[kdepim] [Bug 469930] New: Scam detection: Consider misleading substitute characters in URL userinfo

[Mia Herkt]

https://bugs.kde.org/show_bug.cgi?id=469930

            Bug ID: 469930
           Summary: Scam detection: Consider misleading substitute
                    characters in URL userinfo
    Classification: Applications
           Product: kdepim
           Version: GIT (master)
          Platform: unspecified
                OS: All
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: messageviewer
          Assignee: kdepim-bugs at kde.org
          Reporter: mia+kde at 0x0.st
  Target Milestone: ---

Recently, some new gTLDs like .zip have been getting a lot of attention, with
people pointing out how easily they can be used to mislead users. One the ways
this can be done is to use the @ symbol and characters like ∕ (U+2215 DIVISION
SLASH):

https://download.kde.org∕stable∕krita∕5.1.5∕@kritax64515.zip

The above URL leads to a domain called kritax64515.zip – what looks like a path
on the download.kde.org domain to an unsuspecting user is merely the userinfo
subcomponent of that URL.

It is probably a good idea to try and detect this.

-- 
You are receiving this mail because:
You are the assignee for the bug.