Typo and Security Vulnerbility

As human, we all make mistakes. Do you hear this very often? “Ah, I just had a typo.” In most cases a typo won't cause much problem, because people are used to it and people can deal with it. We also have spelling checks for text, which makes things much smoother. But what if the text is not read by a friend or colleague, or by a person you don't even know, or not read by a human, but read by a computer? These could cause more serious problems than we can imagine. Lets review some of the cases and learns how to prevent typos.

Typosquatting

Do you know typo can make you vulnerable to hackers? If you have a typo in a URL you entered on Chrome, you may land on a fake typo website an attacker setups on purpose to steal your identity. This kind of security attack is called “Typosquatting”, also called URL hijacking. Please read about What is Typosquatting.

There're a few tips to avoid Typosquatting. You can bookmark commonly used websites instead of typing them every time. Instead of entering the full URL, google the site name and get the URL. This will avoid the typo between “.co”, “.com”, since today “.co” also becomes a very popular domain extension for startup companies. Very importantly, Don’t click on links in emails, texts, chat messages or social networking sites unless you know they're safe. Double check the email address when you're sending an email to avoid sending sensitive information to wrong hands.

Lessons to learn from Typos

Podesta's email hack caused by a typo

In March 2016, During US election, the personal Gmail account of John Podesta, the chair of Hillary Clinton's campaign, was compromised in a data breach, and some of his emails, many of which were work-related, were stolen and subsequently obtained by Wikileaks. This becomes the primary reason cost Clinton's election. Please read Podesta’s email hack hinged on a very unfortunate typo

When the phishing email first arrived, Podesta referred it to a number of assistants. One of them replied, “This is a legitimate email. John needs to change his password immediately.” He had meant to write “illegitimate email,” and simply mistyped.

Unfortunately we have words with opposite meanings and similar spellings in English. People make more typos in digital document, probably because we thank they can always be corrected, but it's not the case sometimes.

Amazon outrage caused by a typo

On March 7th, 2017, Amazon made to the head line that a typo knocked down 150,000 websites and services rely on AWS. An employee trying to speed up the company's S3 cloud-storage billing system tried to take a few servers offline. The employee mistyped the command, affecting more servers than intended. Please read Amazon Finds the Cause of Its Outage: A Typo

Mizuhu lost billions caused by a typo

In december 2005, by a typo a Mizuho Securities trader sold 610,000 shares for one yen for a customer, instead of one share for Y610,000. Mizuho tried to cancel the order three times, but the exchange said it doesn't cancel transactions even if they are executed on erroneous orders. Mizuho lost at least 27 billion yen. Please read Tokyo Stock Exchange contracts with Fujitsu for next-gen trading system

When typo helps?

Bank Rubbery stopped by a typo

Fortunately, there's some brightlight. Typo also harms hackers sometimes. A typo helped prevent a nearly $1 billion bank rubbery. Hackers misspelled “foundation” as “fandation”, so the money transfer failed. Please read How a hacker's typo helped stop a billion dollar bank heist