Log in

View Full Version : OT: Important Security Issue in Non-IE browsers


Sivran
February 8th, 2005, 01:14 AM
Ironically IE is NOT affected by this vulnerability.

...but then unless it has the plugin for it, it doesn't support this anyway!

Thread at DSLReports Security: The state of homograph attacks (http://www.dslreports.com/forum/remark,12603456~mode=flat)

Brief Summary: browsers supporting Punycode/IDN are vulnerable to a URL spoofing attack that can easily fool less sophisticated and complacent users. The address bar will contain the expected url (in text, not an image even!) and even the https: protocol and lock icon can be spoofed.

The most disturbing part of the story is this: (emphasis mine)


VI. Vendor Responses

Opera: They believe they have correctly implemented IDN, and will not be making any changes.




http://forum.shrapnelgames.com/images/smilies/eek.gif

Proof of concept link:
http://www.shmoo.com/idn/

There is a workaround for Mozilla browsers but it only partially works. In the meantime I suggest you type in/use a bookmark and never click links in emails. http://forum.shrapnelgames.com/images/smilies/wink.gif As for Opera users, show your displeasure by pirating...oh wait, I mean, by switching to Mozilla. http://forum.shrapnelgames.com/images/smilies/tongue.gif

Spoo
February 8th, 2005, 10:57 AM
http://forum.shrapnelgames.com/images/smilies/eek.gif

The fix for Firefix is pretty simple. Type about:config in the address bar. Scroll down until you see network.enableIDN then double-click it to change the value to false. This shouldn't hurt anything, since IE doesn't support this feature anyway (and the internet is IE-biased).

Sivran
February 9th, 2005, 12:22 AM
As noted in the DSLReports thread, that workaround doesn't work correctly. The behavior doesn't stick, although the setting does still appear. It will hopefully be soon fixed.

There is another workaround for Mozilla browsers that involves editing another file. This post (http://www.dslreports.com/forum/remark,12603456~mode=flat~days=9999~start=20#12607 819) contains it. Also see this one (http://www.dslreports.com/forum/remark,12603456~mode=flat~days=9999~start=20#12607 909).

There we go.

There's also a Proxo filter that Proxomitron users can add: This one (http://www.dslreports.com/forum/remark,12603456~mode=flat~days=9999~start=20#12607 087)