It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Huge threat - The ordinary web address

page: 1
0

log in

join
share:

posted on Mar, 3 2005 @ 04:44 PM
link   
A huge threat is out there and is used everyday on the internet - web addresses! Where we type an address we remember like www.google.com in reality, this is just a link to the domain name of a site. For example 001.110.002.887 (This one is randomly made up). How this threat works is that there are many codes to type the same address. ASCII is the standard code for a computer, but unicode is used for other languages. A "b" in english ASCII could be the same as a "b" in chinese unicode. This has opened up the opportunity for many scammers to fake sites like www.paypal.com which is quite scary because how can we tell the difference if the sites are exactly alike?
 



news.bbc.co.uk
A system to make it easier to create website addresses using alphabets like Cyrillic could open a back door for scammers, a trade body has warned.
The Internationalised Domain Names system has been a work in progress for years and has recently been approved by the Internet Engineering Task Force.

But the UK Internet Forum (UKIF) is concerned that the system will let scammers create fake sites more easily.

The problem lies in the computer codes used to represent language.

Coding problem

Registering names that look like that of legitimate companies but lead users to fake sites designed to steal passwords and credit card details could become a whole lot easier for determined scammers, says Stephen Dyer, director of UKIF.

Domain names are the "real language" addresses of websites, rather than their internet protocol address, which is a series of numbers.

They are used so people can more easily navigate the web.

So-called ASCII codes are used to represent European languages but for other languages a hybrid of a system called Unicode is used.

So, for example, website PayPal could now be coded using a mixture of the Latin alphabet and the Russian alphabet.

The resulting domain as displayed to the users would look identical to the real site as a Russian 'a' look just like an English 'a'.

But the computer code would be different, and the site it would lead users to could be a fake.

This is more than just a theory. A fake Paypal.com has already been registered with net domain giant Verisign by someone who has followed the debate around the Internationalised Domain Name (IDN) system, said Mr Dyer.

As the idea was to prove a point rather than be malicious the fake domain has now been handed back to Paypal but it sets a worrying precedent, Mr Dyer said.

"Although the IDN problem is well known in technical circles, the commercial world is totally unaware how easily their websites can be faked," said Mr Dyer.

No easy answers

"It is important to alert users that there is a new and invisible and almost undetectable way of diverting them to what looks like a perfectly genuine site," he added.

There are solutions. For instance, browsers could spot domains that use mixed characters and display them in different colours as a warning to users.

Mr Dyer acknowledged that it would be a huge undertaking to update all the world's browsers.

Another solution, to introduce IDN-disabled browsers could be a case of "throwing out the baby with the bath water," he said.

CENTR, the Council of European National Top Level Domain Registries, agrees.

"A rush to introduce IDN-disabled browsers into the marketplace is an overly-zealous step that will harm public confidence in IDNs - a technology that is desperately needed in the non-English speaking world," the organisation said in a statement.


Please visit the link provided for the complete story.


Although this was posted today, ASCII and Unicode has been here for a very long time. It's amazing how we only realise it now.

What does this mean? Producing an ultimate standard code for characters? Will web addresses have to turn to real domain numbers for an authentic site? Haven't a clue but maybe we can even fake numbers? Someone verify me on that one.

I feel that this is the bigger threat than hacking, viruses or spyware. Creating these fake sites is like taking candy of a baby.

[edit on 3-3-2005 by Banshee]



posted on Mar, 3 2005 @ 05:31 PM
link   
I think there are greater dangers out there than this one.

If you type "paypal" on a normal keyboard, it's a pure ascii string. No danger to magically get directed to a name made with a Unicode string.



posted on Mar, 3 2005 @ 05:37 PM
link   
-7 votes?

Is there a gang of ulta negative users on these boards at the moment? I dont get it

+1 from me



posted on Mar, 3 2005 @ 05:41 PM
link   
I hae seen a website that was a scam of paypal that sent out a massive under of emails trying to get peoples personal info like their SSN credit card #s, the difference was the site was www.paypaI.com, with a capital i where the l is. Im sure this scam fooled many computer inept folks who use paypal.



posted on Mar, 3 2005 @ 05:58 PM
link   

-7 votes?

Is there a gang of ulta negative users on these boards at the moment? I dont get it

+1 from me


If the author had read the submit news instructions perhaps the votes would be on the plus side. As it is the story does not conform to the guidlines. -1 for me.



posted on Mar, 3 2005 @ 08:25 PM
link   
I believe that this is a legitimate concern and that it is the source of the "spoofing" phenomenon that was revealed just a few weeks ago and plaguing almost all browsers. At first it was thought that only IE was not vulnerable but now a spoofing flaw has been found that affects IE

www.internetnews.com...


Other relevant links:


story.news.yahoo.com.../nf/20050209/tc_nf/30348

www.abovetopsecret.com...

www.belowtopsecret.com...

www.abovetopsecret.com...

You can test your browser here:

secunia.com...

Oddly enough, the new version of Firefox, which was updated to overcome this flaw, still fails the test.


[edit on 05/3/3 by GradyPhilpott]


apc

posted on Mar, 3 2005 @ 10:26 PM
link   
Whether or not the submitted domain information is in unicode does not matter. The nameserver your computer points at and resolves all the domain names you enter into their IP address will not carry unicode characters over to ascii. A "russian a" would look more like a sideways T or some other upper ascii character.

However the implied danger is when clicking on a link in an email for example. The text in the link can be a cross character set because this is direct from the author's system to the user's with the only translating being within the browser. The simple way to not fall prey to this is the same as any other online scam: don't click it. Don't trust anything that comes into your mailbox that isnt from someone you know personally or profressionally. Don't even open it unless you're positive it is a legitimate mailing.



posted on Mar, 4 2005 @ 11:33 AM
link   

Originally posted by subz
-7 votes?

Is there a gang of ulta negative users on these boards at the moment? I dont get it

+1 from me


lol,thanx alot anyways, i wont bother editing it now since its desposed of in the science n technology bit.




top topics



 
0

log in

join