Ironically IE is NOT affected by this vulnerability.
...but then unless it has the plugin for it, it doesn't support this anyway!
Thread at DSLReports Security:
The state of homograph attacks
Brief Summary: browsers supporting Punycode/IDN are vulnerable to a URL spoofing attack that can easily fool less sophisticated and complacent users. The address bar will contain the expected url (in text, not an image even!) and even the https: protocol and lock icon can be spoofed.
The most disturbing part of the story is this: (emphasis mine)
Quote:
VI. Vendor Responses
Opera: They believe they have correctly implemented IDN, and will not be making any changes.
|
Proof of concept link:
http://www.shmoo.com/idn/
There is a workaround for Mozilla browsers but it only partially works. In the meantime I suggest you type in/use a bookmark and never click links in emails.
As for Opera users, show your displeasure by pirating...oh wait, I mean, by switching to Mozilla.
