On Thursday 10 Feb 2005 7:15 pm, James Cloos wrote:
> >>>>> "bill" == bill <bill@daze.net> writes:
>
> bill> but in which the letters "o" and "e" have been substituted with
> bill> identical-looking substitutes from the Cyrillic alphabet
>
> Wasn't this supposed to be prevented by homograph unification
> in the conversion from unicode/10646 to idn?
>
> Or did I miss a change in the proposal?
I think whatever you do you probably can't fully address the issue, not least
it will depend on the fonts in use.
As far as I'm concerned it is a "non-issue", we already know the DNS is
vulnerable, as it sends unencrypted UDP packets around, at fairly predictable
intervals, that in many cases don't even need to be spoofed to be accepted as
valid data. As such you shouldn't depend on the DNS to return reliable data,
if it matters encrypt it using established chains of trust, be it GPG or
HTTPS.
In most phishing scams I see the URL is already fully disguised in the actual
emails, and only becomes revealed when in the browser window, and there are
enough serious site still using IP addresses for this sort of stuff, that no
one raises an eyebrow, when www.paypal.com sends you off to a.b.c.d
This archive was generated by hypermail 2.1.3 : Mon Feb 28 2005 - 23:00:01 EST