DNS spoofing attack
This seems pretty bad. It uses international support for alternate character sets to substitute a different character that looks like an english one. Moreover, it works with SSL, too.
This goes right through spoofstick. There’s a fix for mozilla/firefox, to turn off international character support.
http://www.shmoo.com/idn/homograph.txt
There’s a demonstration of a fake paypal link here:
The link is:
<a href=’http://www.pаypal.com/’>Click here to enter paypal</a>
Via boingboing.
(Update: You got your phishing scam in my internationalization! You got your internationalization in my phishing scam!)
Comments Off