Conversation

Notices

1. Rysiekúr Memesson (rysiek@mastodon.technology)'s status on Tuesday, 07-Jun-2022 04:28:13 UTC Rysiekúr Memesson

   in reply to

   • Silmathoron
   • xpil
   • Ian Molton

   @spyro @xpil @silmathoron here's a very illustrative XKCD that might help explain what I mean:
   https://xkcd.com/1831/

   • Santa Claes 🇸🇪🇭🇰🎅 likes this.
   • Rysiekúr Memesson (rysiek@mastodon.technology)'s status on Tuesday, 07-Jun-2022 04:28:14 UTC Rysiekúr Memesson

     in reply to

     • Silmathoron
     • xpil
     • Ian Molton

     @spyro @xpil @silmathoron here's my problem with this: you waltz in here, implying a certain thing is easy to do, after a whole thread showing how this is a major issue for DNS and InfoSec communities, and has for years.

     Somehow plenty of well-resourced organizations have not found a good solution to this. But you seem to be convinced it's easy.

     So it's not unreasonable to call you out on it and say "prove it". Plenty of stuff looks way easier than it actually is, especially from outside.

   • Rysiekúr Memesson (rysiek@mastodon.technology)'s status on Tuesday, 07-Jun-2022 04:28:16 UTC Rysiekúr Memesson

     in reply to

     • Silmathoron
     • xpil
     • Ian Molton

     @spyro @xpil @silmathoron in that case I await your tool that solves this problem for everyone. Clearly so far nobody was smart enough to write one, be the hero you want to see in the world!

   • Ian Molton (spyro@friendica.mnementh.co.uk)'s status on Tuesday, 07-Jun-2022 04:28:16 UTC Ian Molton

     in reply to

     • Silmathoron
     • xpil
     @rysiek @xpil @silmathoron
     
     No, thanks.
     
     Just because I can see a solution doesn't make me obligated to implement it.
     
     I don't even have to be happy about that either.
     
     If I had infinite time, I would.
     
     As it is, in putting my effort into optimising #avr interrupts on my threaded #kernel.
   • Ian Molton (spyro@friendica.mnementh.co.uk)'s status on Tuesday, 07-Jun-2022 04:28:21 UTC Ian Molton

     in reply to

     • Silmathoron
     • xpil
     @rysiek @xpil @silmathoron As if that isn't a task you can give a computer to do!
     
     come on. It only has to be done once, too - once you have a mapping, you can just look up.
   • Rysiekúr Memesson (rysiek@mastodon.technology)'s status on Tuesday, 07-Jun-2022 04:28:22 UTC Rysiekúr Memesson

     in reply to

     • Silmathoron
     • xpil
     • Ian Molton

     @spyro @xpil @silmathoron doubtful. But go have a look at all of the Unicode and come back to me with a *complete* list of *all* look-alike characters, I'll wait.

     And then I'll let you ponder the problem of checking if a given domain being registered is a "lookalike domain" of any other domain.

     Consider that there are going to be dozens of lookalike characters, and you need to check for all possible combinations for a given domain. Because you're not checking against non-IDN domains, right?

   • Ian Molton (spyro@friendica.mnementh.co.uk)'s status on Tuesday, 07-Jun-2022 04:28:28 UTC Ian Molton

     • Silmathoron
     • xpil
     @rysiek @xpil @silmathoron
     
     It should only warn you if the domain exists in both forms.
     
     Tbh, I can't see why dns allows these domains to even be registered. Is there a valid use case for the "fake" looking version, ever?