Archive for February 7th, 2005

Phishing Flaw in Every Browser but IE

February 7, 2005

Got this from
This web page describes a spoof that every browser but IE allows. As near as I can tell it has to do with the fact that IDNs (International Domain Names) can have country- or language-specific characters in them, yet the display like English characters. So you will see a URL that appears to be, for instance, but it’s actually http://www.p& — the “&amp#1072” is an accented “a”.
You can circumvent this problem in Firefox but the fix doesn’t persist across browser restarts. Opera’ssupposedly got a fix for it now.