IPv4 Hijacking For Idiots

• Previous message (by thread): IPv4 Hijacking For Idiots
• Next message (by thread): IPv4 Hijacking For Idiots
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 6/6/17 6:14 AM, Scott Christopher wrote:

> Or one could register aсme.com

For what it's worth, that domain name (with a Cyrillic character 0441
replacing the "c" in "acme") wouldn't be allowed based on this:

 https://www.verisign.com/en_US/channel-resources/domain-registry-products/idn/idn-policy/registration-rules/index.xhtml

(See section 3, "For example, a character from the Latin script cannot
be used in the same IDN with any Cyrillic character.")

But those rules are not foolproof. "асе.com" is entirely Cyrillic (0430
0441 0435), and is in fact registered. Compare these in Firefox:

 http://ace.com/
 http://асе.com/

Chrome has protection against this, displaying the latter as
"http://xn--80ak9a.com/" due to:

 https://www.xudongz.com/blog/2017/idn-phishing/

But it's all very much ad-hoc.


> (If the reader can't tell the difference between acme.com and aсme.com ,
> the reader is using one of the multitude of email clients and/or fonts
> that presents Unicode poorly.)

Even the Unicode sample glyph charts render code points 0063 and 0441
identically:

 http://www.unicode.org/charts/PDF/U0000.pdf
 http://www.unicode.org/charts/PDF/U0400.pdf

And there are lots of other examples. It's hard to say how to fix all
possible cases of what amounts to a human language problem.

-- 
Robert L Mathews

• Previous message (by thread): IPv4 Hijacking For Idiots
• Next message (by thread): IPv4 Hijacking For Idiots
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]