[IP] phishing vulnerability in browsers

To: Ip <ip@xxxxxxxxxxxxxx>
Subject: [IP] phishing vulnerability in browsers
From: David Farber <dave@xxxxxxxxxx>
Date: Tue, 08 Feb 2005 13:37:47 -0500
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
Reply-to: dave@xxxxxxxxxx
Sender: owner-ip@xxxxxxxxxxxxxx
User-agent: Microsoft-Entourage/11.1.0.040913

------ Forwarded Message
From: Jeff Nelson <jnmnus@xxxxxxxxx>
Date: Tue, 08 Feb 2005 12:31:20 -0600
To: David Farber <dave@xxxxxxxxxx>
Subject: phishing vulnerability in browsers

Hi Dave,

For IP, if you wish: news of a browser exploit that affects
Mozilla/Firefox/Safari, but not Internet Explorer.

-Jeff

-------- Original Message --------
Subject:  [Nonprofit_tech_talk] phishing vulnerability in browsers
Date:  Mon, 7 Feb 2005 21:26:33 -0600
From:  Stephen Lu <stevelu@xxxxxxxxxxxx>
To:  nonprofit_tech_talk <Nonprofit_tech_talk@xxxxxxxxxxxxxxxxxx>,
MacFolks MacFolks <macfolks@xxxxxxxxxxxxxxxxxxxxxxxxx>

Sorry about the cross post, but I feel this is a serious issue that we
should all be aware of...

Many Mozilla based browsers (Firefox, Camino, ...) and khtml based
browsers (Safari), plus a couple others, have a vulnerability that is
susceptible to phishing attacks, even spoofed SSL certificates. The
usual problems-prone IE, in this case, is immune to this issue.

Read about the problem at http://www.shmoo.com/idn/homograph.txt
with the proof of concept at http://www.shmoo.com/idn/
It is a jaw dropper!

No work-arounds so far except for Firefox, detailed at
http://www.boingboing.net/2005/02/06/shmoo_group_exploit_.html.

As always, know what web site you are at, and be very, VERY careful
what information you send over the browsers...

--
Stephen Lu
Asian Media Access

___________________________________
Nonprofit Tech Talk is a service of MAP for Nonprofits with partial funding
support from the Greater Twin Cities United Way.  Opinions expressed on this
list are those of the individual author and not necessarily the opinion of
MAP or the United Way.

MAP provides cost-effective, high-quality technology support, planning,
implementation and training to Minnesota nonprofit organizations.  Visit
http://www.mapfornonprofits.org, click on Nonprofit Services then click on
Technology for more information.

To post, send an email message to: Nonprofit_tech_talk@xxxxxxxxxxxxxxxxxx
To change your options, including to unsubscribe, go to:
http://www.communityforum.net/mailman/listinfo/nonprofit_tech_talk

------ End of Forwarded Message

-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] more on WiMax
Next by Date: [IP] more on Digital TV: Congress vs. Consumers
Previous by thread: [IP] more on WiMax
Next by thread: [IP] more on Digital TV: Congress vs. Consumers
Index(es):
- Date
- Thread