Mozilla Drops IDN Support Due to Flaw Mozilla developers are closing the door on phishing schemes that exploit a widely reported flaw in the Internationalized Domain Names (IDN) specification. Upcoming builds of Firefox 1.0.1, Mozilla 1.7.6 and Mozilla 1.8 beta will have IDN disabled as a temporary corrective measure to protect users from identity theft.
IDN is presently enabled by default in Firefox, Mozilla, Opera, and Apple's Safari Web browsers. Microsoft's Internet Explorer does not have native IDN support and therefore is not affected by the problem.
The flaw permits malicious users to "spoof" legitimate Web pages by taking advantage of how some Web browsers handle the Unicode unified character set utilized by IDN. A specially crafted link can mimic a trusted URL in a browser's address bar, SSL certificate and status bar, but take the user to another location.
Unicode is the globally recognized replacement for the US English only ASCII standard.
"This is obviously an unsatisfactory solution in the long term and it is hoped that a better fix can be developed in time for Firefox 1.1," read a statement issued by a Mozilla spokesperson. "For now, the Mozilla Foundation (and other browser vendors such as Opera Software) maintain that the problem is mostly the fault of domain name registries and registrars that let people register homographic variants of existing domain names." http://secunia.com-------------------------------------------------------------------------------
Gates promises new version of IE by midyearMicrosoft Corp. by midyear plans to release a test version of a new Internet Explorer browser that better protects users from scams and malicious code while they surf the Web, the company announced today.
Responding to a surge over the past year in online scams involving spyware, Microsoft has also decided not to charge for its antispyware product, Chairman and Chief Software Architect Bill Gates said in a keynote address at the RSA Conference 2005 in San Francisco.
"We have looked hard at the nature of this problem and have made the decision that this antispyware product will be available at no additional cost to Windows users," Gates said. "I am very excited that we have this technology, and it really addresses a burning need for our users."
Microsoft bought antispyware software maker Giant Company Software Inc. in December and released a beta of Windows AntiSpyware last month. Until today's announcement, the company hadn't said whether it would sell the product or give it away. Other companies, including traditional antivirus vendors, offer antispyware products.http://www.pcworld.com/news/article/0,aid,119686,00.asphttp://secunia.com
Printer-friendly format
Email this thread to a friend
Bookmark this thread
(1000+ posts)
Send PM |
Profile |
Ignore
