Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

IDN Spoofing Vulnerability and a temp Safari Fix Internet
Robert Goldsmith pointed out this IDN spoofing vulnerability to me, and asked if I could make a Safari plug-in to fix this problem. So I did it ... it's called SaftLite and it can be downloaded from my website [94KB download].

This is a free plug-in, and it works only with the latest Safari version 1.2.4 (v125.12). I think Apple will soon release a security update, but in the mean time, Saft Lite is a good solution.

[robg adds: Hao Li is the author of the popular Saft extension set for Safari, which we've discussed here before. If you haven't seen this vulnerability in action, it's bad, as the above example shows. If you're a Firefox user, there are a couple of options: adding a filter to the AdBlock extension, or installing the SpoofStick extension, which will highlight the true domain behind any URL. I added SpoofStick, and it works great. I imagine all of the browsers will have patches out shortly, but until then, I'd recommend adding some sort of spoofing detector.]
    •    
  • Currently 2.60 / 5
  You rated: 3 / 5 (5 votes cast)
 
[5,963 views]  

IDN Spoofing Vulnerability and a temp Safari Fix | 11 comments | Create New Account
Click here to return to the 'IDN Spoofing Vulnerability and a temp Safari Fix' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
IDN Spoofing Vulnerability and a temp Safari Fix
Authored by: theocrates on Feb 11, '05 10:58:56AM

Thanks, Hao, for the quick fix. Me and the rest of the Mac community thank you.

Just one problem, however. I tried SaftLite the first day you posted it, and I've found that it crashes Safari whenever I try to go to cnn.com. I haven't had any problems with other sites so far, so I really can't confirm if it's just that one site. Anyone else experience similar problems?

Incidentally, I have the SIMBL bundle for Pith Helmet installed, as well as Ecamm's Download Comment bundle. But I can't say for certain if they are causing the issue.



[ Reply to This | # ]
IDN Spoofing Vulnerability and a temp Safari Fix
Authored by: theocrates on Feb 11, '05 11:03:13AM

Oops. Forgot to add that I also tried using SpoofStick in Firefox and discovered, using the Secunia web site spoof test, that it in fact does not reveal the URL accurately.

Can anyone else confirm this, too?



[ Reply to This | # ]
IDN Spoofing Vulnerability and a temp Safari Fix
Authored by: Code Masseur on Feb 14, '05 02:31:02PM

The value of SpoofStick w.r.t. this vulnerability depends on the font being used and the international character chosen in the URL. I've seen one example of this detected by SpoofStick on a Mac, but another totally missed by SpoofStick a PC.

If SpoofStick doesn't consistently help the user detect these kinds of vulnerabilities, what is the point of using it? Hopefully the author releases a patch to address this.



[ Reply to This | # ]
IDN Spoofing Vulnerability and a temp Safari Fix
Authored by: gboudrea on Feb 11, '05 11:06:42AM

I also crashed Safari a couple of times when using PHPMyAdmin (inserting a row... or editing a row... crash when submiting the change).



[ Reply to This | # ]
IDN Spoofing Vulnerability and a temp Safari Fix
Authored by: KingDoom on Feb 11, '05 01:56:42PM

Saft and PithHelmet do not work together very well anymore. Hao has no plans to change this (see the Saft website). Because of this, I have had to uninstall Saft :-(



[ Reply to This | # ]
IDN Spoofing Vulnerability and a temp Safari Fix
Authored by: disinfor on Feb 15, '05 09:52:18AM

Pithhelmet and SaftLite definitely don't get along. I kept crashing and had to go back and think about what changed.

removed saftlite and sure enough safari works again. I should just switch to Firefox



[ Reply to This | # ]
IDN Spoofing Vulnerability and a temp Safari Fix
Authored by: ms_t_rie on Feb 11, '05 11:49:28AM

Thank you for posting the link to the Firefox Adblock work-around! I've used Adblock for quite a while, but I didn't know it could fix things like that too :)



[ Reply to This | # ]
IDN Spoofing Vulnerability and a temp Safari Fix
Authored by: etrepum on Feb 11, '05 12:43:20PM

(a day) before the SaftLite update was released, I also developed a defense for this exploit: IDNSnitch

If you are having crashing problems with SaftLite, you may want to try mine instead. Though I don't plan to support it or anything, if any developer wants to crib the code and do something better with it -- go ahead, it's MIT licensed as it's a PyObjC example.

[ Reply to This | # ]

IDN Spoofing Vulnerability and a temp Safari Fix
Authored by: stonetownmike on Feb 11, '05 01:54:28PM

I guess SpoofStick works OK, but it's way ugly! Adblock is definitely the more elegant solution.



[ Reply to This | # ]
IDN Spoofing Vulnerability and a temp Safari Fix
Authored by: alajuela on Feb 14, '05 10:37:43AM

Interesting note: even though NetNewsWire uses, or so I thought, much of the webkit that Safari does, it does not succumb to this spoof. When I clicked on the spoofing test link in NNW, the address bar showed the correct URL behind the spoof.



[ Reply to This | # ]
IDN Spoofing Vulnerability and a temp Safari Fix
Authored by: Code Masseur on Feb 14, '05 02:36:23PM

When using Firefox, you may prevent this vulnerability by going to the URL about:config and setting network.enableIDN to false.

I believe this is a sufficient workaround until a permanent solution is released.



[ Reply to This | # ]