Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'IDN Spoofing Vulnerability and a temp Safari Fix' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
IDN Spoofing Vulnerability and a temp Safari Fix
Authored by: theocrates on Feb 11, '05 10:58:56AM

Thanks, Hao, for the quick fix. Me and the rest of the Mac community thank you.

Just one problem, however. I tried SaftLite the first day you posted it, and I've found that it crashes Safari whenever I try to go to cnn.com. I haven't had any problems with other sites so far, so I really can't confirm if it's just that one site. Anyone else experience similar problems?

Incidentally, I have the SIMBL bundle for Pith Helmet installed, as well as Ecamm's Download Comment bundle. But I can't say for certain if they are causing the issue.



[ Reply to This | # ]
IDN Spoofing Vulnerability and a temp Safari Fix
Authored by: theocrates on Feb 11, '05 11:03:13AM

Oops. Forgot to add that I also tried using SpoofStick in Firefox and discovered, using the Secunia web site spoof test, that it in fact does not reveal the URL accurately.

Can anyone else confirm this, too?



[ Reply to This | # ]
IDN Spoofing Vulnerability and a temp Safari Fix
Authored by: Code Masseur on Feb 14, '05 02:31:02PM

The value of SpoofStick w.r.t. this vulnerability depends on the font being used and the international character chosen in the URL. I've seen one example of this detected by SpoofStick on a Mac, but another totally missed by SpoofStick a PC.

If SpoofStick doesn't consistently help the user detect these kinds of vulnerabilities, what is the point of using it? Hopefully the author releases a patch to address this.



[ Reply to This | # ]
IDN Spoofing Vulnerability and a temp Safari Fix
Authored by: gboudrea on Feb 11, '05 11:06:42AM

I also crashed Safari a couple of times when using PHPMyAdmin (inserting a row... or editing a row... crash when submiting the change).



[ Reply to This | # ]
IDN Spoofing Vulnerability and a temp Safari Fix
Authored by: KingDoom on Feb 11, '05 01:56:42PM

Saft and PithHelmet do not work together very well anymore. Hao has no plans to change this (see the Saft website). Because of this, I have had to uninstall Saft :-(



[ Reply to This | # ]
IDN Spoofing Vulnerability and a temp Safari Fix
Authored by: disinfor on Feb 15, '05 09:52:18AM

Pithhelmet and SaftLite definitely don't get along. I kept crashing and had to go back and think about what changed.

removed saftlite and sure enough safari works again. I should just switch to Firefox



[ Reply to This | # ]