[ILUG] Firefox/Mozilla/Opera exploit
Niall O Broin
niall at linux.ie
Tue Feb 15 10:17:59 GMT 2005
On 15 Feb 2005, at 09:41, Colm MacCarthaigh wrote:
> On Mon, Feb 14, 2005 at 09:21:02PM +0100, Brian Foster wrote:
>> yep. IMHO, the ???shocking??? thing here is the more actively
>> developed browsers, released long after the 2001 CACM paper,
>> have the problem to begin with. that paper was short and
>> clear. there does not seem to be an excuse for having the
>> problem with browsers released years (literally!) later.
>
> It's not a browser vulnerability, they are merely correctly
> implementing
Indeed - the security issue is with the users of the browsers, not the
browsers themselves. But to be honest, it's a bit much to expect a
person who will voluntarily enter a password to decode a ZIP archive
and then voluntarily run the malware inside it to be aware of the
existence of homographs and what they imply in IDNs.
> IDN. This is an actual designed-in feature of IDN, the fault lies with
> the registries.
Why do you say that Colm? Should we expect the registries to check
every IDN offered for every possible homograph clash with an already
registered name?
Niall
More information about the ILUG
mailing list