Re[2]: IDN problem.... :(

From: Karl Pentzlin (
Date: Fri Feb 11 2005 - 17:52:31 CST

  • Next message: Patrick Andries: "Re: IDN problem.... :("

    There are other ways to protect the user from entering sensible
    information on spoof pages than visually marking the script of the
    single URL letters in the browser display.
    The companies which supply internet security tools (or the
    organisations which supply the browsers) will surely find ways which
    are OT here, e.g. showing whois information at a prominent place.
    Look e.g. at for an example of spoof
    protection which is already available.

    Karl Pentzlin
    AC&S Analysis Consulting & Software GmbH
    Schongau, Bavaria, Germany

    Am Donnerstag, 10. Februar 2005 um 23:48 schrieb John Burger:
    JB> Frank Yung-Fong Tang wrote:
    >> Any one have any comment about
    JB> Here's a popular press description of the problem
    JB> which points to a test for it at  (They registered 
    JB> spelled with a Cyrillic "a".)  Ironically, IE doesn't fall
    JB> for the spoof, because it apparently doesn't handle IDNs.  Of course,
    JB> from a user interface perspective, browsers need to do something about
    JB> this, but I find it annoying that it's described as a "security flaw".
    JB> My browser doesn't warn me about yet, either.
    JB> - John D. Burger
    JB>    MITRE

    This archive was generated by hypermail 2.1.5 : Fri Feb 11 2005 - 17:53:15 CST