[nycphp-talk] somewhat OT Re: validating proper name capitalization
Tedd Sperling
tedd.sperling at gmail.com
Thu Sep 29 16:54:30 EDT 2011
On Sep 29, 2011, at 4:12 PM, John Campbell wrote:
> On Thu, Sep 29, 2011 at 3:24 PM, Chris Snyder <chsnyder at gmail.com> wrote:
>> On Thu, Sep 29, 2011 at 2:06 PM, John Campbell <jcampbell1 at gmail.com> wrote:
>>
>>> The problem with puny code is that it is a security nightmare, and no
>>> safe browsers are ever going to support it.
>>>
>>> Can you find the difference between http://paypal.com/ and
>>> http://paypaḷ.com/ ?
>>>
>>
>> The EV SSL certificate?
>
> The l in the second paypal is actually a ḷ which is an l with a dot
> under it. I could buy that domain and a SSL cert for it, then do a
> bunch of fishing attacks and no one would notice the tiny dot in
> paypaḷ.
> _______________________________________________
Disclaimer: The following may/may not be true.
And in my opinion PayPal would sue you out of existence, as I believe they did with the person who created the first homographic attack example.
However, the above statement might be stuff of an urban myth, so I am neither confirming/nor denying the truth of this incident if it did occur, or not.
However, I will say that discussing this incident (if it occurred, or not) is serious stuff. Thread carefully.
Cheers,
tedd
_____________________
tedd at sperling.com
http://sperling.com
More information about the talk
mailing list