On 4/28/2017 4:56 AM, Matus UHLAR - fantomas wrote:
On 22.04.17 00:37, Benny Pedersen wrote:
https://www.xudongz.com/blog/2017/idn-phishing/
should we care in spammassassin ?
yes.
i ask since its solved in chrome, but its entirely a bad nic tld
handling on that isssue
if idn decode gives 7bit domain hostname, its a fake domain
agreed.
On 28.04.17 10:49, Kevin A. McGrail wrote:
Do you feel this is covered in bug
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7072
not a public bug, can't look now
Can you document out an example of something bad?
I'm wondering if we need a rule type for URI's in punycode that can
be tested specifically.
CVE-2005-0238 mentioned problem with homograph characters.
CVE-2017-5015 mentioned very similar problem.
CVE-2009-0652 another similar problem.
if it's possible to detect those, I believe SA is right place to do that.
(not the only right place, but one of them).
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I drive way too fast to worry about cholesterol.
