On Tue, 2005-02-15 at 00:20 -0700, Craig White wrote:
>http://www.boingboing.net/2005/02/06/shmoo_group_exploit_.html
>
>you can't trust the things you see - this is scary
>
>I'll not copy/paste the info from TidBits but you can read it here...
><http://www.tidbits.com/tb-issues/TidBITS-766.html>
>
>and by the way, it's a Macintosh centric newsletter that I've been
>subscribing to for at least 10 years - sometimes, it has good info.
>
>Craig
This is actually a fairly old exploit, dating back to the inception of
the IDN spec in 2002. The solutions to fix this problem, however, should
be considered carefully.
Obviously most of us using English as our primary language can just
ignore it and block unicode DNS links entirely with Mozilla Firefox's
AdBlock or some other method, but for those of us who actually use IDNs,
it's a horrible knee-jerk reaction.
For a more technical and informative article on the exploit (and a
better possible solution for it) see
http://lookit.proper.com/archives/000302.html#000302 . It's an article
about the IDN spoofing exploit from one of the original authors of the
IDN spec.
--
June Tate *
http://www.theonelab.com *
june@theonelab.com
(text/plain)
