IETF Logo Mail Archive

Re: [idn] space-like unicode char

Soobok Lee <lsb@lsb.org> Sun, 20 February 2005 06:26 UTC

Received: from psg.com (mailnull@psg.com [147.28.0.62]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA13735 for <idn-archive@lists.ietf.org>; Sun, 20 Feb 2005 01:26:05 -0500 (EST)
Received: from majordom by psg.com with local (Exim 4.44 (FreeBSD)) id 1D2kTw-0008wp-MQ for idn-data@psg.com; Sun, 20 Feb 2005 06:22:16 +0000
Received: from [211.196.150.53] (helo=postel5.postel.co.kr) by psg.com with esmtp (Exim 4.44 (FreeBSD)) id 1D2kTu-0008pt-Eh for idn@ops.ietf.org; Sun, 20 Feb 2005 06:22:14 +0000
Received: from [10.1.1.21] ([211.217.233.223]) by postel5.postel.co.kr (8.13.0.PreAlpha4/8.13.0.PreAlpha4) with ESMTP id j1K6MCJR005207; Sun, 20 Feb 2005 15:22:12 +0900
Message-ID: <42182C94.8090909@lsb.org>
Date: Sun, 20 Feb 2005 15:22:12 +0900
From: Soobok Lee <lsb@lsb.org>
User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Soobok Lee <lsb@lsb.org>
CC: idn@ops.ietf.org
Subject: Re: [idn] space-like unicode char
References: <42181FD5.3070608@lsb.org> <42182948.1070403@lsb.org>
In-Reply-To: <42182948.1070403@lsb.org>
Content-Type: text/plain; charset="EUC-KR"
Content-Transfer-Encoding: 7bit
X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on psg.com
X-Spam-Status: No, score=-1.8 required=5.0 tests=AWL,BAYES_00, RCVD_IN_NJABL_PROXY autolearn=no version=3.0.1
Sender: owner-idn@ops.ietf.org
Precedence: bulk
Content-Transfer-Encoding: 7bit

The real problem comes when "com.%1160%1160*" is punycoded into "xn--blah".
( You can increase the number of "%1160"s until 63-char limit is reached)

"www.microsoft.xn--blah.uni.cc"
is decoded and displayed in the native form on the MSIE/i-Nav or Firefox
1.x.
what would you see on the address bar and in the webpage?

The legitimate ASCII url http://www.microsoft.xn--blah.uni.cc would
succeed to be resolved and deliver the phishing page, while the end user see
"www.microsoft.com" isolated in the beginning part of the address bar.

the end user may not see "uni.cc" part if the frame width of the MSIE
window instance
is narrow enough to hide ".uni.cc" .


Soobok



Soobok Lee wrote:

>For those who do not have a webserver: plz copy this url into your MSIE
>addressbar .
>
>javascript:void(window.open(unescape("http://www.microsoft.com%u2044%u1160%u1160.uni.cc/"),"_self"))
>
>You will see an error page if you have recent MSIE patch.
>
>Soobok
>
>Soobok Lee wrote:
>
>  
>
>>You can paste this html/javascript codelet to an html file in your
>>webserver and see in your MSIE brower.
>>You will see "www.microsoft.com" isolated in the addressbar from the
>>"mozilla.org" domain suffix.
>>Fortunately, you will see blank space (no phishing page) if you have
>>recent IE patch.
>>This won't work in firefox 1.x which strips off those special chars
>>for unknow reasons before sending to
>>the address bar.
>>
>><script>
>>window.open(unescape("http://www.microsoft.com%u1160%u1160%u1160%u1160%u1160%u1160.mozilla.org/"),"_blank");
>>
>></script>
>>
>>U+1160 is a space-like char and even stringprep/nameprep does not
>>filter it out because
>>the char is not for punctuational purpose.
>>U+1160 is just one example, and i guess there may be many alternatives
>>that can be
>>used as blank char alternatives.
>>
>>U+1160 in the above example is placed in the 3rd level domain name label,
>>over which .org registry cannot impose any regulations.
>>
>>Soobok Lee
>>    
>>
>
>
>
>  
>

v2.23.0 | Report a Bug | By Email