Security threats Toolkit
Story: Phishing flaw found - but not in IE
Posted by: David Wright (Tuesday 8 February 2005, 11:02 AM)
Is that really a security flaw, or is it just the way things are supposed to be and people should look out for people exploiting legitimate domain names by registering domains with similar sounding names, I can't see any difference between, say päypal.com and paypals.com, both are obviously not paypal.com and would take you to the wrong site if you didn't read the name properly.
It is nice finally being able to go to web sites which have the "proper" spelling (E.g. müller and not mueller).
I would class this as a risk, but not a flaw, from the article, the system appears to work as it should, just people can exploit native English speakers ignorance of foriegn languages.
It looks more like a user education problem than a flaw, or have I misread something in the article?
Maybe the flaw is more in the registering process, surely a domain name like päypal,com, Yahooo.com or Yahoö.com should start ringing alarm bells with the registrars?
Full Talkback thread
Story: Phishing flaw found - but not in IE
-
Is that really a security flaw, or is it just the... David Wright -
So, not a bug in the browsers but another thing IE... Steve J -
There are a number of fixes out there for thi... Seb -
One of the biggest arguments out there against IDN... David Wrixon
Back to: Phishing flaw found - but not in IE
