Skip to comments.
New Browser Exploit Found (but not on IE)
DSL Reports ^
| 2/7/2005
| DSL Reports
Posted on 02/07/2005 7:44:07 PM PST by smith288
New Browser Trick Found
Uses homograph attack to spoof links
As members of our Security forum discuss, a new homograph browser trick (see demo page) has been discovered that oddly works in every browser but IE. The trick uses International Domain Name (IDN) character support (using foreign characters that resemble American alphabet letters) to trick your browser into showing fake domain names in hyperlinks and in the address bar. IE doesn't support IDN (though it can via plug-in), so by default isn't vulnerable. More detail in this advisory from the group that discovered it.
TOPICS: Extended News; Miscellaneous; News/Current Events; Technical
KEYWORDS: computersecurity; exploit; explorer; firefox; idn; opera
Navigation: use the links below to view more comments.
first 1-20, 21-28 next last
Grabbing popcorn...
1
posted on
02/07/2005 7:44:07 PM PST
by
smith288
To: smith288
I guess this means that homographophobia will become respectable...
2
posted on
02/07/2005 7:46:13 PM PST
by
sourcery
(This is your country. This is your country under socialism. Any questions? Just say no to Socialism!)
To: smith288
Just set network.enableIDN to "false" in Firefox.
To do this type about:config in the address bar, then network.enableIDN in the filter. Just double click on the parameter name and the value will be changed to false.
You probably have to close the browser for it to take effect (not sure there).
3
posted on
02/07/2005 7:47:38 PM PST
by
steve86
To: smith288
I like Spoof Stick for FireFox - it tells you where you REALLY are...
SpoofStick
4
posted on
02/07/2005 7:50:20 PM PST
by
dandelion
(http://thequestionfairy.blogspot.com/)
To: BearWash
I just tried that fix and you didnt have to restart Firefox. Though if you are the type of nerd who gets the nightly releases, you will have to set this to false every time you get the new build.
5
posted on
02/07/2005 7:50:34 PM PST
by
smith288
("Bravery is not a reaction to fear but the act of ignoring it from honor.")
To: smith288
I would say there are very few IE fixes this easy.
6
posted on
02/07/2005 7:54:31 PM PST
by
steve86
To: BearWash
What functionality in FireFox would changing network.enableIDN to "false" lose for you, if any?
7
posted on
02/07/2005 7:55:11 PM PST
by
swilhelm73
(Appeasers believe that if you keep on throwing steaks to a tiger, the tiger will become a vegetarian)
To: smith288
I believe that Microsoft will be releasing 9 updates tomorrow.
Now, I don't blame MS for updating the OS. Especially since the updates are 'free'. Considering that the OS is now 3 years old, and not only are feature-sets being added, problems that were not known, or simply did not exist then are being addressed, as well as new technologies (SATA & SAS); and all of these are repaired free of charge.
Next, when we consider the plethora of machines (Intel, AMD or other processor company's processors), the chipsets supported (nVidia, Via, SiS, Intel, AMD, etc), the quantity of other products (video capture, RAID, NIC, Sound, USB, Firewire, PCI, PCI-X, PCI-express, ect.), the fact that they can release patches which fix problems, without creating new problems truly is amazing.
8
posted on
02/07/2005 7:55:17 PM PST
by
Hodar
(With Rights, comes Responsibilities. Don't assume one, without assuming the other.)
To: dandelion
Ah-ha just checked it with Spoof Stick - Spoof Stick got SMACKED. So take that back on Spoof Stick; in this exploit, it will not help. Sending an email to the developer...
Switching OFF IDN...
9
posted on
02/07/2005 7:58:18 PM PST
by
dandelion
(http://thequestionfairy.blogspot.com/)
To: smith288
About setting it repeatedly with new builds, isn't the new parameter value stored in prefs.js in your own home directory? (This is Linux -- maybe Windows stores it in the registry or whatever they call it now).
10
posted on
02/07/2005 7:58:33 PM PST
by
steve86
To: swilhelm73
What functionality in FireFox would changing network.enableIDN to "false" lose for you, Apparently those internationalized domain names. Not a big loss to me. I don't think they should use funny characters in domain names. IE doesn't support those anyway.
11
posted on
02/07/2005 8:00:08 PM PST
by
steve86
I use Shiira for OSX, and it isnt vulnerable... :)
12
posted on
02/07/2005 8:01:32 PM PST
by
oolatec
To: BearWash
13
posted on
02/07/2005 8:10:53 PM PST
by
swilhelm73
(Appeasers believe that if you keep on throwing steaks to a tiger, the tiger will become a vegetarian)
To: BearWash
About setting it repeatedly with new builds, isn't the new parameter value stored in prefs.js in your own home directory? (This is Linux -- maybe Windows stores it in the registry or whatever they call it now). It stores it in prefs.js on a win32 but I think that bit of info was meant for people who just wipe their ff dir out when they get a new build
14
posted on
02/07/2005 8:11:36 PM PST
by
smith288
("Bravery is not a reaction to fear but the act of ignoring it from honor.")
To: smith288; BearWash
Hey guys - it's not working! I confirmed on the demo page and the forum, and they are getting the same response - THE IDN FALSE WORKAROUND *DOESN'T* WORK FOR FIREFOX 1.0. Evidently this workaround only performs in 0.93 - we should see more on Mozillazine.
http://forums.mozillazine.org/viewtopic.php?t=214828
Once again - the workaround does NOT work for Firefox 1.0. Confirm on the demo page before you assume it works in your browser...
15
posted on
02/07/2005 8:15:00 PM PST
by
dandelion
(http://thequestionfairy.blogspot.com/)
To: BearWash
16
posted on
02/07/2005 8:16:01 PM PST
by
Blood of Tyrants
(God is not a Republican. But Satan is definitely a Democrat.)
To: dandelion
I'll certainly check into that. Usually I go to slashdot for the full scoop but don't have time now.
17
posted on
02/07/2005 8:17:39 PM PST
by
steve86
To: BearWash
Clarifications are on Mozillazine - evidently the workaround gets "reset" everytime Firefox is started, so it may work THIS time, but not after you reopen. Nightly Build may address this...
18
posted on
02/07/2005 8:17:52 PM PST
by
dandelion
(http://thequestionfairy.blogspot.com/)
To: dandelion
Yeah, I saw newer builds might have it fixed. Shows you have to test more than once, that's for sure!
19
posted on
02/07/2005 8:22:08 PM PST
by
steve86
To: dandelion
Hey guys - it's not working! I have FF 1.0 and it works for me
20
posted on
02/07/2005 8:25:22 PM PST
by
smith288
("Bravery is not a reaction to fear but the act of ignoring it from honor.")
Navigation: use the links below to view more comments.
first 1-20, 21-28 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson