|
BugTraq
Apple Safari: cookie stealing Jun 13 2007 10:34AM Robert Swiecki (jagger swiecki net) (2 replies) Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing Jun 14 2007 11:31PM Robert Swiecki (jagger swiecki net) (2 replies) Re: Apple Safari: idn urlbar spoofing Jun 25 2007 08:33PM Robert Swiecki (jagger swiecki net) (1 replies) RE: [Full-disclosure] Apple Safari: idn urlbar spoofing Jun 25 2007 09:15PM Larry Seltzer (Larry larryseltzer com) (1 replies) Re: [Full-disclosure] Apple Safari: urlbar/window title spoofing Jun 15 2007 02:07PM Mark Senior (senatorfrog gmail com) Re: [Full-disclosure] Apple Safari: cookie stealing Jun 13 2007 02:46PM Michal Zalewski (lcamtuf dione ids pl) |
|
|
Privacy Statement |
> It looks different on my system: http://www.larryseltzer.com/safe2.png
> Safari 3.0.2 on XPSP2
Looks simply like a difference in system fonts used on your machines. The
attack relies on padding the hostname with Unicode characters that, for
the typeface used, are rendered as white spaces.
Whether Safari devs are to blame here exclusively, I'm not sure - IDN
concept is by itself pretty evil, and this can be viewed simply a clever
take on homograph attacks.
/mz
[ reply ]