Sunday, February 6, 2005

So Not Funny: Shmoo Group International Domain Name Translation Spoof/Hack

The "Shmoo Group": has published an example of an
exploit which takes advantage of IDN to spoof sites for both "PayPal
http":http://www.pа and "PayPal https":https://www.pа

The links above should take you to "PayPal". Original "Shmoo
Example": and
"explanation": Using firefox and
setting "network.enableIDN" to false in about:config, will prevent
firefox from following the link, but the error is non-descriptive
resulting in a "[Translated Name] site could not be found, please check
the name and try again"

Update: I should mention that it does not work in IE by default, as
apparently IDN translation code is only available as a plugin.

No comments:

Post a Comment