Cable Forum

Cable Forum (https://www.cableforum.uk/board/index.php)
-   Internet Discussion (https://www.cableforum.uk/board/forumdisplay.php?f=25)
-   -   Spoof domain names (https://www.cableforum.uk/board/showthread.php?t=23751)

Mr_love_monkey 07-02-2005 15:36
Spoof domain names
 
Apparently international domains (IDN) can be used to fool initial visual inspection:

Demonstration: (this site is nothing to do with me)
http://www.shmoo.com/idn/
Look very carefully at the first "a" in paypal in that demonstration.

In theory this can be blocked at least in Firefox by turning off international domain support (IDN) as a temporary workaround:
Quote:
Type about:config in your address bar
Then search for network.enableIDN
Click on it to set it to FALSE
IDN support should then be disabled

ikthius 07-02-2005 15:45
Re: Spoof domain names
 
scary stuff, now I know roughly how they do it.

ik

Mr_love_monkey 07-02-2005 16:47
Re: Spoof domain names
 
strange, no one else seems all that worried, even with that paypal email going round...

Mr_love_monkey 07-02-2005 23:59
Re: Spoof domain names
 
Basically the link that says it's going to paypal.com is actually going to a different address where the a in the address is actually '& # 1072'

so someone could register a domain name like that, get you to click on it, show you a site that looks like paypal, with the url looking like the paypal one, and you could give your username and password

Dave Stones 08-02-2005 00:01
Re: Spoof domain names
 
take a look at the page source :)

El Diablo 08-02-2005 02:56
Re: Spoof domain names
 
Quote:
Originally Posted by Mr_love_monkey
Basically the link that says it's going to paypal.com is actually going to a different address where the a in the address is actually '& # 1072'

so someone could register a domain name like that, get you to click on it, show you a site that looks like paypal, with the url looking like the paypal one, and you could give your username and password
Yeah, for sure.... But the problem here, in my opinion, is how the registry has allowed the registration in the first place. One of the first things when considering the implementation of IDN across a registry should look at which characters are supported. The standard a-z's should not be covered by this, since they can clearly be re-produced without ACE coding, and so there is no need for them to be ACE encoded... IDN is all about allowing 'special' characters [i.e. those *other* than Letters, Digits and Hyphens] and so should not allow LDH characters to be represented in the ACE code. This isn't difficult to implement, it's merely a reflection on the registry's inability to assess the requirements here and the effect that it will have on the 'users'. Unless such domains are blocked at the registry end, then similar registrations will take place, much to the annoyance of the rest of the community. Of course, in the meantime, it remains simple for phishers to spoof addresses using similar tactics to those deployed here.

:devsmoke:


All times are GMT +1. The time now is 03:20.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2026, vBulletin Solutions Inc.
All Posts and Content are © Cable Forum