|
| View previous topic :: View next topic |
| Author |
Message |
TSS_Killer
|
 Posted: Tue Feb 08, 2005 12:39 am Post subject: SECURITY EXPLOIT : AFFECTS ALL BROWSERS EXCEPT IE |
 |
|
Ok people...this is urgent... I read that an exploit in IDN can allow url spoofing..THIS IS VERY DANGEROUS. TURN IDN OFF. Go into about:config in mozilla or firefox and set network.enableIDN to false. It is for all of our blaggers safety.
Read more about it here
http://www.shmoo.com/idn/homograph.txt
Thank you,
Demitri
Last edited by TSS_Killer on Fri Feb 11, 2005 3:51 am; edited 1 time in total |
_________________
BLAG 30000 user,it runs great...BLAG owns all distros, hands down. formally demitri_88 |
|
 |
jebba
|
| Posted: Tue Feb 08, 2005 12:54 am Post subject: |
|
|
FYI, your box isn't going to melt. This isn't a remote exploit or anything... ;)
Basically, what the exploit does is allow sites to /fake links/ (called phishing). So a site could have a link to http://www.paypal.com but it actually sends you to a different site. This can be done because it uses other "international" characters in the address.
A way to check to make sure that someone isn't sending you to the wrong address is to right click on the URL, "Copy Link Location" and paste it in gedit. If any of the characters look "weird" (e.g different font) then the URL is bogus.
-Jeff
|
|
|
|
Jason
|
| Posted: Tue Feb 08, 2005 7:02 pm Post subject: |
|
|
I thought the copy link location was a standard procedure for most users anyway? Maybe it is just me.
|
|
|
|
stevo32
|
| Posted: Wed Feb 09, 2005 1:24 am Post subject: |
|
|
No, he means like, paste it in GEdit and take a look. Because even if you paste it somewhere in Mozilla it'll still be warped. :( :( :(
|
_________________
E-mail me at s.clement@localhost (replace localhost with sympatico.ca) or stevo32@localhost (replace localhost with blagblagblag.org). |
|
|
Jason
|
| Posted: Thu Feb 10, 2005 6:47 pm Post subject: |
|
|
I posted my last post when at work booted in Windows using IE. So I got to see it anyways :) I meant though that most people should actually hand type URL's. How many people here use eBay or PayPal and get 9 million messages a week stating your account has been suspended etc. The URL always looks legit until you click it and then realise you have been screwed. So as a matter of precaution I always hand type URL's.
|
|
|
|
jebba
|
| Posted: Mon Feb 21, 2005 11:19 pm Post subject: |
|
|
http://weblogs.mozillazine.org/gerv/archives/007586.html
"New Short-Term Patch For IDN-based Spoofing
Darin Fisher, network supremo, has pulled it out of the bag and come up with a less drastic short-term solution to the IDN problem. It has just been checked in for all three upcoming releases. Read about it over in bug 282270, but basically IDN will still work, but all occurrences of IDN domains in the browser UI (URL bar, security info etc.) will be the punycode form. There is a pref to re-enable full IDN - set "network.IDN_show_punycode" to false. As with the previous plan, this preference will be set to true in all official builds.
As I've said in previous blogposts, turning off IDN entirely was always an suboptimal solution, and I'm very pleased we've managed to find a third way. The search goes on for something better long-term - I'm sure you'll all agree that, while showing the punycode domain all the time solves the immediate spoofing problem, the fewer browsers out there that do it, the better."
|
|
|
|
Chris
|
| Posted: Tue Feb 22, 2005 7:39 pm Post subject: |
|
|
Maybe it should be set to being off as default on the new Blag.
|
|
|
|
|
|
|
