NYCPHP Meetup

NYPHP.org

[nycphp-talk] somewhat OT Re: validating proper name capitalization

John Campbell jcampbell1 at gmail.com
Thu Sep 29 16:12:38 EDT 2011


On Thu, Sep 29, 2011 at 3:24 PM, Chris Snyder <chsnyder at gmail.com> wrote:
> On Thu, Sep 29, 2011 at 2:06 PM, John Campbell <jcampbell1 at gmail.com> wrote:
>
>> The problem with puny code is that it is a security nightmare, and no
>> safe browsers are ever going to support it.
>>
>> Can you find the difference between http://paypal.com/ and
>> http://paypaḷ.com/ ?
>>
>
> The EV SSL certificate?

The l in the second paypal is actually a ḷ which is an l with a dot
under it.  I could buy that domain and a SSL cert for it, then do a
bunch of fishing attacks and no one would notice the tiny dot in
paypaḷ.



More information about the talk mailing list