Mick, On Tuesday 08 February 2005 05:44, Mick Higgins wrote:
On Tuesday 08 Feb 2005 13:19, Mike McMullin wrote:
On Tue, 2005-02-08 at 02:13, James PEARSON wrote:
Subject : Konqueror IDN Spoofing Security Issue - I figure that everyone is already aware of this but I am posting this just in case...
Resume Secunia has constructed a test, which can be used to check if your browser is affected by this issue: http://secunia.com/multiple_browsers_idn_spoofing_test/
You can also check out http://www.theregister.co.uk/2005/02/07/browsers_idn_spoofing/
...
Mozilla Firefox 1.0 (from mozilla site tarball) is not immune to this, but Konqueror (KDE 3.3.2 version) is.
It surely is not "immune" for me, and I'm using Konqueror 3.3.2! If you care to check out URLs, do the the following. The first test is copy (via right-click -> Copy Link Location in Mozilla) of the test link in Secunia page mentioned above. The second was typed by me, same as in the final paragraph below: % echo "http://www.paypаl.com/" |od -c 0000000 h t t p : / / w w w . p a y p 320 0000020 260 l . c o m / \n 0000030 % echo "http://www.paypal.com/" |od -c 0000000 h t t p : / / w w w . p a y p a 0000020 l . c o m / \n 0000027 Note what "od -c" prints for the second 'a' in "paypal". I can't say that I see this as a technological issue. The only real way to deal with it is to refuse to register both http://www.paypаl.com/ and http://www.paypal.com/, e.g., to different organizational entities. Randall Schulz