A recently discovered bug affecting what domain names could be registered left a huge opening for malicious actors looking to scam people.Image: Getty Images/iStockphoto
By Matt Binder2020-03-06 17:01:55 UTC
Thanks to a bug at some of the internet’s largest domain registrars, bad actors were able to register malicious domains until just late last month.
If I told you to click this on this URL, amɑzon.com, and login for a great limited time deal over at Amazon, would you notice it wasn’t really Amazon’s domain name?
Hover over it, give it a click. You’ll find that it actually directs you to xn—amzon-1jc.com. Why? Look closely and you’ll notice that the second “a” and the “o” aren’t actually the letters “a” and “o” from the Latin alphabet, which is what’s used in the English language.
It’s not supposed to be possible to register these domain names due to the malicious attacks they could be used for. Many web browsers change the characters in the URL from Unicode to Punycode, as seen in the earlier example, for that very reason.
The zero-day, or previously unknown, bug was discovered by Matt Hamilton, a security researcher at Soluble, in partnership with the security firm Bishop Fox.
According to Hamilton’s research, he was able to register dozens of names u ..
Support the originator by clicking the read the rest link below.
