Domain Phishing in Safari

Hemingray

macrumors 68030
Original poster
Jan 9, 2002
2,914
26
Ha ha haaa!
Okay, this may be old news to some, but I certainly didn't know about this: :eek:

http://flashrocket.worldoptimizer.com/article/21/phishing-an-apple-with-idn-domains

With IDN-Domains, apparently it's possible for a domain name to contain international characters that perfectly resemble English characters, yet are a completely different domain name.

Now that's scary! :eek:

[Edit: I tried to show the link to the fake apple.com website here, but apparently the forum won't display the weird "a" correctly... it shows up as a "?"]
 

mkrishnan

Moderator emeritus
Jan 9, 2004
29,777
12
Grand Rapids, MI, USA
Hemingray said:
Okay, this may be old news to some, but I certainly didn't know about this: :eek:

http://flashrocket.worldoptimizer.com/article/21/phishing-an-apple-with-idn-domains

With IDN-Domains, apparently it's possible for a domain name to contain international characters that perfectly resemble English characters, yet are a completely different domain name.

Now that's scary! :eek:
There is a plug-in fix, within SAFT, for Safari that addresses this: http://haoli.dnsalias.com/

I think FF 1.0.1 also addresses this. Which reminds me... :rolleyes:
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.