Recently, the Internet Corporation for Assigned Names and Numbers (ICANN) approved a fast-track process for implementing non-Latin domain names by early to mid 2010. As Latin characters dominated the internet, a switch to non-Latin characters will allow people from all over the world to register domains in Arabic, Mandarin, Japanese and Russian to name a few. With this new implementation it may become problematic in controlling spammers and phishers. Peter Wood, member of ISACA's Conference Committee and founder of First Base Technologies states, "While we understand the interest in expanding the characters offered in other languages, we are concerned that an increase in web site characters could lead to greater security risks and consumer fraud," As, most modern scripts have a similarity to Cyrillic scripts, many experts predict an increase in spoof URL's that confuse users into distinguishing a fraudulent site from an authentic one. For example, here is a list of characters in Cyrillic that look like Latin characters: y, k, e, x, b, a, p, o, c and g. Characters that look alike are known as homographs. The scope for homograph attacks widens, as IDN's allow for the use of full Unicode character set. One could see the implications of this as it's possible to create domains like "bank" using the lower case Cyrillic ‘a'.
Mon, Dec 21, 2009