[Chrome] Plugin to check accents on domains

What’s new?

ICANN decided to implement a new class of top-level domains, assignable to countries and independent regions.
the domain names may be any desirable string of characters, symbols, or glyphs in the language-specific, non-Latin alphabet or script of the applicant’s language, within certain guidelines to assure sufficient visual uniqueness.

In the Domain Name System, these domains use an ASCII representation consisting of the prefix xn-- followed by the Punycode translation of the Unicode representation of the language-specific alphabet or script glyphs. For example, the Cyrillic name of Russia’s IDN ccTLD is рф. In Punycode representation, this is plai, and its DNS name is xn--plai.

Problem: ASCII spoofing concerns

The use of Unicode in domain names makes it potentially easier to spoof web sites visited by World Wide Web users as the visual representation of an IDN string in a web browser may appear identical to another, depending on the font used. For example, Unicode character U+0430, Cyrillic small letter a, can look identical to Unicode character U+0061, Latin small letter a, used in English. As a concrete example, using cyrillic letters a, Ie (U+0435, looking essentially identical to latin letter e), Byelorussian-Ukrainian I (U+0456, essentially identical to latin letter i), Er (U+0440, essentially identical to latin letter p), we form the URL wіkіреdіа.org, which is virtually indistinguishable from the visual representation of the legitimate wikipedia.org (possibly depending on fonts).

For example in Italy, the posssible accented letters are 21:

à,â,ä,è,é,ê,ë,ì,î,ï,ò,ô,ö,ß,ù,û,ü,æ,oe,ç,ÿ

 

You can prevent url like www.fìneco.it instead of www.fineco.it or www.bancaìntesa.it instead of www.bancaintesa.it, etc… etc…

I’ve made up a very simple browser extension (actually for Chrome) that alert you if the current site contains an accented letter. It’s hidden from address bar, it alert you only when find a sospect site..


You can prevent phishing or spoofing.

It’s not on Chrome Store, you can download from here: Chrome Accent Domain Extension.
You can install in easy way, double clicking on the icon, works on Mac OsxWindows and Linux (if not, ping me).

If you want the source code, drop me a mail (you can find mail on albertopasca.itsite).

Ref: wikipedia
Ref: albertopasca.it

 

Alberto Pasca

Software engineer @ Pirelli & C. S.p.A. with a strong passion for mobile  development, security, and connected things.