Punycode domain names have the ability to make a URL look like a different site name, including apple.com.
The Loop recently came across a document referring to Punycode, which is a type of Unicode that uses character subsets, that could allow someone to create a domain name that would look, on the surface, like a completely different URL.
While it's a particularly ingenious bit of trickery, you shouldn't worry too much. You can avoid getting caught by such a scheme by manually entering site URLs instead of clicking on links from unknown sources; additionally, you should be able to trust directly navigating to a website from Google or another popular search site.
Web developer Xudong Zheng explains the vulnerability in detail on his blog how it is possible to register domains with foreign characters by converting it. He specifically calls attention to the fact that it would be possible for someone to register a URL with characters that would look like Apple's domain, complete with a secure connection.
From a security perspective, Unicode domains can be problematic because many Unicode characters are difficult to distinguish from common ASCII characters. It is possible to register domains such as "xn--pple-43d.com", which is equivalent to "аpple.com".
So no, every site you visit isn't suddenly a potential phishing scam looking to capture your private information. That said, we'll use this as a reminder to be vigilant while you're out and about on the web: Be smart and avoid clicking links from emails or unknown sites. To be extra careful, you can use the web link feature of your password manager to go directly to a site.
Keep yourself secure on the web
- How to use two-step and two-factor authentication
- How to protect your data from being hacked
- How to secure your iPhone or iPad with a strong alphanumeric password
- How to secure your Mac when using public Wi-Fi networks
- Best practices for staying safe on social media
- Keeping your data safe when crossing borders
- Six ways to increase your iPhone and iPad security in 2017
- How to back up your iPhone, iPad, and Mac
from iMore - The #1 iPhone, iPad, and iPod touch blog http://ift.tt/2oURsfM
via IFTTT
No comments:
Post a Comment