Slashdot Mirror

← Back to Stories (view on slashdot.org)

Shmoo Group Finds Exploit For non-IE Browsers

Posted by Hemos on from the even-mozilla-is-guilty dept.

shut_up_man writes "Saw this on Boing Boing: East coast hacker con Shmoocon ended today and they had a nasty browser exploit to show off... using International Domain Name (IDN) character support to display fake domain names in links and the address bar. Their examples use Paypal (with SSL too) and this looks very useful for phishing attacks. Interesting note that it works in every browser *except* IE (which makes this exploit a lot less dangerous in the end, I suppose)."v The reason IE isn't vulnerable is because it doesn't natively support IDN; with the right plug-in, it too is vulnerable.

3 of 621 comments (clear)

  1. Why? by sammykrupa · · Score: 0, Troll

    Are they telling every man and his dog by letting tihs get on /.? If they had just released some patches for Firefox and written up some help files for people this would not mean much.

    --
    Dashboard Widgets
  2. Re:Stop obsessing over Microsoft, please. by ScrewMaster · · Score: 0, Troll

    You work for Billy, don't you.

    --
    The higher the technology, the sharper that two-edged sword.
  3. Re:Your Microsoft Obsession by AtariAmarok · · Score: 0, Troll

    It is pretty clear that it meets your definition of "propaganda" because you did not like what they said.

    --
    Don't blame Durga. I voted for Centauri.