I found out today there is a pretty, well very serious flaw in the various non IE browsers. Firefox is the one I am most concerned about becuase I use it constantly.
This exploit affects all browsers except IE. It has to do with the International Domain Name [IDN] support in modern browsers. The attack allows an attacker/phisher to spoof the domain/URLs of businesses.
There is a proof of concept document that will show you exactly what it can do; there is even an SSL connection that works as well, so much for a secure connection. Try it out before you apply the fix, but not in IE! There are several articles and workaround/fixes out there. I have been messing around with them all morning and here is the run down.
- There is a fix listed on Boing Boing. It says to type about:config in the address bar, find network.enableIDN and set it to false. This only works until you close Firefox and re-open it. Then the links at proof of concept will work again. It also broke my Macromedia News extension, don’t waste you time on this fix!
- Back up the compreg.dat file first, if you attempt this fix! There is another fix listed on tech.life.blogged. This one says to edit the compreg.dat file that is located in your profile directory, eg. On XP: C:\Documents and Settings\USERNAME\Application Data\Mozilla\Firefox\Profiles\default.###\ Then you open the compreg.dat file in a text editor (I strongly suggest TextPad), find and modify the @mozilla.org/network/idn-service;1,{62b778a6-bce3-456b-8c31-2865fbb68c91} line. Change the 1 to a 0 and save the file. I tried this fix and it works, but the post states it is a permanent fix and it is not. The problem is that if you install a extension the compreg.dat file is reloaded and the 1 in @mozilla.org/network/idn-service; 1,{62b778a6-bce3-456b-8c31-2865fbb68c91} line is resored and the fix is lost. You will manually have to edit compreg.dat and change the 1 to a 0.
- The third fix I found at mozillaZine and advises to use AdBlocker to create a filter that will block any URL that uses characters that are outside the normal ASCII range. I have highlighted the steps to follow below:
- If you do not have Adblocker installed go here and install it!
- Once it is installed, in Firefox, goto Tools, Adblock, and open Preferences
- Important!! On the Preferences windows select Adblock Options and select Site Blocker: Note: Site Blocking will now have a check next to it.
- In the New Filter input box enter the following text: /[^\x20-\xFF]/
- Select Add next the New Filter input box to add the rule. Note: You will receive a Warning dialog when you select Add, just select OK to apply the filter.
- Select Done
- Go to the test page and select a link. The links will be blocked and should not load. Note: They had a paypal link but have since changed it. You still can see a nice sample of the domain spoofing.
I use Firefox everyday and love every minute of it. From what I read Firefox is working on a perminant fix that will eleminate this issue. I thought I would share this and the information I found out there about it, I would hate for a reader to expose personal information or financial data by this kind of attach. I always suggest to everyone on the internet, learn security, keep up to date on the kind of attachs going on, and most importantly, protect yourself and you data!
http://www.boingboing.net/2005/02/06/shmoo_group_exploit_.html