From: Karl Pentzlin (karl-pentzlin@acssoft.de)
Date: Fri Feb 11 2005 - 17:52:31 CST
There are other ways to protect the user from entering sensible
information on spoof pages than visually marking the script of the
single URL letters in the browser display.
The companies which supply internet security tools (or the
organisations which supply the browsers) will surely find ways which
are OT here, e.g. showing whois information at a prominent place.
Look e.g. at http://toolbar.netcraft.com/ for an example of spoof
protection which is already available.
Karl Pentzlin
AC&S Analysis Consulting & Software GmbH
Schongau, Bavaria, Germany
-- Am Donnerstag, 10. Februar 2005 um 23:48 schrieb John Burger: JB> Frank Yung-Fong Tang wrote: >> Any one have any comment about >> https://bugzilla.mozilla.org/show_bug.cgi?id=279099 JB> Here's a popular press description of the problem JB> http://www.macworld.com/news/2005/02/08/spoof/index.php JB> which points to a test for it at Secunia.com. (They registered JB> paypal.com spelled with a Cyrillic "a".) Ironically, IE doesn't fall JB> for the spoof, because it apparently doesn't handle IDNs. Of course, JB> from a user interface perspective, browsers need to do something about JB> this, but I find it annoying that it's described as a "security flaw". JB> My browser doesn't warn me about g00g1e.com yet, either. JB> - John D. Burger JB> MITRE
This archive was generated by hypermail 2.1.5 : Fri Feb 11 2005 - 17:53:15 CST