• On TechRepublic: 10 cool USB flash drive tricks
advertisementGo to Windows 7 Insider Guide
advertisement
Click Here
February 8, 2005 12:36 AM PST

Safari (and Mozilla, Firefox) domain name spoofing vulnerability

by CNET staff
  • Font size
  • Print
  • Post a comment

MacFixIt reader Gregory F. Welch points to a new Safari (and Mozilla) spoofing vulnerability, which could allow malicious parties to obtain sensitive information by masquerading as legitimate, recognized Web sites.

The proof-of-concept for this flaw is located at:

http://www.shmoo.com/idn/

As you can see, the browser URL indicator displays: "http://wwww.paypal.com," though the site's content does not reflect that URL. This occurs because of an interesting set of circumstances afforded by browser support for Unicode/UTF8 domain name resolution.

As noted by the flaw's discoverers:

"Clicking on any of the two links in the above webpage using anything but IE should result in a spoofed paypal.com webpage.

"The links are directed at "http://www.p?ypal.com/", which the browsers punycode handlers render as www.xn--pypal-4ve.com.

"This is one example URL - - there are now many ways to display any domain name on a browser, as there are a huge number of codepages/scripts which look very similar to latin charsets. [...]

"Vulnerable browsers include (but are not limited to):

  • Most mozilla-based browsers (Firefox 1.0, Camino .8.5, Mozilla 1.6, etc)
  • Safari 1.2.5
  • Opera 7.54
  • Omniweb 5

"There are a few methods to detect that you are under a spoof attack. One easy method is to cut and paste the url you are accessing into notepad or some other tool (under OSX, paste into a terminal window) which will allow you to view what character set/pagecode the string is in. [...]

"You can disable IDN support in mozilla products by setting 'network.enableIDN' to false. There is no workaround known for Opera or Safari."

UPDATE: MacFixIt reader Hao Li lets us know that he has created a Safari plug-in to fix this problem.

Hao says "This free plugin works only with the latest Safari version 1.2.4 (v125.12). I think Apple will soon release a security update, but in the meantime Saft Lite is a good solution."

The plug-in can be downloaded here.

Feedback? Late-breakers@macfixit.com.

Resources

  • http://www.shmoo.com/idn/
  • here
  • Late-breakers@macfixit.com
  • More from Late-Breakers
    • Topics:

    News,

    Troubleshooting

    Tags:

    Late-Breakers

    Share:
    Digg
    Del.icio.us
    Reddit
    Recent posts from MacFixIt
    Pixelated or fuzzy icons in Snow Leopard
    Snow Leopard: iChat restricting minimum chat window width
    Hack enables 10.6.2 on Atom processors
    Weekly Utilities Update: WhatSize, CoolBook, VisualRoute, more...
    Overcoming missing Appletalk printer connectivity in Snow Leopard
    Terminal fun: Options for printing folder and subfolder contents
    Aperture How-To: Add a watermark to your photographs
    Snow Leopard: Finder not opening files when double-clicked

    Navigate MacFixIt

    • Help
    • Archives
    • Utilities
    • Forums
    advertisement
    Click Here

    About MacFixIt

    MacFixIt is CNET's troubleshooting resource for all things Mac. The information here helps you navigate the ins-and-outs of Mac ownership with how-tos, troubleshooting information, news, reviews, and more.

    Add this feed to your online news reader

    MacFixIt topics

    Reviews & advice
    Site map
    Editorial policies
    Meet the editors
    How we test
    Forums
    Internet speed test
    Popular topics
    Apple iPhone
    Apple iPod
    Cell phones
    Dell
    GPS
    LCD TV
    CNET sites
    CNET Site map
    CNET TV
    Downloads
    News
    Reviews
    Shopper.com
    More information
    Newsletters
    CNET Mobile
    Customer Help Center
    RSS
    CNET Widgets
    About CNET
    sponsored