07-02-2005, 15:36
|
#1
|
|
Inactive
Join Date: Jun 2003
Location: London way
Age: 49
Services: Sarcasm
Posts: 8,376
|
Spoof domain names
Apparently international domains (IDN) can be used to fool initial visual inspection:
Demonstration: (this site is nothing to do with me)
http://www.shmoo.com/idn/
Look very carefully at the first "a" in paypal in that demonstration.
In theory this can be blocked at least in Firefox by turning off international domain support (IDN) as a temporary workaround:
Quote:
Type about:config in your address bar
Then search for network.enableIDN
Click on it to set it to FALSE
IDN support should then be disabled
|
|
|
|
|
07-02-2005, 15:45
|
#2
|
|
Inactive
Join Date: Mar 2004
Location: Glasgow, Scotland
Services: anything for a new job
Posts: 4,165
|
Re: Spoof domain names
scary stuff, now I know roughly how they do it.
ik
|
|
|
|
|
07-02-2005, 16:47
|
#3
|
|
Inactive
Join Date: Jun 2003
Location: London way
Age: 49
Services: Sarcasm
Posts: 8,376
|
Re: Spoof domain names
strange, no one else seems all that worried, even with that paypal email going round...
|
|
|
|
|
07-02-2005, 23:59
|
#4
|
|
Inactive
Join Date: Jun 2003
Location: London way
Age: 49
Services: Sarcasm
Posts: 8,376
|
Re: Spoof domain names
Basically the link that says it's going to paypal.com is actually going to a different address where the a in the address is actually '& # 1072'
so someone could register a domain name like that, get you to click on it, show you a site that looks like paypal, with the url looking like the paypal one, and you could give your username and password
|
|
|
|
|
08-02-2005, 00:01
|
#5
|
|
Inactive
Join Date: Jun 2003
Location: Selly Oak, Birmingham
Age: 41
Services: BT Broadband Option 3, BT Landline, Freeview
Posts: 3,214
|
Re: Spoof domain names
take a look at the page source 
|
|
|
|
|
08-02-2005, 02:56
|
#6
|
|
Inactive
Join Date: Jun 2003
Location: Oxford
Posts: 125
|
Re: Spoof domain names
Quote:
|
Originally Posted by Mr_love_monkey
Basically the link that says it's going to paypal.com is actually going to a different address where the a in the address is actually '& # 1072'
so someone could register a domain name like that, get you to click on it, show you a site that looks like paypal, with the url looking like the paypal one, and you could give your username and password
|
Yeah, for sure.... But the problem here, in my opinion, is how the registry has allowed the registration in the first place. One of the first things when considering the implementation of IDN across a registry should look at which characters are supported. The standard a-z's should not be covered by this, since they can clearly be re-produced without ACE coding, and so there is no need for them to be ACE encoded... IDN is all about allowing 'special' characters [i.e. those *other* than Letters, Digits and Hyphens] and so should not allow LDH characters to be represented in the ACE code. This isn't difficult to implement, it's merely a reflection on the registry's inability to assess the requirements here and the effect that it will have on the 'users'. Unless such domains are blocked at the registry end, then similar registrations will take place, much to the annoyance of the rest of the community. Of course, in the meantime, it remains simple for phishers to spoof addresses using similar tactics to those deployed here.
|
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT +1. The time now is 22:17.
|
Join CF
You are here: 
