Russian a new security risk?

[Tedob1]

INTERNATIONAL DOMAIN NAMES POSE A NEW SECURITY RISK

from an article here: http://www.sciam.com/2002/0602issue/0602scicit5.html
which i found on slashdot

----------------------------------
One example is a homograph of microsoft.com incorporating the Russian Cyrillic letters "c" and "o," which are almost indistinguishable from their Latin alphabet counterparts. The two students who registered it, Evgeniy Gabrilovich and Alex Gontmakher of the Technion-Israel Institute of Technology in Haifa did so to make a point: they suggest that a hacker could register such a name and take advantage of users' propensity to click on, rather than type in, Web links. These fake domain names could lead to a spoof site that invisibly captures bank account information or other sensitive details.
----------------------------------

[micael]

Thank's for the good reading Tedob1.
I have only one comment: I just loves the Internet .

[draziw]

And people are just now figuring this kinda crap out?!? About the only thing that keeps people from impersonating others online (if you can even call it that) are company lawyers that are continually looking for this kind of crap... of course, that flies about as far as the borders of this country (the US).

It's always been a huge security risk... just how can you be absolutely sure that the "person" or company you are talking to on the other side of that connection is exactly who you think it is, etc... the short answer: you really can't... yes, there are such things are "Certificate Authorities" but 1) who's to say that they are trustworthy (or someone isn't impersonating a so-called "reliable one") and 2) who's to say they haven't been spoofed themselves (there was a famous case with MicroSoft on this many moons ago now - just a case-in-point).

Certainly a lot to think about... reminds me of a talk I once had with Ranum - about the only way to make sure that the person is who they say they are and that you have a secure way of chatting with them: locking the two of you in a basement together where you can a system of public keys (for reasonably strong public key cryptogrpahy) and exchange them on secure media. Even then... it's not foolproof.

[Scorp666]

lol you sound like a spy draziw

I would suggest calling the company if you expect to deal with them, if they have a thick foreign accent or don't answer the phone, it's fishy...

[Seeker_319]

man that could get your paranoia going... I dont trust mostly anyone online unless I know them personally and then..... I wonder what thier motives are for being my friend in the first place.....hehe jk.

There was a law I believe that was passed that prevented lets say my new company farbrausch (not really mine but check it out online) from having somone take the .com title ahead of me and trying to sell it back to me for an outragious amount.

[themaster_2001]

LOL Spy ay that rings some Bells

[KorpDeath]

"Internationalizing names might succeed only in turning the global network into a Tower of Babel. "

Ain't that the truth.

[ac1dsp3ctrum]

Hah, Ill register antionline.com and h4x0r all of your passwords

Im wondering if Verisign took down the system of international domain names or is it still up?

[Conf1rm3d_K1ll]

Originally posted here by Seeker_319

man that could get your paranoia going... I dont trust mostly anyone online unless I know them personally and then..... I wonder what thier motives are for being my friend in the first place.....hehe jk.

No need to joke. I agree with what you have to say. Only the paranoid survive...



This sounds very similar to the old "fake Hotmail page" were you would enter your password and it would be recorded.....

[themaster_2001]

Yeah, that sounds about right only the paranoid survive because they are causious