W3C home > Mailing lists > Public > www-international@w3.org > January to March 2005

Re: IDN problem.... :(

From: John Burger <john@mitre.org>
Date: Thu, 10 Feb 2005 17:48:38 -0500
Message-Id: <7e3af32229df50981d110fa8e6a90305@mitre.org>
To: www-international@w3.org, Unicode Mailing List <unicode@unicode.org>

Frank Yung-Fong Tang wrote:

> Any one have any comment about
> https://bugzilla.mozilla.org/show_bug.cgi?id=279099

Here's a popular press description of the problem

   http://www.macworld.com/news/2005/02/08/spoof/index.php

which points to a test for it at Secunia.com.  (They registered 
paypal.com spelled with a Cyrillic "a".)  Ironically, IE doesn't fall 
for the spoof, because it apparently doesn't handle IDNs.  Of course, 
from a user interface perspective, browsers need to do something about 
this, but I find it annoying that it's described as a "security flaw".  
My browser doesn't warn me about g00g1e.com yet, either.

- John D. Burger
   MITRE
Received on Thursday, 10 February 2005 22:48:46 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 19:17:04 GMT