Tag Archives: internet

General IT, General Legal IT, Technical

One to pass to your IP/IT lawyers

1 Comment

Are you ready for WWW.JДSФИPLДЙT.CO.UK

As of this month the Internet Corporation for Assigned Names and Numbers (Icann) agreed to allow non-Latin script web urls. This means the address above could be a perfectly valid web address (domain name).

This gives a whole raft of opportunities for cyber squatters to snap up domains of companies, especially those that are based in the emerging markets of most international law firms, the eastern European, Asian and Gulf region countries. And as well as squatters if you have clients whose brand names are non-Latin character based or who trade in regions where the writing is non-Latin, it could be an opportunity to advise them on protecting their brands.

Unfortunately the change means that there are also more opportunities for phishing attacks through spoofing domain names.

For example, take a look at this url www.jаsonplаnt.co.uk It looks pretty normal right? However try the link, you’ll get a 404 or page not found. Why? Well the a’s are actually а’s (still confused? the first is a Latin character a and the second is the Cyrillic character a). A computer recognises them as totally different. Therefore sites could be “spoofed” using this Cyrillic method and be used to “phish” information from you.

Below is a (hopefully) high level explanation of how this new system will work.

First remember, computers work under the bonnet in numbers for pretty much everything.

So as it stands now there is a service on the internet called DNS (Domain Name System). This acts like a phonebook, turning easily understood domain names that you use into strings of computer-readable numbers, known as Internet Protocol (IP) addresses.

There is also an encoding system that turns characters you type into numbers that the computer understands, this is called ASCII. This is what the internet DNS system uses now to translate the characters of the urls.

Technically the problem has been that ASCII was built for the Latin character set. And it is limited to the number of characters it can encode. To cater for all the worlds character sets; Latin, Cyrillic and Chinese characters etc, a new system was required. This is called Unicode. However the DNS “phonebooks” of the internet only understand ASCII**.

So to enable the new domain names to have all characters sets, a method was required to handle the conversion. The conversions between ASCII and non-ASCII forms of a domain name are accomplished by some clever algorithms called ToASCII and ToUnicode.

So take JДSФИPLДЙT, this is Unicode and so the ToASCII algorithm would be applied. Once it has been through this algorithm, a prefix is given to distinguish it from a standard ASCII name (otherwise you could end up with a totally different Cyrillic and Latin urls/domain names pointing to the same place!). The result is a unique name that can be looked up in DNS (**technically DNS can support non-ASCII but because of other limitations it has meant non-ASCII names be converted to ASCII).

Finally it is worth knowing that most of the popular browsers have introduced some methods to help with the “spoofing” by recognising when this new multi-language domain name is being used in this way.

Share
General IT

GeoCities RIP – 26/10/2009

Leave a comment

This is not really a Legal IT post just a general post to mark today’s passing of GeoCities.

Geocitiesoriginallogo GeoCities : July 1995 – 26th October 2009

GeoCities was to budding web developers what the BBC Micro, ZX Spectrum etc were to budding developers ten years earlier. Starting in the mid 90’s it was a place to host web pages, enabling millions of people to upload their “under construction” images and dancing babies animated gifs!

RIP GeoCities!

Share