[q]
Quoting neowin.netAccording to a paper recently published by Eric Johanson of the Shmoo Group, users on most Mozilla-based browsers (Firefox 1.0, Camino .8.5, Mozilla 1.6, etc), Safari 1.2.5, Opera 7.54, Omniweb 5 are victim to a complex International Domain Name [IDN] spoof.
This new attack allows an attacker/phisher to spoof the domain/URLs of businesses. Every recent gecko/khtml based browser implements IDN (which is just about every browser except for Internet Explorer). The Smoo Group have created a proof of concept where the links are directed at "http://www.p****72;ypal.com/", which the browsers punycode handlers render as
www.xn--pypal-4ve.com.According to the group there is however an easy to way to detect you're under a spoof attack, cut & paste the url you are accessing into notepad or some other
tool (under OSX, paste into a terminal window) which will allow you to view what character set/pagecode the string is in. You can also view the details of the SSL cert etc.
.[/q]
See the link I posted for a temporary workaround.
