Re: [SLE] Konqueror IDN Spoofing Security Issue
On Wednesday 09 Feb 2005 15:41, you wrote:
This probably has to do with the locale setting you're using and, for that matter, which version of Linux since they vary in their support for locales and Unicode (and other such stuff with which I'm only marginally familiar).
% locale LANG=en_US.UTF-8 LC_CTYPE="en_US.UTF-8" LC_NUMERIC="en_US.UTF-8" LC_TIME="en_US.UTF-8" LC_COLLATE="en_US.UTF-8" LC_MONETARY="en_US.UTF-8" LC_MESSAGES="en_US.UTF-8" LC_PAPER="en_US.UTF-8" LC_NAME="en_US.UTF-8" LC_ADDRESS="en_US.UTF-8" LC_TELEPHONE="en_US.UTF-8" LC_MEASUREMENT="en_US.UTF-8" LC_IDENTIFICATION="en_US.UTF-8"
Hmmm... It looks like I'm an English speaker in the U.S. How does it know??
Randall Schulz
Randall, Here in "old" Europe (by association) I have ... # locale LANG=en_GB LC_CTYPE="en_GB" LC_NUMERIC="en_GB" LC_TIME="en_GB" LC_COLLATE=POSIX LC_MONETARY="en_GB" LC_MESSAGES="en_GB" LC_PAPER="en_GB" LC_NAME="en_GB" LC_ADDRESS="en_GB" LC_TELEPHONE="en_GB" LC_MEASUREMENT="en_GB" LC_IDENTIFICATION="en_GB" LC_ALL= # Mick -- ** "Whoever lays his hand on me to govern me is a usurper ** and tyrant, and I declare him my enemy." ** ** Pierre-Joseph Proudhon, 1849
Mick, On Wednesday 09 February 2005 09:13, Mick Higgins wrote:
On Wednesday 09 Feb 2005 15:41, you wrote:
This probably has to do with the locale setting you're using and, for that matter, which version of Linux since they vary in their support for locales and Unicode (and other such stuff with which I'm only marginally familiar).
% locale LANG=en_US.UTF-8 LC_CTYPE="en_US.UTF-8" LC_NUMERIC="en_US.UTF-8" LC_TIME="en_US.UTF-8" LC_COLLATE="en_US.UTF-8" LC_MONETARY="en_US.UTF-8" LC_MESSAGES="en_US.UTF-8" LC_PAPER="en_US.UTF-8" LC_NAME="en_US.UTF-8" LC_ADDRESS="en_US.UTF-8" LC_TELEPHONE="en_US.UTF-8" LC_MEASUREMENT="en_US.UTF-8" LC_IDENTIFICATION="en_US.UTF-8"
Hmmm... It looks like I'm an English speaker in the U.S. How does it know??
Randall Schulz
Randall,
Here in "old" Europe (by association) I have ...
# locale LANG=en_GB LC_CTYPE="en_GB" LC_NUMERIC="en_GB" LC_TIME="en_GB" LC_COLLATE=POSIX LC_MONETARY="en_GB" LC_MESSAGES="en_GB" LC_PAPER="en_GB" LC_NAME="en_GB" LC_ADDRESS="en_GB" LC_TELEPHONE="en_GB" LC_MEASUREMENT="en_GB" LC_IDENTIFICATION="en_GB" LC_ALL= #
I believe the key difference between your setup and mine is that I'm using UTF-8. That's why I magically get support for the full Unicode character set (at least all those for which the font a given application is using has the glyphs). Since you're not using UTF, you see gibberish characters for those multi-byte characters that are the key to the IDN spoof.
Mick
I was kind of hoping to get some feedback from the list on this: I, Randall R Schulz, wrote:
I can't say that I see this as a technological issue. The only real way to deal with it is to refuse to register both http://www.paypаl.com/ and http://www.paypal.com/, e.g., to different organizational entities.
Randall Schulz
participants (2)
-
Mick Higgins
-
Randall R Schulz