"The .om (Oman) Domain and the Dangers of Typosquatting"
44 replies, posted
[quote]House of Cards Season 4 debuted on Netflix this past weekend, much to the joy of millions of fans, including many Endgamers. One particular Endgamer made an innocent, but potentially damaging mistake. He mistyped the domain “[url]www.netflix.com”[/url] as “netflix.om” in his browser, accidentally dropping the “c” in “.com”. He did not get a DNS resolution error, which would have indicated the domain he typed doesn’t exist. Instead, due to the registration of “netflix.om” by a malicious actor, the domain resolved successfully. His browser was immediately redirected several times, and eventually landed on a “Flash Updater” page with all the usual annoying (and to an untrained user, terrifying) scareware pop-ups. Luckily, the Endgamer recognized danger and retreated swiftly, avoiding harm. - See more at: [url]https://www.endgame.com/blog/what-does-oman-house-cards-and-typosquatting-have-common-om-domain-and-dangers-typosquatting#sthash.Pxua5qaV.dpuf[/url]
(...)
How many .om’s are registered and possibly malicious?
We began our research of .om abuse by attempting to determine how many .om domains are associated with popular sites, who is registering these domains, and what is hosted at those sites. To do this, we went through the 5,000 most popular domains globally and attempted to resolve whether the brand had an associated <brand>.om or <brand>c.om. We discovered 334 domains that meet this criteria and are currently pointing to active sites. There may be others that are registered, but are currently down or are in the process of being purchased.[/quote]
[url]https://www.endgame.com/blog/what-does-oman-house-cards-and-typosquatting-have-common-om-domain-and-dangers-typosquatting[/url]
There's good squatting on one of those.
Same shit with goggle / googe .com for example. Common typos, buy the domain, viruses because humans are shit! :(
Where do you even buy .om domains? namecheap doesnt seem to offer them
Good thing I don't use Netflix.
[QUOTE=ramdev;49913809]Where do you even buy .om domains? namecheap doesnt seem to offer them[/QUOTE]
Google: .om tld domain registrar
They look like they're about ~$250 USD a year which makes this a pretty expensive exercise.
[QUOTE=TheNerdPest14;49913812]Good thing I don't use Netflix.[/QUOTE]
Did you even read?
This is (one of) the reasons I don't type in domains to get to them; I bookmark or Google search the name of the website.
[QUOTE=icarusfoundyou;49913814]Google: .om tld domain registrar
They look like they're about ~$250 USD a year which makes this a pretty expensive exercise.[/QUOTE]
Basically pennies if you are registering one for malicious intent and have the ability to actually carry through with infections.
Buying netflix.om and then using it for something as dumb as a virus....comon where is the creatism in that.
Should have placed a massive House of Cards spoiler instead :v:
the .tv domain extension used to belong to some small island, tiviluvia or something, they got loads of money for selling it
They can be taken down if the companies talk to icann, anyway, no?
Literally who thought .co, .cm, and .om were good suffixes for URLs??
Why can't we just have .com/.org/.net/.edu/.gov?
5 seems sufficient? I don't see a benefit in having netflix.com and netflix.org and netflix.net as alternative sites, it just adds to the number of suffixes you have to try if your first guess was wrong, and that's ignoring malicious practices exploiting domain name oversights.
[QUOTE=soulharvester;49914151]Literally who thought .co, .cm, and .om were good suffixes for URLs??
Why can't we just have .com/.org/.net/.edu/.gov?
5 seems sufficient? I don't see a benefit in having netflix.com and netflix.org and netflix.net as alternative sites, it just adds to the number of suffixes you have to try if your first guess was wrong, and that's ignoring malicious practices exploiting domain name oversights.[/QUOTE]
discounting the fact that .com/.org/.net/.edu/.gov are basically all controlled by US interests
a URL has an de facto limit of basically 2000 characters
so if you only allow .com/.org/.net/.edu/.gov you've don't have that many possible domains
Why don't we just have self-resolving domains and get rid of TLDs?
[QUOTE=soulharvester;49914151]Literally who thought .co, .cm, and .om were good suffixes for URLs??
Why can't we just have .com/.org/.net/.edu/.gov?
5 seems sufficient? I don't see a benefit in having netflix.com and netflix.org and netflix.net as alternative sites, it just adds to the number of suffixes you have to try if your first guess was wrong, and that's ignoring malicious practices exploiting domain name oversights.[/QUOTE]
The alternatives are so you know what country the site is. Here in the UK we have .co.uk
I believe .om is for Oman according to the article.
Also, there is no limit on URL length.
[QUOTE=Map in a box;49914188]Also, there is no limit on URL length.[/QUOTE]
there isn't a RFC for it
but there's an effective upper limit
sitemaps only supports 2048 characters, google results won't show anything longer than 1855
[QUOTE=Lolkork;49913980]who even types in full domains anymore?[/QUOTE]
The same people that would fall for flash updaters and scary ads or popups
[QUOTE=SpartanApples;49914173]The alternatives are so you know what country the site is. Here in the UK we have .co.uk
I believe .om is for Oman according to the article.[/QUOTE]
Apparently.
[url]http://www.webopedia.com/quick_ref/topleveldomains/countrycodeA-E.asp[/url]
Very disappointed that Nigeria was .ng, could've had some great site names with the alternative.
But this seems pretty excessive, to be honest.
There's a suffix for USSR.
And one for "Neutral zone", is that for like sites hosted in the middle of the ocean or something?
[QUOTE=Sam Za Nemesis;49914206]It's possible, I have [URL]http://0xb161d99c/[/URL][/QUOTE]
That's just IP in hex. Also, not exactly a specifically desirable domain.
.nt never existed
[QUOTE=Sam Za Nemesis;49914206]It's possible, I have [URL]http://0xb161d99c/[/URL][/QUOTE]
could you explain how that works? i've never seen a self-resolving domain before
[QUOTE=Anti Christ;49914242]could you explain how that works? i've never seen a self-resolving domain before[/QUOTE]
it's not a self resolving domain though
it's literally just his ip in hexadecimal with a 0x at front to let the URL resolver know to resolve it as a hexadecimal number, with each two characters being a octet of the ip
[QUOTE=LordCrypto;49914197]there isn't a RFC for it
but there's an effective upper limit
sitemaps only supports 2048 characters, google results won't show anything longer than 1855[/QUOTE]
I can't find anything restricting sitemap URL size, and regardless the point is that there is no limit on URL size, any restrictions like on google doesn't disprove it
[QUOTE=soulharvester;49914151]Literally who thought .co, .cm, and .om were good suffixes for URLs??
Why can't we just have .com/.org/.net/.edu/.gov?[/QUOTE]
And miss out on all the great .wang domain wordplay?
this is the one thing wrong about the internet. the idea was that each country or region would have its own .something, but really it should all be .com/org/gov and thats it because companies now have to buy a domain in every single possible .something
[QUOTE=Sableye;49914573]this is the one thing wrong about the internet. the idea was that each country or region would have its own .something, but really it should all be .com/org/gov and thats it because companies now have to buy a domain in every single possible .something[/QUOTE]
Realistically we should be using some form of certificate system to verify that the domain we are visiting is in fact serving content that we'd actually like to be accessing.
Someone registering a random domain/typosquatting or using URL shorteners to fool people into handing over credentials/installing stupid shit just based on visual cues is kind of dumb.
[QUOTE=soulharvester;49914227]Apparently.
[url]http://www.webopedia.com/quick_ref/topleveldomains/countrycodeA-E.asp[/url]
Very disappointed that Nigeria was .ng, could've had some great site names with the alternative.
But this seems pretty excessive, to be honest.
There's a suffix for USSR.
And one for "Neutral zone", is that for like sites hosted in the middle of the ocean or something?[/QUOTE]
Neutral Zone might be a leftover from the 1970s, when Iraq and Saudi Arabia had a neutral zone at their borders near Kuwait. ISO 3166 was established in 1974 AFAIK, Neutral Zone ceased to exist in '81.
[url]https://en.wikipedia.org/wiki/Saudi–Iraqi_neutral_zone[/url]
[QUOTE=icarusfoundyou;49914586]Realistically we should be using some form of certificate system to verify that the domain we are visiting is in fact serving content that we'd actually like to be accessing.
Someone registering a random domain/typosquatting or using URL shorteners to fool people into handing over credentials/installing stupid shit just based on visual cues is kind of dumb.[/QUOTE]
How would that work though? How is an algorithm going to know what you intended to visit?
There's already SSL Certificates that work pretty well, but they don't do anything if people don't check the domain. That's one of the reasons I think URL based autofill is actually a security feature; it won't be confused by a similar name, and that's a great hint that you aren't on the website you want to be. But again, that too requires a degree of savvy to get to that conclusion instead of "stupid autofill, why aren't you working".
Sorry, you need to Log In to post a reply to this thread.