KBD

Keith Devens .com

 Monday, October 6, 2008 Flag waving
*What in our history together makes you think I'm capable of something like that?* – Owen Wilson's character in Shanghai Knights
Home » Archive » 2005 » February » 08 » shmoo.com: The state of homograph attacks
← dAlchemy | End to End Unicode Web Applications in PythonXSLT sugar syntax →

Daily link icon Tuesday, February 8, 2005

shmoo.com: The state of homograph attacks

The state of homograph attacks, via Paul. That's kind of scary. Here's the main page for this advisory, and here's his spoofed PayPal link. Here's the character he uses for the 'a'.

Update: IDN and homographs spoofing, via MeFi, via Simon.

Update: Mozillazine has a post on this.

Chain link icon Permalink | 4 Comments | Tags: linkblog, Programming | id 6505
10:23 (utc-5)
edited: 2005-02-09 21:18 (utc-5)
 
← dAlchemy | End to End Unicode Web Applications in PythonXSLT sugar syntax →

Comments XML gif

G wrote:

Do you know what that RACES vs. PUNYCODE thing is about?

∴ G | 8-Feb-2005 4:05pm est | #6973

69.25.132.5 wrote:

Punycode is a lossless Unicode<->ASCII mapping:
http://www.faqs.org/rfcs/rfc3492.html

∴ 69.25.132.5 | 8-Feb-2005 4:24pm est | #6974

Keith (http://keithdevens.com/) wrote:

I'd never heard of RACES before, but I've posted about Punycode before.

Keith | 8-Feb-2005 6:05pm est | http://keithdevens.com/ | #6975

G wrote:

From Verisign:

Native Characters
This is a string of native characters that have been registered with the VeriSign GRS IDN Testbed.

RACE
Row-Based ASCII Compatible Encoding (ACE)- This is a string of ASCII characters that have been registered in the VeriSign GRS IDN Testbed.

PUNYCODE:
PUNYCODE is a simple and efficient ASCII-Compatible Encoding (ACE) designed for use with Internationalized Domain Names. It transforms a Unicode string into a string of characters allowed in hostname labels (ASCII letters, digits, and hyphens) and back again.

∴ G | 8-Feb-2005 7:01pm est | #6976

Feel free to post a comment below. Please see my comment policy.

Formatting Rules (No HTML):

  • **bold**, *italic*, _underlined_, --strikeout--
  • "text"="url" creates a link, and URLs are auto-highlighted
  • Blockquote: Like e-mail, begin paragraph with > (greater-than sign)
  • Lists: begin paragraph with *,-, or + (unordered), or # (ordered)
  • Code block: ?!code:language=perl|php|sql|javascript|etc.{\n}...{\n}?!/code
:
(will be your IP address if blank)
 : (optional)
(Will not be shown on site)
: (optional)
:

October 2008
SunMonTueWedThuFriSat
 1234
567891011
12131415161718
19202122232425
262728293031 



RSS feed RSS feed for Keith's Weblog
Atom feed Atom feed for Keith's Weblog
Weblog archive
Recent comments
  on 6 posts

Recent comments XML

new⇒Girls, please don't get breast implants

Hey everyone, 

I am new to this​blog and I have enjoyed reading all​your...

Sarah.M.: Oct 6, 9:45am

obout inc - ASP.NET controls

I like there components. I've got​it to work locally on my pc.​However I'm ...

Jeff: Oct 2, 4:43pm

Dumb substring behavior in C# (and Java)

Yes, the Substring function is not​helpful when you hit the length​problem,...

Mike Irving: Oct 2, 7:56am

YouTube - Burning Down The House: What Caused Our Economic Crisis?

> Please save another copy of the​"Burning Down The House" video as​the ori...

Keith: Sep 30, 11:05am

Johnny Walker Blue Label

I bought a 2 finger glass for 60​bucks about 5 minutes before my​wedding. I...

Ty: Sep 30, 9:52am

More on the bailout

I figured they wanted about a buck​or so from every man, woman and​child on...

Peggy McGilligan: Sep 30, 12:20am

Generated in about 0.128s.

(Used 8 db queries)
 
 
mobile phone