freealf.com: Security Concern When Implementing Unicode

March 13, 2005

Security Concern When Implementing Unicode

The Unicode Consortium has a draft paper up about security considersations when implementing Unicode. Good reading for testers and developers alike.

There are many potential problems, the most prominent being International Domain Name (IDN) spoofing. In this attack, a malicious user sets up a site at a domain name using Unicode characters that look nearly (or completely - this could depend on the font your browser uses) to an existing site. They then go phishing. The average users is completely lost as their address bar is displaying an apparently perfect URL.

Once again, thanks to Bruce Schneier for the heads up.

Posted at 11:50 AM in Testing | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83455b0b969e200d835441f0e69e2

Listed below are links to weblogs that reference Security Concern When Implementing Unicode:

Comments

The comments to this entry are closed.

Recent Reading

Liu & Albitz: DNS and BIND
Very well written, very thorough.
Greg Egan: Schild's Ladder
Ouch! My brain hurts from the quantum weirdness. Some neat ideas, but doesn't hold up to the standard set by Diaspora.
David Brin: Startide Rising
Always a joy to re-read an old favourite.
Greg Egan: Permutation City
Wow! An instant favourite. This, combined with Diaspora, are the best depiction of life-as-software that I have ever seen.
Bill Bryson: A Short History of Nearly Everything
A very entertaining tour through the history of science. Good for the general reader.

freealf.com

Astronomy, astrophysics, computation and culture

March 13, 2005

Security Concern When Implementing Unicode

TrackBack

Comments

About

Categories

Twitter

My Photos

Archives

Recent Reading

Personal Blogs I Read

Tech Blogs I Read