A browser feature allowing Web addresses to show in Chinese, Arabic, and several other languages could help online scam artists by making fake sites look legitimate to visitors – and for once the browser in question isn't Microsoft Internet Explorer.
This isn't because IE has suddenly become flawless; rather, it’s because IE doesn't support internationalized domain names without plug-ins while many of its upstart competitors support them “out of the box,” according to analysts such as Internet Security Systems, Inc.
"It's kind of ironic that it affects some of the supposedly safer browsers," ISS research engineer Neel Mehta told reporters, referring to such newer browsers as the Mozilla Foundation's standard browser and its newer, increasingly popular Firefox, not to mention Opera.
Opera said in its own statement that it's possible to fix the affected language feature, but the question was where to balance between making it too comprehensive or too limited. "Even though you limit yourself," the company said, "you can create problems for valid domains."
Engineers have been working several years to "trick" the Internet Domain Name System into accepting more than the 26 letters, ten numerals, and hyphen of the Roman alphabet. They've favored the Unicode character system that works around the point that characters looking alike could have two separate codes and appear different from each other to a computer, according to one published report.
The problem, the report continues, is that substituting one for the other lets a scammer register a domain name the computer user sees as one name, but tricks him into giving up passwords and sensitive information to what turns out to be a dummy site.
Firefox lets you deactivate other character sets, but the process is complex and could block you from the few sites you might want to visit that use non-English characters in their addresses, the report said.
