lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <420A78E8.1080400@ostengaard.dk>
Date: Wed, 09 Feb 2005 21:56:08 +0100
From: Simon Østengaard <simon@...engaard.dk>
To: Brandon Kovacs <liljoker771@...il.com>
Cc: bugtraq@...urityfocus.com
Subject: Re: International Domain Name [IDN] support in modern browsers allows
    attackers to spoof domain name URLs + SSL certs.


We have tried to play with this trick to see if it is usable for spam or 
phishing via email. Unfortunately most browsers display the punycoded 
address in the address bar like you will see if you click the link here:
http://www.ѕimon.com/index2.html

But with a frontpage containing a meta refresh tag with the UTF-8 
encoded domain name like this:
<META HTTP-EQUIV=Refresh content="0; 
URL=http://www.&#1109;imon.com/index2.html">
the address bar will also show the UTF-8 encoded text.

Punycoded address bar:
http://www.ѕimon.com/index2.html

UTF-8 address bar for phishers:
http://www.ѕimon.com/

-- 
Simon Østengaard
GCUX, LPIC-2
simon@...engaard.dk

and
Mikael Grotrian

  It is a book about a Spanish guy called Manual. You should read it.
        -- Dilbert


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ