At 12:22 -0500 2002-02-07, Elliotte Rusty Harold wrote:
>
>For the sake of argument, let's call the company they work at
>Microsoft, but this attack could hit most companies with a .com
>address. Let's say I register microsoft.com, only the fifth letter
>isn't a lower-case Latin o. It's actually a lower case Greek
>omicron. I then forge a believable letter from alice@microsoft.com
>to bob@microsoft.com saying "Can you please update me on your
>budget?" Bob, noticing that the e-mail appears to come from Alice,
>whom he knows and trusts, fires off a reply with his confidential
>information. Only it doesn't go to Alice. It goes to me. I can then
>reply to Bob, asking for clarification or more details. I can ask
>him to attach the latest build of his software. I can carry on a
>conversation in which Bob believes me to be Alice and spills his
>guts. This is very, very bad.
It isn't Unicode's fault that some letters look like others. That's a
fault of history.
-- Michael Everson *** Everson Typography *** http://www.evertype.com
This archive was generated by hypermail 2.1.2 : Thu Feb 07 2002 - 13:04:47 EST