[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <86144ED6CE5B004DA23E1EAC0B569B5804655C0A@isabella.herefordshire.gov.uk>
Date: Wed, 9 Feb 2005 13:04:53 -0000
From: "Randal, Phil" <prandal@...efordshire.gov.uk>
To: bugtraq@...urityfocus.com
Subject: RE: International Domain Name [IDN] support in modern browsers al
lows attackers to spoof domain name URLs + SSL certs.
I've verified that the flaw exists on Windows XP SP2 fully patched IE 6
with Verisign's plugin from http://www.idnnow.com/index.jsp.
Screenshot here: http://www.rebee.clara.net/images/ie-idn.jpg
Cheers,
Phil
----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -----Original Message-----
> From: Jerome ATHIAS [mailto:jerome.athias@...e.fr]
> Sent: 08 February 2005 14:47
> To: bugtraq@...urityfocus.com
> Subject: Re: International Domain Name [IDN] support in
> modern browsers allows attackers to spoof domain name URLs +
> SSL certs.
>
> In-Reply-To: <20050208043921.17342.qmail@....securityfocus.com>
>
> Verified under Windows XP SP2 with Firefox 1.0 (MOOX M3)
>
> SpoofStick (http://www.corestreet.com/spoofstick/) is also
> tricked (what about netcraft...?).
>
> Regards,
> Jerome
>
Powered by blists - more mailing lists