Sign in with
Sign up | Sign in
Your question

[OE] Bug in Mozilla/Netscape/Firefox and Opera, not IE

Last response: in Video Games
Share
Anonymous
February 8, 2005 12:41:16 AM

Archived from groups: alt.games.mame (More info?)

Since the implemenatation of special characters in URLs seems to not have
been made too well, all mentioned browser, which can deal with doamins
like <http://www.schön.de/>, have a bug allowing phisher to trick a user.

IE cannot be tricked in this case since it cannot deal with those domains
at all.

A demo is at <http://www.shmoo.com/idn/&gt;. You see Paypal links, see the
Paypal URL when touching the link, and after you clicked at it you see
the Paypal URL in your URL field. But end up elsewhere.

Unfrtunately 3 more bugs came out for Mozilla based browsers. Fixes are
already in the Nighty Builds, but not beedn tested enough. In a few days
there should be official updates out for all browsers.
--
By(e) Andreas
Old school arcade classics at http://www.tombstones.org.uk/~ankman/
Linux without installation? http://www.knopper.net/knoppix/index-en.html
OE user? Ease the pain and try the better newsreader http://xnews.newsguy.com/
Registered as user #289125 with the Linux Counter http://counter.li.org/
Anonymous
February 8, 2005 7:19:51 AM

Archived from groups: alt.games.mame (More info?)

Andreas Kohlbach <ankman@email.com> wrote in
news:o nly_broken_newsreaders_show_this_in_the_body.m2braveptf.fsf@usenet.
ankman.de:

> Unfrtunately 3 more bugs came out for Mozilla based browsers. Fixes
> are already in the Nighty Builds, but not beedn tested enough. In a
> few days there should be official updates out for all browsers.

The reason IE isn't vulnerable is because it doesn't natively support
IDN; with the right plug-in, it too is vulnerable.

--
Do you want a free Gaming Console?
http://consoles.prizecube.com/?ref=12216
Anonymous
February 8, 2005 1:38:22 PM

Archived from groups: alt.games.mame (More info?)

Andreas Kohlbach wrote:
> Since the implemenatation of special characters in URLs seems to not have
> been made too well, all mentioned browser, which can deal with doamins
> like <http://www.schön.de/>, have a bug allowing phisher to trick a user.
>
> IE cannot be tricked in this case since it cannot deal with those domains
> at all.
>
> A demo is at <http://www.shmoo.com/idn/&gt;. You see Paypal links, see the
> Paypal URL when touching the link, and after you clicked at it you see
> the Paypal URL in your URL field. But end up elsewhere.
>
> Unfrtunately 3 more bugs came out for Mozilla based browsers. Fixes are
> already in the Nighty Builds, but not beedn tested enough. In a few days
> there should be official updates out for all browsers.

If you use Proxomitron a few filters were added that address this to the
groups yahoo message board.

--
Super Mike
"Mi asno querría un enano y un yate, por favor."
[My donkey would like a midget and a yacht, please.]
Related resources
February 9, 2005 9:21:35 AM

Archived from groups: alt.games.mame (More info?)

* Anti_Freak_Machine wrote in alt.games.mame:
> Andreas Kohlbach wrote:
>> Since the implemenatation of special characters in URLs seems to not have
>> been made too well, all mentioned browser, which can deal with doamins
>> like <http://www.schön.de/>, have a bug allowing phisher to trick a user.

>> IE cannot be tricked in this case since it cannot deal with those domains
>> at all.

>> A demo is at <http://www.shmoo.com/idn/&gt;. You see Paypal links, see the
>> Paypal URL when touching the link, and after you clicked at it you see
>> the Paypal URL in your URL field. But end up elsewhere.

>> Unfrtunately 3 more bugs came out for Mozilla based browsers. Fixes are
>> already in the Nighty Builds, but not beedn tested enough. In a few days
>> there should be official updates out for all browsers.

> If you use Proxomitron a few filters were added that address this to the
> groups yahoo message board.

You mean there are people that run Windows and DON'T use Proxomitron?

Blasphemer!

--
David
Today you'll start getting heavy metal radio on your dentures.
Anonymous
February 9, 2005 5:46:09 PM

Archived from groups: alt.games.mame (More info?)

SINNER wrote on 09. February 2005:
>
> * Anti_Freak_Machine wrote in alt.games.mame:
>> Andreas Kohlbach wrote:
>>> Since the implemenatation of special characters in URLs seems to not have
>>> been made too well, all mentioned browser, which can deal with doamins
>>> like <http://www.schön.de/>, have a bug allowing phisher to trick a user.
>
>>> IE cannot be tricked in this case since it cannot deal with those domains
>>> at all.
>
>>> A demo is at <http://www.shmoo.com/idn/&gt;. You see Paypal links, see the
>>> Paypal URL when touching the link, and after you clicked at it you see
>>> the Paypal URL in your URL field. But end up elsewhere.
>
>>> Unfrtunately 3 more bugs came out for Mozilla based browsers. Fixes are
>>> already in the Nighty Builds, but not beedn tested enough. In a few days
>>> there should be official updates out for all browsers.
>
>> If you use Proxomitron a few filters were added that address this to the
>> groups yahoo message board.
>
> You mean there are people that run Windows and DON'T use Proxomitron?

Yes, those use Privoxy. ;-)

Btw. just to see if it work: I also block the Google ads (aka Advertised
links) with it.

> Blasphemer!

Those you use nothing (and the IE) are masochists.
--
By(e) Andreas
Old school arcade classics at http://www.tombstones.org.uk/~ankman/
Linux without installation? http://www.knopper.net/knoppix/index-en.html
OE user? Ease the pain and try the better newsreader http://xnews.newsguy.com/
Registered as user #289125 with the Linux Counter http://counter.li.org/
!