Bugtraq mailing list archives
Re: Apple Safari: idn urlbar spoofing
From: Robert Swiecki <jagger () swiecki net>
Date: Wed, 27 Jun 2007 11:27:40 +0200
Michal Zalewski wrote:
Whether Safari devs are to blame here exclusively, I'm not sure - IDN concept is by itself pretty evil, and this can be viewed simply a clever take on homograph attacks.
I found out that firefox has a configuration property: network.IDN.blacklist_chars. It includes the character used in the demonstration (ㅤ - HANGULL FILLER) and many more. So, the problem seems to be known (at least in firefox). -- Robert Swiecki http://www.swiecki.net
Current thread:
- Apple Safari: cookie stealing Robert Swiecki (Jun 13)
- Re: [Full-disclosure] Apple Safari: cookie stealing Michal Zalewski (Jun 13)
- Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing Robert Swiecki (Jun 15)
- Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing Mark Senior (Jun 15)
- Re: Apple Safari: idn urlbar spoofing Robert Swiecki (Jun 25)
- RE: [Full-disclosure] Apple Safari: idn urlbar spoofing Larry Seltzer (Jun 25)
- Re: [Full-disclosure] Apple Safari: idn urlbar spoofing Michal Zalewski (Jun 25)
- Re: Apple Safari: idn urlbar spoofing Robert Swiecki (Jun 27)