[nycbug-talk] Homegraph URL spoofing exploit for browsers

Bob Ippolito bob
Mon Feb 7 11:04:11 EST 2005


Browsers that support IDN (unicode domain names) are easily susceptible 
to spoofing attacks because there are many code points that look the 
same.  Their specific example uses а (CYRILLIC SMALL LETTER A), 
which looks identical to a (LATIN SMALL LETTER A) in most fonts.  
ShmooGroup has registered u'p\N{CYRILLIC SMALL LETTER A}ypal.com' and 
have a browser-trusted cert for it.


More information about the talk mailing list