[nycbug-talk] Mozilla response to IDN homograph exploit

Charles Sprickman spork
Tue Feb 15 16:04:21 EST 2005


On Tue, 15 Feb 2005, Bob Ippolito wrote:

> The kind of IDN spoofing defense that IDNSnitch and Saft implement is 
> only very marginally better than just denying all IDN hosts.  It's very 
> anglocentric and distrusts every IDN host, regardless of whether it 
> contains mixed scripts or any known homographs.

Surprising since the author comes from a place where they use "funny 
symbols" when they type. :)

> So far, I don't believe that anyone has implemented the recommended 
> approach -- certainly not for Safari, anyway.

That's understandable considering Saft is just an "add on" and not a 
different browser built around WebKit.  I'm sure that an update will 
follow from Apple in the next few weeks.  I haven't seen anything in my 
ADC account yet, but I'm watching...

Charles

> -bob
>
>




More information about the talk mailing list