Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

heads up - phishing exploit that doesn't affect IE

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread		 This topic is archived.
Home » Discuss » DU Groups » Computers & Internet » Computer Help and Support Group Donate to DU
 
McKenzie Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Feb-10-05 04:27 AM
Original message
heads up - phishing exploit that doesn't affect IE
not quite a zero days exploit but very recent.

<snip>

This latest exploit will provide spammers with a way to trick FireFox, Opera and Safari users into thinking they're on a certain website. Commonly known as Phishing this latest attack by spammers and hackers is frighteningly common.

<snip>

http://www.neowin.net/comments.php?id=26989&category=main
Printer Friendly | Permalink |  | Top
bvar22 Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Feb-10-05 07:52 AM
Response to Original message
1. It was only a matter of time.
The more popular something becomes, the more attractive the target.

The fix for Mozilla:

"You can disable IDN support in Mozilla products by setting 'network.enableIDN' to false."
Printer Friendly | Permalink |  | Top
 
welshTerrier2 Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Feb-10-05 10:31 AM
Response to Reply #1
2. there is no current fix for Firefox
Edited on Thu Feb-10-05 10:32 AM by welshTerrier2
from the article provided in the OP:

Update: Many users are reporting the config change in Firefox does not work, currently there is no fix for Firefox.
Printer Friendly | Permalink |  | Top
 
RoyGBiv Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Feb-10-05 09:14 PM
Response to Reply #1
5. That doesn't really work ...

It only affects the current session when it works, and putting it in a user.js file doesn't do anything, so you have to do it each time you reload FF.

People have apparently been working on this. There's no fix, but a workaround available for Firefox:

http://forums.mozillazine.org/viewtopic.php?t=215226

In summary, you need to edit the compreg.dat in your user profile directory and comment out any line related to IDN support. There are two. Just do a "search" for IDN, and you'll find them easily enough. Then place a "#" in front of the line and save.

This works all of the time, but you'll have to re-edit comreg.dat if you install any new themes or extensions.
Printer Friendly | Permalink |  | Top
 
charlie Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Feb-10-05 10:00 PM
Response to Reply #5
6. There's a fix
But it's only in the nightlies, they haven't shoehorned it into a stable release yet.

https://bugzilla.mozilla.org/show_bug.cgi?id=281506
Printer Friendly | Permalink |  | Top
 
reprobate Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Feb-10-05 04:10 PM
Response to Original message
3. There's a really easy fix for all phishing attempts.

Don't give your personal information to any email link. If it looks like one you do business with, go to their real web site and verify thru thier links.

Never trust an email that asks for your personal information.
Printer Friendly | Permalink |  | Top
 
McKenzie Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Feb-10-05 05:16 PM
Response to Reply #3
4. you are right to point out the easy way
to stop phishing in the first place. However, these gits are very clever...they can lift the source code and use it as a con so someone clicking on a spoofed url can be fooled in many cases. Actually, it's not the source code because, for security reasons, that resides in a server side script that controls what can be viewed. But, these scumbags can easily replicate the front screen of a website by just lifting the html code and duplicating it.

Difficult to suss unless one knows a bit about how these things work.

regards
Printer Friendly | Permalink |  | Top
 
DU AdBot (1000+ posts) Click to send private message to this author Click to view this author's profile Click to add this author to your buddy list Click to add this author to your Ignore list Wed May 01st 2024, 03:49 AM
Response to Original message
Advertisements [?]
 Top

Home » Discuss » DU Groups » Computers & Internet » Computer Help and Support Group Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators

Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC