This is not the best message I could compose about the topic, but at least
it means to raise a bit of awareness. The problem concerns the Web address
you see at the top (usually? always?) of your Web browser's screen.
Malicious people will create Web addresses that contain similar-looking
glyphs -- these might not look different enough to be noticed, depending
upon the specific code points involved, and the fonts used for rendering.
As some of you know, there are fake e-mail messages that look very
believable, seeming to come from legitimate sources, but actually
originating from unrelated malicious sources. These messages are likely to
ask for such things as one's e-mail address, or worse, credit card
numbers, passwords, and other very private personal data. The malicious
requester can then use these, for instance, to steal money from a bank
account or steal one's identity. I'm describing this only to define this
relatively-new misuse of e-mail; it's called "phishing", the variant
spelling serving to define it concisely.
Please, let's not discuss phishing here; OK? Problem, yes; to be discussed
elsewhere.
Personal experience: Recently, I got a message that looked suspicious, it
was phishing, and noticed that a small "a" in the address was misplaced, a
bit too high with respect to the writing line, iirc. Its style was quite
close to a legitimate "a" in the font I was using at the time, and at a
quick, casual glance might not have been noticed. I didn't bother to find
out what its code point was.
Point is that this address, with the bogus a-glyph in it, of course
contained a code point that must have been outside Latin-1 or '8859-15.
That means it would refer to an entirely-different Web site from what one
might think, from casual inspection.
Sad to say, as Web addresses are progressively internationalized, this
kind of abuse is likely to become more of a problem. There is discussion,
if not action, already, to whitelist (or blacklist) certain ranges of
Unicode code space. We're witnessing ongoing abuse of a system originally
created to be used by emotionally-mature, civilized people only.
Reference, just moderately technical:
<
http://www.icann.org/committees/idn/idn-codepoint-input.htm>
The IETF <www.ietf.org> is the Internet Engineering Task Force, the group
of people who set the standards by which the Internet functions.
The ICANN <www.icann.org> is the Internet Corporation For Assigned Names
and Numbers, which, as I understand it, supervises assignments of the
names and numbers used to reach Web sites and individual e-mail addresses.
Of course, it does more than that, as I see it.
Sad to say, those with quite-old browsers, and e-mail clients that can't
deal with much more than ASCII, have an advantage in this situation.
Regards,
--
Nicholas Bodley /*|*\ Waltham, Mass. (Not "MA")
The curious hermit -- autodidact and polymath
If you're determined to be afraid, choose wisely
what to be afraid of.