Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

phishing vulnerability in browsers

From: David Farber <dave () farber net>
Date: Tue, 08 Feb 2005 13:37:47 -0500

------ Forwarded Message
From: Jeff Nelson <jnmnus () yahoo com>
Date: Tue, 08 Feb 2005 12:31:20 -0600
To: David Farber <dave () farber net>
Subject: phishing vulnerability in browsers

Hi Dave,

For IP, if you wish: news of a browser exploit that affects
Mozilla/Firefox/Safari, but not Internet Explorer.

-Jeff

-------- Original Message --------
Subject:  [Nonprofit_tech_talk] phishing vulnerability in browsers
Date:  Mon, 7 Feb 2005 21:26:33 -0600
From:  Stephen Lu <stevelu () amamedia org>
To:  nonprofit_tech_talk <Nonprofit_tech_talk () communityforum net>,
MacFolks MacFolks <macfolks () lists democracygroups org>



Sorry about the cross post, but I feel this is a serious issue that we
should all be aware of...

Many Mozilla based browsers (Firefox, Camino, ...) and khtml based
browsers (Safari), plus a couple others, have a vulnerability that is
susceptible to phishing attacks, even spoofed SSL certificates. The
usual problems-prone IE, in this case, is immune to this issue.

Read about the problem at http://www.shmoo.com/idn/homograph.txt
with the proof of concept at http://www.shmoo.com/idn/
It is a jaw dropper!

No work-arounds so far except for Firefox, detailed at
http://www.boingboing.net/2005/02/06/shmoo_group_exploit_.html.

As always, know what web site you are at, and be very, VERY careful
what information you send over the browsers...

--
Stephen Lu
Asian Media Access

___________________________________
Nonprofit Tech Talk is a service of MAP for Nonprofits with partial funding
support from the Greater Twin Cities United Way.  Opinions expressed on this
list are those of the individual author and not necessarily the opinion of
MAP or the United Way.

MAP provides cost-effective, high-quality technology support, planning,
implementation and training to Minnesota nonprofit organizations.  Visit
http://www.mapfornonprofits.org, click on Nonprofit Services then click on
Technology for more information.

To post, send an email message to: Nonprofit_tech_talk () communityforum net
To change your options, including to unsubscribe, go to:
http://www.communityforum.net/mailman/listinfo/nonprofit_tech_talk



------ End of Forwarded Message


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: