Skip to comments.
New Browser Exploit Found (but not on IE)
DSL Reports ^
| 2/7/2005
| DSL Reports
Posted on 02/07/2005 7:44:07 PM PST by smith288
New Browser Trick Found
Uses homograph attack to spoof links
As members of our Security forum discuss, a new homograph browser trick (see demo page) has been discovered that oddly works in every browser but IE. The trick uses International Domain Name (IDN) character support (using foreign characters that resemble American alphabet letters) to trick your browser into showing fake domain names in hyperlinks and in the address bar. IE doesn't support IDN (though it can via plug-in), so by default isn't vulnerable. More detail in this advisory from the group that discovered it.
TOPICS: Extended News; Miscellaneous; News/Current Events; Technical
KEYWORDS: computersecurity; exploit; explorer; firefox; idn; opera
Navigation: use the links below to view more comments.
first previous 1-20, 21-28 last
To: smith288
For this spoof to work, you'd have to head to the site from another phishing site or click on a fraudulent email link. This would be one sharp phisher, as the logistics of making a convincing site are pretty difficult using foreign letter codes. Heck, I have a big enough problem making links work with a regular alphabet.
I've never been whacked on my Windows machine or my Mac, by following a couple of simple rules:
1. Don't click on email links
2. Keep virus protection up to date
3. Use a firewall
4. Turn off java
5. Turn off activeX except at trusted sites
6. Turn off javascript when surfing unknown sites
7. Run an Adaware check every so often.
8. If a popup window asks if you want to install the plugin, the answer is no.
21
posted on
02/07/2005 8:32:32 PM PST
by
Richard Kimball
(It was a joke. You know, humor. Like the funny kind. Only different.)
To: Richard Kimball
I have found the best Anti-Adware program is Microsoft's new one they have out on beta. It caught everything on my machine at work that was completly stifled by ad ware that was running resident in memory. I have it run at 3am and when I get in the next day, it has a dialog box report of what the scan results were. I havent had any problems since.
22
posted on
02/07/2005 8:42:40 PM PST
by
smith288
("Bravery is not a reaction to fear but the act of ignoring it from honor.")
To: smith288
I have FF 1.0 and it works for me Even after you restart and run the test?
23
posted on
02/07/2005 9:01:41 PM PST
by
steve86
To: smith288
Just curious, but how do you KNOW it got everything? 'Cause, you know, you just don't know what you don't know, you know? :)
:O)
P
24
posted on
02/07/2005 9:18:39 PM PST
by
papasmurf
(Dear Lord, Please make me the Commanding General In Iraq for just 3 months, Amen.)
To: All
To: BearWash
Unfortunately, after restarting Firefox, the about:config setting reads false, but the system is susceptible. =(
26
posted on
02/07/2005 9:53:40 PM PST
by
yevgenie
(8 bits in a byte; 2 bits to a quarter ($.25) ==> so, 8 bits is a dollar ???)
To: smith288; All
Once again, thanks for the tips! :o)
To: papasmurf
Just curious, but how do you KNOW it got everything? 'Cause, you know, you just don't know what you don't know, you know? :) I dont have casino icons popping up on my desktop or see any weird traffic leaving my machine... All the processes running are accounted for and legit. :)
28
posted on
02/08/2005 9:20:46 AM PST
by
smith288
("Bravery is not a reaction to fear but the act of ignoring it from honor.")
Navigation: use the links below to view more comments.
first previous 1-20, 21-28 last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson