Bugtraq mailing list archives
Re: thoughts and a possible solution on homograph attacks
From: Thomas Wana <thomas () wana at>
Date: Mon, 07 Mar 2005 20:54:39 +0100
Michael Roitzsch wrote:
You can find it here: http://www.amalthea.de/publications/homograph.pdf
Quote from the abovementioned paper: "I propose to present the user with a dialog showing the text to be validated and an input field, into which the user has to type in the given text again. The user is told, if both texts match precisely and what this means: If the typed text's internal representation matches the given text bit-by-bit, trust can be established. If it does not match, the user is told to re-check for typing errors and not to establish trust." You completely seem to forget to think about user *acceptance*. Noone will accept such a "solution". If I think of me alone I would hate to enter the domain name once I click on a link. And obviously this would have to be done for *every* link the user clicks, or how would you technically distinguish between a trustable and non-trustable URL. Heck, that's actually the root of the problem ... Tom
Current thread:
- thoughts and a possible solution on homograph attacks Michael Roitzsch (Mar 07)
- Re: thoughts and a possible solution on homograph attacks Michael Silk (Mar 07)
- Re: thoughts and a possible solution on homograph attacks Kevin Day (Mar 07)
- Re: thoughts and a possible solution on homograph attacks Dmitry Yu. Bolkhovityanov (Mar 08)
- Re: thoughts and a possible solution on homograph attacks Michael Roitzsch (Mar 08)
- Re: thoughts and a possible solution on homograph attacks Denis Jedig (Mar 08)
- Re: thoughts and a possible solution on homograph attacks Dmitry Yu. Bolkhovityanov (Mar 08)
- Re: thoughts and a possible solution on homograph attacks James Youngman (Mar 07)
- Re: thoughts and a possible solution on homograph attacks Thomas Wana (Mar 07)
- Re: thoughts and a possible solution on homograph attacks Benjamin Franz (Mar 07)
- Re: thoughts and a possible solution on homograph attacks Dmitry Yu. Bolkhovityanov (Mar 08)
- <Possible follow-ups>
- RE: thoughts and a possible solution on homograph attacks Scovetta, Michael V (Mar 07)
- Re: thoughts and a possible solution on homograph attacks Mike Nice (Mar 08)
- Re: houghts and a possible solution on homograph attacks Sven Putteneers (Mar 08)
- Re: houghts and a possible solution on homograph attacks Nick FitzGerald (Mar 10)
- Re: Thoughts and a possible solution on homograph attacks Paul Smith (Mar 12)
- Re: Thoughts and a possible solution on homograph attacks Riccardo Murri (Mar 15)
- Re: Thoughts and a possible solution on homograph attacks Valdis . Kletnieks (Mar 15)
- Re: Thoughts and a possible solution on homograph attacks khockenb (Mar 16)