So basically what you're saying is Russians could basically hijack us domains if they wanted to by simply changing a couple letters that resemble ours or anybody for that matter could
Comments
Log in with your Bluesky account to leave a comment
Not exactly. There would be https://example.com and xn--exmple-4nf.com (which, if rendered in a context supporting the decoding of punycode, would render as exаmple.com, with the cyrillic 'а')
The problem comes when someone is trying to visually distinguish the two. (i.e. a phishing link for gmail)
Not really limited to russians, either. Just, "are there characters in UTF-8 that often look identical to ASCII characters" (yes), are they supported in punycode (yes), are there domain registars that allow you to register using those characters (yes).
I took a deeper look using AI to help me understand more after he was talking with me about it, definitely possible to use other languages yes it's a pretty big vulnerability if I do say so myself
Comments
The problem comes when someone is trying to visually distinguish the two. (i.e. a phishing link for gmail)
Anyone can do it, under those criteria.