Non-Microsoft Browsers Have Spoofing Flaw

Netcraft ^ | 2/7/2005 | Netcraft

[KwasiOwusu]

All non-Microsoft browers include a flaw that allows URL spoofing using Unicode characters, which can be exploited by phishing scams seeking to steal login information for online banking accounts. The spoofing flaw, which is demonstrated on the web site of the Shmoo Group, works in the Firefox, Mozilla and Opera browsers, as well as the Safari browser for Macs.
The spoof exploits flaws in how the browsers interpret Unicode characters. A link using Unicode characters to replace the letter "a" in "Paypal" will display as www.paypal.com in the browser, but send users to www.xn--pypal-4ve.com - which then displays "www.paypal.com" in its address bar. A similar spoof works on SSL-enabled URLs (https) commonly used on banking and e-commerce sites.

Unicode is a broader character set that includes non-English characters as well as symbols, which is being used on the Internet to support Internationalized Domain Names (IDN). The affected browsers support IDN, while Microsoft's Internet Explorer does not.

[Altamira]

I'm a huge fan of Firefox. Much better than Exploder.

I just made the change you suggested; thanks for the tip.

[Altamira]

" However according to several posters on Slashdot, that setting isn't saved once you quit and relaunch Firefox."

These people are wrong; I just tested this in response to your post.

[akorahil]

Hey, thanks for the fix!

Implemented.

[Hank Rearden]

It's pretty funny: every time Kweezy puts up one of these let's-prop-up-InternetExploder-a-little-while-longer threads, more people discover and switch to Firefox.

You're not helping your boss Bill, Kweezy.

[Labyrinthos]

From the above referenced article - "...The attack can be disabled in Firefox and Mozilla by setting 'network.enableIDN' to false in the browser's configuration (enter about:config in the address bar to access the configuration fucntions). "

Explain that to the average computer 'tard who barely knows how to turn the pc on and off let alone configure a program.

[rwfromkansas]

Right. If I looked down at the bar at the bottom of the screen, and it said paypal.com, and I went up at the address bar and it said paypal.com, I would think the site legit.

In the past, it was easy to spot a spoofed site, as it would redirect you to a page in which you could clearly see it was not where it supposedly was taking now.

Well, not anymore....will be checking the code if that crap happens.

[Don Simmons]

I have an idea! Let's start catching the booger-eating, snorting, chat room, "tech-savvy" mouth-breathers who instigate viruses, spoofing, spyware, etc. -- and begin sentencing them to lengthy prison terms for the amount of damage and general trouble they cause in this world!!!

Once one or two get their sentences publicized - I bet this crap would slow to a snail's pace, if not halt altogether.

Of course, many of them are the same geeks who develop new technology that serves actual valuable purposes....but it sure would drive the point home, wouldn't it?

[ChefKeith]

Thank You!

[Doohickey]

How about we get one of these crap weasels, tie him spreadeagle to the hood of a car and drive around the country charging $5 apiece to kick him in the nuts?

[KwasiOwusu]

"It's pretty funny: every time Kweezy puts up one of these let's-prop-up-InternetExploder-a-little-while-longer threads, more people discover and switch to Firefox"

Firefox : 5% and springing security holes faster than a Michael Moore "documentary" springs falsehoods.
IE : approx 90%.
'Nuff said

[Don Simmons]

Damn - I like the way you think!!!!

[Viking2002]

LMAO!

[Hank Rearden]

Every time you pull those numbers out of your . . . . ummmm . . . hat, the IE number is smaller and the Firefox (which Rocks) number is bigger.

Keep it up!

[KwasiOwusu]

"IE number is smaller and the Firefox (which Rocks) number is bigger."

Ummm .. Firefox still 5%.
Your shill hasn't still made any difference to it.

[RobRoy]

BUMP to do this to my home computer as well.

[TruBluKentuckian]

Well... hello Mr. Gates... didn't know you were a Freeper.

[ChefKeith]

PING!

[Hank Rearden]

Look around this thread, Kweezy. Or any Firefox thread.

Note the vox populi.

IE is done.

[KwasiOwusu]

"Well... hello Mr. Gates... didn't know you were a Freeper."

Hey Linus, or is it Me Raymond?
Still shilling for your copied open source crap are we?