lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: kmc at eircom.net (Kevin Connolly)
Subject: Re: Homograph attack fools (older versions of)
 Internet Explorer too

Use of Unicode codes in the href fools older versions of IE when it parses
the hostname part.

Obviously this has been fixed in a previous patch (my bad for not checking with
a fully patched machine first! )

NOT vulnerable 	IE 6.0.2800.1106.xpsp2.040919-1003C0
vulnerable 	IE 6.0.2800.1106.xpsp2.030422-1633

I may get around to writing up the details but it is not urgent now that
I know that fully patched IE is not vulnerable to this.

Kevin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ