Masu bincike daga Soluble sabuwar hanyar yin rajistar yanki tare da , kama da bayyanar da sauran yankuna, amma a zahiri sun bambanta saboda kasancewar haruffa masu ma'ana daban. Makamantan yankunan ƙasashen duniya () na iya kallon farko ba zai bambanta da wuraren sanannun kamfanoni da ayyuka ba, wanda ke ba su damar yin amfani da su don yin phishing, gami da samun daidaitattun takaddun shaida na TLS a gare su.
An daɗe ana toshe sauye-sauye na al'ada ta wani yanki mai kama da IDN a cikin masu bincike da masu rijista, albarkacin hana haɗa haruffa daga haruffa daban-daban. Misali, ba za a iya ƙirƙirar yankin dummy apple.com ("xn--pple-43d.com") ta maye gurbin Latin "a" (U+0061) tare da Cyrillic "a" (U+0430), tun da Ba a yarda da haruffa a cikin yanki daga haruffa daban-daban ba. A cikin 2017 akwai hanyar ketare irin wannan kariyar ta amfani da haruffa unicode kawai a cikin yankin, ba tare da amfani da haruffan Latin ba (misali, ta amfani da alamomin harshe tare da haruffa kama da Latin).
Yanzu an sami wata hanyar ketare kariyar, bisa ga gaskiyar cewa masu rajista suna toshe haɗa Latin da Unicode, amma idan haruffan Unicode da aka kayyade a cikin yankin suna cikin rukunin haruffan Latin, ana ba da izinin haɗawa, tunda haruffan suna cikin su. haruffa iri ɗaya. Matsalar ita ce a cikin tsawo akwai kamanceceniya a rubuce zuwa wasu haruffa na haruffan Latin:
alama""yi kama da "a", ""-"g",""- "l".
Yiwuwar yin rajistar wuraren da aka haɗa haruffan Latin tare da ƙayyadaddun haruffa Unicode an gano shi ta mai rejista Verisign (ba a gwada sauran masu rejista ba), kuma an ƙirƙiri reshen yanki a cikin sabis na Amazon, Google, Wasabi da DigitalOcean. An gano matsalar a watan Nuwambar bara kuma, duk da sanarwar da aka aiko, bayan watanni uku an gyara ta a cikin minti na ƙarshe kawai a cikin Amazon da Verisign.
Yayin gwajin, masu binciken sun kashe $400 don yin rajistar yankuna masu zuwa tare da Verisign:
- amzon.com
- shafin yanar gizo
- sɑlesforce.com
- mɑil.com
- ppɩe.com
- yanar gizo.com
- .comstatic.com
- sarzana.com
- Ƙauardian.com
- sabarin.com
- washingtonpost.com
- pɑypɑ.com
- wlmɑrt.com
- wasɑbisys.com
- yahoo.com
- cyanfɩare.com
- daga.com
- gmɑiɩ.com
- www.gooɡleapis.com
- huffin.com
- Instaɡram.com
- microsoftonɩine.com
- mɑzonɑws.com
- roidndroid.com
- netfɩix.com
- nvidiɑ.com
- ɩoogɩe.com
Masu binciken sun kuma kaddamar da su don duba yankunan ku don yiwuwar wasu hanyoyi tare da homoglyphs, gami da duba wuraren da aka riga aka yi rajista da takaddun shaida na TLS masu kama da sunaye. Dangane da takaddun shaida na HTTPS, an duba yankuna 300 tare da homoglyphs ta cikin rajistan ayyukan Takaddun shaida, wanda aka rubuta ƙarni na takaddun shaida na 15.
Masu bincike na yanzu Chrome da Firefox suna nuna irin waɗannan wuraren a cikin adireshin adireshin a cikin bayanin kula tare da prefix "xn--", duk da haka, a cikin hanyoyin haɗin yanar gizon suna bayyana ba tare da canzawa ba, wanda za'a iya amfani da shi don saka albarkatu masu ɓarna ko haɗin kai zuwa shafuka, a ƙarƙashin ɓoye. na zazzage su daga halaltattun shafuka . Misali, akan ɗayan wuraren da aka gano tare da homoglyphs, an yi rikodin rarraba sigar ɓarna na ɗakin karatu na jQuery.
source: budenet.ru