Photo of Terence Eden. He has a beard and is smiling.

Terence Eden’s Blog

The Homograph Strikes Back - Another IDN Attack With Strikethroughs - Android

By · · 1,150 words · read ~360 times.

Responsible Disclosure This flaw was reported to both Google and Opera on 23rd October 2014. Background International Domain Names are great! They open the web up to the whole world and allow me to own a domain like 莎士比亚.org. But they are a constant battleground in the fight for security. Homograph attacks are when someone uses two letters or symbols which look the same, to fool a user into visiting the wrong web address. For example TW1TTER.com has the number 1 rather than the letter i. …

Continue reading →

Poor IDN Support From Major Webmail Providers

By · · 6 comments · 400 words · read ~963 times.

As I mentioned in a previous post, I'm sick of people not being able to spell or pronounce shkspr.mobi correctly. So I've decided to double down and start using my alternate domain 莎士比亚.org. It's pronounced "Sha-shi-bi-ya", if that helps. Getting my email account set up with my hosting provider was easy enough but it turned out to be quite tricky to send email to my account. This is what happened when I tried to send an email from Gmail to test@莎士比亚.org: Error The address "test@莎士比亚.org" i…

Continue reading →