Thread: Exploit for every browser except IE...
View Single Post
Old 07-02-2005, 20:19   #1
Richard M
Inactive
 
Join Date: Jun 2003
Location: Los Angeles, CA
Age: 46
Posts: 6,343
Richard M has a bronze arrayRichard M has a bronze arrayRichard M has a bronze array
Richard M has a bronze arrayRichard M has a bronze arrayRichard M has a bronze arrayRichard M has a bronze arrayRichard M has a bronze arrayRichard M has a bronze arrayRichard M has a bronze arrayRichard M has a bronze arrayRichard M has a bronze arrayRichard M has a bronze arrayRichard M has a bronze arrayRichard M has a bronze arrayRichard M has a bronze arrayRichard M has a bronze arrayRichard M has a bronze arrayRichard M has a bronze arrayRichard M has a bronze arrayRichard M has a bronze arrayRichard M has a bronze arrayRichard M has a bronze array
Exploit for every browser except IE...
...and with good reason:
Quote:
East coast hacker con Shmoocon ended today and they had a nasty browser exploit to show off... using International Domain Name (IDN) character support to display fake domain names in links and the address bar. Their examples use Paypal (with SSL too) and this looks very useful for phishing attacks. Interesting note that it works in every browser *except* IE (which makes this exploit a lot less dangerous in the end, I suppose)."v The reason IE isn't vulnerable is because it doesn't natively support IDN; with the right plug-in, it too is vulnerable.
http://it.slashdot.org/article.pl?si...4&tid=95&tid=1

http://www.shmoo.com/idn/
Richard M is offline   Reply With Quote