Security Issue w/ Safari 1.2.5

durandaldurandal
Posted:
in Mac Software edited January 2014
Hey everyone,



FYI, a security flaw that allows "phishing" has been found in the implementation of IDN (International Domain Names). Safari uses this implementation as well:



http://www.shmoo.com/idn/homograph.txt (advisory)

http://www.shmoo.com/idn/ (example exploit)



Greetings,

durandal

Comments

  • Reply 1 of 2
    jake bulletjake bullet Posts: 49member
    Until a better solution comes along set this as a bookmark and click it before you start entering details. It will expose this particular 'scam'



    javascript:alert("The%20real%20URL%20of%20this%20s ite%20is:%20"%20+%20location.protocol%20+%20"//"%20+%20location.hostname%20+%20"/");
  • Reply 2 of 2
    durandaldurandal Posts: 277member
    Quote:

    Originally posted by jake bullet

    Until a better solution comes along set this as a bookmark and click it before you start entering details. It will expose this particular 'scam'



    javascript:alert("The%20real%20URL%20of%20this%20s ite%20is:%20"%20+%20location.protocol%20+%20"//"%20+%20location.hostname%20+%20"/");



    Hey, works fine - gr8 idea
Sign In or Register to comment.