SecurityFocus

RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs. Feb 09 2005 01:04PM
Randal, Phil (prandal herefordshire gov uk) (1 replies)

I've verified that the flaw exists on Windows XP SP2 fully patched IE 6
with Verisign's plugin from http://www.idnnow.com/index.jsp.

Screenshot here: http://www.rebee.clara.net/images/ie-idn.jpg

Cheers,

Phil
----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK

> -----Original Message-----
> From: Jerome ATHIAS [mailto:jerome.athias (at) free (dot) fr [email concealed]]
> Sent: 08 February 2005 14:47
> To: bugtraq (at) securityfocus (dot) com [email concealed]
> Subject: Re: International Domain Name [IDN] support in
> modern browsers allows attackers to spoof domain name URLs +
> SSL certs.
>
> In-Reply-To: <20050208043921.17342.qmail (at) www.securityfocus (dot) com [email concealed]>
>
> Verified under Windows XP SP2 with Firefox 1.0 (MOOX M3)
>
> SpoofStick (http://www.corestreet.com/spoofstick/) is also
> tricked (what about netcraft...?).
>
> Regards,
> Jerome
>

[ reply ]

Re: International Domain Name [IDN] support in modern browsers al lows attackers to spoof domain name URLs + SSL certs. Feb 10 2005 07:40AM
Marcin Sochacki (wanted gnu univ gda pl)