Spoofing URLs with Unicode

Over at SlashDot there’s a discussion about an article in Scientific American describing

how a pair of students at the Technion-Israel Institute of Technology registered “” with Verisign, using the Russian Cyrillic letters “c” and “o”. Even though it is a completely different domain, the two display identically (the article uses the term ‘homograph’).

Because the letters look very similar, a user will blithely click on a “spoofed” URL, and instead of going to the “safe” site they expect, experience any number of Nasty Things.

Buy me a Coffee! If you find this post or this site interesting, and would like to see more, buy me a coffee. While I may actually buy coffee, I’ll probably buy books to review.

SetApp: A Suite of macOS Apps for a Single Price Affiliate link for a great collection of 200+ macOS apps for a single price—now with iOS apps too.