[I18n-discuss] Fwd: Security consideration: math symbols in an exotic IP address format in a phishing mail
Asmus Freytag <asmusf@ix.netcom.com> Sun, 17 May 2020 19:30 UTC
Return-Path: <asmusf@ix.netcom.com>
X-Original-To: i18n-discuss@ietfa.amsl.com
Delivered-To: i18n-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9B063A0763 for <i18n-discuss@ietfa.amsl.com>; Sun, 17 May 2020 12:30:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.096
X-Spam-Level:
X-Spam-Status: No, score=-0.096 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ix.netcom.com; domainkeys=pass (2048-bit key) header.from=asmusf@ix.netcom.com header.d=ix.netcom.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vfJyINVOeRw1 for <i18n-discuss@ietfa.amsl.com>; Sun, 17 May 2020 12:30:43 -0700 (PDT)
Received: from elasmtp-masked.atl.sa.earthlink.net (elasmtp-masked.atl.sa.earthlink.net [209.86.89.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A5A8D3A0764 for <i18n-discuss@iab.org>; Sun, 17 May 2020 12:30:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ix.netcom.com; s=dk12062016; t=1589743843; bh=2ByX50mTYxGpv0M71Xrbx4fSY4AVNGgr4Kkr ygvuCJQ=; h=Received:Subject:References:To:From: X-Forwarded-Message-Id:Message-ID:Date:User-Agent:MIME-Version: In-Reply-To:Content-Type:Content-Language:X-ELNK-Trace: X-Originating-IP; b=Pqoj3SAKwA8Y32bTXqWQA0V98+Pep/8rCNNhbY2tGHZ5lc /25yY4Bsp9/pzcfOUlhJW1xj6A7WHSGjlbMhVHUWTHvcDYLqUU9FzR3q9okpEfKHcQe p8mKSnaMBb5SCva9XPWXIm974q4bWrIkpvXEzGDWrOZaPyVMStBOTgt1U3X2853+ZPu +HUK4pz83s9thv6Qtu9OlLYqWwfGL3z8aL2nQ53MoXFTm8/CjX4XwiOQmTjdjNFWJ5n fWfDijHsL1X9DVcIh2J3IBbojZ5aO9UiAmsRGMRC8o8SqaG0o5MQOhEu0POpp7wVd1i s9R5a3ktvDX0iTmNdw+D21+u4DKQ==
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk12062016; d=ix.netcom.com; b=BAYA+OTWPVkk9xSVmL42Id6uMgc4Jukvcq4SH+xJVOVgqBMBiszB79ZmAw+pzR8Ts2g+lx6voALiTqyu3NeqAzZ/arorymG1XTX89RxdUu10hj2FjAg1uBNHPfnl1B57UgtPdOlUaFd2ajt4PWHfrq42m/c41CyJE6paUkotKq/BR0FiUWETgCenR4YzRZJ/DRzsnnsSpWH/oULgiXzhCjDx99W518ZUuCEvFMy5doOWBTrLAJdqb1zcyZpVCfv1PBTQGzrGBj6cU8/ZNQInF90G12lcXkBMRwdTTj/qpT7CzqKKQ0TpQNW9SMb9NuaAQABFbeIWQy9wejiifYvSEw==; h=Received:Subject:References:To:From:X-Forwarded-Message-Id:Message-ID:Date:User-Agent:MIME-Version:In-Reply-To:Content-Type:Content-Language:X-ELNK-Trace:X-Originating-IP;
Received: from [75.172.116.31] (helo=[192.168.0.5]) by elasmtp-masked.atl.sa.earthlink.net with esmtpa (Exim 4) (envelope-from <asmusf@ix.netcom.com>) id 1jaOzg-000D8E-Tb for i18n-discuss@iab.org; Sun, 17 May 2020 15:30:41 -0400
References: <20200517014230.329b11b5@spixxi>
To: i18n-discuss@iab.org
From: Asmus Freytag <asmusf@ix.netcom.com>
X-Forwarded-Message-Id: <20200517014230.329b11b5@spixxi>
Message-ID: <1f4a5fc8-43d8-d991-319f-02c56839a59c@ix.netcom.com>
Date: Sun, 17 May 2020 12:30:43 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0
MIME-Version: 1.0
In-Reply-To: <20200517014230.329b11b5@spixxi>
Content-Type: multipart/alternative; boundary="------------98F2B3047451DB79AB21F5A9"
Content-Language: en-US
X-ELNK-Trace: 464f085de979d7246f36dc87813833b26976a2cdabd2db7a310bd95866d7b77144d463a7a9801c6a350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 75.172.116.31
Archived-At: <https://mailarchive.ietf.org/arch/msg/i18n-discuss/nlzTJNMJagW7qQXJUcRP2uNrDxU>
Subject: [I18n-discuss] Fwd: Security consideration: math symbols in an exotic IP address format in a phishing mail
X-BeenThere: i18n-discuss@iab.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Internationalization Program Open Discussion List <i18n-discuss.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/i18n-discuss>, <mailto:i18n-discuss-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i18n-discuss/>
List-Post: <mailto:i18n-discuss@iab.org>
List-Help: <mailto:i18n-discuss-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/i18n-discuss>, <mailto:i18n-discuss-request@iab.org?subject=subscribe>
X-List-Received-Date: Sun, 17 May 2020 19:30:45 -0000
FYI. A./ -------- Forwarded Message -------- Subject: Security consideration: math symbols in an exotic IP address format in a phishing mail Date: Sun, 17 May 2020 01:43:17 +0200 From: Marius Spix via Unicode <unicode@unicode.org> Reply-To: Marius Spix <marius.spix@web.de> To: unicode@unicode.org Today I received an interesting phishing mail which had an URL containing mathematical bold numbers. Interestingly the address πππππππππππ was interpreted as an octal number 05671360302, which is another spelling for 46.229.224.194. This worked for both Firefox and Chrome. I donβt know why such an address is accepted in the authority part of a HTTPS URI of current browsers. Section 7.4 in RFC 3986 states that additional IP address formats can become a security concern, but it also says that literals should be converted to numeric form. I wonder if this case should be added to UTR #36. Regards Marius
- [I18n-discuss] Fwd: Security consideration: math β¦ Asmus Freytag
- Re: [I18n-discuss] Fwd: Security consideration: m⦠John C Klensin
- Re: [I18n-discuss] [I18ndir] Fwd: Security consid⦠Asmus Freytag (c)