IDN spoofing vulnerability in Gecko browsers

[Cian Duffy]

Err, last month called, they want their security vunerability back

This just seems, to a very angry (with the postal service here, that
is) and cynical me as a slightly more technically accurate 'virus
scare' email, like the good times one from many years ago; or those
mails with scare stories about Glade PlugIn air freshners, etc

This bug is fixed in Firefox CVS and possibily even in 1.0 by
reverting the domain to punycode - you see the real, 7 bit ASCII
domain name in the adress bar

Also, with the fonts most of us will be using on YDL, the
character-that-looks-like-an-a that they're using is much, much
narrower, so it looks differenct

Now, I've got to get back to my waiting in an An Post queuing system
for all eternity to shout at them.

Cian

On Tue, 8 Mar 2005 08:48:37 -0800, Longman, Bill <longman at sharplabs.com> wrote:
> OT PUBLIC SERVICE ANNOUNCEMENT
> 
> If you use Gecko based browsers, please be aware of a rather major spoofing
> hole.
> 
>   http://forums.mozillazine.org/viewtopic.php?t=215178
> 
> Phishing attacks abound nowadays and it's very very easy to fall prey to
> this. And if you don't believe how hard-to-find this vulnerability can be,
> take a look at this:
> 
>   http://www.shmoo.com/idn/
> 
> Follow the spoofed SSL links and try to find out that you're then on a bogus
> site. The only way is to check the certificate and notice that the domain
> you see in the address bar doesn't match the certificate's CN (Common Name).
> Good luck.
> 
> I suggest you all apply the mozillazine fix.
> _______________________________________________
> yellowdog-general mailing list
> yellowdog-general at lists.terrasoftsolutions.com
> http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general
> HINT: to Google archives, try  '<keywords> site:terrasoftsolutions.com'
> 


-- 
---------------------------
"We're busy running out of time"
Bernard Sumner, 1993