A huge threat is out there and is used everyday on the internet - web addresses! Where we type an address we remember like www.google.com in reality,
this is just a link to the domain name of a site. For example 001.110.002.887 (This one is randomly made up). How this threat works is that there
are many codes to type the same address. ASCII is the standard code for a computer, but unicode is used for other languages. A "b" in english
ASCII could be the same as a "b" in chinese unicode. This has opened up the opportunity for many scammers to fake sites like www.paypal.com which
is quite scary because how can we tell the difference if the sites are exactly alike?
news.bbc.co.uk
A system to make it easier to create website addresses using alphabets like Cyrillic could open a back door for scammers, a trade body has warned.
The Internationalised Domain Names system has been a work in progress for years and has recently been approved by the Internet Engineering Task Force.
But the UK Internet Forum (UKIF) is concerned that the system will let scammers create fake sites more easily.
The problem lies in the computer codes used to represent language.
Coding problem
Registering names that look like that of legitimate companies but lead users to fake sites designed to steal passwords and credit card details could
become a whole lot easier for determined scammers, says Stephen Dyer, director of UKIF.
Domain names are the "real language" addresses of websites, rather than their internet protocol address, which is a series of numbers.
They are used so people can more easily navigate the web.
So-called ASCII codes are used to represent European languages but for other languages a hybrid of a system called Unicode is used.
So, for example, website PayPal could now be coded using a mixture of the Latin alphabet and the Russian alphabet.
The resulting domain as displayed to the users would look identical to the real site as a Russian 'a' look just like an English 'a'.
But the computer code would be different, and the site it would lead users to could be a fake.
This is more than just a theory. A fake Paypal.com has already been registered with net domain giant Verisign by someone who has followed the debate
around the Internationalised Domain Name (IDN) system, said Mr Dyer.
As the idea was to prove a point rather than be malicious the fake domain has now been handed back to Paypal but it sets a worrying precedent, Mr Dyer
said.
"Although the IDN problem is well known in technical circles, the commercial world is totally unaware how easily their websites can be faked," said
Mr Dyer.
No easy answers
"It is important to alert users that there is a new and invisible and almost undetectable way of diverting them to what looks like a perfectly
genuine site," he added.
There are solutions. For instance, browsers could spot domains that use mixed characters and display them in different colours as a warning to users.
Mr Dyer acknowledged that it would be a huge undertaking to update all the world's browsers.
Another solution, to introduce IDN-disabled browsers could be a case of "throwing out the baby with the bath water," he said.
CENTR, the Council of European National Top Level Domain Registries, agrees.
"A rush to introduce IDN-disabled browsers into the marketplace is an overly-zealous step that will harm public confidence in IDNs - a technology
that is desperately needed in the non-English speaking world," the organisation said in a statement.
Please visit the link provided for the complete story.
Although this was posted today, ASCII and Unicode has been here for a very long time. It's amazing how we only realise it now.
What does this mean? Producing an ultimate standard code for characters? Will web addresses have to turn to real domain numbers for an authentic
site? Haven't a clue but maybe we can even fake numbers? Someone verify me on that one.
I feel that this is the bigger threat than hacking, viruses or spyware. Creating these fake sites is like taking candy of a baby.
[edit on 3-3-2005 by Banshee]