Wednesday, February 16, 2005

New URL Unicode Spoofing Technique Revealed

Unicode table

Another unicode based exploit. Because you can now use unicode in URLs it's quite easy to spoof them. Example: is the actual site and http://www.pа is the spoof URL.

The spoof URL is actually http://www.pа, which of course is the unicode character а, which looks exactly like an a. You don't need to be a genius to see where this is going....

For more info and a demo check out Secuna. Boingboing even has a possible fix.


Post a Comment

<< Home