Another unicode based exploit. Because you can now use unicode in URLs it’s quite easy to spoof them. Example:
http://www.paypal.com is the actual site and http://www.pаypal.com/ is the spoof URL.
The spoof URL is actually http://www.pаypal.com, which of course is the unicode character а, which looks exactly like an a. You don’t need to be a genius to see where this is going….
For more info and a demo check out Secuna. Boingboing even has a possible fix.
No Comments so far ↓
There are no comments yet...Kick things off by filling out the form below.