Jump to content

Browser Feature Could Make Scams Easier


Recommended Posts

Source : http://story.news.yahoo.com/news?tmpl=story&cid=528&ncid=528&e=3&u=/ap/20050207/ap_on_hi_te/web_browser_flaw_1



Officially, the Internet's Domain Name System supports only 37 characters — the 26 letters, 10 numerals and a hyphen.


But in recent years, in response to a growing Internet population worldwide, engineers have been working on ways to trick the system into understanding other languages.


Engineers have rallied around a character system called Unicode. The newly discovered exploit takes advantage of the fact that characters that look alike can have two separate codes in Unicode and thus appear to the computer as different. For example, Unicode for "a" is 97 under the Latin alphabet, but 1072 in Cyrillic.


Subbing one for the other can allow a scammer to register a domain name that looks to the human as "paypal.com," tricking users into giving passwords and other sensitive information at what looks like a legitimate site.


Some browsers, including Firefox, let users deactivate the other character sets but doing so is complicated and would cut off access to the relatively few sites that use non-English characters in their addresses.


A better solution is to always manually type Web address directly into a browser rather than clicking on a link sent via e-mail or even copying and pasting that link.

Link to comment
Share on other sites

a similar example of the never follow an untrustworthy link is like this:


wow you can win lotsa money, click here:



click it, it'll take you to google, now if i were some idiot sending around pointless scam emails and generally pi$$ing others off for no reason like email spammers do i could change the google to anything i want, a tojan, spyware, premium rate phone call site... that's the possibilities of it.


saying that i ever so rarely type it myself! when i get something which is blatantly spam, like "please enter your credit card details" and i dont even have a credit card! i sometimes look at the source code to see where i am really going and often it is not what it says... i say i look at the source code because i use yahoo email which is web based.

Link to comment
Share on other sites

Yeah. I actually got that Paypal scam email. I have also been solicited by many "banks" I allegedly have accounts at to submit all my banking information so they can "verify" it. Some things people can simply do better. Typing in complete addresses would be extremely cumbersome. Ignoring nonsense is easier.

Link to comment
Share on other sites

that example is not similar at all!! did u even read the article! in ur example i can hover over the link and see where it points to. or right click the link and then view properties...


but the this scam exploits the fact that certain letters will have different codes in different character sets.. so to use it may look like http://www.ebay.com even if you check if the link actually points to the correct side.... but to the computer it will be completely different as the various letters with a diferent code from a different character set....

Link to comment
Share on other sites

it was similar in the way that it is a link to something which isnt it what it says it is... it may be a more basic form of it, buts if you think of your problem as 'you dont know what you're really clicking on' it made me think of what i said.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.