On 15 Feb 2005, at 09:41, Colm MacCarthaigh wrote:
> On Mon, Feb 14, 2005 at 09:21:02PM +0100, Brian Foster wrote:
>> yep. IMHO, the ???shocking??? thing here is the more actively
>> developed browsers, released long after the 2001 CACM paper,
>> have the problem to begin with. that paper was short and
>> clear. there does not seem to be an excuse for having the
>> problem with browsers released years (literally!) later.
>> It's not a browser vulnerability, they are merely correctly
> implementing
Indeed - the security issue is with the users of the browsers, not the
browsers themselves. But to be honest, it's a bit much to expect a
person who will voluntarily enter a password to decode a ZIP archive
and then voluntarily run the malware inside it to be aware of the
existence of homographs and what they imply in IDNs.
> IDN. This is an actual designed-in feature of IDN, the fault lies with
> the registries.
Why do you say that Colm? Should we expect the registries to check
every IDN offered for every possible homograph clash with an already
registered name?
Niall
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
