Bugtraq mailing list archives
Re: thoughts and a possible solution on homograph attacks
From: Benjamin Franz <snowhare () nihongo org>
Date: Mon, 7 Mar 2005 11:52:18 -0800 (PST)
On Mon, 7 Mar 2005, Michael Roitzsch wrote:
Hi security community, this is my first publication I post on Bugtraq, so please be patient with me. Since the recent problems with IDN, I wanted to clear up my thoughts on homograph attacks, so I sorted everything in an article which also contains what I believe to be an easy and general solution. You can find it here: http://www.amalthea.de/publications/homograph.pdf Unfortunately, my free time is currently limited, so I may not be able to participate too much in any discussions on the subject. My appologies for that. But I will definitely read any feedback I receive.
You are far too fast to dismiss the usability criticism. People _WON'T_ participate in a system requiring them to retype the domain name to establish an SSL connection. Additionally, it would fail in the case where a user's locale was (for example) Greek while the site they were connecting to was American. They would type what they perceived to be the domain - and it wouldn't work. A "reverse homograph" failure.
It is a technically nice but completely unusable solution. -- Jerry "All right, where is the answer? The battle of wits has begun. It ends when you click and we both serve pages - and find out who is right, and who is slashdotted." - David Brandt
Current thread:
- thoughts and a possible solution on homograph attacks Michael Roitzsch (Mar 07)
- Re: thoughts and a possible solution on homograph attacks Michael Silk (Mar 07)
- Re: thoughts and a possible solution on homograph attacks Kevin Day (Mar 07)
- Re: thoughts and a possible solution on homograph attacks Dmitry Yu. Bolkhovityanov (Mar 08)
- Re: thoughts and a possible solution on homograph attacks Michael Roitzsch (Mar 08)
- Re: thoughts and a possible solution on homograph attacks Denis Jedig (Mar 08)
- Re: thoughts and a possible solution on homograph attacks Dmitry Yu. Bolkhovityanov (Mar 08)
- Re: thoughts and a possible solution on homograph attacks James Youngman (Mar 07)
- Re: thoughts and a possible solution on homograph attacks Thomas Wana (Mar 07)
- Re: thoughts and a possible solution on homograph attacks Benjamin Franz (Mar 07)
- Re: thoughts and a possible solution on homograph attacks Dmitry Yu. Bolkhovityanov (Mar 08)
- <Possible follow-ups>
- RE: thoughts and a possible solution on homograph attacks Scovetta, Michael V (Mar 07)
- Re: thoughts and a possible solution on homograph attacks Mike Nice (Mar 08)
- Re: houghts and a possible solution on homograph attacks Sven Putteneers (Mar 08)
- Re: houghts and a possible solution on homograph attacks Nick FitzGerald (Mar 10)
- Re: Thoughts and a possible solution on homograph attacks Paul Smith (Mar 12)
- Re: Thoughts and a possible solution on homograph attacks Riccardo Murri (Mar 15)
- Re: Thoughts and a possible solution on homograph attacks Valdis . Kletnieks (Mar 15)
- Re: Thoughts and a possible solution on homograph attacks khockenb (Mar 16)
- Re: Thoughts and a possible solution on homograph attacks Riccardo Murri (Mar 16)