Phishing at the Top Level by Larry Seltzer

Larry Seltzer has an opinion piece in eWeek that is summarised as “ICANN and overbearing governments are gearing up for a major expansion of the attack surface of the DNS.”The use of domain names in most phishing is relatively crude, You see a lot of names like www.somefreewebsite.com/~ingrid/www.bankofamerica.com/…. There’s no SSL, and the tricky part of the domain name is off to the right. A user would really have to ignore the domain name and focus on the body of the page, which is where the real phishing expertise comes in.But a potentially lucrative minefield for phishing domains may open up through a series of developments currently underway. One of them is the move by some governments to develop alternative root servers. The other is the development of internationalized domain names, especially top-level domains. In at least one case the two are combined.For the rest of the article by Larry Seltzer, see www.eweek.com/article2/0,1895,2246066,00.asp