IDNA failure of URL shorteners
After reading mashable's article on idn phishing today, I started playing with IDNs and a "fake" version of paypal.com. That turned out to be quite interesting.
Firstly, problem with different, but same looking characters, is an issue that many have been aware of for years and years. But since ICANN are fast tracking the IDN ccTLD process, this could start affecting domains on some ccTLDs in 2010.
But while I was playing around with the domain www.pаypаl.com (those
- http://www.pаypаl.com/ => www.xn--pypl-53dc.com The original IDNA name, as it should be
- http://bit.ly/5nwoTN => www.p%d0%b0yp%d0%b0l.com
- http://is.gd/5J7RX => www.p%d0%b0yp%d0%b0l.com
- http://tinyurl.com/ydoswae => www.pаypаl.com
- http://doiop.com/haq71d => www.p%d0%b0yp%d0%b0l.com
- http://cli.gs/YU0Rsu => www.p%d0%b0yp%d0%b0l.com
- http://zi.ma/72ee21 => www.p%d0%b0yp%d0%b0l.com
- http://twurl.nl/ykue1g => www.p%d0%b0yp%d0%b0l.com
It was also interesting to note that Facebook actually converted the link to punycode, as: http://www.xn--pypl-53dc.com/. Not bad!
posted at: 16:34 | path: /2010/01 | permanent link to this entry