I’m sure most of you heard of the recent addition of International Domain Names using characters other than English such as ( عبدالله.الاردن ) which raised many red flags from security experts on topics such as Phishing. The Saudi Network Information Center have come up with a solution.
In a video posted on their Arabic blog, the Saudi Network Information Center (SaudiNIC) the entity in charge of administering the domain name space under ( .sa or السعودية. ) have come up with a proposed solution for what security experts around the world are calling a serious threat to everyday web surfers’ security.
The concerns were raised when the initiative to create International Domain Names for country code Top Level Domains (IDN ccTLDs) encoded in characters other than English, such as Arabic, Korean, Japanese, Greek, Hindi and Cyrillic.
If you want to get into the technical details check out this post on CircleCID to get an idea. In short with International Domain Names the chances of becoming a victim increase exponentially with the number of accents (small characters affecting word meaning and pronunciation) that exist in many languages around the world.
This coinciding with the fact these domain names are mostly presented in third world countries only means the digital literacy of online users will be slightly less than that of their Western counterparts which will lead to higher Phishing ‘catches’ so to speak.
SaudiNIC has provided a mechanism on their website where users have the option to register domain names similar to the ones they originally set out to get as shown below. They also mention a mechanism to register other the same domains written in different language encodings that look exactly the same.
As admirable as this is, our conclusion is: This is going to get real nasty, real fast. So don’t trust IDNs just yet friends, so much more has yet to come. If you understand Arabic you can check out the video for yourselves.