ʻO nā mea noiʻi hoʻoheheʻe ala hou e hoʻopaʻa inoa i nā kāʻei kapu me , e like me nā kāʻei kapu ʻē aʻe, akā ʻokoʻa maoli ma muli o ke ʻano o nā huaʻōlelo me kahi ʻano ʻokoʻa. Nā kāʻei kapu honua like () ʻaʻole ʻokoʻa i ka nānā mua ʻana mai nā kāʻei o nā hui kaulana a me nā lawelawe, e hiki ai iā lākou ke hoʻohana no ka phishing, me ka loaʻa ʻana o nā palapala hōʻoia TLS kūpono no lākou.
Ua hoʻopaʻa ʻia ka hoʻololi maʻamau ma o kahi kikowaena IDN like ʻole i waho i nā mākaʻikaʻi a me nā mea kākau inoa, ma muli o ka pāpā ʻana i ka hui ʻana i nā huaʻōlelo mai nā alphabets like ʻole. No ka laʻana, ʻaʻole hiki ke hana ʻia ka domain fake apple.com ("xn--pple-43d.com") ma ka hoʻololi ʻana i ka Latin "a" (U+0061) me ka Cyrillic "a" (U+0430), mai ka hui ʻana. ʻAʻole ʻae ʻia nā leka ma ka domain mai nā alphabets like ʻole. I ka makahiki 2017 he ala e kāʻalo ai i ia pale me ka hoʻohana ʻana i nā huaʻōlelo unicode wale nō i loko o ke kikowaena, me ka hoʻohana ʻole ʻana i ka pīpaʻa Latin (no ka laʻana, me ka hoʻohana ʻana i nā huaʻōlelo me nā huaʻōlelo Latin-like).
I kēia manawa ua ʻike ʻia kahi ala ʻē aʻe o ka pale ʻana i ka pale, e pili ana i ka mea e hoʻopaʻa ʻia ai nā mea kākau inoa i ka hui ʻana o ka Latin a me Unicode, akā inā ʻo nā huaʻōlelo Unicode i kuhikuhi ʻia i loko o ka domain e pili ana i ka pūʻulu o nā huaʻōlelo Latin, ua ʻae ʻia kēlā hui ʻana, no ka mea, aia nā huaʻōlelo. i ka alphabet hookahi. ʻO ka pilikia ka hoʻonui aia nā homoglyphs e like me ka spelling me nā huaʻōlelo ʻē aʻe o ka alphabet Latin:
hōʻailona "" like me "a", ""- "g", ""- "l".
Ua ʻike ʻia ka hiki ke hoʻopaʻa inoa i nā kikowaena kahi i hui pū ʻia ai ka alphabet Latin me nā huaʻōlelo Unicode i kuhikuhi ʻia ma ka Verisign registrar (ʻaʻole i nānā ʻia nā mea kākau inoa ʻē aʻe), a ua hana ʻia nā subdomains ma Amazon, Google, Wasabi a me DigitalOcean lawelawe. Ua loaʻa ka pilikia i Nowemapa i ka makahiki i hala a, ʻoiai nā hoʻolaha i hoʻouna ʻia, ʻekolu mahina ma hope, i ka manawa hope, ua hoʻopaʻa ʻia ma Amazon a me Verisign.
I ka wā o ka hoʻokolohua, ua hoʻohana ka poʻe noiʻi i $ 400 e hoʻopaʻa inoa i kēia mau inoa inoa me Verisign:
- amɑzon.com
- chɑse.com
- sforlesforce.com
- .commɑil.com
- ɑppɩe.com
- ebɑy.com
- static.com
- kokokowa.com
- theɡguardian.com
- lawohana.com
- washingtonpost.com
- pɑypɑɩ.com
- wɑlmɑrt.com
- wɑsɑbisys.com
- yɑhoo.com
- cɩoudfɩare.com
- deɩɩ.com
- gmɑiɩ.com
- www.gooɡleapis.com
- huffinɡtonpost.com
- instaram.com
- microsoftonɩine.com
- ɑmɑzonɑws.com
- ɑdroid.com
- netfɩix.com
- nvidiɑ.com
- www.eog.com
Ua hoʻomaka pū nā mea noiʻi e nānā i kā lākou mau kāʻei kapu no nā mea ʻē aʻe me nā homoglyphs, me ka nānā ʻana i nā kikowaena i hoʻopaʻa inoa ʻia a me nā palapala hōʻoia TLS me nā inoa like. No nā palapala hōʻoia HTTPS, ua nānā ʻia nā kikowaena 300 me nā homoglyphs ma o nā palapala hōʻoia Transparency, kahi i hoʻopaʻa ʻia ai ka hanauna palapala no 15.
Hōʻike nā polokalamu kele pūnaewele Chrome a me Firefox i kēlā mau kāʻei kapu ma ka ʻaoʻao helu ma ka notation me ka "xn--" prefix, akā naʻe, i nā loulou, nānā nā kikowaena me ka ʻole o ka hoʻololi ʻana, hiki ke hoʻohana ʻia e hoʻokomo i nā kumuwaiwai ʻino a i ʻole nā loulou i nā ʻaoʻao, ma lalo o ke ʻano. o ka hoʻoiho ʻana iā lākou mai nā pūnaewele kūpono. No ka laʻana, ma kekahi o nā kāʻei kapu i ʻike ʻia me nā homoglyphs, ua māhele ʻia kahi ʻano ʻino o ka waihona jQuery.
Source: opennet.ru