[Wolves] Firefox users may want to read this....

Paul Harrison milboromailings at blueyonder.co.uk
Mon Feb 7 19:21:08 GMT 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Forwarded from the pgpnet group...this is a nasty exploit!

Paul

****

Punycode domains could wreak havoc in security world.

Posted by Duane from CAcert at
http://www.cacert.org/news.php?from=rss&id=13
Finally someone has shown what everyone feared, that punycode can
cause big problems with security where you can think you are going to
the real site (in this case paypal.com) but in reality you are going
to a fake site that has created it's domain to look like another. This
is a valid concern in all browsers except Internet Explorer, and only
because Microsoft had failed to implement any new major features in
their browser of late. Verisign can come to the rescue and provide you
with a punycode plug-in for MS IE that's also able to take advantage
of the problem. It's possibly the only time Microsoft's lax attitude
to giving people what they ask for will save us from more wide spread
abuse of this. See
http://www.boingboing.net/2005/02/06/shmoo_group_exploit_.html> for
more details about this problem.

In short punycode is a way of encoding mutliple language characters in
domain names without causing major changes in the way that domains
work to accommodate this directly...

eg... a domain that looks like paypal.com (using cyrilic characters
for one of the a's) is

www.xn--pypal-4ve.com




which you can then put a link on your website as...

www.pаypal.com

and it will all just work, except that it's not really paypal's
website, it's the browser converting unicode characters into printable
form to make it seem like it's paypal...

****

"I'm looking for that Francis Bacon, in-the-face, whoops factor in the
sound.  And I get it sometimes." - Scott Walker
~  www.milboro.com - www.snurl.com/allbran


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCB7+nq+i2H9Bw1yoRApnHAKDJKdDR6NmJzfYZqAduxlJz+UphTQCfays5
zON+92NGUxKuF8yNouM2eMo=
=Lnck
-----END PGP SIGNATURE-----



More information about the Wolves mailing list