Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Non-Microsoft Browsers Have Spoofing Flaw
Netcraft ^ | 2/7/2005 | Netcraft

Posted on 02/07/2005 11:29:30 AM PST by KwasiOwusu

All non-Microsoft browers include a flaw that allows URL spoofing using Unicode characters, which can be exploited by phishing scams seeking to steal login information for online banking accounts. The spoofing flaw, which is demonstrated on the web site of the Shmoo Group, works in the Firefox, Mozilla and Opera browsers, as well as the Safari browser for Macs.
The spoof exploits flaws in how the browsers interpret Unicode characters. A link using Unicode characters to replace the letter "a" in "Paypal" will display as www.paypal.com in the browser, but send users to www.xn--pypal-4ve.com - which then displays "www.paypal.com" in its address bar. A similar spoof works on SSL-enabled URLs (https) commonly used on banking and e-commerce sites.

Unicode is a broader character set that includes non-English characters as well as symbols, which is being used on the Internet to support Internationalized Domain Names (IDN). The affected browsers support IDN, while Microsoft's Internet Explorer does not.

(Excerpt) Read more at news.netcraft.com ...


TOPICS: Business/Economy; News/Current Events; Technical
KEYWORDS: browsers; computersecurity; firefox; gateslapdog; iuseamacsoiambetter; kneepads; littleprecious; lowqualitycrap; marrymebill; microsoft; microsoftastroturf; mskneepadbrigade; netscape; paidshill; redmondianrobots; redmondpayroll; redmondstooge; safari; trollfromredmond; wontyoumarrymebill
Navigation: use the links below to view more comments.
first previous 1-20 ... 41-6061-8081-100 ... 201-213 next last
To: chilepepper

Don't be absurd. Hundreds of companies, like mine, run tens of thousands of Windows XP desktops. Suggesting a desktop rollout is a flop because of the operating system is asinine.


61 posted on 02/07/2005 12:02:32 PM PST by Doohickey ("This is a hard and dirty war, but when it's over, nothing will ever be too difficult again.”)
[ Post Reply | Private Reply | To 39 | View Replies]

To: kevao; Katya
Double click on it; it will change to false.

Or right-click, then select Toggle. Other right-click options are available as well.

62 posted on 02/07/2005 12:02:48 PM PST by Hank Rearden (Never allow anyone who could only get a government job attempt to tell you how to run your life.)
[ Post Reply | Private Reply | To 37 | View Replies]

To: Mannaggia l'America

If only the default ActiveX setting in IE had been "Off" the malware problem would probably be about 20% (or less) its current size.


63 posted on 02/07/2005 12:04:33 PM PST by Uncle Fud
[ Post Reply | Private Reply | To 33 | View Replies]

To: Mannaggia l'America

There is a difference between ActiveX and this setting. Active X is a major component of ie, this setting is nothing. That being said, this is an issue they need to look into, maybe they need to color the address bar when a site is using International URL's


64 posted on 02/07/2005 12:05:26 PM PST by N3WBI3
[ Post Reply | Private Reply | To 33 | View Replies]

To: thoughtomator
"how many guys are going to go to the police complaining they got ripped off/scammed by a porn site? People simply don't do it,"

Thousands of people report porn sites to the FBI and the police all the time.
That is how lots of porn sites managed to get themselves convicted of fraud and other Internet crimes.
Buying porn these days is done by all kinds of people from all walks of life, even including women.
Plus some of the guys who buy porn don't have much of a reputation to worry about anyway.
65 posted on 02/07/2005 12:05:31 PM PST by KwasiOwusu
[ Post Reply | Private Reply | To 50 | View Replies]

To: KwasiOwusu

Just more anti-Micros....waitaminut, this looks like someone else screwed up!


66 posted on 02/07/2005 12:06:04 PM PST by shellshocked
[ Post Reply | Private Reply | To 1 | View Replies]

To: KwasiOwusu

These guys can just run their sites from overseas, and the worst that can be done to them is to have their site shut down for a brief time.


67 posted on 02/07/2005 12:07:12 PM PST by thoughtomator (reporting from Cylon-occupied Caprica)
[ Post Reply | Private Reply | To 65 | View Replies]

To: contemplator
The attack can be disabled in Firefox and Mozilla by setting 'network.enableIDN' to false in the browser's configuration

That appears to be the default setting in Mozilla.

68 posted on 02/07/2005 12:09:30 PM PST by PAR35
[ Post Reply | Private Reply | To 5 | View Replies]

To: Hank Rearden
"Microsoft must have a lot of excess cash if they can afford to pay people to prop up that POS. Guess it's still cheaper than delivering a tight, efficient, competitive browser."

Tell that to the Firefox clowns. Looks like they badly need that piece of advice.


"Firefox Rocks, as usual"

Firefox rocks like Saddam Hussein in that foxhole.
And that is exactly where the crappy Firefox is headed to: A foxhole.
FireFOX to FOXhole. Get it? :)
69 posted on 02/07/2005 12:10:49 PM PST by KwasiOwusu
[ Post Reply | Private Reply | To 55 | View Replies]

To: contemplator

Thanks! You learn something new everyday. I love Firefox!


70 posted on 02/07/2005 12:10:59 PM PST by Lx (Tuesday is Soylent green day!)
[ Post Reply | Private Reply | To 5 | View Replies]

To: N3WBI3
"It does not work on Linux...."

Doesn't work on the Apple Mac, written by CRAPPLE.
Still got nothing to do with Microsoft.
71 posted on 02/07/2005 12:13:44 PM PST by KwasiOwusu
[ Post Reply | Private Reply | To 56 | View Replies]

To: TheOtherOne
So, it stays set to FALSE, but after a program restart. . . it no longer works. It only works from the time I toggle until I restart....is that what you are getting?

Yep, and that actually is a Firefox bug. The original problem isn't a bug as such, since the browser is interpreting and displaying the Unicode characters correctly. It's a design flaw of IDN that it didn't consider spoofing attacks using characters that look similar to ASCII.

72 posted on 02/07/2005 12:13:56 PM PST by ThinkDifferent (These pretzels are making me thirsty)
[ Post Reply | Private Reply | To 59 | View Replies]

To: KwasiOwusu

Heh heh, the funniest part is that the only reason IE isn't vulnerable is because it doesn't support the standard.


73 posted on 02/07/2005 12:14:24 PM PST by lainie
[ Post Reply | Private Reply | To 1 | View Replies]

To: Doohickey
i didn't claim their roll-out was a flop *because of* the choice of OS, merely that their flopped system was Windows XP based.

the incident where their "commercial net" (based on outlook) however, *does* qualify...

74 posted on 02/07/2005 12:14:39 PM PST by chilepepper (The map is not the territory -- Alfred Korzybski)
[ Post Reply | Private Reply | To 61 | View Replies]

To: KwasiOwusu
Doesn't work on the Apple Mac, written by CRAPPLE.

So are you 12, or just really bored?

75 posted on 02/07/2005 12:14:51 PM PST by ThinkDifferent (These pretzels are making me thirsty)
[ Post Reply | Private Reply | To 71 | View Replies]

To: KwasiOwusu

Than windows and OSX may have problems with their API, or the Standard itself needs to be rewritten. if Explorer is given a plugin to allow for international URL's it is also vulnerable..


76 posted on 02/07/2005 12:15:11 PM PST by N3WBI3
[ Post Reply | Private Reply | To 71 | View Replies]

To: Uncle Fud
If only the default ActiveX setting in IE had been "Off" the malware problem would probably be about 20% (or less) its current size.

And if only people wouldn't have written the malware...

Some ActiveX controls are useful. But also a big problem is users clicking "Yes" to everything, including the warning screens that display.

77 posted on 02/07/2005 12:17:15 PM PST by Mannaggia l'America
[ Post Reply | Private Reply | To 63 | View Replies]

To: thoughtomator
"These guys can just run their sites from overseas, and the worst that can be done to them is to have their site shut down for a brief time."

You'll find that a very high percentage of porn sites are operated right here in America, especially all those "naked housewives" and stuff like that.
Its a simple matter of following the money for the FBI. They gotta get their money somehow, mostly through credit card transactions.
Plus these days, even if you put your host server in Europe, Russia, Japan or even China, the FBI is still gonna get ya.
78 posted on 02/07/2005 12:20:11 PM PST by KwasiOwusu
[ Post Reply | Private Reply | To 67 | View Replies]

To: ThinkDifferent
"So are you 12, or just really bored?"

Repeat:
"Doesn't work on the Apple Mac, written by CRAPPLE"
That clear enough for you yet?
79 posted on 02/07/2005 12:21:49 PM PST by KwasiOwusu
[ Post Reply | Private Reply | To 75 | View Replies]

To: Always Right

Exactly - so no one should click on any link in an email. I never do, even if I know the person the email is from, because I cannot be sure it wasn't email generated by a virus.


80 posted on 02/07/2005 12:23:55 PM PST by cinives (On some planets what I do is considered normal.)
[ Post Reply | Private Reply | To 24 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-20 ... 41-6061-8081-100 ... 201-213 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson