Non-Microsoft Browsers Have Spoofing Flaw

Netcraft ^ | 2/7/2005 | Netcraft

[Doohickey]

Don't be absurd. Hundreds of companies, like mine, run tens of thousands of Windows XP desktops. Suggesting a desktop rollout is a flop because of the operating system is asinine.

[Hank Rearden]

Double click on it; it will change to false.

Or right-click, then select Toggle. Other right-click options are available as well.

[Uncle Fud]

If only the default ActiveX setting in IE had been "Off" the malware problem would probably be about 20% (or less) its current size.

[N3WBI3]

There is a difference between ActiveX and this setting. Active X is a major component of ie, this setting is nothing. That being said, this is an issue they need to look into, maybe they need to color the address bar when a site is using International URL's

[KwasiOwusu]

"how many guys are going to go to the police complaining they got ripped off/scammed by a porn site? People simply don't do it,"

Thousands of people report porn sites to the FBI and the police all the time.
That is how lots of porn sites managed to get themselves convicted of fraud and other Internet crimes.
Buying porn these days is done by all kinds of people from all walks of life, even including women.
Plus some of the guys who buy porn don't have much of a reputation to worry about anyway.

[shellshocked]

Just more anti-Micros....waitaminut, this looks like someone else screwed up!

[thoughtomator]

These guys can just run their sites from overseas, and the worst that can be done to them is to have their site shut down for a brief time.

[PAR35]

The attack can be disabled in Firefox and Mozilla by setting 'network.enableIDN' to false in the browser's configuration

That appears to be the default setting in Mozilla.

[KwasiOwusu]

"Microsoft must have a lot of excess cash if they can afford to pay people to prop up that POS. Guess it's still cheaper than delivering a tight, efficient, competitive browser."

Tell that to the Firefox clowns. Looks like they badly need that piece of advice.


"Firefox Rocks, as usual"

Firefox rocks like Saddam Hussein in that foxhole.
And that is exactly where the crappy Firefox is headed to: A foxhole.
FireFOX to FOXhole. Get it? :)

[Lx]

Thanks! You learn something new everyday. I love Firefox!

[KwasiOwusu]

"It does not work on Linux...."

Doesn't work on the Apple Mac, written by CRAPPLE.
Still got nothing to do with Microsoft.

[ThinkDifferent]

So, it stays set to FALSE, but after a program restart. . . it no longer works. It only works from the time I toggle until I restart....is that what you are getting?

Yep, and that actually is a Firefox bug. The original problem isn't a bug as such, since the browser is interpreting and displaying the Unicode characters correctly. It's a design flaw of IDN that it didn't consider spoofing attacks using characters that look similar to ASCII.

[lainie]

Heh heh, the funniest part is that the only reason IE isn't vulnerable is because it doesn't support the standard.

[chilepepper]

i didn't claim their roll-out was a flop *because of* the choice of OS, merely that their flopped system was Windows XP based.

the incident where their "commercial net" (based on outlook) however, *does* qualify...

[ThinkDifferent]

Doesn't work on the Apple Mac, written by CRAPPLE.

So are you 12, or just really bored?

[N3WBI3]

Than windows and OSX may have problems with their API, or the Standard itself needs to be rewritten. if Explorer is given a plugin to allow for international URL's it is also vulnerable..

[Mannaggia l'America]

If only the default ActiveX setting in IE had been "Off" the malware problem would probably be about 20% (or less) its current size.

And if only people wouldn't have written the malware...

Some ActiveX controls are useful. But also a big problem is users clicking "Yes" to everything, including the warning screens that display.

[KwasiOwusu]

"These guys can just run their sites from overseas, and the worst that can be done to them is to have their site shut down for a brief time."

You'll find that a very high percentage of porn sites are operated right here in America, especially all those "naked housewives" and stuff like that.
Its a simple matter of following the money for the FBI. They gotta get their money somehow, mostly through credit card transactions.
Plus these days, even if you put your host server in Europe, Russia, Japan or even China, the FBI is still gonna get ya.

[KwasiOwusu]

"So are you 12, or just really bored?"

Repeat:
"Doesn't work on the Apple Mac, written by CRAPPLE"
That clear enough for you yet?

[cinives]

Exactly - so no one should click on any link in an email. I never do, even if I know the person the email is from, because I cannot be sure it wasn't email generated by a virus.