The fourth publication for the TIDE project. The FIRST talk (see [here]) has been extended into a journal paper for Digital Threats: Research and Practice (DTRAP). In this paper we argue that we, as a security community, should move towards proactive security. However, we shed light on both sides of the coin. We think the ‘optimal’ way is to combine the reactive and proactive methods, to make use of the best of both worlds.
For the last couple of months Ramin Yazdani has been looking into phishing domains using Unicode characters to appear like the target domain. In this process he developed a new ‘confusables’ table of Unicode characters which can easily be mistaken for their ASCII counterpart. The table is based on the ‘Unicode Confusables list’ and the ‘Unicode Similarity List’.
Last week was the FIRST conference in Edinburgh. TIDE was presenting a talk on “Proactive Threat Detection”. The idea we presented at FIRST was, since a proactive approach works well in the field of DNS, that we need to expand on proactive detection of threats. It fit well with the theme of the conference, Defending the Castle. Through proactive threat detection defenders are able to mount a defense against upcoming attacks rather than getting notified when the castle is already on…