Robin Laing wrote:
You were right to point out that this is not a virus or trojan but a problem with trust and lack of knowledge. It is a fair exploit of a feature that was poorly implemented.
In what way was it poorly implemented? How could it have been done better?
A similar trick could be done without IDN, by registering something like "paypa1.com", which looks remarkably like "paypal.com" and uses only regular ASCII characters.
Paul.
I read the poorly implemented comment on another article Tuesday. I don't remember the full details. I will have to see if I can find the article again. If I find it I will post it.
From what I can remember is, why does an international character look like an english character under internationalization? This is where it is poorly implemented. But how can it be different? Could IDN characters be displayed in a different color or box? I don't know. This is one of those unforeseen problems with any implementation of software. I haven't checked since the first day I read about the problem but from the article, the author states that he can see the differences.
-- Robin Laing