Exploit for Non-Internet Explorer browsers

Discussion in 'other software & services' started by Firecat, Feb 10, 2005.

Thread Status:
Not open for further replies.
  1. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    8,251
    Location:
    The land of no identity :D
    East coast hacker con Shmoocon ended today and they had a nasty browser exploit to show off... using International Domain Name (IDN) character support to display fake domain names in links and the address bar.

    Their examples use Paypal (with SSL too) and this looks very useful for phishing attacks. Interesting note that it works in every browser *except* IE (which makes this exploit a lot less dangerous in the end, I suppose)."v The reason IE isn't vulnerable is because it doesn't natively support IDN; with the right plug-in, it too is vulnerable.

    Software liike FireFox and Opera have this vunerability.

    http://www.it.slashdot.org/it/05/02/07/1323206.shtml?tid=172&tid=113&tid=154&tid=95&tid=1
     
    Firecat, Feb 10, 2005
    #1
  2. Bethrezen

    Bethrezen Registered Member

    Joined:
    Apr 16, 2002
    Posts:
    546
    hi

    intresting read ill have to add the tweak suggested to stop this to the list
     
    Bethrezen, Feb 10, 2005
    #2
  3. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,934
    Location:
    SW. Oklahoma
    It sounds as if it is the same exploit discussed in this thread here
     
    bigc73542, Feb 10, 2005
    #3
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...