Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Tool To Help Users Avoid Typo Domains

Posted by ryuzaki0 on from the slashdot-is-not-a-typo dept.

blueZ3 writes "ZDnet is running a story on a new tool from Microsoft that aims to inform users when they reach 'typo domains'. Apparently, there's concern in Redmond that IE users are being exploited by companies running ad farms on typo domains. The tool uses an automated search routine to look for domains with particular types of typographical errors--transpositions, incorrect TLDs, missing letters--and then adds the domains to a database. The eventual goal (though this isn't clear from the article) seems to be something akin to Verisign's URL redirecting, where typo domains are blocked."

9 of 179 comments (clear)

  1. Yes by temojen · · Score: 2, Interesting

    What if I really wanted to go to goggle.com? (don't, it tries to drive-by install something when you leave.)

    1. Re:Yes by Frumious+Wombat · · Score: 2, Interesting

      That depends; you're sitting at home and are your own tech support, then you're right. Go wherever you want.

      You're on some sort of managed network, such as a business or university system, which is networked intimately to many other systems and has administrators who will have to clean up the machine when you're done, then your browser should prevent you from going to a known malware site. Sorry, I used to have that job, and began thinking, "maybe if I make them all use Lynx and Pine for web and email, this nonsense will stop".

      Like most Microsoft innovations, this one is pitched to the home user, to build mindshare, but is really aimed at corporate environments. Don't be surprised if you work at United that if you type http://www.untied.com/, you somehow end up back at United.com. Similarly, small dot-coms might redirect F*d Company's website to wemotivate.com.

      --
      the more accurate the calculations became, the more the concepts tended to vanish into thin air. R. S. Mulliken
  2. I'd be more concerned about phishing by jfengel · · Score: 4, Interesting

    Ending up at a link farm isn't any fun, but at least it's not dangerous. But you're told to type URLs from email rather than copy-and-paste, and then you risk being screwed by your own typo. Even going to your own bank is risky if you type without consciously typo-checking the URL.

  3. Oh, you mean like redirecting MikeRoweSoft.com? by Crouty · · Score: 4, Interesting

    Stupid parents to have their son's name collide with phonetics of Microsoft.

    --
    On se Internetz nobody noes your German.
  4. There is a much easier way.... by wowbagger · · Score: 5, Interesting

    There is a much easier way to block 99% of the typosquatters - they have a very small number of IP addresses they park their domains on.

    Block those IP addresses, block the squatters.

    Check it out for yourself - fire up your favorite DNS query tool, and plug in some typos.

    --
    www.eFax.com are spammers
  5. Re:Is there really need? by TwilightXaos · · Score: 2, Interesting
    That isn't the problem. But what if some computer naive, but otherwise intelligent, person types in their bank address as
    www.compasbank.com
    An easy mistake. Then, instead of seeing a site that installs XYZ spyware, they see a site that looks exactly like the real site
    www.compassbank.com
    So they enter their password for online banking, because the site has the little lock in the browser window meaning it is a secure connection. Now, the owners of the fake site have the banking info, including account numbers, of the person.

    I am not saying this is a good idea. But, I believe the case you describe is not what it's originators were thinking.
  6. Re:first one up: by kabz · · Score: 2, Interesting

    Wow, it did for me and I'm using Safari on a Mac !! It waited a few seconds then I got the familiar this file contains an application message. That is scary.

    --
    -- "It's not stalking if you're married!" My Wife.
  7. Only a band-aid by Fastolfe · · Score: 3, Interesting

    This problem exists because users seem to place an unhealthy emphasis on a DNS domain name as a web topic. Perhaps we should be looking at ways of de-emphasizing a DNS domain name's importance in identifying content and start looking for ways to let users find specific pieces of information in a reliable manner using some other tool (such as an X.500 or LDAP directory of official organization names, registered trade marks, service marks, etc.).

    Until users stop thinking that they can just add a .com to their search term and get "official" content, this will remain a problem. Determining what domain names are squatters and what domains aren't is fairly easy today, but it will only be a matter of time (and a brief amount of time at that) before these typosquatters just dress their pages up to look a little more substantial and your horribly subjective test will start to fail.

  8. Censoring the Net? by RecycledElectrons · · Score: 2, Interesting

    If you type in www.Knopper.Net, you go to www.Windows.com right?

    Nothing is going to change until we shoot the bastards.

    Andy Out!