Blizzard SectorGeneral CommunityTech Forum v
Problems with alternative internet borswers

Thread Closed 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Threaded Mode
Problems with alternative internet borswers
Obfuscate Offline
Posting Freak
*****
Posts: 2,208
Threads: 104
Joined: Dec 2004
Reputation: 0
#1
02-09-2005, 01:44 PM
I take NO credit for this article being found as Anubis found it and posted in Current Events originally.

Anubis Wrote:According to a paper recently published by Eric Johanson of the Shmoo Group, users on most Mozilla-based browsers (Firefox 1.0, Camino .8.5, Mozilla 1.6, etc), Safari 1.2.5, Opera 7.54, Omniweb 5 are victim to a complex International Domain Name [IDN] spoof.

This new attack allows an attacker/phisher to spoof the domain/URLs of businesses. Every recent gecko/khtml based browser implements IDN (which is just about every browser except for Internet Explorer). The Smoo Group have created a proof of concept where the links are directed at "http://www.pаypal.com/", which the browsers punycode handlers render as www.xn--pypal-4ve.com.

According to the group there is however an easy to way to detect you're under a spoof attack, cut & paste the url you are accessing into notepad or some other
tool (under OSX, paste into a terminal window) which will allow you to view what character set/pagecode the string is in. You can also view the details of the SSL cert etc.

You can disable IDN support in Mozilla products by setting 'network.enableIDN' to false. There is no known workaround for Opera or Safari. Vendor responses have been varied with VeriSign and Apple failing to respond but Opera believing they have correctly implemented IDN, and will not be making any changes (oops). Mozilla are currently working on finding a good long-term solution. The company provided a clear workaround for disabling IDN temporarily until it can better address the issue.

This latest exploit will provide spammers with a way to trick FireFox, Opera and Safari users into thinking they're on a certain website. Commonly known as Phishing this latest attack by spammers and hackers is frighteningly common.

Update: Many users are reporting the config change in Firefox does not work, currently there is no fix for Firefox.

Neowin's Brandon Goode Contributed to this report


Just thought you all might like to see this,I know I was a little freaked since I use these.
"One murder makes a villain, millions a hero. "
- Beilby Porteus, Death, A Poem
Find
Thread Closed 


Possibly Related Threads…
Thread Author Replies Views Last Post
  Need Help/ Router Problems Blue 1 315 03-19-2011, 01:11 PM
Last Post: Juke
  Wireless Internet Help Blue 6 603 01-01-2010, 11:46 AM
Last Post: Spitfire
  Network Problems (LAN) AngelzUnit 9 685 03-13-2009, 10:44 PM
Last Post: ZxSlippy191
  Internet Problems tree_frog 6 452 02-13-2009, 01:36 PM
Last Post: The Mob
  I Mac Problems tree_frog 0 337 11-06-2008, 02:38 AM
Last Post: tree_frog
  Weird internet error Blue 6 566 10-19-2008, 02:21 AM
Last Post: erizoe
  Router Problems The Mob 2 435 08-21-2008, 05:12 PM
Last Post: Juke
  Internet Problems Blue 6 464 06-12-2008, 05:35 AM
Last Post: Blue
  Video Cable Problems Blue 2 262 03-17-2008, 07:10 AM
Last Post: Blue
  Problems with MMbot546 starting D2! Help! bsdowns86 1 462 11-07-2007, 05:12 AM
Last Post: Juke

Forum Jump:


Users browsing this thread: 1 Guest(s)