Shmoo Group Finds Exploit For non-IE Browsers 621
shut_up_man writes "Saw this on Boing Boing: East coast hacker con Shmoocon ended today and they had a nasty browser exploit to show off... using International Domain Name (IDN) character support to display fake domain names in links and the address bar. Their examples use Paypal (with SSL too) and this looks very useful for phishing attacks. Interesting note that it works in every browser *except* IE (which makes this exploit a lot less dangerous in the end, I suppose)."v The reason IE isn't vulnerable is because it doesn't natively support IDN; with the right plug-in, it too is vulnerable.
Canned Slashdot Response (Score:5, Funny)
Switch (Score:5, Funny)
Call me a flamer.... errr (Score:1, Funny)
Erm of course... if I was French, I would just sed 's/English/French/' that last sentence and you wouldn't set me -1 Flaimbait.
I'm waiting the patch from MS (Score:5, Funny)
Strength from weakness (Score:3, Funny)
IE is safer because it doesn't support a feature? Don't worry, I'm sure the plug-in will be installed with the next security update!
Re:Why? (Score:1, Funny)
New Microsoft Security Mantra (Score:2, Funny)
Rebuttals (Score:5, Funny)
I wouldn't call that an exploit... (Score:1, Funny)
It's merely a "trick".
Anyone should know better than to base their trust on being on a particular, secure web page only on the address shown in the address bar! Everyone should know that they shouldn't access secure web pages from external links.
If you write "Pope" on your forehead, do you think people will believe you're the pope? An by the way, funny that for once, the lack of a functionality actually "saves" IE, for one of the biggest security concern is ActiveX...
Comment removed (Score:1, Funny)
Re:Another IDN bug on Firefox (Score:2, Funny)
Re:Another IDN bug on Firefox (Score:1, Funny)
Re:Another IDN bug on Firefox (Score:5, Funny)
There is! Run I.E. in a VirtualPC window.
You're being too elitist (Score:5, Funny)
Uh-oh, looks like my "delete" key stopped working again. Must need another
The old MS spoofing quick-patch... (Score:4, Funny)