PDA

View Full Version : Horrible exploit of unicode urls affects all browsers but IE



cjolley
7th February 2005, 12:20
It doesnt affect IE because IE doesn't support unicode urls yet.
Though a unicode url plug-in for IE will cause it to do the same thing.

This one is BAD:eek:
http://www.boingboing.net/2005/02/06/shmoo_group_exploit_.html

chuck

PS And the work around (network.enableIDN=false) they posted for Mozilla does not work.

az
7th February 2005, 13:06
Yes, it's a bad exploit.

As a rule of thumb: If you visit your bank's site, paypal, etc., never follow a link; always type in the URL yourself or visit from a bookmark (if you trust your bookmarks haven't been modified).
Use your browser's built-in password manager instead of typing in your password every time, it won't work on faked sites, giving you a hint that this is not the correct site, and you don't run the risk of submitting your password to a phishing site.
These two methods make you immune to all but the most elaborate phishing attacks.

AZ

Helevitia
7th February 2005, 14:39
Originally posted by cjolley PS And the work around (network.enableIDN=false) they posted for Mozilla does not work.



"I had the same problem in the same browser until I used Tools/Options/Privacy to clear the browser's cache. After clearing the cache, the network.enableIDN setting *does* appear to prohibit the exploit."

Jon P. Inghram
7th February 2005, 15:16
Just tried the "fix" + clearing the cache, didn't seem to make any difference in Firefox 1.0.

Ahah, found the problem: the setting isn't loaded when the browser starts, it only lasts during the session that you set it in.

And finally, a functional work-around: http://forums.mozillazine.org/viewtopic.php?t=215178

cjolley
8th February 2005, 06:45
That work-around works :up:
( the compreg.dat one)

NB.
1, It is a per/user change, you you must do it for each user.
2, Anything you do to firefox that causes compreg.dat to be rebuilt will un-fix it.

Also, I changed the copy of compreg.dat in "C:\Program Files\Mozilla Firefox\components" also.
It didn't seem to break anything....
Maybe that will make the change permanent

Chuck

The PIT
8th February 2005, 10:17
I had to edit the compreg.dat as well.

cjolley
14th February 2005, 07:37
This is a permanent fix using the adblock extention:

http://users.tns.net/~skingery/weblog/2005/02/workaround-for-idn-spoofing-issue.html

chuck

Marshmallowman
14th February 2005, 17:16
Yay, That works cjolley

Fat Tone
18th February 2005, 00:46
I got a phishing email pretending to be from Barclays Bank today...looks like they are trying something simillar in the From and Subject lines to fool anti-spam s/w:

From: &#066&#0097rclays [Camille@barclays.co.uk] Sent: Fri 18/02/2005 06:38
To: xxx
Cc:
Subject: Barc*yal‬s e-ma&#105l ver&#105&#102ication - xxx
Attachments:


Spam Assasin got it though :)

Edit: Shite - that displays properly on this page! Click on the 'quote' button to see it for what it is.

The PIT
18th February 2005, 11:08
Fill it in to get them excited.

Sasq
18th February 2005, 18:16
Originally posted by Fat Tone
I got a phishing email pretending to be from Barclays Bank today...looks like they are trying something simillar in the From and Subject lines to fool anti-spam s/w:


From: &#066&#0097rclays [Camille@barclays.co.uk] Sent: Fri 18/02/2005 06:38
To: xxx
Cc:
Subject: Barc*yal‬s e-ma&#105l ver&#105&#102ication - xxx
Attachments:


Spam Assasin got it though :)

Edit: Shite - that displays properly on this page! Click on the 'quote' button to see it for what it is.

It will as I set the pages to display in unicode

Fat Tone
19th February 2005, 11:37
I tried the [ code ] tag, didn't know about [ php ]. Ta.