Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'IDN Spoofing Vulnerability and a temp Safari Fix' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
IDN Spoofing Vulnerability and a temp Safari Fix
Authored by: theocrates on Feb 11, '05 11:03:13AM

Oops. Forgot to add that I also tried using SpoofStick in Firefox and discovered, using the Secunia web site spoof test, that it in fact does not reveal the URL accurately.

Can anyone else confirm this, too?



[ Reply to This | # ]
IDN Spoofing Vulnerability and a temp Safari Fix
Authored by: Code Masseur on Feb 14, '05 02:31:02PM

The value of SpoofStick w.r.t. this vulnerability depends on the font being used and the international character chosen in the URL. I've seen one example of this detected by SpoofStick on a Mac, but another totally missed by SpoofStick a PC.

If SpoofStick doesn't consistently help the user detect these kinds of vulnerabilities, what is the point of using it? Hopefully the author releases a patch to address this.



[ Reply to This | # ]