Your Ad Here Your Ad Here
Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: new flaw makes your megahertz vulnerable

  1. #1
    muchspl2
    Guest
    http://www.technewsworld.com/rsstory/40447.html

    Spoofing Flaw Hits Web Browsers

    By Steve Ranger
    VNUNet.com
    02/09/05 8:54 AM PT

    The spoofing problem is due to an unintended result of the International Domain Name implementation, which allows the use of international characters in domain names, security firm Secunia said.

    A newly discovered security flaw in popular browsers including Firefox and Opera could be exploited by hackers to carry out phishing scams, security experts have warned.

    Security services company Secunia issued an advisory detailing the issue, which allows for spoofing of Web addresses. The flaw could be exploited by a malicious Web site to spoof the URL displayed in the address bar, SSL certificate and status bar.


    Domain Name Danger
    The problem is due to an unintended result of the International Domain Name implementation, which allows the use of international characters in domain names, the company said.

    This can be exploited by registering domain names with certain international characters that resemble other commonly used characters, causing the user to believe that they are on a trusted site.

    Scrutinize Sources
    Secunia stressed that users should not follow links from untrusted sources, and should manually type the URL in the address bar. The flaw has been confirmed in the following browsers:

    Mozilla 1.7.5, Firefox 1.0, Opera 7.54u1 and 7.54u2, Konqueror 3.2.2, Netscape 7.2, and Safari 1.2.4 (v125.1).

    Secunia warned that other versions may also be affected. The company has constructed a test to check whether your browser is affected by this issue.

  2. Software & Hardware   -   #2

  3. Software & Hardware   -   #3
    McrslV's Avatar Hammer Smashed Face
    Join Date
    Jun 2003
    Location
    who me?
    Age
    45
    Posts
    1,650
    so this would be the reason firefox is better than IE?
    i use IE, i get page cannot be displayed. what are we supposed to see in that test if we pass?

  4. Software & Hardware   -   #4
    bigdawgfoxx's Avatar Big Dawg
    Join Date
    Apr 2003
    Location
    Texas
    Age
    29
    Posts
    3,833
    If it has this page cannot be displayed I think we are NOT vulnerable

    Result
    You are vulnerable, if a new window is opened displaying a Secunia page, but the address bar is displaying "http://www.paypal.com/".

    GO IE!
    [SIZE=1]AMD 4200 X2 @ 2.65Ghz, ASRock 939-VSTA
    1.75GB PC3200, 2 X 160GB Seagate w/ 8MB Buffer
    HIS Radeon X800 Pro, Antec Super Lanboy Aluminum

  5. Software & Hardware   -   #5
    DarthInsinuate's Avatar Died in battle
    Join Date
    Jan 2003
    Location
    Arkham Asylum
    Posts
    5,001
    according to MozillaZine

    Some websites have noted that Internet Explorer is safe from this issue. We would like to point out that this is misleading, since Internet Explorer has not implemented IDN
    so IE is safe because it hasn't implemented this nice new browser feature
    The Sexay Half Of ABBA And Max: Freelance Plants

  6. Software & Hardware   -   #6
    orcutt989's Avatar Blargh
    Join Date
    Dec 2003
    Location
    States
    Posts
    2,227
    Why are international characters a security vulnerability?

  7. Software & Hardware   -   #7
    4play's Avatar knob jockey
    Join Date
    Jan 2003
    Location
    London
    Age
    35
    Posts
    5,530
    because you can make some of the letters and numbers look like others. i can register a site that will look exactly like www.ebay.com even though it would be a different domain.

    we all love slating microsoft for including active-x but it seems the firefox team included this with little regard for security and its now a security hold big enough for plenty of phishers to drive a truck through.

  8. Software & Hardware   -   #8
    tesco's Avatar woowoo
    Join Date
    Aug 2003
    Location
    Canadia
    Posts
    24,069
    OH NOES!! our megahurtz can be st0eled!!!11 :crying:

    Firefox, opera, mozilla, netscape, all vulnerable, and IE is not? WTF?
    Last edited by tesco; 02-11-2005 at 01:42 AM.

  9. Software & Hardware   -   #9
    uNz[i]'s Avatar Out of order
    Join Date
    Mar 2003
    Posts
    2,259
    Found a quick and dirty workaround to close the hole in Firefox 1.0.

    They have a sticky thread dealing with this issue at the Mozillazine Forum. Thier fix gets disabled if you install a new extension or theme, so no method is 100% perfect just yet.
    Last edited by uNz[i]; 02-11-2005 at 02:40 AM.

  10. Software & Hardware   -   #10
    McrslV's Avatar Hammer Smashed Face
    Join Date
    Jun 2003
    Location
    who me?
    Age
    45
    Posts
    1,650
    Quote Originally Posted by DarthInsinuate
    according to MozillaZine



    so IE is safe because it hasn't implemented this nice new browser feature
    doesnt seem ATM to be such a nice new feature

    IE gets me to the same internet you firefox, opera, etc..people are looking at.
    I used firefox, and the plug in thing just got on my nerves. but i hope they get this issue resolved for you guys that use those browsers.

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •