FAQ   Search   Memberlist  
Profile    Log in to check your private messages    Register    Log in
SECURITY EXPLOIT : AFFECTS ALL BROWSERS EXCEPT IE

 
Post new topic   Reply to topic    BLAG Forum Index -> open discussion
View previous topic :: View next topic  
Author Message
TSS_Killer
PostPosted: Tue Feb 08, 2005 12:39 am    Post subject: SECURITY EXPLOIT : AFFECTS ALL BROWSERS EXCEPT IE Reply with quote

Ok people...this is urgent... I read that an exploit in IDN can allow url spoofing..THIS IS VERY DANGEROUS. TURN IDN OFF. Go into about:config in mozilla or firefox and set network.enableIDN to false. It is for all of our blaggers safety.

Read more about it here

http://www.shmoo.com/idn/homograph.txt

Thank you,

Demitri



Last edited by TSS_Killer on Fri Feb 11, 2005 3:51 am; edited 1 time in total

_________________
BLAG 30000 user,it runs great...BLAG owns all distros, hands down. formally demitri_88
jebba
PostPosted: Tue Feb 08, 2005 12:54 am    Post subject: Reply with quote

FYI, your box isn't going to melt. This isn't a remote exploit or anything... ;)

Basically, what the exploit does is allow sites to /fake links/ (called phishing). So a site could have a link to http://www.paypal.com but it actually sends you to a different site. This can be done because it uses other "international" characters in the address.

A way to check to make sure that someone isn't sending you to the wrong address is to right click on the URL, "Copy Link Location" and paste it in gedit. If any of the characters look "weird" (e.g different font) then the URL is bogus.

-Jeff

Jason
PostPosted: Tue Feb 08, 2005 7:02 pm    Post subject: Reply with quote

I thought the copy link location was a standard procedure for most users anyway? Maybe it is just me.
stevo32
PostPosted: Wed Feb 09, 2005 1:24 am    Post subject: Reply with quote

No, he means like, paste it in GEdit and take a look. Because even if you paste it somewhere in Mozilla it'll still be warped. :( :( :(

_________________
E-mail me at s.clement@localhost (replace localhost with sympatico.ca) or stevo32@localhost (replace localhost with blagblagblag.org).
Jason
PostPosted: Thu Feb 10, 2005 6:47 pm    Post subject: Reply with quote

I posted my last post when at work booted in Windows using IE. So I got to see it anyways :) I meant though that most people should actually hand type URL's. How many people here use eBay or PayPal and get 9 million messages a week stating your account has been suspended etc. The URL always looks legit until you click it and then realise you have been screwed. So as a matter of precaution I always hand type URL's.
jebba
PostPosted: Mon Feb 21, 2005 11:19 pm    Post subject: Reply with quote

http://weblogs.mozillazine.org/gerv/archives/007586.html

"New Short-Term Patch For IDN-based Spoofing

Darin Fisher, network supremo, has pulled it out of the bag and come up with a less drastic short-term solution to the IDN problem. It has just been checked in for all three upcoming releases. Read about it over in bug 282270, but basically IDN will still work, but all occurrences of IDN domains in the browser UI (URL bar, security info etc.) will be the punycode form. There is a pref to re-enable full IDN - set "network.IDN_show_punycode" to false. As with the previous plan, this preference will be set to true in all official builds.

As I've said in previous blogposts, turning off IDN entirely was always an suboptimal solution, and I'm very pleased we've managed to find a third way. The search goes on for something better long-term - I'm sure you'll all agree that, while showing the punycode domain all the time solves the immediate spoofing problem, the fewer browsers out there that do it, the better."

Chris
PostPosted: Tue Feb 22, 2005 7:39 pm    Post subject: Reply with quote

Maybe it should be set to being off as default on the new Blag.
Display posts from previous:   
Post new topic   Reply to topic    BLAG Forum Index -> open discussion
Page 1 of 1

Protected by Anti-Spam ACP