Interesting People mailing list archives
phishing vulnerability in browsers
From: David Farber <dave () farber net>
Date: Tue, 08 Feb 2005 13:37:47 -0500
------ Forwarded Message From: Jeff Nelson <jnmnus () yahoo com> Date: Tue, 08 Feb 2005 12:31:20 -0600 To: David Farber <dave () farber net> Subject: phishing vulnerability in browsers Hi Dave, For IP, if you wish: news of a browser exploit that affects Mozilla/Firefox/Safari, but not Internet Explorer. -Jeff -------- Original Message -------- Subject: [Nonprofit_tech_talk] phishing vulnerability in browsers Date: Mon, 7 Feb 2005 21:26:33 -0600 From: Stephen Lu <stevelu () amamedia org> To: nonprofit_tech_talk <Nonprofit_tech_talk () communityforum net>, MacFolks MacFolks <macfolks () lists democracygroups org> Sorry about the cross post, but I feel this is a serious issue that we should all be aware of... Many Mozilla based browsers (Firefox, Camino, ...) and khtml based browsers (Safari), plus a couple others, have a vulnerability that is susceptible to phishing attacks, even spoofed SSL certificates. The usual problems-prone IE, in this case, is immune to this issue. Read about the problem at http://www.shmoo.com/idn/homograph.txt with the proof of concept at http://www.shmoo.com/idn/ It is a jaw dropper! No work-arounds so far except for Firefox, detailed at http://www.boingboing.net/2005/02/06/shmoo_group_exploit_.html. As always, know what web site you are at, and be very, VERY careful what information you send over the browsers... -- Stephen Lu Asian Media Access ___________________________________ Nonprofit Tech Talk is a service of MAP for Nonprofits with partial funding support from the Greater Twin Cities United Way. Opinions expressed on this list are those of the individual author and not necessarily the opinion of MAP or the United Way. MAP provides cost-effective, high-quality technology support, planning, implementation and training to Minnesota nonprofit organizations. Visit http://www.mapfornonprofits.org, click on Nonprofit Services then click on Technology for more information. To post, send an email message to: Nonprofit_tech_talk () communityforum net To change your options, including to unsubscribe, go to: http://www.communityforum.net/mailman/listinfo/nonprofit_tech_talk ------ End of Forwarded Message ------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- phishing vulnerability in browsers David Farber (Feb 08)