[LUAU] Non-IE bug?

pnakashi at k12.hi.us pnakashi at k12.hi.us
Tue Feb 8 16:16:31 PST 2005


This scares me. What are the chances of this being fixed anytime soon?
--Peter

A new phishing/scam threat using International Domain Names (IDN) can be
used to steal your identity and money.
See following for details:
http://www.infoworld.com/article/05/02/08/HNdomainnamethreat_1.html

Go to following for a demo of this phishing attack and description:
http://www.shmoo.com/idn
Click on the links for www.paypal.com, you will get a bogus site with the
word "meeow" which could be made to look like the real site to steal your
information. Both the regular html and SSL (https) links can be forged.

Currently, this exploit affects only non-Microsoft IE browsers. Since IE
has not yet implemented IDN in it's browser it is not vulnerable.




More information about the LUAU mailing list