Usable Security

Regarding “THE METHODOLOGY AND AN APPLICATION TO FIGHT AGAINST UNICODE ATTACKS” —

— Although I really like the work that’s presented in this paper, I do not like the way that Fu, Deng and Liu call this a “Unicode Attack.” This kind of attack has been previously called “homographic attack.” It’s a better name because:

1 - It’s descriptive. 
2 - This kind of attack transcends Unicode.
3 - The name “homographic attack” predates the “unicode attack” name.

Overall, one of the problems that we have in computer security (and computing in general) is being lax with our vocabulary.  We use different names to mean the same things (and using the same name in different things). 

One of the real problems that users have had is trying to keep track of all these different attacks.  THis is especially bad when it comes to names that are popularized in the mass media from “security researchers” — names like Phishing; spear phishing; fly phishing; vishing; etc. 

So I like the paper and the research, but I really wish that the authors had called in a Homographic Attack, and not a Unicode attack.  You can do this attack in Latin-1.  It’s not specific to Unicode, and we already had a better name.

This entry was posted on Friday, July 14, 2006 at 05:39 under General. You can leave a comment here or trackback from your own site. Use the comment feed to follow comments on this entry.