Bugtraq mailing list archives
Re: thoughts and a possible solution on homograph attacks
From: "Dmitry Yu. Bolkhovityanov" <D.Yu.Bolkhovityanov () inp nsk su>
Date: Tue, 8 Mar 2005 12:23:36 +0600
On Mon, 7 Mar 2005, Kevin Day wrote:
What would (to me) make more sense is if the browser made it more clear that a homograph was being used. In the address bar, any character that's not from the user's language character set(or family of languages possibly) would appear as a different color. Maybe make the foreign characters red, or the background color around each foreign character blue or something.
You have come to the same idea as I did :-) (hope my post to Bugtraq will pass the moderation), just with a different flavor. That's a good sign for me, and this kind of solution seems to be not-so-hard to implement.
It still would require a bit of user education, but maybe the first time it happened the browser can pop up with "The address of the site you are going to contains characters from another language. If you clicked on a link to a site you expected to be in [User's default language],
A small addition: not "language", but "languages". And, may be even more -- "character set". For example, russian-speaking users currently use only latin letters, as all the world do. And if IDN somewhen becomes common, they would have to use a mixture of latin and cyrillic letters. (I hope IBM wold be clever enough to grab the "IBM.com" domains, where "B" is "cyrillic capital VE" and/or "M" is "cyrillic capital M". :-)
you might be going to a fraudulent site. The questionable characters are highlighted in blue in the address bar above. [x] Do not show this again for Cyrillic language letters"
Unfortunately, most users in case of such warnings blindly press [Ok] not even trying to read what they are warned about. And if there is a "[x] Don't show this again..." option, they will immediately swith it on. So, such switchable-off protection would in fact become illusory... _________________________________________ Dmitry Yu. Bolkhovityanov The Budker Institute of Nuclear Physics Novosibirsk, Russia
Current thread:
- thoughts and a possible solution on homograph attacks Michael Roitzsch (Mar 07)
- Re: thoughts and a possible solution on homograph attacks Michael Silk (Mar 07)
- Re: thoughts and a possible solution on homograph attacks Kevin Day (Mar 07)
- Re: thoughts and a possible solution on homograph attacks Dmitry Yu. Bolkhovityanov (Mar 08)
- Re: thoughts and a possible solution on homograph attacks Michael Roitzsch (Mar 08)
- Re: thoughts and a possible solution on homograph attacks Denis Jedig (Mar 08)
- Re: thoughts and a possible solution on homograph attacks Dmitry Yu. Bolkhovityanov (Mar 08)
- Re: thoughts and a possible solution on homograph attacks James Youngman (Mar 07)
- Re: thoughts and a possible solution on homograph attacks Thomas Wana (Mar 07)
- Re: thoughts and a possible solution on homograph attacks Benjamin Franz (Mar 07)
- Re: thoughts and a possible solution on homograph attacks Dmitry Yu. Bolkhovityanov (Mar 08)
- <Possible follow-ups>
- RE: thoughts and a possible solution on homograph attacks Scovetta, Michael V (Mar 07)
- Re: thoughts and a possible solution on homograph attacks Mike Nice (Mar 08)
- Re: houghts and a possible solution on homograph attacks Sven Putteneers (Mar 08)
- Re: houghts and a possible solution on homograph attacks Nick FitzGerald (Mar 10)
(Thread continues...)