Quote:
|
Originally Posted by Mr_love_monkey
Basically the link that says it's going to paypal.com is actually going to a different address where the a in the address is actually '& # 1072'
so someone could register a domain name like that, get you to click on it, show you a site that looks like paypal, with the url looking like the paypal one, and you could give your username and password
|
Yeah, for sure.... But the problem here, in my opinion, is how the registry has allowed the registration in the first place. One of the first things when considering the implementation of IDN across a registry should look at which characters are supported. The standard a-z's should not be covered by this, since they can clearly be re-produced without ACE coding, and so there is no need for them to be ACE encoded... IDN is all about allowing 'special' characters [i.e. those *other* than Letters, Digits and Hyphens] and so should not allow LDH characters to be represented in the ACE code. This isn't difficult to implement, it's merely a reflection on the registry's inability to assess the requirements here and the effect that it will have on the 'users'. Unless such domains are blocked at the registry end, then similar registrations will take place, much to the annoyance of the rest of the community. Of course, in the meantime, it remains simple for phishers to spoof addresses using similar tactics to those deployed here.
