Talk:IDN homograph attack

Suggestion
Nice article, one suggestion: the effect of "www.google.com" vs "www.googIe.com" depends on the font used to render the article; maybe we could create a pair of images to demonstrate this in a suitable font. &mdash; Matt Crypto 01:31, 21 Mar 2005 (UTC)

Merging articles
FWIW I support the proposal to merge the articles IDN homograph attack and Homograph spoofing attack. The overlap seems very significant. Matt 20:36, 6 December 2005 (UTC).

Second the motion. Each has its own strong points, both in content and in presentation. eritain 23:35, 27 December 2005 (UTC)

.ac TLD?
The article says

"(TLD, for example, .ac or .museum)"

I think ".ac" is not a good example of a ccTLD: Ascention island is a small dependency of St. Helena (British terr. in the South Atlantic) and almost all domain under .ac are sold to unrelated entities. —The preceding unsigned comment was added by 62.48.171.17 (talk) 15:22, 23 January 2007 (UTC).

Firefox 2 seems (in its default configuration) to trust .org and .info IDN's, while distrusting .com and .net Would this be a more suitable example? Afilias provides a much less extensive list of available languages (and character sets) for these, which makes them a little more difficult to spoof. Not impossible (for instance, wíkipedia.org is not wikipedia.org) but a little more difficult. --66.102.80.212 (talk) 23:32, 20 February 2008 (UTC)

Misspelling use in phishing
Phishers also reported to use misspelling in order as a trap. Generally, they have "What you need, when you need it" text. For example, a youtube.com is misspelled as yuotube.com.

Should that the above text be added into this article? Junkcops (talk) 02:47, 5 December 2008 (UTC)
 * It's not a homograph attack, as the glyphs are different. Perhaps add it in a see-also section?64.231.104.179 (talk) 03:54, 28 December 2008 (UTC)

what about ｆｕｌｌ ｗｉｄｔｈ ｃｈａｒｓ ?
are the chars from about uFF00 to about uFF5E allowed in some domain names? if they are, shouldn't they be mentioned in the article since they are just about the same as many of the printable chars in the ascii range? --TiagoTiago (talk) 08:18, 9 May 2009 (UTC)

Ⓐⓝⓓ ⓦⓗⓐⓣ ⓐⓑⓞⓤⓣ ⓣⓗⓔⓢⓔ ⒜⒩⒟ ⒯⒣⒠⒮⒠ ?
How gullible do people need to be to have groups of chars added to this article because people might confuse them with regular chars? Should the chars from about u2460 to about u24EA be in this article too? --TiagoTiago (talk) 08:35, 9 May 2009 (UTC)

OK to add external link to Namkara homograph registration?
I'd like to reference the site Namkara homograph registration which lists the many homographs of a user-entered domain name, vis-a-vis Unicode Consortium's UTR#36. Some filtering is applied to limit homographs to those domain names that may be supported by domain name registry policies. As the site is owned by me, I'd like to avoid conflict-of-interest and request here for the addition of the aforementioned external link. Mja52590 (talk) 20:54, 7 October 2009 (UTC)

Other uses of this attack
Sometimes this attack is used to impersonate users in chatrooms. —Preceding unsigned comment added by 173.49.239.254 (talk) 21:37, 10 July 2010 (UTC)

Shouldn't this page be called ...
Shouldn't this page be called IDN homoglyph attack?
 * Nope. "γραφειν" is a good root. VanIsaacWScontribs 17:28, 9 February 2012 (UTC)
 * Homograph attack seems to be the more common term for this phenomenon. But the subject of the Wikipedia article homoglyph (similar characters) is far more relevant to homograph attacks than the subject of homograph (words with identical spellings). According to homoglyph, "homograph" can also refer to similar characters. So the article title is fine.  Homoglyphs should be mentioned more prominently, and it does not appear (from homograph) that they are considered a subset of homographs as this article currently states.  I suppose Chinese homographs are also homoglyphs, so maybe that makes a subset? While the spoofed domain names are strings of similar characters, I'm not sure that they are really words with identical spellings as defined in the homograph article. A string that randomly mixes Latin and Cyrillic characters isn't a "word", is it? I'm going to pipe the homograph link in the lead to homoglyph and delete the subset statement.Plantdrew (talk) 02:53, 11 March 2012 (UTC)

the Nameprep article
I am reluctant to add a See Also link to the Nameprep article - could someone take a look at making that article less problematic or merging it into the Punycode article (note: not even "Stringprep" directs to the Nameprep article.

thanks

G. Robert Shiplett 12:28, 28 March 2012 (UTC)

citibank
why does this article use citibank in the first example. If it is becuase it relates to an actuall atack, there should be a refrence, and if not, can a fake example not be invented? Its almost like an advert. — Preceding unsigned comment added by 92.26.55.196 (talk) 14:16, 13 June 2013 (UTC)

wikipedia example
The wikipedia example image would be much more useful if it had the normal rendering of wikipedia below the IDN version. DouglasCalvert (talk) 04:07, 19 July 2013 (UTC)

Actual Examples of an IDN Homograph Attack?
Hi,

This article seems long on the risk of attack and meagre in examples of this actually happening. A few examples, actual in the wild examples, would go a long way to skewering criticism from skeptics like me. — Preceding unsigned comment added by Hamish.MacEwan (talk • contribs) 01:32, 8 March 2016 (UTC)

Remove the History section
I think the section on history is obsolete. It's merely a bunch of random facts on misspellings and misreadings throughout the centuries, and, while thematically related, adds nothing to the article. — Preceding unsigned comment added by 黄雨伞 (talk • contribs) 13:23, 17 April 2017 (UTC)

External links modified
Hello fellow Wikipedians,

I have just modified 2 external links on IDN homograph attack. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
 * Added archive https://web.archive.org/web/20050320020225/http://www.shmoo.com/idn/ to http://www.shmoo.com/idn/
 * Added archive https://web.archive.org/web/20141017110723/https://www.icann.org/resources/pages/string-evaluation-completion-2014-02-19-en to https://www.icann.org/resources/pages/string-evaluation-completion-2014-02-19-en

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

Cheers.— InternetArchiveBot  (Report bug) 03:01, 10 November 2017 (UTC)

homograph vs. homoglyph
Hi there,

the article says, the characters “are homographs, hence the term for the attack, although technically homoglyph is the more accurate term for different characters that look alike”.

But “homograph” does not refer to the characters but the words formed by the characters which are homoglyphs. So, homoglyph is not “more accurate”, it is only correct term for those characters while homograph is the most accurate term for those words (but not correct when using the classic definition). Messerjokke79 (talk) 04:09, 11 March 2020 (UTC)

Optical Character Recognition
I encountered a few online scientific documents that were published without correcting mistakes made by OCR software. Very annoying (C10 instead of ClO or the other way around, etc. in chemical formulas), and I saw this copied on others sites, also without any correction. By the way, B and 8 are also good candidates as are S and 5.

Can someone add this subject (or a link to it)?

Simon de Danser (talk) 17:35, 10 September 2020 (UTC)

This text is confusing. Can it be clarified?
While the fake link will show in Punycode when it is clicked, by this point the page has already begun loading into the browser and the malicious software may have already been downloaded onto the computer.

If the browser alters the link to Punycode, the spoof web site is never loaded is it?

— Preceding unsigned comment added by 124.248.141.101 (talk) 00:18, 4 June 2021 (UTC)

Domain name spoofing
FYI, I have created a disambiguation article Domain name spoofing since this is a generic term in common use. At present it contains IDN homograph attack, DNS spoofing and Email spoofing, as well as a see also of mitigation technologies. Please add any relevant articles. --John Maynard Friedman (talk) 18:20, 6 July 2021 (UTC)

Letter J is incorrectly placed in Venn diagram.
Check this page: https://en.wikipedia.org/wiki/Cyrillic_script, it's in Slavic Cyrillic letters 188.255.214.84 (talk) 05:01, 24 January 2023 (UTC)

3ric Johanson
This name, 3ric Johanson, appears in the article. If someone is famous and renders his name that way, fine, but there should be a blue linked article so the reader isn’t left wondering if it is a bit of vandalism. There may well be such a person, per a Google search, but it is jarring nonetheless, to see a non-Latin letter stuck into a common name.. Edison (talk) 16:48, 7 April 2023 (UTC)

first image in the article
I don't see any script spoofing in the first image, neither its caption. What's special? 2607:FEA8:551D:8E00:2ECF:3B02:6501:11C8 (talk) 17:53, 11 June 2023 (UTC)


 * As the caption says: The whole point is that the difference is not evident to human eyes but to a computer, the words are as different as chalk and cheese.
 * See also last paragraph of Grapheme. --𝕁𝕄𝔽 (talk) 22:10, 11 June 2023 (UTC)