I was just sent this:
Just passing it along.
From the IDN advisory on the page, it looks like the attendees of Shmoocon '05 were made aware of this.Subject: browser security: homograph attack
sample:
http://www.shmoo.com/idn/
The urls look like www.paypal.com, but view the source and
there's an alternate character being used for the letter "a".
In the far future, we'll have unicode domain names.
Until then, disable it in FireFox/Mozilla:
about:config
networking.enableIDN=FALSE
Just passing it along.