Slashdot Mirror
Spoofing URLs With Unicode
Embedded Geek writes: "Scientific American has an interesting article about how a pair of students at the Technion-Israel Institute of Technology registered "microsoft.com" with Verisign, using the Russian Cyrillic letters "c" and "o". Even though it is a completely different domain, the two display identically (the article uses the term "homograph"). The work was done for a paper in the Communications of the ACM (the paper itself is not online). The article characterizes attacks using this spoof as "scary, if not entirely probable," assuming that a hacker would have to first take over a page at another site. I disagree: sending out a mail message with the URL waiting to be clicked ("Bill Gates will send you ten dollars!") is just one alternate technique. While security problems with Unicode have been noted here before, this might be a new twist."
This must mean...
A) The majority of Internet users are f'ing clueless.
B) Lauren is not only the president of the unsophicated Internet users club, but also a member.
C) We must hold the Internet responsible for such irresponsibility.
Oh, and we should instead rely on a search engine scheme, where a company may never get the users that are searching for it, because of a million idiots (Sadly, they turn out to be non-idiots more often than idiots. My apologies) ranting about XYZ Inc. ?
.US namespace with a similar scheme (what was the highest level you could get, 3rd level subdomain?). Since anything a customer can get is necessarily a lousy url that is cryptic and says little about the site, what do you expect? They often have draconian ToS's that forbid running servers, so that's not a fix, and even if you press on after that, they only offer dynamic IP's, so you still can't get a decent domain. They refuse to offer something along the lines of mysite.smalltown-isp.net either. Which further forces a person onto third-party webhosts, making it necessary to put up banners just to pay expenses. See how bad ISP policy just makes all the shit roll downhill, until you have an avalanche of it?
The ironic thing is, I'm rabidly anti-corporate. But if I need to see something about IBM, it's a sure bet starting at ibm.com puts me within 3 clicks of where I want to be. Google, or any other search engine technology that I've ever heard of, just isn't good for this sort of thing.
You want to know what the real problem is?
First off, it's laziness on the part of morons like yourself, that lust after AOL keywords and are pissed that the internet doesn't bend itself to fit your warped little design philosophies.
Secondly, not everything is the web. Not even close. DNS and domain names aren't about identifying your lousy porn site, they are about identifying a particular host. Done well though (which isn't the case), it's pretty decent at getting you within a few clicks of where you want to be.
Thirdly, how the fuck do you expect to ever type in the first URL, google.com or whatnot, if it's hidden from you on your brand new Dell? I can see the horror that would be inevitable in such a scheme. microsoft-search.com as a nice little button on the toolbar, that never ever brings up a link to click on for google or yahoo, no matter how you phrase the keywords.
Finally, the problem is the fact that the vast majority of ISP's view their customers as users of content that they provide, rather than participants in the first, and largest, p2p network ever devised. At best, you'll recieve a lousy homepage with no ftp, cgibin, or any other goodies, and a lousy url like "http://www.smalltown-isp.net/users/~dumbfart/". Of course it sucks. Hell, they even screwed up the
Sen. Hollings wants to know why there isn't enough compelling content to drive demand for broadband? Well, it's because AT&T Broadband goes out of their way to make sure I can't put any decent content up, unless I'm willing to have it polluted by their own self-serving ads, chop it down til it fits in 10megs, and refuse to do anything other than the simple static html/javascript pages that is all that they'll allow.