琉璃仙人
2007-04-28, 01:03 AM
在idnforum被列为钓鱼时间,请大家评论。
http://www.idnforums.com/forums/10835-sex-biz%28chinese-idn%29-a.html
xn--qi7c1aq.biz
Registrar: domainsite.com
Expires in: April 2008
L@@Ks like somebody has found a phishing loophole.
Google is treating this as Latin and so is Wikipedia, but the are not standard Latin as they would not need to be IDN and all and obviously this would have already gone if where Latin.
Are they Phonetics?
Has ICANN screwed up again, or are they just going to delete these altogother when Nameprep gets up dated?
Interestingly there are no whois records for the Verisign equivalents!
I guess that is what Neustar meant about a more culturally sympathetic policy or whatever it was they were twittering on about.
I think it was double speak for not being able to handle the necessary encoding to the job properly!
I am also wondering what the F*ck that says about Mozilla's anti-phishing policy. F*cking laughable from where I am standing!
This is a serious security bug in IDN parsing code, which could facilitate identity theft. I suggest moving this to the member's section or removing the thread so the search engines don't get it.
I have already reported a critical security bug concerning this to mozilla.org and it is being investigated.
I won't bother reporting to microsoft since I don't have a microsoft machine with which to confirm this, and Rhys can do it easier than I can. Rhys, if you're reading... report a bug to the IE team.
Not sure I agree with your interpretation, but it is clearly a serious problem.
I have already contacted Mozilla and DNJournal over the issue.
My interpretation was that it was a mistake in the way that Neustar have implemented dot Biz, but I am not a technical person, so there is plenty of scope for error on that one.
I would tend to agree with Mozilla, but as this is an IDN and not an ASCII domain it should not be allowed to be registered and also it should not be White Listed by Mozilla. Just because Neustar has an Anti-Phishing policy, it doesn't mean they have a clue what they are doing, and just because Verisign has published one it does mean that they are somehow less competitent than any bloody cowboy registry that comes along. Mozilla ought to leave policy issues to ICANN who despite all the negative comment understand them much better than Mozilla.
http://www.idnforums.com/forums/10835-sex-biz%28chinese-idn%29-a.html
xn--qi7c1aq.biz
Registrar: domainsite.com
Expires in: April 2008
L@@Ks like somebody has found a phishing loophole.
Google is treating this as Latin and so is Wikipedia, but the are not standard Latin as they would not need to be IDN and all and obviously this would have already gone if where Latin.
Are they Phonetics?
Has ICANN screwed up again, or are they just going to delete these altogother when Nameprep gets up dated?
Interestingly there are no whois records for the Verisign equivalents!
I guess that is what Neustar meant about a more culturally sympathetic policy or whatever it was they were twittering on about.
I think it was double speak for not being able to handle the necessary encoding to the job properly!
I am also wondering what the F*ck that says about Mozilla's anti-phishing policy. F*cking laughable from where I am standing!
This is a serious security bug in IDN parsing code, which could facilitate identity theft. I suggest moving this to the member's section or removing the thread so the search engines don't get it.
I have already reported a critical security bug concerning this to mozilla.org and it is being investigated.
I won't bother reporting to microsoft since I don't have a microsoft machine with which to confirm this, and Rhys can do it easier than I can. Rhys, if you're reading... report a bug to the IE team.
Not sure I agree with your interpretation, but it is clearly a serious problem.
I have already contacted Mozilla and DNJournal over the issue.
My interpretation was that it was a mistake in the way that Neustar have implemented dot Biz, but I am not a technical person, so there is plenty of scope for error on that one.
I would tend to agree with Mozilla, but as this is an IDN and not an ASCII domain it should not be allowed to be registered and also it should not be White Listed by Mozilla. Just because Neustar has an Anti-Phishing policy, it doesn't mean they have a clue what they are doing, and just because Verisign has published one it does mean that they are somehow less competitent than any bloody cowboy registry that comes along. Mozilla ought to leave policy issues to ICANN who despite all the negative comment understand them much better than Mozilla.