Monday, February 07, 2005

Phishing and a New Risk

You need to be careful when using the internet. There is yet another problem that has reared its ugly head, because we are "not there yet." is a highly, highly technical website. Their motto is "News for Nerds. Stuff that Matters." That should be a clue that unless you are truly a nerd or have nerdish tendencies, you need to stay away. However, in an article today on, yet another exploit has been unearthed. Hackers can now create fake web addresses using an alternate code. This code looks like a normal address, but is actually referring to something else. The article uses Paypal as an example. The code "p& #1072;" in this "Punycode" International Domain Name format is not the same as "" in the normal code (UTF 8, or Unicode Transformation Format). This code "Punycode" form is shown on the screen normally, i.e., as "", but goes to an entirely different place.

Blah, blah, blah, you say? Well, yes, except that if a hacker can create a normal-looking web link to a fake Citicorp or Bank of America web site, then you are at serious risk. It enables "phishing", the practice by hackers of trying to fool you into giving them your passwords and other private information. They can make the fake site look just like the original, except that they are stealing from you.

What can you do? Basically, phishing is really a risk for dealing with financial web sites, or internet provider web sites. So, when you are going to your bank or ISP (Internet Service Provider) websites, type the address directly into your browser. Don't go there via a link in an email message, or a link on a web site.

And, as always, treat the internet with respect. Realize that the moment you connect to the 'net, you are strolling on the wrong side of the tracks.