February 21, 2005
Keeping Firefox safe from IDN Spoofing
The IDN Spoof is a security whole where bad guys take out domain names that contain "special" foreign characters which are indistinguishable from normal characters, and fool you into thinking you are someplace on the web where you are not.
For example, I might register and get a security certificate for microsöft.com, hoping that users would not notice that it is different from microsoft.com. Of course, this is an obvious example. Many of the character substitutes are quite indistinguishable from the originals.
The Mozilla Security group is putting together a plan of action to ensure the maximum protection in the interim.
Anyway, this is a hard problem, Firefox is working on solving it, even though it is really the security certificate authority's responsibility (e.g. Verisign is ill advised to sell a certificate for microsöft.com to some far-off bad guy).
Read more from this blogger: