|
All you FireFox users, beware!
|
I saw that yesterday on a Mac site.
It is more a means of a way to do something malicious then anything else. Ironically it affects all browsers except IE. The people that make their living off of Phishing scams will love it. I'm guessing that we will see this hole quickly fixed. You can read about it here http://www.boingboing.net/2005/02/06..._exploit_.html |
i checked for updates and it said none were available..maybe i should go back to IE until it is fixed.
Anyone have an update page? |
Phoenix, Mozilla is working to find a long-term solution so don't expect any patches soon. Why go back to IE though? Mozilla currently has one exploit... IE has like millions... :) Here's a workaround from that first link posted:
Quote:
|
There's a workaround
http://www.shmoo.com/idn/homograph.txt Quote:
Search for "network.enableIDN" Double click it and it will change from "true" to "false". EDIT: Yeah what Verbal said ;) |
lol. :D
|
Yeah what Verbal said too. :)
For the Safari uses out there here is an unofficial patch. http://haoli.dnsalias.com/ |
The other thing you can do is stop clicking on links that look like your bank/credit card/paypal has suspended your account for unauthorized activity.
|
Quote:
Besides, if you look at the address bar while the page is being found, it displays the actual url that it's connecting to. cd34- love that sig.:D |
I love getting emails saying something is wrong with my Paypal account. Cuz I dont have one :D
Nor does my bank *ever* send an email. Ever. deleted deleted deleted |
The issue in the alternative browsers is that the below url MIGHT render differently depending on which character sets the user has support for. In some versions of firefox with limited fontsets, the à will be displayed as an a because it doesn't have the actual character. Thus, it looks like the right place, but, you're in the wrong place
http://www.pàypal.com http://www.ebày.com |
Wow *ONE* possible hole? I'm still sticking with my Firefox THANK YOU. Good point, compared to MSIE - ONE possible hole is nothing. lol
But thanks for the news/update - I hadn't heard about this yet. |headbang| |
I'd stick to Firefox if I were you. Avoid IE at all costs.
IE has severe security vulnerabilities and nothing will fix the app apart from a total rewrite. There are A LOT of public and non-public security flaws for IE that have no fix yet because MS is still working on them (some are 5months+ late) By non-public security flaws I mean ones that hackers find, keep to themselves and not reveal them to MS or the online community. So the average Joe thinks he is safe because he is totally patched up but he isn't. |
Thanks for the heads up, but as some people already said, I don't think that one exploit is enough to get back to IE which is full of them.
|
|
Quote:
|
Today saw about this problem on other board, and fixed my FireFox already.
No way i turn back to IE, since i never used it ;) |
Here's the company that 'discovered' the exploit and has a test so you can see.
http://secunia.com/multiple_browsers_idn_spoofing_test/ http://www.payp********l.com/ (this is the link that they have constructed) Not that I like Secunia much, I don't think they are an honest white-hat company, but, they are the only one that had a valid test that I could see. |
those bank emails are very convincing looking
There are a lot of stupid people out there my neighbors called me the other day because they couldnt get to a web site they thought they had a problem with their computer |
It's not so much that they are stupid as some people (many?) get a computer just to use e-mail and do basic word processing and web browsing.
Especially older people...they tend to really think the spam e-mails sent to them are...specifically for them. :( Couple days ago my friend called and told me you won't believe how stupid Patty's father is. Patty is his cousin's wife. He tells me that he got one of those e-mail from Nigeria where you need to just send a ceratin amount and they will send you back a lot more. Like someone is in prison or some shit... So...(and this isn't a joke) the guy sends them his life savings of $30k. He gets a cashiers check and goes to the bank to cash it. The FBI contacts him couple days later asking why he is doing this and tells him it's a scam- not to be involved in any way. They also told him he lost all his money and there was nothing they could do. Like the next week he got another Cashier's check for $120,000k - this time the bank is Canadian. He calls the Canadian bank to ask if it's a valid check. They tell him it is. He goes to Canada to cash it. FBI was waiting there. Now they are thinking he is in on it. He was desperate. Now he is in a Canadian jail and his savings is still gone of course. Fucked up, huh? Older people who are just getting a computer are most vulnerable to those very official looking e-mails made to look like they are from banks, paypal, ebay, etc... Ignorance is bad when you're hooked to the 'net. |
Thanks guys nice to see how fast we all get these things fixed!
|
Thanks Swedguy for the warning.
Regards, JohnShinil. |
ie all the way baby
|
Quote:
that fix only work for about 1 in 10 that try it... the big Moz - doesn't know why yet... but FF is still much safer than IE in my opinion... ~Bell p.s. the going back in FF version isn't a fix/fix either... nor is the uninstall and completely reinstall... doesn't work for everyone... very few in fact... guess those affected will have to wait for a patch... |
check this one out a person we know gets a job over the net and its a writing or some kind of review thing and the pay was 150.00 a week so 3 days later she gets a check for 1500.00 so she takes it to the bank and put it in her account, the next day she gets a email and it said we made a mistake wire us the difference so the bank messed up and didnt put a hold on it so off goes the money and the person is responsible for the money.. and its sad because it is allways someone honest or someone who needs to make a few extra bucks..
|
| All times are GMT -4. The time now is 06:53 AM. |
Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
© Greenguy Marketing Inc