ICANN decided to implement a new class of top-level domains, assignable to countries and independent regions.
the domain names may be any desirable string of characters, symbols, or glyphs in the language-specific, non-Latin alphabet or script of the applicant’s language, within certain guidelines to assure sufficient visual uniqueness.
In the Domain Name System, these domains use an ASCII representation consisting of the prefix xn-- followed by the Punycode translation of the Unicode representation of the language-specific alphabet or script glyphs. For example, the Cyrillic name of Russia’s IDN ccTLD is рф. In Punycode representation, this is plai, and its DNS name is xn--plai.
Problem: ASCII spoofing concerns
The use of Unicode in domain names makes it potentially easier to spoof web sites visited by World Wide Web users as the visual representation of an IDN string in a web browser may appear identical to another, depending on the font used. For example, Unicode character U+0430, Cyrillic small letter a, can look identical to Unicode character U+0061, Latin small letter a, used in English. As a concrete example, using cyrillic letters a, Ie (U+0435, looking essentially identical to latin letter e), Byelorussian-Ukrainian I (U+0456, essentially identical to latin letter i), Er (U+0440, essentially identical to latin letter p), we form the URL wіkіреdіа.org, which is virtually indistinguishable from the visual representation of the legitimate wikipedia.org (possibly depending on fonts).
For example in Italy, the posssible accented letters are 21:
You can prevent url like www.fìneco.it instead of www.fineco.it or www.bancaìntesa.it instead of www.bancaintesa.it, etc… etc…
I’ve made up a very simple browser extension (actually for Chrome) that alert you if the current site contains an accented letter. It’s hidden from address bar, it alert you only when find a sospect site..
You can prevent phishing or spoofing.
You can install in easy way, double clicking on the icon, works on Mac Osx, Windows and Linux (if not, ping me).
If you want the source code, drop me a mail (you can find mail on albertopasca.itsite).
- Swift – Simple full screen loader - 11 August 2022
- macOS – Disable microphone while typing - 11 April 2022
- iOS – Secure app sensitive information - 25 March 2022