IDN Spoofing

[madcamel]

Check this out:
http://secunia.com/multiple_browsers_idn_spoofing_test/
Spooky eh ?

Personally, I dont think that browsers that support IDNs should be treated as having "security issues". IDN support is a "feature", not a "bug".

A solution for this "security issue" can be highlighting the address bar of the browser in a different color when the URL is an IDN one.

 

[Theo]

If you go to http://www.paypаl.com/ with Firefox and you click reload several times while looking at the status bar at the bottom, you will see it's an IDN ("Waiting for xn-paypl-7ve.com"). But agreed, something needs to be done.