Talk:IDN homograph attack
|WikiProject Computer Security / Computing|
- 1 Suggestion
- 2 Merging articles
- 3 .ac TLD?
- 4 Misspelling use in phishing
- 5 what about ｆｕｌｌ ｗｉｄｔｈ ｃｈａｒｓ ?
- 6 Ⓐⓝⓓ ⓦⓗⓐⓣ ⓐⓑⓞⓤⓣ ⓣⓗⓔⓢⓔ ⒜⒩⒟ ⒯⒣⒠⒮⒠ ?
- 7 OK to add external link to Namkara homograph registration?
- 8 Other uses of this attack
- 9 Shouldn't this page be called ...
- 10 the Nameprep article
- 11 citibank
- 12 wikipedia example
Nice article, one suggestion: the effect of "www.google.com" vs "www.googIe.com" depends on the font used to render the article; maybe we could create a pair of images to demonstrate this in a suitable font. — Matt Crypto 01:31, 21 Mar 2005 (UTC)
Second the motion. Each has its own strong points, both in content and in presentation. eritain 23:35, 27 December 2005 (UTC)
The article says
(TLD, for example, .ac or .museum)
I think ".ac" is not a good example of a ccTLD: Ascention island is a small dependency of St. Helena (British terr. in the South Atlantic) and almost all domain under .ac are sold to unrelated entities. —The preceding unsigned comment was added by 22.214.171.124 (talk) 15:22, 23 January 2007 (UTC).
Firefox 2 seems (in its default configuration) to trust .org and .info IDN's, while distrusting .com and .net Would this be a more suitable example? Afilias provides a much less extensive list of available languages (and character sets) for these, which makes them a little more difficult to spoof. Not impossible (for instance, wíkipedia.org is not wikipedia.org) but a little more difficult. --126.96.36.199 (talk) 23:32, 20 February 2008 (UTC)
Misspelling use in phishing
Phishers also reported to use misspelling in order as a trap. Generally, they have "What you need, when you need it" text. For example, a youtube.com is misspelled as yuotube.com.
- It's not a homograph attack, as the glyphs are different. Perhaps add it in a see-also section?188.8.131.52 (talk) 03:54, 28 December 2008 (UTC)
what about ｆｕｌｌ ｗｉｄｔｈ ｃｈａｒｓ ?
are the chars from about uFF00 to about uFF5E allowed in some domain names? if they are, shouldn't they be mentioned in the article since they are just about the same as many of the printable chars in the ascii range? --TiagoTiago (talk) 08:18, 9 May 2009 (UTC)
Ⓐⓝⓓ ⓦⓗⓐⓣ ⓐⓑⓞⓤⓣ ⓣⓗⓔⓢⓔ ⒜⒩⒟ ⒯⒣⒠⒮⒠ ?
How gullible do people need to be to have groups of chars added to this article because people might confuse them with regular chars? Should the chars from about u2460 to about u24EA be in this article too? --TiagoTiago (talk) 08:35, 9 May 2009 (UTC)
I'd like to reference the site Namkara homograph registration which lists the many homographs of a user-entered domain name, vis-a-vis Unicode Consortium's UTR#36. Some filtering is applied to limit homographs to those domain names that may be supported by domain name registry policies. As the site is owned by me, I'd like to avoid conflict-of-interest and request here for the addition of the aforementioned external link. Mja52590 (talk) 20:54, 7 October 2009 (UTC)
Other uses of this attack
Shouldn't this page be called ...
Shouldn't this page be called IDN homoglyph attack?
- Nope. "γραφειν" is a good root. VanIsaacWScontribs 17:28, 9 February 2012 (UTC)
- Homograph attack seems to be the more common term for this phenomenon. But the subject of the Wikipedia article homoglyph (similar characters) is far more relevant to homograph attacks than the subject of homograph (words with identical spellings). According to homoglyph, "homograph" can also refer to similar characters. So the article title is fine. Homoglyphs should be mentioned more prominently, and it does not appear (from homograph) that they are considered a subset of homographs as this article currently states. I suppose Chinese homographs are also homoglyphs, so maybe that makes a subset? While the spoofed domain names are strings of similar characters, I'm not sure that they are really words with identical spellings as defined in the homograph article. A string that randomly mixes Latin and Cyrillic characters isn't a "word", is it? I'm going to pipe the homograph link in the lead to homoglyph and delete the subset statement.Plantdrew (talk) 02:53, 11 March 2012 (UTC)
the Nameprep article
I am reluctant to add a See Also link to the Nameprep article - could someone take a look at making that article less problematic or merging it into the Punycode article (note: not even "Stringprep" directs to the Nameprep article.
G. Robert Shiplett 12:28, 28 March 2012 (UTC)
why does this article use citibank in the first example. If it is becuase it relates to an actuall atack, there should be a refrence, and if not, can a fake example not be invented? Its almost like an advert. — Preceding unsigned comment added by 184.108.40.206 (talk) 14:16, 13 June 2013 (UTC)