Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Plugs IDN Spoof Bug

Posted by timothy on Monday March 21, 2005 @11:43AM from the gosh! dept.

mmarlett writes "Security Update 2005-003 updates Safari's support for International Domain Names (IDN) to prevent lookalike characters from being used to spoof the URL displayed in the address field, SSL certificate, or status bar. Opera fixed this in Feburuary while Mozilla just dropped support for IDNs, and you may recall that Internet Explorer did not suffer from this exploit because it sucks."

1 of 26 comments (clear)

Min score:

Reason:

Sort:

Re:A good solution by gorre · 2005-03-21 12:00 · Score: 5, Interesting

I'm not sure what the right long-term solution is. Its not ideal to have to turn off support for Cherokee, Cyrillic and Greek.
Perhaps rendering non-ASCII characters in a different colour so the user can tell the difference between a lookalike character and the "real thing" could be an option? Not perfect but it's something that springs to mind which may be better than turning off IDN support completely.

--
"Madness is something rare in individuals - but in groups, parties, peoples, ages it is the rule." -- Nietzsche