Hell Freezes Over? Non-MIE Security Problem.



Hell must of frozen over, there is a new browser exploit that does not attack Internet Explorer.  According to a paper recently published by Eric Johanson of the Shmoo Group, users on most Mozilla-based browsers (Firefox 1.0, Camino .8.5, Mozilla 1.6, etc), Safari 1.2.5, Opera 7.54, Omniweb 5 are victim to a complex International Domain Name [IDN] spoof.

This new attack allows an attacker/phisher to spoof the domain/URLs of businesses. Every recent gecko/khtml based browser implements IDN (which is just about every browser except for Internet Explorer). The Smoo Group have created a proof of concept where the links are directed at “http://www.pаypal.com/”, which the browsers punycode handlers render as www.xn--pypal-4ve.com.  According to the group there is however an easy to way to detect you’re under a spoof attack, cut & paste the url you are accessing into notepad or some other tool (under OSX, paste into a terminal window) which will allow you to view what character set/pagecode the string is in. You can also view the details of the SSL cert etc.
You can read more on it at NeoWin

About geeknews

Todd Cochrane is the Founder of Geek News Central and host of the Geek News Central Podcast. He is a Podcast Hall of Fame Inductee and was one of the very first podcasters in 2004. He wrote the first book on podcasting, and did many of the early Podcast Advertising deals in the podcasting space. He does two other podcasts in addition to Geek News Central. The New Media Show and Podcast Legends.