[nycbug-talk] Homeograph URL spoofing exploit for browsers
Bob Ippolito
bob
Mon Feb 7 11:09:50 EST 2005
On Feb 7, 2005, at 11:04, Bob Ippolito wrote:
> http://www.shmoo.com/idn/
> http://www.boingboing.net/2005/02/06/shmoo_group_exploit_.html
>
> Browsers that support IDN (unicode domain names) are easily
> susceptible to spoofing attacks because there are many code points
> that look the same. Their specific example uses а (CYRILLIC
> SMALL LETTER A), which looks identical to a (LATIN SMALL LETTER A)
> in most fonts. ShmooGroup has registered u'p\N{CYRILLIC SMALL LETTER
> A}ypal.com' and have a browser-trusted cert for it.
(that title was supposed to be homeograph -- my typing skills have
apparently left me)
-bob
More information about the talk
mailing list