Exploit for Non-Internet Explorer browsers

Discussion in 'other software & services' started by Firecat, Feb 10, 2005.

Thread Status:
Not open for further replies.
  1. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    East coast hacker con Shmoocon ended today and they had a nasty browser exploit to show off... using International Domain Name (IDN) character support to display fake domain names in links and the address bar.

    Their examples use Paypal (with SSL too) and this looks very useful for phishing attacks. Interesting note that it works in every browser *except* IE (which makes this exploit a lot less dangerous in the end, I suppose)."v The reason IE isn't vulnerable is because it doesn't natively support IDN; with the right plug-in, it too is vulnerable.

    Software liike FireFox and Opera have this vunerability.

    http://www.it.slashdot.org/it/05/02/07/1323206.shtml?tid=172&tid=113&tid=154&tid=95&tid=1
     
  2. Bethrezen

    Bethrezen Registered Member

    Joined:
    Apr 16, 2002
    Posts:
    546
    hi

    intresting read ill have to add the tweak suggested to stop this to the list
     
  3. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    It sounds as if it is the same exploit discussed in this thread here
     
Loading...
Thread Status:
Not open for further replies.