[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
Exploiting XML namespaces formatted as IRIs (InternationalizedResource Identifiers) to perpetrate an IDN homograph attack
- From: "Costello, Roger L." <costello@mitre.org>
- To: "xml-dev@lists.xml.org" <xml-dev@lists.xml.org>
- Date: Fri, 9 Dec 2011 16:24:43 +0000
Hi Folks,
The namespaces in XML 1.1 can be any IRI (Internationalized Resource Identifier) [1]
Oftentimes namespaces are used in a dual role, as a label for an XML vocabulary and as an actual URL that one can dereference to get further information.
Namespaces formatted as IRIs opens up the possibility for a new type of attack: an IDN homograph attack [2].
The internationalized domain name (IDN) homograph attack is a way a malicious party may deceive users about what remote system they are communicating with, by exploiting the fact that many different characters look alike, (i.e., they are homographs, hence the term for the attack). For example, consider an XML document with the namespace http://www.citibank.com
<Document xmlns=" http://www.citibank.com">
...
</Document>
where the Latin C is replaced with the Cyrillic ó. A user of the XML document may dereference the namespace URL and end up at a web site that looks like Citibank but isn't. If the user were to enter their username and password then their information would go into the wrong hands.
How can this attack be prevented?
/Roger
[1] http://www.w3.org/TR/xml-names11/#iri-use
[2] http://en.wikipedia.org/wiki/IDN_homograph_attack
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]