[OE] Bug in Mozilla/Netscape/Firefox and Opera, not IE

Archived from groups: alt.games.mame (More info?)

Since the implemenatation of special characters in URLs seems to not have
been made too well, all mentioned browser, which can deal with doamins
like <http://www.schön.de/>, have a bug allowing phisher to trick a user.

IE cannot be tricked in this case since it cannot deal with those domains
at all.

A demo is at <http://www.shmoo.com/idn/>. You see Paypal links, see the
Paypal URL when touching the link, and after you clicked at it you see
the Paypal URL in your URL field. But end up elsewhere.

Unfrtunately 3 more bugs came out for Mozilla based browsers. Fixes are
already in the Nighty Builds, but not beedn tested enough. In a few days
there should be official updates out for all browsers.
--
By(e) Andreas
Old school arcade classics at http://www.tombstones.org.uk/~ankman/
Linux without installation? http://www.knopper.net/knoppix/index-en.html
OE user? Ease the pain and try the better newsreader http://xnews.newsguy.com/
Registered as user #289125 with the Linux Counter http://counter.li.org/

Archived from groups: alt.games.mame (More info?)

Andreas Kohlbach <ankman@email.com> wrote in
newsnly_broken_newsreaders_show_this_in_the_body.m2braveptf.fsf@usenet.
ankman.de:

> Unfrtunately 3 more bugs came out for Mozilla based browsers. Fixes
> are already in the Nighty Builds, but not beedn tested enough. In a
> few days there should be official updates out for all browsers.

The reason IE isn't vulnerable is because it doesn't natively support
IDN; with the right plug-in, it too is vulnerable.

--
Do you want a free Gaming Console?
http://consoles.prizecube.com/?ref=12216

Archived from groups: alt.games.mame (More info?)

* Anti_Freak_Machine wrote in alt.games.mame:
> Andreas Kohlbach wrote:
>> Since the implemenatation of special characters in URLs seems to not have
>> been made too well, all mentioned browser, which can deal with doamins
>> like <http://www.schön.de/>, have a bug allowing phisher to trick a user.

>> IE cannot be tricked in this case since it cannot deal with those domains
>> at all.

>> A demo is at <http://www.shmoo.com/idn/>. You see Paypal links, see the
>> Paypal URL when touching the link, and after you clicked at it you see
>> the Paypal URL in your URL field. But end up elsewhere.

>> Unfrtunately 3 more bugs came out for Mozilla based browsers. Fixes are
>> already in the Nighty Builds, but not beedn tested enough. In a few days
>> there should be official updates out for all browsers.

> If you use Proxomitron a few filters were added that address this to the
> groups yahoo message board.

You mean there are people that run Windows and DON'T use Proxomitron?

Blasphemer!

--
David
Today you'll start getting heavy metal radio on your dentures.