Bugtraq mailing list archives
Re: thoughts and a possible solution on homograph attacks
From: Michael Silk <michaelslists () gmail com>
Date: Tue, 8 Mar 2005 09:16:51 +1100
Michael, I don't think this solution is appropriate at all. (For those that didn't read the PDF, the idea is to have the user _type in_ the domain name of a url they clicked on). Clearly, this won't work at all from a users point of view. It would be far too annoying. Your saving scenario is also not very appropriate, because consider if a malicious user on that persons computer saves 'bank1.com' to map to 'hackerbank1.com'. The problems become obvious. As for a solution to the problem, perhaps browsers can just notify the user when a domain they clicked contains unicode characters, and display the URL in some special fashion. (I can't think of anything that would be appropriate, however :) -- Michael (Silk) On Mon, 7 Mar 2005 18:25:31 +0100, Michael Roitzsch <amalthea () freenet de> wrote:
Hi security community, this is my first publication I post on Bugtraq, so please be patient with me. Since the recent problems with IDN, I wanted to clear up my thoughts on homograph attacks, so I sorted everything in an article which also contains what I believe to be an easy and general solution. You can find it here: http://www.amalthea.de/publications/homograph.pdf Unfortunately, my free time is currently limited, so I may not be able to participate too much in any discussions on the subject. My appologies for that. But I will definitely read any feedback I receive. Michael Roitzsch
-- Please adjust the reply-to address.
Current thread:
- thoughts and a possible solution on homograph attacks Michael Roitzsch (Mar 07)
- Re: thoughts and a possible solution on homograph attacks Michael Silk (Mar 07)
- Re: thoughts and a possible solution on homograph attacks Kevin Day (Mar 07)
- Re: thoughts and a possible solution on homograph attacks Dmitry Yu. Bolkhovityanov (Mar 08)
- Re: thoughts and a possible solution on homograph attacks Michael Roitzsch (Mar 08)
- Re: thoughts and a possible solution on homograph attacks Denis Jedig (Mar 08)
- Re: thoughts and a possible solution on homograph attacks Dmitry Yu. Bolkhovityanov (Mar 08)
- Re: thoughts and a possible solution on homograph attacks James Youngman (Mar 07)
- Re: thoughts and a possible solution on homograph attacks Thomas Wana (Mar 07)
- Re: thoughts and a possible solution on homograph attacks Benjamin Franz (Mar 07)
- Re: thoughts and a possible solution on homograph attacks Dmitry Yu. Bolkhovityanov (Mar 08)
- <Possible follow-ups>
- RE: thoughts and a possible solution on homograph attacks Scovetta, Michael V (Mar 07)
- Re: thoughts and a possible solution on homograph attacks Mike Nice (Mar 08)
(Thread continues...)