funsec mailing list archives
Re: ICANN Approves Non-Latin Domain Name Characters
From: "Dr. Neal Krawetz" <hf () hackerfactor com>
Date: Sat, 31 Oct 2009 10:34:35 -0600 (MDT)
fergie wrote:
If nothing else, expanding the TLD space expands the abuse footprint.
Since it does not introduce a new character set (everything is translated to letters, numbers, and hyphens), it really does not break any existing applications. New applications that choose to decode and store will need to track string lengths and not just look for a null terminator since everything becomes binary. Rendering fonts (decoding the unicode) is not usually an issue. The only thing it does introduce is more variations for phishers. For example, xn--ctbank-com-k8ab.cn becomes cÃtÃbank-com.cn. However, phishing has always been a problem. Frankly, I don't see it significantly increasing the threat landscape since it does not introduce any new risks. What I do wonder is if there will be backwards compatibility. Is "xn--hackerfactor.com" then same as "hackerfactor.com" since they have the same translation? Or do I have to register a new domain to prevent direct phishing? I mean, there could be some pretty cool exploits if someone registers xn--bankofamerica.us before the real bankofamerica.us can register it. As far as I can tell, www.bankofamerica.us really is the bank. bankofamerica.us has address 171.161.161.173 bankofamerica.us has address 171.159.65.173 bankofamerica.us has address 171.159.193.173 173.161.161.171.in-addr.arpa domain name pointer www.bankofamerica.com. 173.65.159.171.in-addr.arpa domain name pointer www.bankofamerica.com. 173.193.159.171.in-addr.arpa domain name pointer www.bankofamerica.com. However: Host xn--bankofamerica.us not found: 3(NXDOMAIN) Since the "xn--" prefix is just for an encoding, I would hope that it would apply to all existing domains. However, since ICANN does not say that it will, I seriously doubt that it will. Expect more phishing. Frankly, I have never seen ICANN fast-track any issues without introducing more problems than they were trying to solve. ICANN is a committee without any depth of thought. As I wrote in my blog, ICANN has a hard job, but they go out of their way to make it harder. They take years to enforce their own regulations, send all complaints to competing courts, and after ignoring important topics for years, they will haphazardly create a proposal, open it for comment, and then make a quick policy decision with very little serious thought. -Neal -- Neal Krawetz, Ph.D. Hacker Factor Solutions http://www.hackerfactor.com/ Author of "Introduction to Network Security" (Charles River Media, 2006) and "Hacking Ubuntu" (Wiley, 2007) _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: ICANN Approves Non-Latin Domain Name Characters, (continued)
- Re: ICANN Approves Non-Latin Domain Name Characters Dan Kaminsky (Oct 31)
- Re: ICANN Approves Non-Latin Domain Name Characters Buhrmaster, Gary (Oct 31)
- Re: ICANN Approves Non-Latin Domain Name Characters Rich Kulawiec (Oct 31)
- Re: ICANN Approves Non-Latin Domain Name Characters Dan Kaminsky (Oct 31)
- Re: ICANN Approves Non-Latin Domain Name Characters Rich Kulawiec (Oct 31)
- Re: ICANN Approves Non-Latin Domain Name Characters Florian Weimer (Nov 02)
- Re: ICANN Approves Non-Latin Domain Name Characters Valdis . Kletnieks (Nov 02)
- Re: ICANN Approves Non-Latin Domain Name Characters Dan Kaminsky (Nov 02)
- Re: ICANN Approves Non-Latin Domain Name Characters Valdis . Kletnieks (Nov 02)
- Re: ICANN Approves Non-Latin Domain Name Characters Dan Kaminsky (Oct 31)
- Re: ICANN Approves Non-Latin Domain Name Characters Rich Kulawiec (Nov 04)
- Re: ICANN Approves Non-Latin Domain Name Characters Dan Kaminsky (Oct 31)
- Re: ICANN Approves Non-Latin Domain Name Characters Larry Seltzer (Oct 31)
- Re: ICANN Approves Non-Latin Domain Name Characters Larry Seltzer (Oct 31)
- Re: ICANN Approves Non-Latin Domain Name Characters der Mouse (Oct 31)
- Re: ICANN Approves Non-Latin Domain Name Characters Rob, grandpa of Ryan, Trevor, Devon & Hannah (Nov 02)
- Re: ICANN Approves Non-Latin Domain Name Characters der Mouse (Nov 03)