Mozilla/Firefox/Camino IDN Spoofing Security Issue

Mozilla / Firefox / Camino IDN Spoofing Security Issue

 

IDN Spoofing Workaround posted

Mon 7th Feb 2005 9:46pm
IDN Spoofing Issue

FYI

Ramona

 

Is this with just extentions and pluginns, or any downloads?
This is a scary one. I have the Spoofstick installed, and, at least in NS7.2 it got fooled. I guess that the usefulness of the Spoofstick must be limited.

 

Ramona

I have spoofstick installed in FF 1.0. I went to the Secunia test link and was indeed spoofed. My spoofstick said I was on Paypal site (Liar, Liar pants on fire!)

I did the IDN workaround and restarted FF. The test page said it could not find Paypal. Is that what is supposed to happen?

Should we tell the Spoofstick Author that their extension isn't working on the IDN issue?

I was sitting here all fat and happy thinking spoofstick was protecting me. I told my wife that the address in the location bar is where you want to go and the address in the spoofstick bar is where you actually end up. She is doing her end zone dance as I type.

 

Me too... test revealed my spoofstick was fooled. So? What do we do now? Should we dump spoofstick since it is no longer reliable?

 

I will, probably, contact them, although it may be too late with their pants on fire!
I did contact them. Also, I have been getting the site not found, with the fix.

 

Westside,

Good for you, contacting the Spoofstick author, and set his pants on fire until he upgrades his extension.

I too get site not found, since I commented out the line in compreg.dat.

Ramona

 

For Netscape 7.2 and Mozilla users, the compreg.dat file is located here:

C:\Program Files\mozilla.org\Mozilla\components
C:\Program Files\Netscape\Netscape\components.

Ramona

 

If you use Safari, you can use following JavaScript (Bookmarklet) to detect IDN spoofing.

Code:

javascript:alert(%22The real URL is: %22 + location.protocol + %22//%22 + location.hostname + %22/%22 + %22\nThe address URL is: %22 + location.href + %22\n%22 + %22If the server names do not match, this may be a spoof.%22);

Simply copy above code to your location bar OR add to your bookmark (as bookmarklet).

 

Ramona,

Since I did the IDN to compreg.dat, I get on some web page , a page full of question marks and symbols. Do you get the same?

Antony,

Does your code have anything to do with Firefox? The Safari seems to be for Macintosh computers.

 

Bill per your Webpage link (Wireless-G PCI Adapter - WMP54G) the following results ....
XP/sp2/Firefox 1.0 --- displayed page properly, no unusual characters.
w98/Mozilla 1.7.5 ---- displayed page properly, no unusual characters.

Both of the above computers / browsers have the IDN temporary workaround applied.

 

Thanks for looking Dennis.

Would you believe that the page looks fine now? I cleared my cache just now. Maybe that had something to do with it.

 

No problem - glad to help.

 

Bill,

Better late than never! Glad that clearing Cache eliminated the problem.

Ramona

 

This is to explain an edit I made to one of my earlier posts: 8th February 2005 16:50

Don't make the compreg.dat file "Read Only ", as it can cause serious problems down the road.

 

SpoofStick .. Version 1.05 for Firefox now available.
Addresses the recently discovered Mozilla "IDN "

Have installed the above extension.
When running Secunia Browser IDN Spoofing Test page,

SpoofBar displays ........... www.xn--paypl-7v.com
My Address bar displays .. http://www.paypаl.com/

If you have applied the manual work-around and install the above extension, you do NOT have to re-edit the workaround. When installing extensions or themes, compreg.dat gets regenerated. If you uninistall Spoofstick 1.05, you should reapply the manually fix.

My 2 cents worth ... I think I'm going back to manual fix.
It's automatic in the sense it will NOT allow the above type of IDN spoof page to be displayed. I'll wait for Mozilla group to address the problem / solution via the browser.