nanog mailing list archives
Re: Dear RIPE: Please don't encourage phishing
From: Valdis.Kletnieks () vt edu
Date: Sat, 11 Feb 2012 13:28:57 -0500
On Sat, 11 Feb 2012 09:09:25 PST, Randy Bush said:
My $0.02 on this issue is if the message is rich text I hover over the link and see where it actually sends me.idn has made this unsafeTechniques to deal with this sort of spoofing already exist: see http://www.mozilla.org/projects/security/tld-idn-policy-list.html for one quite effective approach.
Nice. Basically, unless the TLD registrar has a public policy that basically says "We don't allow names with cyrillic C to collide with MICROSOFT", their hostnames all get displayed as xn--gobbledygook. (The actual policy for the .UA registrar is more subtle. They *do* in fact allow "U+0441 Cyrillic Small Letter ES" which is visually a C to us Latin-glyph users. However, they require at least one character that's visually unique to Cyrillic in the domain name. They also don't allow mixed Cyrillic/Latin scripts in one domain name). Or so http://www.hostmaster.ua/idn/ tells me after Google Translate gets done with it. ;)
and grandma is gonna use this? with internet exploder or safari?
If the manufacturers of IE and Safari can't come up with a similar policy, then the people at Mozilla can use "We protect you from malicious names" as a marketing diffferentiation feature.
Attachment:
_bin
Description:
Current thread:
- Re: Dear RIPE: Please don't encourage phishing, (continued)
- Re: Dear RIPE: Please don't encourage phishing Dan White (Feb 10)
- Re: Dear RIPE: Please don't encourage phishing Jimmy Hess (Feb 11)
- Re: Dear RIPE: Please don't encourage phishing Brandon Butterworth (Feb 10)
- Re: Dear RIPE: Please don't encourage phishing Landon Stewart (Feb 10)
- Re: Dear RIPE: Please don't encourage phishing Randy Bush (Feb 10)
- Re: Dear RIPE: Please don't encourage phishing Masataka Ohta (Feb 10)
- Re: Dear RIPE: Please don't encourage phishing Neil Harris (Feb 11)
- Re: Dear RIPE: Please don't encourage phishing Randy Bush (Feb 11)
- Re: Dear RIPE: Please don't encourage phishing chris (Feb 11)
- Re: Dear RIPE: Please don't encourage phishing Javier Henderson (Feb 11)
- Re: Dear RIPE: Please don't encourage phishing Valdis . Kletnieks (Feb 11)
- Re: Dear RIPE: Please don't encourage phishing Masataka Ohta (Feb 11)
- Re: Dear RIPE: Please don't encourage phishing Valdis . Kletnieks (Feb 11)
- Re: Dear RIPE: Please don't encourage phishing Jimmy Hess (Feb 11)
- Re: Dear RIPE: Please don't encourage phishing Masataka Ohta (Feb 12)
- Re: Dear RIPE: Please don't encourage phishing Valdis . Kletnieks (Feb 12)
- Re: Dear RIPE: Please don't encourage phishing Masataka Ohta (Feb 12)
- Re: Dear RIPE: Please don't encourage phishing Jimmy Hess (Feb 12)
- Re: Dear RIPE: Please don't encourage phishing Randy Bush (Feb 12)
- Re: Dear RIPE: Please don't encourage phishing Jimmy Hess (Feb 12)
- Re: Dear RIPE: Please don't encourage phishing Randy Bush (Feb 12)
- Re: Dear RIPE: Please don't encourage phishing Landon Stewart (Feb 10)