Language Selection

English French German Italian Portuguese Spanish

Non-English Domain Names Likely Delayed

Filed under
Web

Concerns about "phishing" e-mail scams will likely delay the expansion of domain names beyond non-English characters, the chairman of the Internet's key oversight agency said Friday.

Vint Cerf, head of the Internet Corporation for Assigned Names and Numbers, would not speculate on when such characters might appear but said Internet engineers must now spend time "trying to winnow down, frankly, the number of character (sets) that are allowed to be registered."

Demand for non-English domain names is high outside the United States and a U.N. panel studying Internet governance said in a report Thursday that "insufficient progress has been made toward multilingualization." It cited the lack of international coordination and technical hurdles as among the problems.

Officially, the Internet's Domain Name System supports only 37 characters - the letters of the Latin alphabet, 10 numerals and a hyphen.

But in recent years, in response to a growing Internet population worldwide, engineers have been working on ways to trick the system into understanding other languages, such as Arabic, Chinese and Japanese.

Engineers have rallied around a character system called Unicode.

But security experts warned earlier this year of a potential exploit that takes advantage of the fact that characters that look alike can have two separate codes in Unicode and thus appear to the computer as different. For example, Unicode for "a" is 97 under the Latin alphabet, but 1072 in Cyrillic.

Subbing one for the other can allow a scammer to register a domain name that looks to the human as "paypal.com," tricking users into giving passwords and other sensitive information at what looks like a legitimate site. It's much like how scammers now use the numeral "1" sometimes instead of the letter "l" to trick users.

"In some of the early tests, ... it became clear we had opened up the opportunity for registering very misleading names," Cerf said in a conference call wrapping up ICANN's meetings this week in Luxembourg. "This kind of potential confusion leads to parties going to what they think are valid Web sites."

Cerf said it may be possible to proceed with character sets that aren't at risk of confusion as the standards-setting Internet Engineering Task Force tackles the broader security concerns with non-English names.

Tests of non-English characters have been going on for years, and in a few cases they are fully operational. Last year, operators of the German ".de" domain began offering 92 accented and other special characters, including the umlaut common in German names.

But ICANN has yet to approve domain names entirely in another language; all addresses now must end with an English string such as ".com."

Associated Press

More in Tux Machines

Linux Devices, Tizen, and Android

Leftovers: OSS

  • SAP buys into blockchain, joins Hyperledger Project
  • foss-north speaker line-up
    I am extremely pleased to have confirmed the entire speaker line-up for foss north 2017. This will be a really good year!
  • Chromium/Chrome Browser Adds A glTF Parser
    Google's Chrome / Chromium web-browser has added a native glTF 1.0 parser. The GL Transmission Format, of course, being Khronos' "3D asset delivery format" for dealing with compressed scenes and assets by WebGL, OpenGL ES, and other APIs. There are glTF utility libraries in JavaScript and other web-focused languages, but Google adding a native glTF 1.0 parser appears to be related to their VR push with supporting VR content on the web. Their glTF parser was added to Chromium Git on Friday.
  • Sex and Gor and open source
    A few weeks ago, Dries Buytaert, founder of the popular open-source CMS Drupal, asked Larry Garfield, a prominent Drupal contributor and long-time member of the Drupal community, “to leave the Drupal project.” Why did he do this? He refuses to say. A huge furor has erupted in response — not least because the reason clearly has much to do with Garfield’s unconventional sex life. [...] I’ll unpack the first: open-source communities/projects are crucially important to many people’s careers and professional lives — cf “the cornerstone of my career” — so who they allow and deny membership to, and how their codes of conduct are constructed and followed, is highly consequential.
  • Hazelcast Releases 3.8 – The Fastest Open Source In-Memory Data Grid
  • SecureDrop and Alexandre Oliva are 2016 Free Software Awards winners
  • MRRF 17: Lulzbot and IC3D Release Line Of Open Source Filament
    Today at the Midwest RepRap Festival, Lulzbot and IC3D announced the creation of an Open Source filament. While the RepRap project is the best example we have for what can be done with Open Source hardware, the stuff that makes 3D printers work – filament, motors, and to some extent the electronics – are tied up in trade secrets and proprietary processes. As you would expect from most industrial processes, there is an art and a science to making filament and now these secrets will be revealed.
  • RApiDatetime 0.0.2

Security Leftovers

  • NSA: We Disclose 90% of the Flaws We Find
    In the wake of the release of thousands of documents describing CIA hacking tools and techniques earlier this month, there has been a renewed discussion in the security and government communities about whether government agencies should disclose any vulnerabilities they discover. While raw numbers on vulnerability discovery are hard to come by, the NSA, which does much of the country’s offensive security operations, discloses more than nine of every 10 flaws it finds, the agency’s deputy director said.
  • EFF Launches Community Security Training Series
    EFF is pleased to announce a series of community security trainings in partnership with the San Francisco Public Library. High-profile data breaches and hard-fought battles against unlawful mass surveillance programs underscore that the public needs practical information about online security. We know more about potential threats each day, but we also know that encryption works and can help thwart digital spying. Lack of knowledge about best practices puts individuals at risk, so EFF will bring lessons from its comprehensive Surveillance Self-Defense guide to the SFPL. [...] With the Surveillance Self-Defense project and these local events, EFF strives to help make information about online security accessible to beginners as well as seasoned techno-activists and journalists. We hope you will consider our tips on how to protect your digital privacy, but we also hope you will encourage those around you to learn more and make better choices with technology. After all, privacy is a team sport and everyone wins.
  • NextCloud, a security analysis
    First, I would like to scare everyone a little bit in order to have people appreciate the extent of this statement. As the figure that opens the post indicates, there are thousands of vulnerable Owncloud/NextCloud instances out there. It will surprise many just how easy is to detect those by trying out common URL paths during an IP sweep.
  • FedEx will deliver you $5.00 just to install Flash
    Bribes on offer as courier's custom printing service needs Adobe's security sinkhole

GNOME Extensions Website Has A New Look

Every GNOME Shell user will visit the official GNOME Shell Extensions website at least once. And if those users do so this weekend they’ll notice a small difference as the GNOME Shell Extensions website is sporting a minor redesign. This online repo plays host to a stack of terrific add-ons that add additional features and tweak existing ones. Read more