Yesterday an xploit was released that use IDN to spoof a linmk in your address bar.
for example, you could be viewing http://some_hackers_ip:79
and your browser will show "YourBank.com"

this exploit is meant to work on every Browser EXCEPT internet explorer because internet explorer doesnt support IDN (in other words, dumb luck)

The exploit should even work with a secure SSL encryption.

anyways.. here's the URL
http://www.shmoo.com/idn/

if you get a web page saying meeow, your browser failed.

I myself have tested this on Fireox and konqueror in GNU/Linux (gentoo dietribution) http://gentoo.org

Firefox without SSL Passed
Firefox with SSL Passed
Konqueror without SSL Failed.
Konqueror with SSL Passed (reports that the encrypytion certificate is invalid)

they say that all browsers except IE fail this test.. mabe they were only talking about browsers on the MS windows operating system..

Anyways... What OS and browsers are you guys using, and how do they do ??? Pass or Fail.

 

 

 

Reply

I'm at work right now and we're still using Firefox 1.0 Preview Release on this Slackware box. It fails on both with and without SSL, so there's a good motivation to upgrade firefox to the latest version.

[edit]
Correction: Tried it on a gentoo box at work that was using Firefox 1.0. It failed both tests, maybe you've just got a special box there?
[/edit]

Reply

Tried paypal links in Firefox 1.0 on a Windows 2000 box, and got a meow
...Just when I thought I had overcome my 'bad habit' of ie I hope they release a patch soon...

Reply

WOW.... i know gentoo is bleeeeading edge, but wow.

i did an "emerge --sync && emerge -U world" about a week before the exploit was announced.
the above command updates every package to the latest version.

maybe its because im running a 64bit OS ?

Reply