BastilleBSD 
More IDN homograph detection research today. This screenshot is a bit horrifying considering how nearly identical many of the invalid entries visually match the valid entry (top).
Screenshot from my custom (Rust) DNS filtering-forwarder with new experimental runtime IDN homograph detection against a predefined protected domain list.
Screenshot results reflect these punycodes:
xn--ggle-55da.com google.com BLOCK
xn--pypl-53dc.com paypal.com BLOCK
xn--pple-43d.com apple.com BLOCK
xn--fiq228c5hs.cn chinese ALLOW
Today I fell down the rabbit hole of detecting and blocking IDN homograph attacks at the DNS level. Some of the homograph domains are clever!
Martin SchäferTIL: #English "desert" as a noun is actually a #homograph: there is desert_1 /ˈdɛz.ɚt/ (as in "the camels in the desert", but also desert_2 /dɪˈzɝt/ 'that which is deserved' as in " Will the bad get their just deserts?"
And then of course there is also the verb "desert", as in "Don't desert me", homonym of desert_2
And then of course there is also the verb "desert", as in "Don't desert me", homonym of desert_2
Outpost24How do homograph attacks deceive even the most cautious users?
Homograph attacks are a growing threat in the world of cybersecurity. These attacks use characters from different alphabets that look similar to create deceptive domain names, tricking users into visiting fake websites and potentially compromising sensitive information.
🔗 All you need to know about homograph attacks https://outpost24.com/blog/homograph-attacks-how-hackers-exploit-look-alike-domains/
Renaud Lifchitz 
GitHub - evilsocket/ditto: A #tool for #IDN #homograph #attacks and #detection
https://github.com/evilsocket/ditto
https://github.com/evilsocket/ditto
Jocelyn SordoniWelcome to the #Promptodon #WritingPrompt also today's #Haiku
Today's Prompt (Jan 5):
Caterwaul, my cat,
I'll cater for y'all when you
Clau up that nice waul.
Nathan Wasson 🇺🇦Urgent #Microsoft Office Security Alert: All Applications Vulnerable To #Homograph Attacks
#cybersecurity #phishing
https://hothardware.com/news/microsoft-office-security-alert-applications-vulnerable-homograph-attacks
#cybersecurity #phishing
https://hothardware.com/news/microsoft-office-security-alert-applications-vulnerable-homograph-attacks
Terence Eden
It is spelled "URl"
There are many sectarian divides in computer. "Little-Endians" and "Big-Endians" wage bitter war against each other over the order of bits. Should line in text files end with \r\n or just \n? And both vi and emacs users fight betwixt themselves while ignoring the superior foe - nano. Perhaps the most contentious of these is the battle between URI and URL. Should we refer to links on the web…
Terence Eden’s BlogIt is spelled "URl"
https://shkspr.mobi/blog/2020/03/it-is-spelled-url/
There are many sectarian divides in computer.
- "Little-Endians" and "Big-Endians" wage bitter war against each other over the order of bits.
- Should line in text files end with
\r\nor just\n? - And both
viandemacsusers fight betwixt themselves while ignoring the superior foe -nano.
Perhaps the most contentious of these is the battle between URI and URL. Should we refer to links on the web as Uniform Resource Identifiers or Locators? Obviously there is a correct answer - and anyone who disagrees is a heretic.
So, I've come up with a compromise guaranteed to annoy satisfy everyone - URl.
That's upper-case U, upper-case R, lower case L.
Perfect!
It is spelled "URl"
There are many sectarian divides in computer. "Little-Endians" and "Big-Endians" wage bitter war against each other over the order of bits. Should line in text files end with \r\n or just \n? And both vi and emacs users fight betwixt themselves while ignoring the superior foe - nano. Perhaps the most contentious of these is the battle between URI and URL. Should we refer to links on the web…