bloodhound Posted February 8, 2005 Share Posted February 8, 2005 Source : http://story.news.yahoo.com/news?tmpl=story&cid=528&ncid=528&e=3&u=/ap/20050207/ap_on_hi_te/web_browser_flaw_1 Officially, the Internet's Domain Name System supports only 37 characters — the 26 letters, 10 numerals and a hyphen. But in recent years, in response to a growing Internet population worldwide, engineers have been working on ways to trick the system into understanding other languages. Engineers have rallied around a character system called Unicode. The newly discovered exploit takes advantage of the fact that characters that look alike can have two separate codes in Unicode and thus appear to the computer as different. For example, Unicode for "a" is 97 under the Latin alphabet, but 1072 in Cyrillic. Subbing one for the other can allow a scammer to register a domain name that looks to the human as "paypal.com," tricking users into giving passwords and other sensitive information at what looks like a legitimate site. Some browsers, including Firefox, let users deactivate the other character sets but doing so is complicated and would cut off access to the relatively few sites that use non-English characters in their addresses. A better solution is to always manually type Web address directly into a browser rather than clicking on a link sent via e-mail or even copying and pasting that link. Link to comment Share on other sites More sharing options...
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!Register a new account
Already have an account? Sign in here.Sign In Now