azguy

IE is not affected by this. I guess this comes with the popularity after all.

I haven't seen this posted here yet.

Firefox can be easily exposed to sophisticated phishing attacks:

Visit http://www.shmoo.com/idn/ and see. PayPal's address appears not only in the status bar, but also after you click it. The HTTPS version of it is even scarier.

Fix:

1) Goto your Firefox address bar. Enter about:config and press enter. Firefox will load the (large!) config page.

2) Scroll down to the line beginning network.enableIDN -- this is International Domain Name support, and it is causing the problem here. We want to turn this off -- for now. Ideally we want to support international domain names, but not with this problem.

3) Double-click the network.enableIDN label, and Firefox will show a dialog set to 'true'. Change it to 'false' (no quotes!), click Ok. You are done.

4) Go check out the shmoo demo again and notice it no longer works.

Read more about this in http://www.boingboing.net/ (look up Shmoo Group exploit: 0wn any domain, no defense exists).

Spunky

Thanks for the heads up

__________________

azguy

Seems like you also need to clear the browser cache after applying the fix to actually see if it works.

xlogger

mhahahaha!!! NICE!!

__________________

----------
XLOGGER [REFLECTED] [OH]

Project-Shadow

Damn, so much for the uber firefox browser =/
Hopefully the users will be smart enough to realise something is up.

azguy

It was only a matter of time. The funny thing is that for the most part IE is not affected (those IE users who installed the i-Nav plug-in (http://www.idnnow.com/ - Internationalized Domain Names) are also vulnerable.

azguy

It's not that easy. The address bar shows the correct address. For SSL connections it even highlights it just like it does with any https address. Crazy shit.

http://www.shmoo.com/idn/homograph.txt

Thurbs

well nothing is perfect .. great find.

David!

If you were a hacker, would you bother writing spyware for a browser that is used by a few hundred people in the world?
Most likely, no.
But now that Firefox is gaining popularity and has broken the few millions users mark, hackers will start writing spyware for Firefox.

__________________
.

Antonio

keep using Firefox, guys
I'll stick to K-Meleon, been using it for years, it's about 100 times better than Firefox!

xlogger

Another error i found is that if you encript the urls it wont work in FireFox. If you mouse over the url below it looks fine. But click it, it wont work. It will only work in IE.


Link

__________________

----------
XLOGGER [REFLECTED] [OH]

azguy

And now they have the entire code available to help them

SmokeyTheBear

this isnt new ? theres been a few of these for firefox..

__________________
hatisblack at yahoo.com

azguy

VII. Timeline

2002 - Original paper published on homograph attacks
2002-2005 - Verisign pushes IDN, and browsers start adding support for it
Jan 19, 2005 - Vendors notified of vulnerability
Feb 6, 2005 - Public disclosure @shmoocon 2005

I guess some extension that fixes it will be available by one of the coders in a day or two.

undermyspell

It still surprises me that people go through links sent to them via email or otherwise when all they have to do is type in the url and go that way...

good information though for those that don't do type ins when they need to verify or change information

azguy

I set up a private home portal for my gf. LOL. It has all the links she needs on a daily basis. She knows this is the only trusted page on the net

pornguy

Thanks for the info.

__________________
PornGuy skype me pornguy_epic

AmateurDough The Hottes Shemales online!
TChicks.com | Angeles Cid | Mariana Cordoba | MAILERS WELCOME!

woj

Good info, thx for the heads up...

__________________
Custom Software Development, email: woj#at#wojfun#.#com to discuss details or skype: wojl2000 or gchat: wojfun or telegram: wojl2000
Affiliate program tools: Hosted Galleries Manager Banner Manager Video Manager
Wordpress Affiliate Plugin Pic/Movie of the Day Fansign Generator Zip Manager

Mike Okitch

Thanks for the info mate!

__________________
SIG TOO BIG! Maximum 120x60 button and no more than 3 text lines of DEFAULT SIZE and COLOR. Unless your sig is for a GFY top banner sponsor, then you may use a 624x80 instead of a 120x60.

Rochard

There are exploits in IE because it's the most commonly used browser. The more popular Firefox gets, the more problems it will have.

However, I really think IE will be the standard for some time to come. It's pre-installed on the most popular OS (windows) and people who don't know better will continue to use it.

__________________
“The choice is no longer between right or left. The choice is between normal and crazy.”
- Sarah Huckabee Sanders

YNOT MAIL | THE BEST ADULT MAILING SOLUTION

MrJackMeHoff

Whoopdy doo
When you load the page you can see the BS domain . If you get the plugin for firefox anyway it shows the true domain right up top. Also if you check the cert it shows all bs too.. I guess if your that stupid..

__________________

Triple 6

yo son i been done known this exploit back in 88 yo

muddafukkasheeettt

__________________
SIG TOO SMALL! Maximum 1200x600 button and no more than 30 text lines of ALL SIZES and COLORS. Unless your sig is for a GFY top banner sponsor, then you may use a 6240x4800 instead of a 1024x800.

FrankWhite

Der Schleicher

very helpful tips ! rock on!

__________________
Teeny Teen Girls - One of the best free pictures and videos online.
WEBMASTER - We offer free hosting and dream submitter sign up now!

QuaWee

wow, thanks man

__________________
i luv mainstream

zentz

your sig is big

__________________
Programs that owe me money ---- Epassporte.com ~ $2700 | Protraffic.com ~ $2600 | XonDemand.com ~ $3000

Email: [email protected]

chodadog

See, it's not that Microsoft are somehow slack when it comes to patching their shit it up, it's that they're the main focus because they have the browser market by it's balls. Now firefox is getting to a point where even though it's share is tiny compared to that of microsoft, it's becoming substantial and an exploit would be worthwhile to hackers. So expect firefox holes to be found more often with it's increasing popularity.

__________________
26 + 6 = 1

xclusive

thanks for the heads up but there are always work arounds for any software no big deal

__________________
I support MediumPimpin.com / Shemp's Outlawtgp.com /

Ron Bennett

Yes, for most folks using an english version OS / web browser, typing in a domain may be sufficient security...

However, in the world of IDNs, things do not work as one would always expect ...

For some folks using *non-english* software, typing in a domain is NO guarantee ... IDNs are not exact and thus there is much latitude in how software maps them to domains.

In a nutshell, there is no guarantee that folks typing a domain name in a non-english based OS / web browser - some will get the website they expect, some won't ... such "best guess" behavior is totally contrary to structure of the DNS system; ICANN was warned repeatedly about these threats and yet has allowed IDNs to go ahead anyways ...

Here's an example of something really spooky ...

Click to this thread below and see if you can spot the real amazon.com?

http://www.dnforum.com/showthread.php?t=81129

Ron

__________________
Domagon - Website Management and Domain Name Sales

LionDollars

thanks for the heads up!

__________________
We Now Have 4 Sex Dating sites. Not promoting Sex Dating? You are not earning!
http://www.LionDollars.com
16,000 Free Hosted Galleries JUST LAUNCHED.

CoinsCuties

You have to register for that link.

__________________

makingcoin.com
coinscuties.com

Ron Bennett

Opps ... here's a link to the same thread in their archives.

http://www.dnforum.com/archive/index.php/t-81129

Copy and paste (links in their archive aren't clickable) the first amazon.com link and try it, then copy and paste the second amazon.com link - they look exactly the same, but they are not and actually go to two different places!

Ron

__________________
Domagon - Website Management and Domain Name Sales

Ron Bennett

Bump for the day crew ...

The extremely flawed *implementation* of International Domain Names (IDNs) is an issue more folks need to be made aware of - if enough people bitch about this problem, ICANN / VeriSign (.com registry operator) will likely make some meaningful changes before the IDN spoofing problem gets totally out of control.

Ron

__________________
Domagon - Website Management and Domain Name Sales

colpanic

FYI, a patch is now available for FireFox.

That didn't take too long now did it

__________________
I like ducks.

Ron Bennett

The patch does NOT solve the bad implementation of IDNs ...

From my understanding, all the Firefox patch does is fix config revert problem - that is Firefox would not save whether IDN support was enabled/disabled across browser sessions.

A better fix would be for Firefox to disable IDN support by default, but not sure the bug fix does that.

To reiterate again, the Firefox patch does NOT solve the bad implementation of IDNs ... only ICANN can fix that...

Or alternatively, all software that relies on domain names needs to NOT support IDNs; filtering out of all punycode "xn--" domains by networks, software, etc.

Ron

__________________
Domagon - Website Management and Domain Name Sales