IDN Spoofing Issue
-
- Guest
-
- Guest
- Mini-Geek
- Posts: 1239
- Joined: February 7th, 2005, 8:08 pm
- Location: Bulverde (near San Antonio), Texas, USA
Re: AD Block Fix - Nice and simple
Ken Cooper wrote:KevinMillican wrote:A simpler way of fixing this is as follows :-
1. Install the Adblock Firefox extension.
https://update.mozilla.org/extensions/m ... dows&id=10
2. Look at the Adblock 'Preferences' and go to 'Adblock Options'
3. Tick 'Site Blocking'
4. Add the following filter :-
/[^\x20-\xFF]/
This will block any URL that uses characters outside the normal ASCII range.
I don't how you think this works, but don't fool yourself, because it won't.Code: Select all
http://www.paypаl.com/
http://www.payp & # 1072 ; l.com/
Adblock does not prohibit you from clicking on a link - even if you target the " ; " symbol.
I don't know how it works either, but I know that it does work, so why don't you try it before you criticize it for not working? make sure that you tick "site blocking" alsoKen Cooper wrote:Take your pick either way that filter is ineffective. I don't have to try it, because of what I stated in my previous post.GreenAlien wrote:Ken,
"won't" or "doesn't" ? - Have you actually tried it yourself?
It appears to work fine for me with the test at:
http://secunia.com/multiple_browsers_idn_spoofing_test/
If you have experienced otherwise feel free to post the steps.
..Ant
The best solution to this IDN vulnerability until a permanent fix is in place, is to actually type the link into your address bar when visiting a financial or personal website.
-
- Guest
Weird. on my WINXP, the line for IDN service in compreg.dat looks different:
@mozilla.org/embedcomp/cookieprompt-service;1,{ce002b28-92b7-4701-8621-cc925866fb87}
@mozilla.org/network/idn-service;1,{62b778a6-bce3-456b-8c31-2865fbb68c91}
@mozilla.org/intl/unicode/decoder;1?charset=x-mac-ukrainian,{6394eeaa-fc3d-11d2-b3b8-00805f8a6670}
@mozilla.org/download;1,{e3fa9d0a-1dd1-11b2-bdef-8c720b597445}
in fact, the whole CONTRACTIDS section in compreg.dat is formatted with the hex-ids at the end of the line.
Commenting out the single line referreding to idn (idn-service) does nothing to fix the problem..
@mozilla.org/embedcomp/cookieprompt-service;1,{ce002b28-92b7-4701-8621-cc925866fb87}
@mozilla.org/network/idn-service;1,{62b778a6-bce3-456b-8c31-2865fbb68c91}
@mozilla.org/intl/unicode/decoder;1?charset=x-mac-ukrainian,{6394eeaa-fc3d-11d2-b3b8-00805f8a6670}
@mozilla.org/download;1,{e3fa9d0a-1dd1-11b2-bdef-8c720b597445}
in fact, the whole CONTRACTIDS section in compreg.dat is formatted with the hex-ids at the end of the line.
Commenting out the single line referreding to idn (idn-service) does nothing to fix the problem..
- Spewey
- Folder@Home
- Posts: 5799
- Joined: January 25th, 2003, 2:06 pm
- Location: St. Paul, Minnes°ta
idiots . . . . . . . . . lightbulb
idiots . . . . . lightbulb
idiots . . . lightbulb
idiots lightbulb!
see also:
http://james.seng.cc/archives/2005/02/0 ... ofing.html
Repeat: your offspring are safe from harm; go to sleep.
idiots . . . . . lightbulb
idiots . . . lightbulb
idiots lightbulb!
http://www.gerv.net/hacking/security/phishing.htmlgerv wrote:The latest round of punycode-based homograph attacks has led people to suggest switching off IDN, either personally or in browser security releases. This solution is inherently discriminatory - IDN was introduced to try and level the playing field in domain names with regard to their alphabet.
see also:
http://james.seng.cc/archives/2005/02/0 ... ofing.html
Repeat: your offspring are safe from harm; go to sleep.
-
- Posts: 1
- Joined: February 9th, 2005, 2:05 am
- Location: USA
Has anybody heard of Netcraft Anti-Phishing Toolbar for IE?
http://toolbar.netcraft.com/
It seems to work great, BUT there needs to be one created for Firefox/Mozilla. I've written them, but they apparently want MANY folks to write them to let them assess a need, then dev. can begin. Maybe Mozilla.org can contact them and they would share their expertise? Probably not without a price, right?
Anyway, just thought I'd tell you about this, in case you weren't already aware. Thanks for all your great work with Mozilla!
Patrick
http://toolbar.netcraft.com/
It seems to work great, BUT there needs to be one created for Firefox/Mozilla. I've written them, but they apparently want MANY folks to write them to let them assess a need, then dev. can begin. Maybe Mozilla.org can contact them and they would share their expertise? Probably not without a price, right?
Anyway, just thought I'd tell you about this, in case you weren't already aware. Thanks for all your great work with Mozilla!
Patrick
-
- Guest
This script edits the IDN lines in compreg.dat on apple OSX, you may need to check the paths to make sure this is the right place on your setup. I've used this in a loginhook on a classroom full of macs. Roll on the proper fix.
#!/bin/bash
#uses tempfile for sed, as mac sed doesn't have -e
compreg="$HOME/Library/Application Support/Firefox/Profiles/default.ro6/compreg.dat"
[ -f "$compreg" ] &&
cp -f "$compreg" "$compreg.tmp" &&
sed 's/@mozilla.org\/network\/idn-service;1/@mozilla.org\/network\/idn-service;0/g' "$compreg.tmp" > "$compreg" &&
echo patched
#!/bin/bash
#uses tempfile for sed, as mac sed doesn't have -e
compreg="$HOME/Library/Application Support/Firefox/Profiles/default.ro6/compreg.dat"
[ -f "$compreg" ] &&
cp -f "$compreg" "$compreg.tmp" &&
sed 's/@mozilla.org\/network\/idn-service;1/@mozilla.org\/network\/idn-service;0/g' "$compreg.tmp" > "$compreg" &&
echo patched
-
- Posts: 160
- Joined: November 20th, 2004, 4:58 am
Re: Quick-fix
n00tz wrote:there's a simple fix for those that wish to take care of it before an official patch/fix comes out.</p>
go to the about:config page and disable network.enableIDN (set to FALSE).</p>
I went back to the secunia page and it checked out.
Discrimanatory or not, as a Firefox user and until the IDN issue is fixed, this solution does work perfectly for my little person. Quite selfish perhaps, but this workaround has satisfied the Secunia test and as a novice I don't feel able to refuse a radical but effective solution on the ground of philosophical matters. Sorry.
- Mini-Geek
- Posts: 1239
- Joined: February 7th, 2005, 8:08 pm
- Location: Bulverde (near San Antonio), Texas, USA
WebVoyager,WebVoyager wrote:n00tz wrote:there's a simple fix for those that wish to take care of it before an official patch/fix comes out.</p>
go to the about:config page and disable network.enableIDN (set to FALSE).</p>
I went back to the secunia page and it checked out.
Discrimanatory or not, as a Firefox user and until the IDN issue is fixed, this solution does work perfectly for my little person. Quite selfish perhaps, but this workaround has satisfied the Secunia test and as a novice I don't feel able to refuse a radical but effective solution on the ground of philosophical matters. Sorry.
Did you restart Firefox after you set the about:config setting? If you did and it still blocks the IDN correctly, do you have a nightly or are you using 1.0? I've heard that bug has been fixed somewhere along the way in the nightlies.
-
- Posts: 160
- Joined: November 20th, 2004, 4:58 am
Hi Mini-Geek,
After having set the about:config to disable network.enableIDN (set to FALSE), I also included the following line in my user.js script, in order to avoid any future accidental change :
user_pref("network.enableIDN", false);
The Secunia test is satisfied (Firefox Alert Window saying the site pay'something' (forgot the exact spelling) could not be found.
I am using the original Firefox 1.0 English version (though living in France) :
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
I've read also that a nighty Firefox 1.1 (or 1.01) version had fixed the IDN problem. The point is I am aware of nighty versions (Firefox as any other) unless for experienced users.
After having set the about:config to disable network.enableIDN (set to FALSE), I also included the following line in my user.js script, in order to avoid any future accidental change :
user_pref("network.enableIDN", false);
The Secunia test is satisfied (Firefox Alert Window saying the site pay'something' (forgot the exact spelling) could not be found.
I am using the original Firefox 1.0 English version (though living in France) :
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
I've read also that a nighty Firefox 1.1 (or 1.01) version had fixed the IDN problem. The point is I am aware of nighty versions (Firefox as any other) unless for experienced users.
- Mini-Geek
- Posts: 1239
- Joined: February 7th, 2005, 8:08 pm
- Location: Bulverde (near San Antonio), Texas, USA
I don't understand why that's working for you, unless it's because you have XP and I have 98SE, I did exactly what you said and it still allows the test to come up even though it's still marked as "false" in about:configWebVoyager wrote:Hi Mini-Geek,
After having set the about:config to disable network.enableIDN (set to FALSE), I also included the following line in my user.js script, in order to avoid any future accidental change :
user_pref("network.enableIDN", false);
The Secunia test is satisfied (Firefox Alert Window saying the site pay'something' (forgot the exact spelling) could not be found.
I am using the original Firefox 1.0 English version (though living in France) :
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
I've read also that a nighty Firefox 1.1 (or 1.01) version had fixed the IDN problem. The point is I am aware of nighty versions (Firefox as any other) unless for experienced users.
p.s. in my signature is a link to my Firefox info
-
- Posts: 160
- Joined: November 20th, 2004, 4:58 am
Mini-Geek, it's true that my platform is Windows XP, SP2 in fact. But I don't see in which way this should make any difference.
I'm thinking of a basic issue, like when the reason of a car problem is the lack of gazoline:
Perhaps your cache has conseved information previously to the network.enableIDN (set to FALSE) option.
Try going in Options-> Privacy -> Cache, and then click on 'Clear'
If this doesn't fix the issue, then I would call all the experienced users here on our Mozalline Forum to give us a helping hand!
I'll try as for myself to figure other alternatives if your problem persists. I'll be off until 20:00 GMT.
Don't worry.
I'm thinking of a basic issue, like when the reason of a car problem is the lack of gazoline:
Perhaps your cache has conseved information previously to the network.enableIDN (set to FALSE) option.
Try going in Options-> Privacy -> Cache, and then click on 'Clear'
If this doesn't fix the issue, then I would call all the experienced users here on our Mozalline Forum to give us a helping hand!
I'll try as for myself to figure other alternatives if your problem persists. I'll be off until 20:00 GMT.
Don't worry.
- Mini-Geek
- Posts: 1239
- Joined: February 7th, 2005, 8:08 pm
- Location: Bulverde (near San Antonio), Texas, USA