[nycbug-talk] Homegraph URL spoofing exploit for browsers
Bob Ippolito
bob
Mon Feb 7 11:04:11 EST 2005
http://www.shmoo.com/idn/
http://www.boingboing.net/2005/02/06/shmoo_group_exploit_.html
Browsers that support IDN (unicode domain names) are easily susceptible
to spoofing attacks because there are many code points that look the
same. Their specific example uses а (CYRILLIC SMALL LETTER A),
which looks identical to a (LATIN SMALL LETTER A) in most fonts.
ShmooGroup has registered u'p\N{CYRILLIC SMALL LETTER A}ypal.com' and
have a browser-trusted cert for it.
-bob
More information about the talk
mailing list