The bad guys are out there just busting to separate us from our information, our money, our safety. One of the newer scams is to use foreign characters which look like our alphabet to take us to websites which mislead us about their identity. The following is my edited version of Apple’s KnowledgeBase article ID: 301116.
Security Update 2005-003 updates Safari to prevent International Domain Name (IDN) lookalike characters from being used to spoof displayed URLs.
Lookalike characters can make users believe that they are viewing a different site than they actually are. For example, the Cyrillic letter "a" could be used in place of the Latin letter "a," making it difficult for a user to tell if they are at "www.apple.com" or a malicious imposter website that’s designed to look like the real one. These imposter sites can be used to collect account numbers, passwords, and other personal information. This can affect any web browser with support for International Domain Names.
Domain names containing [language] scripts that are not in an allowed list will be displayed in an ASCII format called "Punycode." For example, an imposter website with the URL "http://www.apple.com/" that uses the Cyrillic letter "a" would be displayed as "http://www.xn--pple-43d.com" for your protection.
There’s also some good information at TidBITS 766.
KnowIT by RSS
Add your Comment