[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.

To: Brandon Kovacs <liljoker771@xxxxxxxxx>
Subject: Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
From: Simon Ãstengaard <simon@xxxxxxxxxxxxx>
Date: Wed, 09 Feb 2005 21:56:08 +0100

We have tried to play with this trick to see if it is usable for spam or phishing via email. Unfortunately most browsers display the punycoded address in the address bar like you will see if you click the link here: http://www.Ñimon.com/index2.html

But with a frontpage containing a meta refresh tag with the UTF-8 encoded domain name like this: <META HTTP-EQUIV=Refresh content="0; URL=http://www.ѕimon.com/index2.html";> the address bar will also show the UTF-8 encoded text.

Punycoded address bar:
http://www.Ñimon.com/index2.html

UTF-8 address bar for phishers:
http://www.Ñimon.com/

--
Simon Ãstengaard
GCUX, LPIC-2
simon@xxxxxxxxxxxxx

and
Mikael Grotrian

 It is a book about a Spanish guy called Manual. You should read it.
       -- Dilbert

References:
- International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
  - From: Brandon Kovacs

Prev by Date: CFP for SyScAN'05
Next by Date: Patch available for high risk IBM DB2 Universal Database flaw
Previous by thread: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
Next by thread: Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
Index(es):
- Date
- Thread