Talk:IDN homograph attack

From Wikipedia, the free encyclopedia
Jump to: navigation, search
WikiProject Computer Security / Computing   
WikiProject icon This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
 ???  This article has not yet received a rating on the project's quality scale.
 ???  This article has not yet received a rating on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Computing.


Nice article, one suggestion: the effect of "" vs "" depends on the font used to render the article; maybe we could create a pair of images to demonstrate this in a suitable font. — Matt Crypto 01:31, 21 Mar 2005 (UTC)

Merging articles[edit]

FWIW I support the proposal to merge the articles IDN homograph attack and Homograph spoofing attack. The overlap seems very significant. Matt 20:36, 6 December 2005 (UTC).

Second the motion. Each has its own strong points, both in content and in presentation. eritain 23:35, 27 December 2005 (UTC)

.ac TLD?[edit]

The article says

(TLD, for example, .ac or .museum)

I think ".ac" is not a good example of a ccTLD: Ascention island is a small dependency of St. Helena (British terr. in the South Atlantic) and almost all domain under .ac are sold to unrelated entities. —The preceding unsigned comment was added by (talk) 15:22, 23 January 2007 (UTC).

Firefox 2 seems (in its default configuration) to trust .org and .info IDN's, while distrusting .com and .net Would this be a more suitable example? Afilias provides a much less extensive list of available languages (and character sets) for these, which makes them a little more difficult to spoof. Not impossible (for instance, wí is not but a little more difficult. -- (talk) 23:32, 20 February 2008 (UTC)

Misspelling use in phishing[edit]

Phishers also reported to use misspelling in order as a trap. Generally, they have "What you need, when you need it" text. For example, a is misspelled as

Should that the above text be added into this article? Junkcops (talk) 02:47, 5 December 2008 (UTC)

It's not a homograph attack, as the glyphs are different. Perhaps add it in a see-also section? (talk) 03:54, 28 December 2008 (UTC)

what about full width chars ?[edit]

are the chars from about uFF00 to about uFF5E allowed in some domain names? if they are, shouldn't they be mentioned in the article since they are just about the same as many of the printable chars in the ascii range? --TiagoTiago (talk) 08:18, 9 May 2009 (UTC)

Ⓐⓝⓓ ⓦⓗⓐⓣ ⓐⓑⓞⓤⓣ ⓣⓗⓔⓢⓔ ⒜⒩⒟ ⒯⒣⒠⒮⒠ ?[edit]

How gullible do people need to be to have groups of chars added to this article because people might confuse them with regular chars? Should the chars from about u2460 to about u24EA be in this article too? --TiagoTiago (talk) 08:35, 9 May 2009 (UTC)

OK to add external link to Namkara homograph registration?[edit]

I'd like to reference the site Namkara homograph registration which lists the many homographs of a user-entered domain name, vis-a-vis Unicode Consortium's UTR#36. Some filtering is applied to limit homographs to those domain names that may be supported by domain name registry policies. As the site is owned by me, I'd like to avoid conflict-of-interest and request here for the addition of the aforementioned external link. Mja52590 (talk) 20:54, 7 October 2009 (UTC)

Other uses of this attack[edit]

Sometimes this attack is used to impersonate users in chatrooms. —Preceding unsigned comment added by (talk) 21:37, 10 July 2010 (UTC)

Shouldn't this page be called ...[edit]

Shouldn't this page be called IDN homoglyph attack?

Nope. "γραφειν" is a good root. VanIsaacWScontribs 17:28, 9 February 2012 (UTC)
Homograph attack seems to be the more common term for this phenomenon. But the subject of the Wikipedia article homoglyph (similar characters) is far more relevant to homograph attacks than the subject of homograph (words with identical spellings). According to homoglyph, "homograph" can also refer to similar characters. So the article title is fine. Homoglyphs should be mentioned more prominently, and it does not appear (from homograph) that they are considered a subset of homographs as this article currently states. I suppose Chinese homographs are also homoglyphs, so maybe that makes a subset? While the spoofed domain names are strings of similar characters, I'm not sure that they are really words with identical spellings as defined in the homograph article. A string that randomly mixes Latin and Cyrillic characters isn't a "word", is it? I'm going to pipe the homograph link in the lead to homoglyph and delete the subset statement.Plantdrew (talk) 02:53, 11 March 2012 (UTC)

the Nameprep article[edit]

I am reluctant to add a See Also link to the Nameprep article - could someone take a look at making that article less problematic or merging it into the Punycode article (note: not even "Stringprep" directs to the Nameprep article.


G. Robert Shiplett 12:28, 28 March 2012 (UTC)


why does this article use citibank in the first example. If it is becuase it relates to an actuall atack, there should be a refrence, and if not, can a fake example not be invented? Its almost like an advert. — Preceding unsigned comment added by (talk) 14:16, 13 June 2013 (UTC)

wikipedia example[edit]

The wikipedia example image would be much more useful if it had the normal rendering of wikipedia below the IDN version. DouglasCalvert (talk) 04:07, 19 July 2013 (UTC)

Actual Examples of an IDN Homograph Attack?[edit]


This article seems long on the risk of attack and meagre in examples of this actually happening. A few examples, actual in the wild examples, would go a long way to skewering criticism from skeptics like me. — Preceding unsigned comment added by Hamish.MacEwan (talkcontribs) 01:32, 8 March 2016 (UTC)

Remove the History section[edit]

I think the section on history is obsolete. It's merely a bunch of random facts on misspellings and misreadings throughout the centuries, and, while thematically related, adds nothing to the article. — Preceding unsigned comment added by 黄雨伞 (talkcontribs) 13:23, 17 April 2017 (UTC)