Thanks to a bug at some of the internet’s largest domain registrars,turksh sexs videos bad actors were able to register malicious domains until just late last month.
If I told you to click this on this URL, amɑzon.com, and login for a great limited time deal over at Amazon, would you notice it wasn’t reallyAmazon’s domain name?
Hover over it, give it a click. You’ll find that it actually directs you to xn--amzon-1jc.com. Why? Look closely and you’ll notice that the second “a” and the “o” aren’t actually the letters “a” and “o” from the Latin alphabet, which is what’s used in the English language.
It’s not supposed to be possible to register these domain names due to the malicious attacks they could be used for. Many web browsers change the characters in the URL from Unicode to Punycode, as seen in the earlier example, for that very reason.
The zero-day, or previously unknown, bug was discoveredby Matt Hamilton, a security researcher at Soluble, in partnership with the security firm Bishop Fox.
According to Hamilton’s research, he was able to register dozens of names using Latin homoglyphs, basically a character that looks like another character. Verisign, Google, Amazon, DigitalOcean, and Wasabi were among the affected companies allowing the registration of these names.
“Between 2017 and today, more than a dozen homograph domains have had active HTTPS certificates,” writes Hamilton. “This included prominent financial, internet shopping, technology, and other Fortune 100 sites. There is no legitimate or non-fraudulent justification for this activity.”
Hamilton held his report for publication until Verisign, the company that runs the domain registries for prominent general top level domain (gTLD) extensions like .com and .net, fixed the issue. The research was only conducted on gTLDs run by Verisign. He states that among all the vendors he contacted, Amazon and Verisign in particular took the issue very seriously.
In the Cyrillic alphabet specifically, there are a number of letters that look nearly identical to letters in the Latin alphabet. For example, here’s the character for “a” in Latin. Here’s the character for “ɑ” in Cyrillic.
Combining these homoglyph characters with the Latin alphabet in a domain name could create a URL that looks very much like one that’s already registered by another company, such as fake Amazon domain mentioned earlier.
Hackers could use these domain names to create phishing websites that look like legitimate sites for services like Gmail or PayPal. The attack could steal a users website password or credit card information using this information.
Hamilton was able to register the following domain names thanks to this bug:
amɑzon.com
chɑse.com
sɑlesforce.com
ɡmɑil.com
ɑppɩe.com
ebɑy.com
ɡstatic.com
steɑmpowered.com
theɡuardian.com
theverɡe.com
washinɡtonpost.com
pɑypɑɩ.com
wɑlmɑrt.com
wɑsɑbisys.com
yɑhoo.com
cɩoudfɩare.com
deɩɩ.com
gmɑiɩ.com
gooɡleapis.com
huffinɡtonpost.com
instaɡram.com
microsoftonɩine.com
ɑmɑzonɑws.com
ɑndroid.com
netfɩix.com
nvidiɑ.com
ɡoogɩe.com
In total, he spent $400 to register the domain names that could be used to scam people out of much, much more.
Internationalized domain names, or IDNs, have become popular in recent years. These domains allow users around the world to register names using their native language, such as Greek or Japanese, where you may find non-Latin characters.
However, malicious actors quickly discovered ways to use IDNs for attacks.
SEE ALSO: Rudy Giuliani's typo-filled tweets are catnip for hackers spreading malwareAs Bleeping Computerpoints out, the Internet Corporation for Assigned Names and Numbers (ICANN), the organization that manages the web's domain name system, has IDN guidelines state that domain registrars should not allow domains be registered using a combination of different alphabets for this very reason.
It's not a new practice, though. The Registernotes how homograph attacks have been an issue for the web for 15 years.
As for amɑzon.com, or should I say xn--amzon-1jc.com, Hamilton has since transferred the domain to Amazon, the company that can be found at the real amazon.com.
Topics Cybersecurity
‘Harimaya Bridge’ Screening at SFV Hongwanji Temple
Purdue vs. UConn basketball livestreams: How to watch live
Meta briefly blocked a local news organization critical of Facebook
Buy 2024 solar eclipse glasses right now. Here's how to find legit ones.
‘Allegiance’ and the Persistence of Little Tokyo
Where to find solar eclipse glasses on sale: Amazon and more deals to stay safe on April 8
Wordle today: The answer and hints for April 3
This is Tesla's new Model 3 'Ludicrous'
Tezuka’s ‘Belladonna of Sadness’ at the Nuart
Score a pair of Liberty 4 NC earbuds? when you purchase the XREAL Air 2 Pro
Persimmon Talk at Gardena Valley JCI on Sunday
Amazon deals of the day: Dyson Ball Animal 3, Chefman air fryer oven, and more
Acer laptops under $300 as a Target Deal of the Day
The best solar eclipse app 2024: Get exact time based on your location — and a demo, too
Getty Images Confuses 'Star Wars' Actress with Olympic Figure Skater
iOS 17.5 beta 1 is here: 3 new features coming to your iPhone
Wordle today: The answer and hints for April 5
Wordle today: The answer and hints for April 5
Riverside Art Museum Exhibit Delves into EO 9066
How to use Spotify Audiobooks
'Ice Cream Books' is your delicious Instagram for summer readingTerrifying footage shows a hangglider collapsing during midElephants in Thailand receive prosthetic limbs after landmine accidentsPoet slams white privilege, police violence in viral Facebook videoThese are the apps refugees are using to find their way in EuropeTrump uses 'Frozen' to defend controversial tweet and the internet just can'tKid loses his stuffed elephant, so photoshoppers give him a trip around the worldResearchers will conduct Zika study on U.S. Olympians in Brazil15 things that make 2016 America actually awesomeMan uses drone to grill steak, is overwhelmed with emotion Google is testing a real NYT Connections Sports Edition hints and answers for November 10: Tips to solve Connections #48 The planets are stunning in December 2024 — and no telescope is needed Georgia vs. Ole Miss football livestreams: kickoff time, streaming deals, and more NASA spotted a very young planet. It could become a super Best Fitbit deal: Save $60 on the Fitbit Charge 6 Colts vs. Bills 2024 livestream: How to watch NFL online 5 Signs Your Storage Drive is About to Fail OpenAI says over 2 million people consulted ChatGPT for the 2024 election Florida State vs. Notre Dame football livestreams: kickoff time, streaming deals, and more
0.1581s , 14253.2578125 kb
Copyright © 2025 Powered by 【turksh sexs videos】Major domain name bug allowed hackers to register malicious domains,Global Hot Topic Analysis
