Bugtraq mailing list archives
Re: Thoughts and a possible solution on homograph attacks
From: khockenb <khockenb () stevens edu>
Date: Tue, 15 Mar 2005 19:10:16 -0500 (EST)
On Tue, 15 Mar 2005, Riccardo Murri wrote:
I would rather suggest that the string comparison function used in IDN takes "homograph caracters"[1] into account: just like the current DNS considers 'a' == 'A', the IDN DNS should consider "LATIN SMALL LETTER a" == "CYRILLIC SMALL LETTER a" == "CYRILLIC CAPITAL LETTER A" == "GREEK CAPITAL LETTER A"[2], and similarly for the other homograph chars.
But that breaks case insensitivity for Greek, for instance (other languages, too, I am sure). Consider Greek letters eta and nu. A upper case eta looks like an upper case Latin "H", but a lower case eta looks like a lower case Latin "n". Similarly, an uppercase nu looks like a upper case Latin "N", but a lower case nu looks like a lower case Latin "v". If such a system as you suggest is in place, and someone in Greece wants the site (Greek nu).gr, they would have to have control of both N.gr and v.gr, otherwise people who type in the wrong case would go to the wrong site. Now let's say a competitor comes along, and wants (Greek eta).gr. They can get H.gr, but n.gr is already take, since N=n. I suppose we could get around that by making H=n=N=v(=V=H), but that would get cohfusivg.
Current thread:
- Re: thoughts and a possible solution on homograph attacks, (continued)
- Re: thoughts and a possible solution on homograph attacks Thomas Wana (Mar 07)
- Re: thoughts and a possible solution on homograph attacks Benjamin Franz (Mar 07)
- Re: thoughts and a possible solution on homograph attacks Dmitry Yu. Bolkhovityanov (Mar 08)
- RE: thoughts and a possible solution on homograph attacks Scovetta, Michael V (Mar 07)
- Re: thoughts and a possible solution on homograph attacks Mike Nice (Mar 08)
- Re: houghts and a possible solution on homograph attacks Sven Putteneers (Mar 08)
- Re: houghts and a possible solution on homograph attacks Nick FitzGerald (Mar 10)
- Re: Thoughts and a possible solution on homograph attacks Paul Smith (Mar 12)
- Re: Thoughts and a possible solution on homograph attacks Riccardo Murri (Mar 15)
- Re: Thoughts and a possible solution on homograph attacks Valdis . Kletnieks (Mar 15)
- Re: Thoughts and a possible solution on homograph attacks khockenb (Mar 16)
- Re: Thoughts and a possible solution on homograph attacks Riccardo Murri (Mar 16)
- Re: Thoughts and a possible solution on homograph attacks Nick FitzGerald (Mar 22)