Free Safari plugin to detect IDN url spoofs

Discussion in 'Macintosh' started by SPeedY_B, Feb 8, 2005.

  1. SPeedY_B

    SPeedY_B I may actually be insane.

    Messages:
    15,800
    Location:
    Midlands, England
    As mentioned on the front page and Windows Security section, there's a new exploit which affects most browsers except IE (ooooh) this of course, includes Safari for the Mac.

    Until Apple issue an official patch/update, you can get a free app from the following URI which will help prevent any security breaches from this exploit: http://haoli.dnsalias.com/Saft/Download/
     
  2. Geffy

    Geffy Moderator Folding Team

    Messages:
    7,805
    Location:
    United Kingdom
    cool, I will install this on my mac shortly
     
  3. SPeedY_B

    SPeedY_B I may actually be insane.

    Messages:
    15,800
    Location:
    Midlands, England
    Would seem it works, just tried the proof of concept links:

    [​IMG]
     
  4. NetRyder

    NetRyder Tech Junkie Folding Team

    Messages:
    13,256
    Location:
    New York City
    Excellent :up:
     
  5. SPeedY_B

    SPeedY_B I may actually be insane.

    Messages:
    15,800
    Location:
    Midlands, England
    It's not perfect though, it was throwing up the message at me whilst using Google earlier... not had a problem since (with google or any other site). As long as it stops the genuine spoofs though, all is well :)
     
  6. X-Istence

    X-Istence * Political User

    Messages:
    6,498
    Location:
    USA
    I just don't trust any site anymore :p.

    I don't trust sites linked in email messages in the first place, and that is where most the spoofs are coming from.

    Punycode was created for the wrong reasons, DNS is ASCII, which is not bad in particular, except that it does not support umlauts and other characters. So what needs to happen is DNS needs to support unicode characters.