Security threats Toolkit
Story: Phishing flaw found - but not in IE
Posted by: David Wrixon (Sunday 20 November 2005, 3:16 PM)
One of the biggest arguments out there against IDN is the Phishing argument. This has now largely been negated by ICANN banning registeration of mixed character scripts that are likely to cause confusion.
However, another side of the story has been put. It is clear that many words in local characters have multiple representations when transliterated, often with more than one system, into Latin Characters. Each of these ambiguities offers an opportunity for a Phisher to conduct his Scam. Unlike the problem of eliminating the use of rogue cyrillics in Latin scripts, I see no easy solution to this problem, as each of the transliterations are in a single script and therefore legitimate. Indeed, each could have legitimate usuage, but surely often won't.
The argument therefore develops into the imperative of introducing IDN to prevent Phishing Scams in Asia. Without IDN, it is likely that the confusion over how to transliterate will result in a Pandemic of Scamming, the scale of which will be unprecidented! I feel that we should no longer be silent on the issue of Phishing as IDN undoubtedly will hold the moral high ground on this issue.
Full Talkback thread
Story: Phishing flaw found - but not in IE
-
Is that really a security flaw, or is it just the... David Wright -
So, not a bug in the browsers but another thing IE... Steve J
-
There are a number of fixes out there for thi... Seb -
One of the biggest arguments out there against IDN... David Wrixon
Back to: Phishing flaw found - but not in IE
