[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <420A78E8.1080400@ostengaard.dk>
Date: Wed, 09 Feb 2005 21:56:08 +0100
From: Simon Østengaard <simon@...engaard.dk>
To: Brandon Kovacs <liljoker771@...il.com>
Cc: bugtraq@...urityfocus.com
Subject: Re: International Domain Name [IDN] support in modern browsers allows
attackers to spoof domain name URLs + SSL certs.
We have tried to play with this trick to see if it is usable for spam or
phishing via email. Unfortunately most browsers display the punycoded
address in the address bar like you will see if you click the link here:
http://www.ѕimon.com/index2.html
But with a frontpage containing a meta refresh tag with the UTF-8
encoded domain name like this:
<META HTTP-EQUIV=Refresh content="0;
URL=http://www.ѕimon.com/index2.html">
the address bar will also show the UTF-8 encoded text.
Punycoded address bar:
http://www.ѕimon.com/index2.html
UTF-8 address bar for phishers:
http://www.ѕimon.com/
--
Simon Østengaard
GCUX, LPIC-2
simon@...engaard.dk
and
Mikael Grotrian
It is a book about a Spanish guy called Manual. You should read it.
-- Dilbert
Powered by blists - more mailing lists