francesco.montanari
2020-10-7 08:31:59

@francesco.montanari has joined the channel


soegaard2
2020-10-7 13:51:29

Unicode is fun. > (char=? #\A #\Α) #f


soegaard2
2020-10-7 13:51:43

Tip: The second A is greek.


massung
2020-10-7 15:05:57

kinda reminds me… aren’t there people registering domain names using homographes as domain names (e.g. "http://amazon.com\|amazon.com" but with the “a” being the greek letter instead so it appears valid, but routes somewhere else entirely different)?


jlavelle604
2020-10-7 15:14:25

@jlavelle604 has joined the channel


guzhibin
2020-10-7 15:39:16

@guzhibin has joined the channel


soegaard2
2020-10-7 15:40:43

Sadly, it sounds plausible.


george.privon
2020-10-7 15:45:16

i remember it being discussed as a likely out come of allowing unicode in domain names


massung
2020-10-7 15:50:59

Yeah, it’s one of those “I’m not sure if it’s just an urban legend” deals


camoy
2020-10-7 15:52:17

These are called “punycode attacks”. I’m not sure how effectively they’ve been used in real phishing cases.


hazel
2020-10-7 18:39:56

wasn’t there once a punycode domain that crashed iOS? or am I thinking of things


samth
2020-10-7 18:57:46

If you type that A in for the a in http://amazon.com\|amazon.com, you get this in the browser: http://www.xn--mazon-c9d.com/


samth
2020-10-7 18:58:02

so it avoids that problem


sorawee
2020-10-7 19:02:04

I recall it used to be a real vulnerability, and they fixed it by make it render like “http://www.xn--mazon-c9d.com\|www.xn--mazon-c9d.com


spdegabrielle
2020-10-7 22:06:32

Thanks @gknauth !


haskal
2020-10-7 22:31:58

@haskal has joined the channel


gknauth
2020-10-7 23:19:16

You’re welcome! Thank you for all you do!


jsx610278856
2020-10-8 02:37:07

@jsx610278856 has joined the channel