In message <[EMAIL PROTECTED]>, Dave Crocker writes: >Steve, > >At 09:35 PM 2/3/2002 -0500, Steven M. Bellovin wrote: >>There'a a good discussion of the security risks of the code point >>problem at http://www.csl.sri.com/users/neumann/insiderisks.html#140 > >homographic attacks are not new with the IDN effort. > >for example, MICROS0FT.COM was done. > >For that matter, choice of different top-level domains permits a degree >of homographic attack. Try looking at dnso.com, rather than dnso.org. >(No, this approach does not qualify precisely as homographic, but it >takes advantage of a small difference from the real name, hoping that >users will not notice. And it does work.)
I know -- see slide 4 of http://www.research.att.com/~smb/talks/www.ps (or .pdf), from 1996. > >Hence, the IDN work does not introduce a new risk. > It amplifies it, however. --Steve Bellovin, http://www.research.att.com/~smb Full text of "Firewalls" book now at http://www.wilyhacker.com
