Back in "Phollowing the Phishers" I talked about how browsers need to change to fight phishing. It looks like version 8 of the Opera browser is taking a shot at reducing the risk a new opening for phishing attacks - the display of Internationalized Domain Names (IDNs). Essentially, the use of Unicode characters makes it very possible for domain names to be registered in one language that look quite different when displayed in another language font. This means that someone could register www.hackyoutopieces.com in Elbonian, and when displayed in the Upsidaisium font it could display as www.puppykitten.com. Yikes - a phisher's wet dream.
Interestingly, Opera and Firefox have to deal with this problem - as more modern browsers, they already support Unicode. This is one instance where the lack of progress in Microsoft's Internet Explorer actually results in avoiding a security problem.
Opera's approach is to incorporate a white list of "trusted" top level domains - trusted meaning the registrars that have more strict policies for registering domain names. If a registrar isn't on the white list, only Latin 1 characters will be displayed - OK for western European languages, not workable in the long run for Asian and other languages. Opera also adds a "caller ID" like feature - displaying the name of the organization that paid for the digital certificate when HTTPS is being used. This at least provides some additional indication that phishing might be going on.
Microsoft has said it will build IE7, a badly needed upgrade of IE. Firefox and Opera continue to raise the bar on security - while I'd really like to see a company as big as Microsoft show leadership and break new ground in web security, at this point I will be overjoyed if IE7 can just clear the new height.