Secunia issues IDN spoofing security advisory

Secunia, has issued a security advisory on the IDN spoofing issue, based on the homograph attacks identified by Eric Johanson.

Users of Browsers that implement International Domain Names (IDN) support are affected. Secunia has constructed a test to check if your browser is affected. This would include all Gecko-based browsers that support IDN. InternetExplorer, which has no concept of IDN, cannot display the websites at all, ironically enough. Verisign IDN plugin is affected.

ICANN is responsible for preventing registeration of malicious domain names. They, however, have been lax in their duties.

Firefox, Mozilla, etc-al are displaying the requested site as per the spec. The problem arises with multiple domain names with visually-similar (or identical) names leading to conartistry. Mozilla seems to be considering a security/international: “IDN detect” extension to counter IDN homograph attack, but this is a poor solution. ICANN needs to get their act together.