It’s an IDN thing

Ben asks whether the Verisign IE plugin for IDN is vulnerable to the same phishing attack as the browsers that have implemented IDN natively.

I’d have to say, mostly.

Screenshot of IE showing Secunia's IDN Paypal spoof

The addressbar looks fine, a perfect spoof, and on Shmoo’s secure site everything looks fine until you examine the certificate, or for any site look at the page properties, since the plugin doesn’t affect that and you see the punycode “https://www.xn--pypal-4ve.com/.”

Screenshot of IE showing Shmoo's IDN Paypal SSL spoof

I tried to remember the last time I examined the certificate for a site I thought I knew, and couldn’t; probably sometime in the first year that I used the internet. Good enough to phish me.

(The title in the Windows titlebar on the Shmoo site isn’t really a flaw in the spoof: they just didn’t bother with an HTML <title> so IE shows the URI instead.)

2 Comments

Comment by Phil Ringnalda #
2005-02-09 09:37:32