The Null Device
Posts matching tags 'unicode'
Word of the day: Mojibake (n): the phenomenon of text on a computer rendering as garbage characters because of an incorrect character encoding being used to read it. (From the Japanese 文字 (moji; letter or character), and 化ける (bakeru; to appear in disguise, to take the form of, to change for the worse).
A h4x0r group named Shmoo has revealed a new web-spoofing attack which takes advantage of Unicode characters which look like ASCII characters but aren't, allowing spoofers to register sites like http://www.pаypal.com/ (note that the first 'a' isn't an 'a', but rather Unicode character #1072, the Cyrillic small 'a'). A demo page with two dodgy links is here.
Such attacks, of course, only work if Unicode domain names are allowed. This is one of the few times that Internet Explorer users are safer than Mozilla/Firefox users, as IE doesn't support international domain names out of the box. If you're using Firefox, you may be able to fix it by following the following procedure (via bOING bOING):
1) Goto your Firefox address bar. Enter about:config and press enter. Firefox will load the (large!) config page.
2) Scroll down to the line beginning network.enableIDN -- this is International Domain Name support, and it is causing the problem here. We want to turn this off -- for now. Ideally we want to support international domain names, but not with this problem.
3) Double-click the network.enableIDN label, and Firefox will show a dialog set to 'true'. Change it to 'false' (no quotes!), click Ok. You are done.
4) Go check out the shmoo demo again and notice it no longer works.
Of course, if you practice safe web access, you won't be entering your bank details or whatever after following a link (however kosher-looking) from an untrusted source in the first place, but only after having typed it in with your own hands or selected it from your local bookmarks.