The FUD of IDN and Homographs


I was pointed to this article http://www.microsofttranslator.com/BV.aspx?ref=Internal&a=http%3a%2f%2fwww.bortzmeyer.org%2fidn-et-phishing.html about IDN and homographs, which points out that most of the fear around IDN and phishing is unfounded.  Seemed like a good reference (thanks, Mark), so I’m forwarding.  (For some reason Mark used a different translation engine though).

Cross-tagged with EAI since the same concerns about homographs and phishing apply to email.

Comments (2)

  1. This is indeed a very surprising conclusion. My own experience regarding phishing attempts through spam is that the links become more and more subtle. Not just pointing to blah.com instead of paypal.com, but rather paypal.secure.addyourtrustworthykeywordhere.blah.com, which probably helps pass the ‘tech savvy but not that much’ users bar.

  2. shawnste says:

    I suppose that if your spam had to target IRI-aware users, then you’d have to be pickier, but in general it doesn’t seem to matter much.  Some discussion of IRI security came up in the IRI discussion list, so I’ll probably blog some more about my thoughts.