Background
International Domain Name [IDN] support in modern browsers allows attackers to
spoof domain name URLs + SSL certs.
In December 2001, a paper was released describing Homograph attacks. This new attack allows an attacker/phisher to spoof the domain/URLs of businesses. At the time this paper was written, no browsers had implemented Unicode/UTF8 domain name resolution.
Fast forward to today: Verisign has championed International Domain Names (IDN). RACES has been replaced with PUNYCODE. Every recent gecko/khtml based browser implements IDN (which is just about every browser, except for IE).
Read full news here...
Try it!
International Domain Name [IDN] support in modern browsers allows attackers to
spoof domain name URLs + SSL certs.
In December 2001, a paper was released describing Homograph attacks. This new attack allows an attacker/phisher to spoof the domain/URLs of businesses. At the time this paper was written, no browsers had implemented Unicode/UTF8 domain name resolution.
Fast forward to today: Verisign has championed International Domain Names (IDN). RACES has been replaced with PUNYCODE. Every recent gecko/khtml based browser implements IDN (which is just about every browser, except for IE).
Read full news here...
Try it!
