Major Mozilla Flaw revealed

Mozilla browsers (essentially Firefox and Netscape) have a serious flaw in them that allows one website url to appear to be the same as another url. The reason this is bad is that someone could, for example, send you an email containing a link to a dodgy site; the link would look like the link to a kosher site and even worse, if you clicked on the link the url in the address bar would look exactly like the url of the kosher site. The reasons behind this are explained at schmoo.com; unfortunately, it is very easy for a phisher to set up an exploitation for this vulnerability.

Schmoo.com explains that you can configure your browser to disable International Domain Name support. An alternative is to always go to customer-login sites by typing the url into the address bar. Note that even your bookmarks can store these 'dodgy' urls, and they'll still be listed as if they were a good url.

For once the Internet Explorer browser is unaffected, as Microsoft hasn't implemented the 'extended' character coding for urls.


Comments

It's quiet in here...Add your comment