Although it looks like a duck, it might not be a duck

25 March 2005 · 0 comments

The bad guys are out there just busting to separate us from our information, our money, our safety. One of the newer scams is to use foreign characters which look like our alphabet to take us to websites which mislead us about their identity. The following is my edited version of Apple’s KnowledgeBase article ID: [...]

 

The bad guys are out there just busting to separate us from our information, our money, our safety. One of the newer scams is to use foreign characters which look like our alphabet to take us to websites which mislead us about their identity. The following is my edited version of Apple’s KnowledgeBase article ID: 301116.

Security Update 2005-003 updates Safari to prevent International Domain Name (IDN) lookalike characters from being used to spoof displayed URLs.

Lookalike characters can make users believe that they are viewing a different site than they actually are. For example, the Cyrillic letter "a" could be used in place of the Latin letter "a," making it difficult for a user to tell if they are at "www.apple.com" or a malicious imposter website that’s designed to look like the real one. These imposter sites can be used to collect account numbers, passwords, and other personal information. This can affect any web browser with support for International Domain Names.

Domain names containing [language] scripts that are not in an allowed list will be displayed in an ASCII format called "Punycode." For example, an imposter website with the URL "http://www.apple.com/" that uses the Cyrillic letter "a" would be displayed as "http://www.xn--pple-43d.com" for your protection.

There’s also some good information at TidBITS 766.

Be the first to comment ⇒

These Posts may interest you too:

  1. Can you write your true domain name? Domain names will soon be possible in non-Roman scripts, but thankfully mixed script names won't be allowed. ...
  2. What do you know about your domain names? Your organisation should have or start a file with details for your domain name, web hosting and email hosting — just in case of emergencies. ...
  3. Use a personal domain name Your own, personal domain name is yours. It's attached to you. It stays with you, however you connect to the Internet, even if you switch ISPs. ...
  4. PIN numbers! I bought my first cellphone about 13 years ago, when I resigned from paid employment and started living off the income from my business. My phone needs a PIN number...
  5. Another Spammer! More spammers from China! Now a second guy is using my domain to send people to his websites for Viagra. Domain Names: platformfr.com, allroadname2.com, offroad23.com, areacool3.com, clearancec3.com are all used...

Tell us what you think.
Note: there may be a delay before your comment appears. I now approve all comments from new visitors, in an attempt to keep spam at bay.

Add your Comment

Previous post:

Next post: