On Sep 29, 2011, at 4:12 PM, John Campbell wrote: > On Thu, Sep 29, 2011 at 3:24 PM, Chris Snyder <chsny...@gmail.com> wrote: >> On Thu, Sep 29, 2011 at 2:06 PM, John Campbell <jcampbe...@gmail.com> wrote: >> >>> The problem with puny code is that it is a security nightmare, and no >>> safe browsers are ever going to support it. >>> >>> Can you find the difference between http://paypal.com/ and >>> http://paypaḷ.com/ ? >>> >> >> The EV SSL certificate? > > The l in the second paypal is actually a ḷ which is an l with a dot > under it. I could buy that domain and a SSL cert for it, then do a > bunch of fishing attacks and no one would notice the tiny dot in > paypaḷ. > _______________________________________________
Disclaimer: The following may/may not be true. And in my opinion PayPal would sue you out of existence, as I believe they did with the person who created the first homographic attack example. However, the above statement might be stuff of an urban myth, so I am neither confirming/nor denying the truth of this incident if it did occur, or not. However, I will say that discussing this incident (if it occurred, or not) is serious stuff. Thread carefully. Cheers, tedd _____________________ t...@sperling.com http://sperling.com _______________________________________________ New York PHP Users Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/Show-Participation
