynomiography methods are based on root-finding Roots themselves however present little interest

310 views • 26 slides
taken as: the length of the design vehicle + 6 inches (for bumper clearance) For small cars:

taken as: the length of the design vehicle + 6 inches (for bumper clearance) For small cars:

2. Parking stall length and depth Parking length is measured parallel to the parking angle. It is generally taken as: the length of the design vehicle + 6 inches (for bumper clearance) For small cars: length= 175+6= 181 For

395 views • 11 slides
Visualizing Network Security Policy with NP-View CREDC Presentation - Friday September 30, 2016 -

Visualizing Network Security Policy with NP-View CREDC Presentation - Friday September 30, 2016 -

Visualizing Network Security Policy with NP-View CREDC Presentation - Friday September 30, 2016 - Robin Berthier (rgb@illinois.edu) History APT NetAPT NP-View PhD thesis project by Sankalp Singh, started in 2006 Automatic Verification

491 views • 16 slides
Continuous-Discrete Filtering using the Zakai Equation: Smooth Likelihood Surface Hermann Singer

Continuous-Discrete Filtering using the Zakai Equation: Smooth Likelihood Surface Hermann Singer

Continuous-Discrete Filtering using the Zakai Equation: Smooth Likelihood Surface Hermann Singer Department of Economics FernUniversitt in Hagen Statistische Woche Trier September 2019 October 16, 2019 1/21 Continuous Time State Space

512 views • 23 slides
RES212 Lab #2 Netfilter/iptables Firewall The goal of this lab is to let you become acquainted

RES212 Lab #2 Netfilter/iptables Firewall The goal of this lab is to let you become acquainted

https://res212.telecom-paristech.fr TP02v1 2018/05/31 RES212 Lab #2 Netfilter/iptables Firewall The goal of this lab is to let you become acquainted with the design, configuration and testing of firewalls. Given the limited amount of time,

736 views • 14 slides
The FT eb pp: Coding responsively Dr Robert Shilston (rob@labs.ft.com) Director, FT Labs

The FT eb pp: Coding responsively Dr Robert Shilston (rob@labs.ft.com) Director, FT Labs

The FT eb pp: Coding responsively Dr Robert Shilston (rob@labs.ft.com) Director, FT Labs (@ftlabs) Historical comparison 1880 1900 1920 1940 1960 1980 2000 2020 Ne sprint orks o ffl ine Fast start up Portable

902 views • 54 slides
Network Security Epilogue Marcus Bendtsen, Andrei Gurtov Institutionen fr Datavetenskap (IDA)

Network Security Epilogue Marcus Bendtsen, Andrei Gurtov Institutionen fr Datavetenskap (IDA)

Network Security Epilogue Marcus Bendtsen, Andrei Gurtov Institutionen fr Datavetenskap (IDA) Avdelningen fr Databas- och Informationsteknik (ADIT) The biggest threat to any security system PEOPLE ARE PEOPLE 2 Social Engineering

488 views • 12 slides
Home Automation for tinkerers Ablio Costa amfcalt@gmail.com Once upon a time... Where it all

Home Automation for tinkerers Ablio Costa amfcalt@gmail.com Once upon a time... Where it all

Home Automation for tinkerers Ablio Costa amfcalt@gmail.com Once upon a time... Where it all begun I had 3 wireless power sockets! (yay?) But I was using only one. Why? Only a single remote: How to use the other two in

561 views • 31 slides
Universit degli Studi di Napoli Federico II Corso di Applicazioni Telematiche a. a. 2010-2011

Universit degli Studi di Napoli Federico II Corso di Applicazioni Telematiche a. a. 2010-2011

Universit degli Studi di Napoli Federico II Corso di Applicazioni Telematiche a. a. 2010-2011 Simon Pietro Romano spromano@unina.it Simon Pietro Romano Applicazioni Telematiche 2009-2010 1 Session Initiation Protocol (SIP) SIP overview

464 views • 32 slides

More recommend