Posted on 02/10/2005 7:31:00 PM PST by Eagle9
If it's a FireFox flaw it doesn't count, huh. I see. Well I'd rather have a browser that waits to get it right that to use a browser like FireFox that implemented it willy-nilly giving no thought to the security implications. Did they even think to test this first?
It's not a Firefox flaw, though. I don't even use Firefox, mostly.
It's a flaw in the IDN standard, sort of. It's really a flaw in Unicode, if you think about it. The problem is that multiple Unicode codes can refer to identical or nearly identical glyphs.
It's more of a social engineering thing, than a software flaw.
The same trick could be pulled using any "secure" application which allows Unicode characters in hostnames.
But it's not a browser flaw. Even Internet Explorer can be spoofed with look-alike characters in a URL - like substituting the number 0 (zero) for the letter "0".
For instance - WWW.MlCR0S0FT.COM is not the same as WWW.MICROSOFT.COM. But people can be fooled because of the the visual similarity. Can you spot the differences?
I will fault the firefox developers for having it on by default..
Word 2000 Supported PNGs. No question about it though, they screwed the pooch on this one. How you get from interpreting a graphic format into running arbitrary code in the local zone is just mind boggling to me.
Thanks for the advice. I'm a complete feeb. In fact, I have to wear a bib since I'm such a slobbering idiot. Gonna run right out and get me a clue soon as I can.
No problem. I'm here to help. Have a nice weekend. :)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.