ISACA expert says move to non-Latin URLs could affect web security

According to Peter Wood, a member of the ISACA conference committee and founder of First Base Technologies, the move to non-Latin characters in URLs including Mandarin, Arabic, Hindu and Cyrillic could lead to significant increase in phishing attacks.

"ICANN is also discussing generic top-level domains (such as com and org) which will eventually be expanded from its current list of 21 to include almost any word, in almost any language", he said.

The problem, he added, is that there are likely to be attempts to confuse users by replacing conventional web address URLs and top level domains with non-Latin scripts.

"Glyphs representing certain characters from different scripts might appear similar or even identical. For example, in many fonts, Cyrillic lower-case A ('a') is indistinguishable from Latin lower-case A ('a')", he said.

"There is no way to tell visually that '' and '' are two different domain names, one with a Latin lowercase A in the name, the other with a Cyrillic lowercase A. An unscrupulous host site can use this visual ambiguity to pretend to be another site in a spoofing attack", he added.

Wood went on to say that, just when we think we have got people aware about the dangers of phishing and advice that says do not click on links in emails, this now becomes even more important.

"Now, more than ever, people should type in the address of the website they wish to visit in their browser or go directly to the IP address", he explained.

"If you do not know what is on the website of the URL you are going to visit before you visit it or click on a link, you should ask `Why are you going there?'"


What’s Hot on Infosecurity Magazine?