Re: IDN problem.... :(

Frank Yung-Fong Tang wrote:

> Any one have any comment about
> https://bugzilla.mozilla.org/show_bug.cgi?id=279099

Here's a popular press description of the problem

   http://www.macworld.com/news/2005/02/08/spoof/index.php

which points to a test for it at Secunia.com.  (They registered 
paypal.com spelled with a Cyrillic "a".)  Ironically, IE doesn't fall 
for the spoof, because it apparently doesn't handle IDNs.  Of course, 
from a user interface perspective, browsers need to do something about 
this, but I find it annoying that it's described as a "security flaw".  
My browser doesn't warn me about g00g1e.com yet, either.

- John D. Burger
   MITRE

Received on Thursday, 10 February 2005 22:48:46 UTC