Posts tagged with firefox - page 2

Phishing with IDN’s

Currently “hot news” is the fact that Firefox, Mozilla and Safari browsers have been demonstrated as susceptible to a new form of phishing attack.

Basically all these browsers support International Domain Names (IDN) that let you use the full Unicode set of foreign characters and symbols, and some of these foreign characters while technically different from the Latin ones look identical. In the case demonstrated they have used the Arabic a to replace a Latin a in “PayPal” to get another site. This isn’t really anything new, even the original RFC commented on how this would be a problem and the IETF issued guidelines that would have limited their scope if only Verisign actually implemented them. (Specifically the guideline for preventing mixing of languages within a domain name would reduce the scope for attack considerably).

One thing that is amusing is the Internet Explorer fans reaction that their browser isn’t susceptible. This is true but only because Microsoft hasn’t added IDN support to IE, instead recommending you install a third-party plug-in to do it.

Head over to Verisign, install the plug-in, and you too can have exactly the same “exploit”.

Some 12 hours later it appears the rest of the world twigs and Secunia issues this advisory.


Reflections, Christmas 2004

Christmas came and went and now once again the end of year looms menacingly just a day away.

My Amazon wish-list saved me from the tedious “What do you want?” “I don’t know” exchanges that seem to plague this time of year. I had a similar experience with a rather gorgeous Swiss woman before eventually surprising her with a lovely piece of original artwork depicting a sailing yacht. She also became the first person I’ve subjected to my Christmas family dinner which actually turned out rather well.

I decided to purchase my mother a new PC this year too, the previous AMD system having died from a combination of abuses. They were dying to get back on-line so I brought them a Shuttle SB65G2 from the good folks at Aria who shipped it quickly to Guernsey (VAT free). Loaded up with XP2, Firefox and Thunderbird it will hopefully last a little longer. The main problem with building PC’s of course is explaining to people why Word and Excel aren’t installed and that short of paying £300 they won’t be getting them.. or they could plump for just Word at £72 as part of the Works bundle or try OpenOffice for free.

And back onto Amazon… why is it that after rating some 228 DVDs, books and CDs it still suggests crap like Van Helsing, Garfield and The Haunted Mansion. Either a) There are no more DVDs I’d like left to buy b) People can’t be predicted with an algorithm or c) Amazon likes to put rubbish in with real statistical data in an attempt to shift it.

Have a great new year,