[Pkg-kde-bugs-fwd] [Bug 98788] Possible solution to IDN domain spoofing/phising
Paul Hilton
98788@bugs.kde.org
17 Feb 2005 20:28:25 -0000
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
http://bugs.kde.org/show_bug.cgi?id=98788
------- Additional Comments From paul_hilton yahoo com 2005-02-17 21:28 -------
This is a serious issue related to secure sites, like Paypal,
To say WONTFIX because the code meets all the appropriate standards is not
a good service to users. At the very least allow IDN to be turned off, and
turn it off by default until a better solution is implemented.
Your average user will not be impressed by 'code meets all the appropriate standards' when he/she has fallen victim to a phishing scam and lost a bundle of money.
If the browser displays the padlock, an https URL and reads as the user thinks it should then it is hard to see what else the user can do. Saying that they should type the URL manually is wishful thinking, especially when the link has loads of cryptic stuff on the end of it to direct you to a place on the site, for example the way ebay listings do.
I don't think that this is a 'wait and see what happens' issue. I would imagine that this WILL be quoted by Microsoft as indicating that Open Source software is insecure, and your average Joe Public will agree.