At 12:22 -0500 2002-02-07, Elliotte Rusty Harold wrote: > >For the sake of argument, let's call the company they work at >Microsoft, but this attack could hit most companies with a .com >address. Let's say I register microsoft.com, only the fifth letter >isn't a lower-case Latin o. It's actually a lower case Greek >omicron. I then forge a believable letter from [EMAIL PROTECTED] >to [EMAIL PROTECTED] saying "Can you please update me on your >budget?" Bob, noticing that the e-mail appears to come from Alice, >whom he knows and trusts, fires off a reply with his confidential >information. Only it doesn't go to Alice. It goes to me. I can then >reply to Bob, asking for clarification or more details. I can ask >him to attach the latest build of his software. I can carry on a >conversation in which Bob believes me to be Alice and spills his >guts. This is very, very bad.
It isn't Unicode's fault that some letters look like others. That's a fault of history. -- Michael Everson *** Everson Typography *** http://www.evertype.com
