Guest Neubeatz Posted February 8, 2005 Report Share Posted February 8, 2005 FireFox fans across the world, grab the Kleenex!According to a paper recently published by Eric Johanson of the Shmoo Group, users on most Mozilla-based browsers (Firefox 1.0, Camino .8.5, Mozilla 1.6, etc), Safari 1.2.5, Opera 7.54, Omniweb 5 are victim to a complex International Domain Name [iDN] spoof.This new attack allows an attacker/phisher to spoof the domain/URLs of businesses. Every recent gecko/khtml based browser implements IDN (which is just about every browser except for Internet Explorer). The Smoo Group have created a proof of concept where the links are directed at "http://www.pаypal.com/", which the browsers punycode handlers render as www.xn--pypal-4ve.com.According to the group there is however an easy to way to detect you're under a spoof attack, cut & paste the url you are accessing into notepad or some other tool (under OSX, paste into a terminal window) which will allow you to view what character set/pagecode the string is in. You can also view the details of the SSL cert etc.You can disable IDN support in Mozilla products by setting 'network.enableIDN' to false. There is no known workaround for Opera or Safari. Vendor responses have been varied with VeriSign and Apple failing to respond but Opera believing they have correctly implemented IDN, and will not be making any changes (oops). Mozilla are currently working on finding a good long-term solution. The company provided a clear workaround for disabling IDN temporarily until it can better address the issue.This latest exploit will provide spammers with a way to trick FireFox, Opera and Safari users into thinking they're on a certain website. Commonly known as Phishing this latest attack by spammers and hackers is frighteningly common.Update: Many users are reporting the config change in Firefox does not work, currently there is no fix for Firefox.Links:http://www.neowin.net/comments.php?id=26989&category=mainhttp://www.kleenex.com/home.htmhttp://en.wikipedia.org/wiki/Phishinghttp://www.shmoo.com/idn/homograph.txt Quote Link to comment Share on other sites More sharing options...
Hog Posted February 8, 2005 Report Share Posted February 8, 2005 You geek!!! Quote Link to comment Share on other sites More sharing options...
Guest Zeenat Aman Posted February 8, 2005 Report Share Posted February 8, 2005 Grrr, computers are never going to be safe, especially for people who have no real knowledge about them... like me! I look forward to my next paypal payment going straight into the pocket of some lil shit in the states or whatever!? Quote Link to comment Share on other sites More sharing options...
Lawy Lawson:Attorney Posted February 8, 2005 Report Share Posted February 8, 2005 Should I back the internet up to disk or is it still safe to use the same internet as my neighbour? Quote Link to comment Share on other sites More sharing options...
psydoll Posted February 8, 2005 Report Share Posted February 8, 2005 Should I back the internet up to disk or is it still safe to use the same internet as my neighbour?I hope thou hasn't been coveting thy neighbour's Internet. Quote Link to comment Share on other sites More sharing options...
Teabags Posted February 8, 2005 Report Share Posted February 8, 2005 I hope thou hasn't been coveting thy neighbour's Internet.nah he's been humping his bum bum. Quote Link to comment Share on other sites More sharing options...
MattJimF Posted February 8, 2005 Report Share Posted February 8, 2005 work around here http://forums.mozillazine.org/viewtopic.php?t=215226&highlight=idn+spoof Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.