Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spoofing URLs With Unicode

Posted by timothy on from the there-is-a-problem-with-this-certificate dept.

Embedded Geek writes: "Scientific American has an interesting article about how a pair of students at the Technion-Israel Institute of Technology registered "microsoft.com" with Verisign, using the Russian Cyrillic letters "c" and "o". Even though it is a completely different domain, the two display identically (the article uses the term "homograph"). The work was done for a paper in the Communications of the ACM (the paper itself is not online). The article characterizes attacks using this spoof as "scary, if not entirely probable," assuming that a hacker would have to first take over a page at another site. I disagree: sending out a mail message with the URL waiting to be clicked ("Bill Gates will send you ten dollars!") is just one alternate technique. While security problems with Unicode have been noted here before, this might be a new twist."

10 of 432 comments (clear)

  1. Re:The Futility of Slashdot's Business Model. by NanoGator · · Score: 0, Offtopic

    I don't want to say no to the ads. I've seen 3 ads for stuff I was looking for. It sure beats watching Tampon ads during Star Trek.

    --
    "Derp de derp."
  2. Terminology whine by tulare · · Score: 1, Offtopic

    "Russian Cyrillic?"
    The Cyrillic alphabet was developed a long time ago by a religious man (guess what his name was), because the Russian peoples he was trying to convert had no written alphabet. So it could be said that "Russian Cyrillic" is redundant. However, the cyrillic alphabet is in use by various languages today, and I seriously doubt the the "c" and "o" characters mentioned in the article are unique to the K018R charset.
    'Course, I could be wrong. If someone out there is a Unicode nerd and knows different, I will bow to the higher authority.

    --
    political_news.c: warning: comparison is always true due to limited range of data type
    1. Re:Terminology whine by VP · · Score: 2, Offtopic

      St. Cyrill developed the Glagolic alphabet, based on the slavic dialects spoken on the Balkan peninsula, and used it in translating the Christian holly scriptures for the slavic tribes in Moravia (today's Hungary/Slovakia). His student, St. Clement, developed the improved Cyrillic alphabet and spread its use in Bulgaria, from where it was adopted by Russia, Serbia, and others...

      Today there are several variants of Cyrillic - Bulgarian, Serbian, Macedonian, Russian, Ukrainian, and it was used even in some of the former soviet republics and Mongolia, whose languages are very far from Slavic.

      Also, KOI8 is not considered the Cyrillic codeset by other cyrillic-using nations, it is rather considered the Russian cyrillic code set. Other codesets are the Windows 1251, and ISO-8859-5. The latter would arguably be the standard Cyrillic code set.

    2. Re:Terminology whine by RelliK · · Score: 1, Offtopic
      St. Cyrill developed the Glagolic alphabet

      Uhhm, no. Glagolic is the alphabet that was used before Cyrill came along. It looks nothing at all like Cyrillic.

      and it was used even in some of the former soviet republics and Mongolia, whose languages are very far from Slavic.

      Yeah, that was really weird. You can recognize the letters but the words look like total abracadabra.

      --
      ___
      If you think big enough, you'll never have to do it.
    3. Re:Terminology whine by markov_chain · · Score: 0, Offtopic

      I found out about Clement after more digging. For example according to this link, Clement took the glagolitic, invented by Cyrill and Methodius, rewrote it into cyrillic, and spread in Bulgaria. Later it spread further east and north.

      --
      Tsunami -- You can't bring a good wave down!
    4. Re:Terminology whine by VP · · Score: 1, Offtopic

      I said:
      St. Cyrill developed the Glagolic alphabet

      RelliK said:
      Uhhm, no. Glagolic is the alphabet that was used before Cyrill came along. It looks nothing at all like Cyrillic.

      I am sorry, but you are wrong. The Glagolic did not look anything like the Cyrillic, but it was the alphabet created by St. Cyrill and his brother Methodius. The Glagolic looked somewhat like the ancient Armenian, Georgian, and Ethiopian alphabets, also developed by Byzanthine missionaries for the native languages in these areas.

      The Cyrillic was created by St. Clement, a student of St. Cyrill. Thew alphabet was much simpler - for all the common sounds, it used the Greek letters, and only made up new letters for the sounds specific to the Slavs.

      Here is a link, although not everything there is historically accurate (if there is such a thing):
      http://www.volgawriter.com/VW Cyrillic.htm

      Another, with a definitive set of Cyrillic encodings is here: http://czyborra.com/charsets/cyrillic.html.

  3. spray by Anonymous Coward · · Score: 0, Offtopic

    spray

  4. Re:cyrillic trivia Re:Terminology whine by os2fan · · Score: 3, Offtopic
    I'm aware of all of this. But even in the soviet empire, there were extra letters. Compare this in the west, where Icelandic still uses thorn and etha. Thorn was used in english before the latin alphabet arrived, and continued afterwards. edda or etha is a crossed d. Capital thorn looked something a Y with a vertical left stroke. Hence "Ye Olde Shoppe".

    Ohter english letters to fade is yoch [looks like a 3] - this is the z in Menzies = Men3ies "Menges".

    Also of note is digamma. In the greek number system, this is 6, that is, the 6th letter of the alphabet. As a letter, it appear between epsilon and zeta. Since our alphabet is derived from the greek, one notes the letter here not only looks like digamma, but preserves much of the original sound: F. Phi was an asperated p.

    Cyrillic bears a much closer resemblance to the classical greek letters, and the theta, indeeds represents an f here.

    Unicode reflects current realities. There is more than one Cyrillic Alphabet, just as there is more than one Latin alphabet.

    --
    OS/2 - because choice is a terrible thing to waste.
  5. Re:KOI8-R by shepd · · Score: 0, Offtopic

    >In my language, it means "testicle"

    I didn't know there were languages that used numbers in the spelling of words. Wonders will never cease to amaze...

    Well, at least your name doesn't translate to New Ching Shit in another language.

    --
    If you could be told what you can see or read, then it follows that you could be told what to say or think - BoC
  6. Re:Eric Bin Raymond: The Sept 11th Conspiracy Reve by ShawnDoc · · Score: 0, Offtopic

    I'm sorry, but what the he** does this have to do with the story at hand? Where are the moderators when you need them?