Posted on 02/07/2005 11:29:30 AM PST by KwasiOwusu
All non-Microsoft browers include a flaw that allows URL spoofing using Unicode characters, which can be exploited by phishing scams seeking to steal login information for online banking accounts. The spoofing flaw, which is demonstrated on the web site of the Shmoo Group, works in the Firefox, Mozilla and Opera browsers, as well as the Safari browser for Macs.
The spoof exploits flaws in how the browsers interpret Unicode characters. A link using Unicode characters to replace the letter "a" in "Paypal" will display as www.paypal.com in the browser, but send users to www.xn--pypal-4ve.com - which then displays "www.paypal.com" in its address bar. A similar spoof works on SSL-enabled URLs (https) commonly used on banking and e-commerce sites.
Unicode is a broader character set that includes non-English characters as well as symbols, which is being used on the Internet to support Internationalized Domain Names (IDN). The affected browsers support IDN, while Microsoft's Internet Explorer does not.
(Excerpt) Read more at news.netcraft.com ...
We've been repeatedly told that this couldn't happen with Firefox and Mozilla. That everything is M$' fault. Oh the inhumanity of it all.
Uh-oh! I guess they've finally figured out that enough people are using non-MSFT browsers to make them worthwhile targets.
Me, I stick with Internet Exploder. At least I know its vulnerabilities. Folks that think their browser-of-the-month is invulnerable are just guessing.
And now we have a new way to fool them. Oh well....
oopsie
All those millions who downloaded Firefox- and heralded it as a 'huge success' (for giving something away??) better warn everyone
From the above referenced article - "...The attack can be disabled in Firefox and Mozilla by setting 'network.enableIDN' to false in the browser's configuration (enter about:config in the address bar to access the configuration fucntions). "
---
There are some folks here who are big fans of Firefox.
I never put personal info on a site that I have been linked to. I only go to those sites directly.
bttt
THAT'S IT!!!!
I'VE HAD ENOUGH!!!!
I am giving up all browsers!!!!
I am going back to pen and paper and stamps.
Now would everyone on Free Republic be so kind as to send me your physical address so I can correspond with you and send you newspaper clippings...
bump for later
Of course, the reason it affects all of them couldn't be Microsoft's unicode-handling API, could it?
Nevermind the fact this is a configuration setting that can be turned off right?
Thnak you Mr. Gates for posting this.
Right, it's Microsoft fault Firefox fails. Why is Firefox even using Microsoft unicode-handling API? hmmm. Me thinks Firefox could do it on their own.
It can, just like many exploits in archnemesis IE. Unfortunately, anyone stupid enough to fall for a phishing scam is also WAY too stupid to reconfigure their browser.
Nothing about LYNX on here, so I guess I'm OK.
LOL!
Hey everybody, this is true, so true. Firefox is too dangerous for you to use. Please do not switch to Firefox. Alas, it is too late for me. So lets just keep the status quo. Thanks.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.