February 7, 2006

New Internet Explorer could pose risks to users


by Brian Turner

computers.jpg

There are concerns that the coming release of Internet Explorer 7 later this year, could bring a new wave of phishing scams and confusion about the identity of websites.

While only beta versions of Internet Explorer 7 are currently available, a feature built into IE7 is the ability to recognise and use domains with non-English alphabets, could cause havoc in general use.

The first concern is that different domains in different alphabets could look exactly the same.

For example, cccp.com will look the same in both English and Cyrillic alphabets, but could exist as different domains, each one registered in the different alphabets.

The second concern is that this could cause an increase of problems with phishing scams – when users are directed to a website pretending to a legitimate site, that often asks for personal and financial information, which can be then abused or resold on the black market.

With the ability for different domain names registered in different languages to look the same, this could create very real confusion for internet users in the near future.

While some other browsers, such as Mozilla Firefox, already have support for non-English alphabets, the dominant market share of Internet Explorer means that any problems already occuring, are likely to become intensified.

Questions? Discuss this in our Internet Business forums for help and advice

Story link: New Internet Explorer could pose risks to users

Add to Bookmarks:

ADD TO DEL.ICIO.US     ADD TO DIGG     ADD TO FURL
ADD TO STUMBLEUPON     ADD TO YAHOO MYWEB     ADD TO GOOGLE     ADD TO SPURL

Related stories:

 

4 Responses to “New Internet Explorer could pose risks to users”

  1. adam on February 10th, 2006 3:37 pm

    This has already been worked out with IE7, if Cyrillic isn’t set as your local language in the browser it will show the domain as punycode or (xn--p1abaa.com) for ссср.com.

    Educate yourself first before you try to spread fear.

  2. Bram on February 10th, 2006 7:27 pm

    The above poster is correct, the appropriate security features for IE7 are in place and they are working, firefox has already for most part dealt with this problem by displaying the punycode for all unverified websites.

    The tone of this article is completely off, IDN’s form an opportunity to share the functionality of internet with the world and the security issues are present but they are dealt with and they’re manageable.

    In addition overall safety is of course improved with IE7, including an improved phishing detection !

  3. Administrator on February 10th, 2006 7:59 pm

    The comments are very much appreciated – the tone of the article is to simply raise awareness that there are concerns, nothing more.

    As stated above, the dominant market share of IE may yet reveal problems that Mozilla usage won’t.

    This is especially coupled with the traditionally poor record of Windows users updating security on their machines.

    Hypothetically we could see trojans try to open a backdoor on IE7 settings to exploit IDN issues.

    It doesn’t mean to say there will be a problem – but hackers are resourceful people, and unfortunately there is a large percentage of Windows users who will allow them an opportunity to test for weaknesses in the system.

    2c.

  4. IDN Update » Names@Work » Blog Archive on February 15th, 2006 6:01 pm

    [...] My post on the complications of Internationalized Domain Names (IDNs), which was published at Circle ID, and reported on Brian Turner’s blog and others, received quite a few comments, and some useful corrections. One of the better reasons for posting up my ideas and opinions is to be corrected when I’m wrong. [...]

Leave a Reply




 

Previous: « BT suspends SMS trials over data protection
Next: EU seeks cap on mobile network charges »

Visited 1608 times, 2 so far today