February 08, 2005
Shmoo Group exploit: 0wn any domain, no defense exists
Shmoo Group exploit: 0wn any domain, no defense exists:
A new exploit using International Domain Name [IDN] support was announced by Shmoo.
The exploits are known as a homograph attach, because they exploit IDN, which has a large number of codepages/scripts which look very similar to latin character sets. An example of this exploit is that your web browser is saying www.paypal.com when its pulling a page from www.xn--pypal-4ve.com.
Its not clear what will solve this problem. Right now, the solution is turning off IDN. This solution throws the baby out with the bathwater.
Posted by rshah at February 8, 2005 11:24 PM