Are Unicode Domains Really a Security Risk?

Matt — Mon, 11 Jan 2010 11:11:19 +0000

I recently read an interesting piece from Mashable that suggested that ICANN allowing non-Latin (Unicode) domain names is a security risk. The problem is that Unicode characters can be rendered in browsers as Latin characters, which opens a new window of opportunity for phishers.

If the domain, created using Cyrillic scripts “raural.com” was registered, the way that Unicode-browsers will actually render that domain in latin is as “paypal.com.” In theory, phishers could pass around that link and set up a fake version of the PayPal site to harvest logins and credit card data.

It is impossible to tell the difference visually. It’s pretty scary. At least, I thought it was until I realized two things:

You shouldn’t click links in emails claiming to be from PayPal or your bank anyway. Just don’t. Type the address in manually.
Websites dealing with money, or other things that require a higher level of security, generally have an SSL certificate signed by a reputable third party.

So if you don’t click links in emails, and make sure that the SSL certificate checks-out, you’ll be safe.

It’s not that big a deal for those of us who have a good general knowledge of computer security, but it still is worrying that phishers are gaining this tool. I’m sure you know plenty of people who could easily fall into this kind of trap.

PayPal Goes Down For 4.5 Hours, What Does This Mean For Business?

Matt — Wed, 05 Aug 2009 11:49:27 +0000

On August 3, PayPal had a major outage that brought their service offline for an extended period. The systems were down globally for an hour, and it took an additional three-and-a-half hours to bring everything back up to full capacity. What does a 4.5-hour outage mean for PayPal and internet commerce as a whole?

Uptime monitoring service Pingdom suggests that the outage cost businesses between $7 million and $32 million USD, as PayPal claims that they process $2,000 in payments every second.

I opine differently. If I were planning on purchasing a book from Amazon, and their site was inaccessible for a few hours, would I decide to not ever buy the book? No. I’d mutter something about inconvenient server outages and come back later, when the site is back up. Amazon wouldn’t lose my $35, they would just receive it the day after. PayPal merchants are no different.

Businesses have an increasing tendency to claim that they would have made $x in some case, if not for some circumstance outside their control, when in reality they have no way of knowing. The RIAA is a notorious example of this, where they insist that their declining profits are directly linked to piracy. How can they say that everyone who illegally downloaded an album would have bought it otherwise? They can’t.

How much money did PayPal’s downtime cost businesses? There’s no way of knowing, but I highly doubt it’s $7 million.

Webmaster-Source » PayPal

Are Unicode Domains Really a Security Risk?

PayPal Goes Down For 4.5 Hours, What Does This Mean For Business?