New browser exploit

[silence]

According to a paper recently published by Eric Johanson of the Shmoo Group, users on most Mozilla-based browsers (Firefox 1.0, Camino .8.5, Mozilla 1.6, etc), Safari 1.2.5, Opera 7.54, Omniweb 5 are victim to a complex International Domain Name [IDN] spoof.

This new attack allows an attacker/phisher to spoof the domain/URLs of businesses. Every recent gecko/khtml based browser implements IDN (which is just about every browser except for Internet Explorer). The Smoo Group have created a proof of concept where the links are directed at "http://www.pаypal.com/", which the browsers punycode handlers render as www.xn--pypal-4ve.com.

http://www.corestreet.com/spoofstick/firefox.html
extension that solves the problem (for Firefox) or at least shows real host (i find it little bit annoying cause it takes to much room on my bar, but its what you need if you dont want to get fooled).

hope this helps

 

[Unknown Soldier]

erm..

Yesterday, I blooged about a new exploit that attacked internationalized browsers and made it easy to run "phishing" attacks against them. Frank sez, " Firefox and Mozilla builds for last night repair the disableIDN toggle functionality so that it works as designed. Now you can permanently protect your browser from IDN miscreants." As Waxy points out, that took about 12 hours.

News Source: BoingBoing
Download: FireFox
Download: Mozilla

US

 

[silence]

fot those that dont want to use nightly builds....

LINK IS HERE

 

[Diplo]

Opera have a security fix too:

http://www.opera.com/download/?lng=en&ver=7.54u2