Subscribe to magazine

Macworld Forums: Firefox, Safari, others struck by spoofing flaw - Macworld Forums

Jump to content

  • (2 Pages)
  • +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

Firefox, Safari, others struck by spoofing flaw

#15 User is offline   Duke_Thomas Icon

  • Member
  • PipPip
  • Group: Members
  • Posts: 757
  • Joined: 25-May 01

Posted 08 February 2005 - 05:19 PM

In reply to:

then again.. personally, I either enter my secured pages by typing them or by a previously created bookmark... never from a link.

The example they gave was for PayPal. Suppose we look at PithHelmet's page. Also suppose that you want to pay for PithHelmet, so you click "purchase", at which point you have a "buy now" button that transfers you to paypal with certain hidden form inputs (see the source). In order for your method to work, you would have to navigate to PayPal directly and enter that hidden information yourself. I don't see a way to do that.
0

#16 User is offline   pcharles Icon

  • Member
  • PipPip
  • Group: Members
  • Posts: 489
  • Joined: 23-February 04

Posted 08 February 2005 - 09:03 PM

Oh! My! God! Lets all switch to Windows! I hear they will have a beta out by December and will be adding the flaw at that time! /forums/ubbthreads/images/graemlins/tongue.gif
0

#17 User is offline   Tau_Myx Icon

  • Member
  • PipPip
  • Group: Members
  • Posts: 245
  • Joined: 30-May 04

Posted 08 February 2005 - 11:11 PM

I've seen the same thing happen here on the Mac boards where someone uses an upper case "i" to substitue for a lower case "L" Like this:
Paypall
PaypaII
The second "Paypall" is actually "i"s
But still, I wonder why the people who designed Unicode made multiple binary codes resolve to the same letter.
0

#18 User is offline   Tau_Myx Icon

  • Member
  • PipPip
  • Group: Members
  • Posts: 245
  • Joined: 30-May 04

Posted 08 February 2005 - 11:22 PM

I suppose one fix would be to have the browser check for URLs that mix characters from different languages and highlight the alternate language character in red, or something.
0

#19 User is offline   d_escartes Icon

  • Member
  • PipPip
  • Group: Members
  • Posts: 33
  • Joined: 01-August 04

Posted 08 February 2005 - 11:36 PM

All very tebut does all this mean it is no longer to online shop or do one's banking?
Is the solution:
a) do not click links
b) type in URL's or use Bookmarks?
Any advice appreciated ;-)
Till then, I, like many, I suspect, will stop online shopping and banking
0

#20 User is offline   d_escartes Icon

  • Member
  • PipPip
  • Group: Members
  • Posts: 33
  • Joined: 01-August 04

Posted 08 February 2005 - 11:52 PM

All very techienteresting but does all this mean it is no longer safe to online shop or do one's banking?
Is the solution:
a) do not click links
b) type in URL's or use Bookmarks?
Any advice appreciated ;-)
Till then, I, like many, I suspect, will stop online shopping and banking
0

#21 User is offline   johnd0e Icon

  • Member
  • PipPip
  • Group: Members
  • Posts: 741
  • Joined: 28-March 02

Posted 09 February 2005 - 01:05 AM


    [*]for paranoid souls, a solution to avoid this problem (ignoring the minor drawbacks in usability [ hey, you get a bit more speed and save ressources /forums/ubbthreads/images/graemlins/tongue.gif] ) is quite simple: use dillo, lynx or links [/*]

    [*]for firefox, there is a nice plugin, which tells you -visually- on which website you are spending/wasting your time right now : Spoofstick
    [/list]
0
  • (2 Pages)
  • +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

2 User(s) are reading this topic
0 members, 2 guests, 0 anonymous users