the IDN problem

Filed against every single major web browser is the bug of "unicode blindness injection" security vulnerability. In short, Unicode letters can look the same as their ascii-equivalents, but lead to a different URL (thereby permitting man-in-the-middle attacks).

My solution consists of verifying that unicode glyphs look different from ascii glyphs (yes, I like the word "glyph"). In my example screenshot, words in parentheses are entirely ascii, those preceding them have a "wrong letter:"

• the K in KDE is Cyrillic (U041A)
• the S in RULES is Cyrillic (U0405) (which I'm aware doesn't even exist in Cyrillic)
• the P in APPLE is also Cyrillic (U0420)
• the T in MICROSOFT is Greek (U03A4)

However, it does a poor job of identifying K. If this is considered useful, I may be inclined to fix it for inclusion into KDE, otherwise, I'll leave it to be abandonware as I do with everything else.

The idea is that if there's a unicode letter, and the "error report" is high enough, you might warn the user prior to visiting the page.