Print

Print


On 29 April 2010 18:49, Calculator Ftvb <[log in to unmask]> wrote:

> Also, IDNs are a common way to implement phishing, so if your browser
> supports it, set it to display the punycode version (and always check the
> url)... (advice from a semiqualified wannabe hacker ;-)
>
>
Normally you shouldn't need to, as it is already how modern browsers handle
things by default. Basically, modern browsers have whitelists for allowing
some IDNs (based on whether the registrar implements efficient measures
against homograph attacks), and anything that doesn't fall under those rules
is displayed in Punycode and marked as a potential phishing attempt.

As for older browsers, those normally don't handle IDNs at all anyway, and
can only display the Punycode, so you get that security for free.
-- 
Christophe Grandsire-Koevoets.

http://christophoronomicon.blogspot.com/
http://www.christophoronomicon.nl/