Re: Support of kepler, sputnik, etc and security risks

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: Support of kepler, sputnik, etc and security risks
From: David Given <dg@...>
Date: Sat, 17 Oct 2009 21:39:20 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jim Whitehead II wrote:
[...]
> What in particular are you concerned about?  As in, what's the security risk?

Unicode has quite a lot of similar-looking characters that make spoofing
very easy. For example:

www.google.com
www.𝗀𝗈𝗈𝗀𝗅𝖾.com

...are actually *different*. (I'm assuming your mail readers are
rendering it properly!)

There isn't really a good solution to this --- it's one of the reasons
why Unicode domain names have never really taken off.

- --
┌─── ｄｇ＠ｃｏｗｌａｒｋ．ｃｏｍ ───── http://www.cowlark.com ─────
│
│ "People who think they know everything really annoy those of us who
│ know we don't." --- Bjarne Stroustrup
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iD8DBQFK2it2f9E0noFvlzgRAuM3AKDTTeklkblARbEGln4SJhVxTpq+owCeNsYW
i8JgxGzSLyqSLIy5QpiwOAI=
=3xjG
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: Support of kepler, sputnik, etc and security risks, Petite Abeille
- Re: Support of kepler, sputnik, etc and security risks, Tony Finch

References:
- Support of kepler, sputnik, etc and security risks, Fernando P. García
- Re: Support of kepler, sputnik, etc and security risks, Jim Whitehead II

Prev by Date: Re: Multiple return values from require()
Next by Date: Re: Support of kepler, sputnik, etc and security risks
Previous by thread: Re: Support of kepler, sputnik, etc and security risks
Next by thread: Re: Support of kepler, sputnik, etc and security risks
Index(es):
- Date
- Thread