 |
|
|
|
|
|
|
|
|
2005-02-08, 03:15 AM
|
#1 |
|
Vagabond
Join Date: Aug 2003
Posts: 2,374
 |
All you FireFox users, beware!
|
|
|
|
2005-02-08, 08:22 AM
|
#2 |
|
Subversive filth of the hedonistic decadent West
Join Date: Mar 2003
Location: Southeast Florida
Posts: 27,936
|
I saw that yesterday on a Mac site.
It is more a means of a way to do something malicious then anything else. Ironically it affects all browsers except IE. The people that make their living off of Phishing scams will love it. I'm guessing that we will see this hole quickly fixed. You can read about it here http://www.boingboing.net/2005/02/06..._exploit_.html |
|
|
|
|
2005-02-08, 11:04 AM
|
#3 |
|
Trying is the first step towards failure
Join Date: Jan 2004
Posts: 126
|
i checked for updates and it said none were available..maybe i should go back to IE until it is fixed.
Anyone have an update page? |
|
|
|
|
2005-02-08, 11:10 AM
|
#4 | |
|
Verbal prefers 56K
Join Date: Sep 2003
Location: Chicago, IL
Posts: 563
|
Phoenix, Mozilla is working to find a long-term solution so don't expect any patches soon. Why go back to IE though? Mozilla currently has one exploit... IE has like millions...
 Here's a workaround from that first link posted:Quote:
__________________
Verbal |
|
|
|
|
|
2005-02-08, 11:11 AM
|
#5 | |
|
Vagabond
Join Date: Aug 2003
Posts: 2,374
|
There's a workaround
http://www.shmoo.com/idn/homograph.txt Quote:
Search for "network.enableIDN" Double click it and it will change from "true" to "false". EDIT: Yeah what Verbal said  |
|
|
|
|
|
2005-02-08, 11:15 AM
|
#6 |
|
Verbal prefers 56K
Join Date: Sep 2003
Location: Chicago, IL
Posts: 563
|
lol.
__________________
Verbal |
|
|
|
|
2005-02-08, 11:16 AM
|
#7 |
|
Subversive filth of the hedonistic decadent West
Join Date: Mar 2003
Location: Southeast Florida
Posts: 27,936
|
Yeah what Verbal said too.
For the Safari uses out there here is an unofficial patch. http://haoli.dnsalias.com/ |
|
|
|
|
2005-02-08, 11:50 AM
|
#8 |
|
a.k.a. Sparky
Join Date: Sep 2004
Location: West Palm Beach, FL, USA
Posts: 2,396
|
The other thing you can do is stop clicking on links that look like your bank/credit card/paypal has suspended your account for unauthorized activity.
__________________
SnapReplay.com a different way to share photos - iPhone & Android |
|
|
|
|
2005-02-08, 12:19 PM
|
#9 | |
|
Certified Nice Person
Join Date: Oct 2003
Location: Dirty Undies, NY
Posts: 11,268
|
Quote:
Besides, if you look at the address bar while the page is being found, it displays the actual url that it's connecting to. cd34- love that sig.
__________________
Click here to purchase a bridge I'm selling. |
|
|
|
|
|
2005-02-08, 12:24 PM
|
#11 |
|
a.k.a. Sparky
Join Date: Sep 2004
Location: West Palm Beach, FL, USA
Posts: 2,396
|
The issue in the alternative browsers is that the below url MIGHT render differently depending on which character sets the user has support for. In some versions of firefox with limited fontsets, the à will be displayed as an a because it doesn't have the actual character. Thus, it looks like the right place, but, you're in the wrong place
http://www.pàypal.com http://www.ebày.com
__________________
SnapReplay.com a different way to share photos - iPhone & Android |
|
|
|
|
2005-02-08, 12:32 PM
|
#12 |
|
No offence Apu, but when they were handing out religions you must have been out taking a whizz
Join Date: Apr 2003
Location: California, USA
Posts: 284
 |
Wow *ONE* possible hole? I'm still sticking with my Firefox THANK YOU. Good point, compared to MSIE - ONE possible hole is nothing. lol
But thanks for the news/update - I hadn't heard about this yet.  |
|
|
|
|
2005-02-08, 02:37 PM
|
#13 |
|
Rock stars ... is there anything they don't know?
Join Date: Nov 2004
Posts: 12
|
I'd stick to Firefox if I were you. Avoid IE at all costs.
IE has severe security vulnerabilities and nothing will fix the app apart from a total rewrite. There are A LOT of public and non-public security flaws for IE that have no fix yet because MS is still working on them (some are 5months+ late) By non-public security flaws I mean ones that hackers find, keep to themselves and not reveal them to MS or the online community. So the average Joe thinks he is safe because he is totally patched up but he isn't. |
|
|
|
|
2005-02-08, 02:57 PM
|
#14 |
|
Hey, can you take the wheel for a second, I have to scratch my self in two places at once
Join Date: Jul 2004
Posts: 182
|
Thanks for the heads up, but as some people already said, I don't think that one exploit is enough to get back to IE which is full of them.
__________________
ICQ: 110-990-327 |
|
|
|
|
2005-02-08, 05:27 PM
|
#15 |
|
Don't come to Florida for vacation. We're closed.
Join Date: Nov 2003
Location: Orlando, Florida
Posts: 1,874
|
|
|
|
|
|
2005-02-08, 05:55 PM
|
#16 | |
|
Hey, can you take the wheel for a second, I have to scratch my self in two places at once
Join Date: Jul 2004
Posts: 182
|
Quote:
__________________
ICQ: 110-990-327 |
|
|
|
|
|
2005-02-08, 08:22 PM
|
#17 |
|
Shut up brain, or I'll stab you with a Q-tip!
Join Date: May 2004
Location: Bulgaria
Posts: 113
 |
Today saw about this problem on other board, and fixed my FireFox already.
No way i turn back to IE, since i never used it
__________________
|
|
|
|
|
2005-02-09, 11:27 AM
|
#18 |
|
a.k.a. Sparky
Join Date: Sep 2004
Location: West Palm Beach, FL, USA
Posts: 2,396
|
Here's the company that 'discovered' the exploit and has a test so you can see.
http://secunia.com/multiple_browsers_idn_spoofing_test/ http://www.payp********l.com/ (this is the link that they have constructed) Not that I like Secunia much, I don't think they are an honest white-hat company, but, they are the only one that had a valid test that I could see.
__________________
SnapReplay.com a different way to share photos - iPhone & Android |
|
|
|
|
2005-02-09, 11:47 AM
|
#19 |
|
NYC Boy That Moved To The Island
Join Date: Apr 2003
Posts: 2,940
|
those bank emails are very convincing looking
There are a lot of stupid people out there my neighbors called me the other day because they couldnt get to a web site they thought they had a problem with their computer
__________________
Accepting New partners |
|
|
|
|
2005-02-09, 12:42 PM
|
#20 |
|
Don't come to Florida for vacation. We're closed.
Join Date: Nov 2003
Location: Orlando, Florida
Posts: 1,874
|
It's not so much that they are stupid as some people (many?) get a computer just to use e-mail and do basic word processing and web browsing.
Especially older people...they tend to really think the spam e-mails sent to them are...specifically for them.  Couple days ago my friend called and told me you won't believe how stupid Patty's father is. Patty is his cousin's wife. He tells me that he got one of those e-mail from Nigeria where you need to just send a ceratin amount and they will send you back a lot more. Like someone is in prison or some shit... So...(and this isn't a joke) the guy sends them his life savings of $30k. He gets a cashiers check and goes to the bank to cash it. The FBI contacts him couple days later asking why he is doing this and tells him it's a scam- not to be involved in any way. They also told him he lost all his money and there was nothing they could do. Like the next week he got another Cashier's check for $120,000k - this time the bank is Canadian. He calls the Canadian bank to ask if it's a valid check. They tell him it is. He goes to Canada to cash it. FBI was waiting there. Now they are thinking he is in on it. He was desperate. Now he is in a Canadian jail and his savings is still gone of course. Fucked up, huh? Older people who are just getting a computer are most vulnerable to those very official looking e-mails made to look like they are from banks, paypal, ebay, etc... Ignorance is bad when you're hooked to the 'net. |
|
|
|
|
2005-02-09, 01:04 PM
|
#21 |
|
I'm going to the backseat of my car with the woman I love, and I won't be back for TEN MINUTES
Join Date: Apr 2003
Location: Vancouver B.C. Canada
Posts: 89
|
Thanks guys nice to see how fast we all get these things fixed!
__________________
michael@twistys.com ICQ: 348682342 |
|
|
|
|
2005-02-09, 02:02 PM
|
#22 |
|
WHO IS FONZY!?! Don't they teach you anything at school?
Join Date: Jan 2005
Posts: 40
|
Thanks Swedguy for the warning.
Regards, JohnShinil. |
|
|
|
|
2005-02-09, 03:28 PM
|
#23 |
|
The only guys who wear Hawaiian shirts are gay guys and big fat party animals
Join Date: Jun 2004
Posts: 175
|
ie all the way baby
__________________
THE BIGGEST LIST OF EPASSPORTE SPONSORS YOU HAVE EVER SEEN |
|
|
|
|
2005-02-11, 09:58 PM
|
#24 | |
|
I saw weird stuff in that place last night. Weird, strange, sick, twisted, eerie, godless, evil stuff. And I want in
Join Date: Apr 2003
Location: Dayton, Ohio (currently)
Posts: 455
|
Quote:
that fix only work for about 1 in 10 that try it... the big Moz - doesn't know why yet... but FF is still much safer than IE in my opinion... ~Bell p.s. the going back in FF version isn't a fix/fix either... nor is the uninstall and completely reinstall... doesn't work for everyone... very few in fact... guess those affected will have to wait for a patch...
__________________
1000's of Domain Names to Choose from at DomainBELL.com |
|
|
|
|
|
2005-02-11, 10:46 PM
|
#25 |
|
What can I do - I was born this way LOL
Join Date: Oct 2003
Location: ohio
Posts: 3,086
|
check this one out a person we know gets a job over the net and its a writing or some kind of review thing and the pay was 150.00 a week so 3 days later she gets a check for 1500.00 so she takes it to the bank and put it in her account, the next day she gets a email and it said we made a mistake wire us the difference so the bank messed up and didnt put a hold on it so off goes the money and the person is responsible for the money.. and its sad because it is allways someone honest or someone who needs to make a few extra bucks..
|
|
|
|
 |
|
|
Linear Mode
