NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information

 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Re: Example of how "de-Latinized" domain names can be subverted 

In message <20091229055555.GA18076@vortex.com>, Lauren Weinstein
<lauren@vortex.com> writes
>
>Example of how "de-Latinized" domain names can be subverted
>
>http://bit.ly/6YbTBR  (Dean Collins' Blog)
>
>Dean, the "fun" has only just begun.  Some of us have been warning of
>this consequence for ... well ... pretty much since day one of the
>concept.

There's two substantive issues in this blog posting...

... the first is that someone other than PayPal could register the
Hebrew version of "PayPal" (the evidence for this is that someone has
registered the Chinese version of mobileappstore.com and is seeking
money for it).

There's nothing "new" here (it's directly equivalent to someone
registering paypal.com.az or mobileappstore.com.az and will be dealt
with under the usual rules for domain name ownership.

So in practice, PayPal (apocryphally Pepsi just purchases all the
possible variants) will spend the money on the lawyers to seize the
domain -- and most other people (with less deep pockets) will just grin
and bear it...  chances are that the speculator who registered it will
let it slide at the end of the year, so if the "proper owner" really
cares, then they can pick it up at that point.

The second issue is slightly more "new" (albeit commented upon for
years). The blog notes that some of the glyphs for Russian and other
languages look like "standard ASCII" glyphs -- and hence

   http://xn--yl-6kcb1fc.com/

will "look like" http://paypal.com in the taskbar ...

... that's certainly true, and if widely exploited by the criminals then
we'll need to change the standard advice again as to "how do you know
it's really PayPal".  Nothing new there in that we keep on changing the
"standard advice", and will continue to do so until the way in which
browsers tell us where we're really visiting is completely overhauled.

However, PayPal can easily get this Cyrillic name de-registered using
dispute resolution (or promptly suspended if it's being used for
phishing) just as they currently deal with  paypall.com pa.ypal.com
paypa1.com and all the other variants we see on a daily basis...

   ... I rather liked the recently registered "eauofinvestigation.com"
   which doesn't look too sinister until you see it being used with the
   subdomain of  "federalbur"

So once again, there's no "new" threat here, just a minor variant of an
existing one.

BTW: IDN names have been available for ages [the recent change by ICANN
is all about TLDs not IDN per se], and the May 2009 Anti-Phishing
Working Group (APWG) survey found that phishers had registered
5,591 domain names (that's just 18.5% of all the domains involved in
hosting phishing sites -- the majority are legitimate sites that have
been hacked into).

They recorded just 10 IDN names used in phishing attacks -- and all 10
were hacked into sites.

  ie: the phishers registered precisely zero IDN names

Of course this may change ... but it hasn't yet!

    [ I would also like to see more discussion of how non-ASCII domains
      affect older mail user agents (especially text based) and older
      mailing list handling software.  There's lots of both still
      around and processing piles of e-mail every day.

          -- Lauren Weinstein
             NNSquad Moderator ]


- -- 
Richard Clayton                            <richard.clayton@cl.cam.ac.uk>
                                  tel: 01223 763570, mobile: 07887 794090
                    Computer Laboratory, University of Cambridge, CB3 0FD