An internationalized domain name (IDN) homograph attack is a method of deceiving computer users about the remote computer they’re communicating with. It exploits the fact that many characters are homographs, meaning they look alike. Homographs allow a malicious party to create an IDN that appears very similar to an established domain, which can then be used to lure users to the new website.
In a previous blog, we explored the important differences between base domains and full path URLs. In this post, we wanted to take a step back and cover the basics—the individual structural elements of a URL (Uniform Resource Locator).
Over many years or testing, trial and error, zvelo ultimately determined that a human-machine “hybrid” approach to classification produced the best outcomes. The Human element provided the verifications necessary for the highest levels of accuracy, while machines (ie. AI/ML models and calculations) provided the scaling necessary to deal with the incredible volumes of new URLs and content being published at an increasing rate.
As discussed in a previous blog, DNS RPZ provides IT teams and network administrators with a “DNS configuration layer”, or rewrite module, to effectively handle DNS responses with the open source domain name system software, BIND.
Since the release of BIND 9 in 2010, RPZ has proven a powerful technology for security and network management—allowing organizations to implement an additional DNS configuration layer. In fact, BIND is the most widely used Domain Name System software on the internet—making RPZ configuration options like integrating commercial feeds, blocklists, and URL databases like zveloDB™ all the more attractive. So let’s take a moment to revisit the advantages of RPZ.
For the average web surfer, the URL bar provides a magical portal to the interwebz where anything that can be thought of can be entered—revealing the treasures of the internet at the stroke of ‘enter’. For the rest of us, we know it gets much more complicated than that as we slip down the rabbit hole and into OSI, DNS, TLS, HTTPS, subdomains…
A leading CASB company required a highly accurate and extremely fast URL vetting solution to help identify links to malware and other malicious threats for cloud-hosted documents, applications and associated sync services.
DetailsIf we have a thousand monkeys typing away on a thousand typewriters, surely they can produce great works of literature – or so goes the popular adaptation of the Infinite Monkey Theorem. But in the context of information security, a similar idea has been taking shape in past few years. Crowdsourced security, leveraging on input from a host of geographically dispersed systems, is slowly gaining ground as a means to provide actionable threat intelligence for both the public and private sectors.
Recent events serve as the best example of how the context of security has shifted from the once server-centric model to that of a decentralized threat landscape. From the Heartbleed attacks to the widespread Internet Explorer vulnerabilities and finally the sensationalized OAuth issues, it appears that even organizations with a hardened perimeter infrastructure are just as vulnerable as an end-user at home.
An Interview with Jeff Finn, CEO of zvelo
You have the firewall that blocks incoming viruses, worms and spyware. However, if you are not utilizing web filtering, your IT security solution is not complete. Jeff Finn, CEO of zvelo, recently interviewed with Kerio, a zvelo OEM Partner, about zvelo’s web categorization services used in the Kerio Web Filter.