[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[idn] another homograph attach: BIDI char

To: idn@ops.ietf.org
Subject: [idn] another homograph attach: BIDI char
From: Soobok Lee <lsb@lsb.org>
Date: Mon, 21 Feb 2005 11:31:24 +0900
User-agent: Mozilla Thunderbird 1.0 (Windows/20041206)

javascript:void(window.open(unescape("http://www.microsoft.com%u202e.uni.cc/%u1160%u1160%u1160";),"_self"))

If some IDNA implementation does not handle BIDI filtering/verifying well, you can see similar results as "slash-space combination". %u202e is a bidi directional formatter (RLO, right-to-left) and should not be filtered char-by-char basis, because the char plays a crucual role in arabic/hebrew writings. You can refer to stringprep/nameprep document for details of BIDI checking part.

Good implementations of IDNA would not suffer from the above attack. But, current MSIE does not support IDNA, while it still allow arbitrary utf-8 chars. So, current MSIE is exploitable for malicious phinshing attempts. I don't know whether this works for filefox/mozilla.

The previous example, javascript:void(window.open(unescape("http://www.microsoft.com%u2044%u1160%u1160%u1160.uni.cc/";),"_self")) You can replace %u2044 with %u2205,%u3033 etc. I am now searching more slash/space like chars. I will post them here.

Soobok

Follow-Ups:
- Re: [idn] another homograph attach: BIDI char
  - From: Erik van der Poel <erik@vanderpoel.org>
- Re: [idn] another homograph attach: BIDI char
  - From: Soobok Lee <lsb@lsb.org>

Prev by Date: Re: [idn] quick & dirty (but not too dirty) homograph defense
Next by Date: Re: [idn] another homograph attach: BIDI char
Previous by thread: [Fwd: Re: [idn] IDN spoofing]
Next by thread: Re: [idn] another homograph attach: BIDI char
Index(es):
- Date
- Thread