What's in a name?
Can a idea for international domain names lead to you being fooled by phishers?
Thursday, March 03, 2005
BY : Brian Ashe
It seemed like a good idea at the time. Not everyone on the earth has English as their primary language and therefore can't always use the same alphabet. Seeing opportunity, Verisign started toying with the idea about 5 years ago to create a standard for Internationalized Domain Names (IDN). So far, there has been only support from alternative browsers (alternatives to IE).
But what has that got to do with me?, you ask. Well, if you've picked an alternative browser or if you are using a plug-in available from Verisign to support IDN names in IE, you could be tricked into thinking you are at a particular web site when you are actually at a well designed phishing site.
You hopefully know by now to always check the location bar of your browser to help ensure that you are where you expect to be. But, what if someone is able to "fake" what you see? (see image to right).
It has to do with font support for international characters. There are some characters (known as glyphs) that may closely resemble characters from your native language (ie. English). When these characters are used in a domain name registered through Verisign with IDN support, you may find yourself glancing at the location bar in your browser and feeling warm and fuzzy that you have arrived at your expected location, when in fact, you have not.
If you have Mozilla/Firefox, an update is available to remedy this. If you have other browsers, please check to see if an update has been issued. Opera seems to have remedies in it's current beta release. If you are using Internet Explorer, it's lack of enhancements in the last six years has kept this feature from being implemented. If you have the Verisign i-Nav plug-in for IE or Outlook/Outlook Express, you should check to see if there are updates available.
The security company Secunia has set up a test site to see if you are vulnerable.
|
