Exploit for every browser except IE...
 

...and with good reason:
http://it.slashdot.org/article.pl?si...4&tid=95&tid=1

http://www.shmoo.com/idn/ :erm:

Re: Exploit for every browser except IE...
 

Mr Gates has actually provided software that by default is more secure than the offerings of others :spin:

M$ much vaunted security edicts must count for something then. Wohoo :nworthy: :D

Re: Exploit for every browser except IE...
 

It is ironic though, that being a naff, featureless browser is what stops the virus from attacking it.

Re: Exploit for every browser except IE...
 

thanks to mr_love_monkey for a potential workaround for Firefox

http://www.cableforum.co.uk/board/sh...65&postcount=1

:)

Re: Exploit for every browser except IE...
 

It's pretty easy to fix though.

Re: Exploit for every browser except IE...
 

Wow.
Microsoft can have a little "It didnt get our browser" celebration today.
for once that IE prooves to be useful. :D

Re: Exploit for every browser except IE...
 

Ummmm... I don't get this. Surely this issue has nothing to do with M$ IE being 'secure' but down to the fact that these people managed to register an IDN like that anyway? If anything, Verisign are at fault for failing to protect their existing customer's interest when opening up xn-- registrations, something that not *all* registries are doing... yet. There's a consultation paper going out shortly for registrations under .uk, to establish whether there's a requirement to handle IDNAs or not. I can imagine that there will be a need, but at least with .uk, we're safe in the assurance that we won't get shafted by the registry - unlike gTLDs whereby there's very little public consultation on the effects of opening up new protocols, such as IDNA. We've seen Verisign do daft things before, this isn't anything new and is not something that should be directed at browser vendors. If anything, M$ have once again displayed their inability to keep up with the times by not supporting IDNA anyhow, why are they the only ones that don't? And ... no, before you suggest it, it has nothing to do with security conscience :)

Yeah, that's exactly the point. a) it wasn't a virus, there's quite a difference here; and b) IE *is* featureless, they just happened to be lucky here, in that it's *so* featureless it doesn't support IDNs - yet there *are* registries out there that do... Why are M$ so far behind?

Nah, again... IE is *not* more secure - it just doesn't support the new IDN protocol, simple. That's *not* necessarily a good thing, whatsoever. The fact that IE is upgradable to support IDN is a distinct indication of this. If it was a security issue, then the upgrade wouldn't be available. It simply hasn't been fully distributed because there is not yet a widespread requirement for it - although IDN has been launched in various countries, with much success.

:devsmoke:

Re: Exploit for every browser except IE...
 

I wonder if Avant is vulnerable, since it MAY have a plugin for it :erm:

Re: Exploit for every browser except IE...
 

I was just going to say I'd already mentioned that... still as long as as many people as possible read it, that's all that matters :)

Re: Exploit for every browser except IE...
 

and an even more simple work around is not to click links to things like paypal and to type em in yourself... :p:

but seriously its probably not as such a big thing as everybody makes out and as someone previously said its more to do with the registry itself rather than the browsers that support the feature...

Re: Exploit for every browser except IE...
 

We'll probably find that the latest round of Windows Updates have enabled IDN support on IE :D

Re: Exploit for every browser except IE...
 

lol, wouldn't put it past em ;)

Re: Exploit for every browser except IE...
 

:rofl:

Re: Exploit for every browser except IE...
 

Update: Mozilla have now decided to disable IDN support by default in their browsers.
More info here:
http://slashdot.org/article.pl?sid=0...&tid=154&tid=1

EDIT: I've never seen one of these URLs before, but in case you're wondering what it looks like...
http://vÃÃâ€*’Ãâ...€šÃ‚¤vtak.se/ (doesn't work in IE)

Re: Exploit for every browser except IE...
 

Hmmm. I have disabled IDN in FireFox, but that website works. I thought it would have given me some warning or error.