|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-disclosure] Apple Safari: idn urlbar spoofing
From: Michal Zalewski (lcamtuf
dione.ids.pl)
Date: Mon Jun 25 2007 - 16:22:34 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, 25 Jun 2007, Larry Seltzer wrote:
> It looks different on my system: http://www.larryseltzer.com/safe2.png
> Safari 3.0.2 on XPSP2
Looks simply like a difference in system fonts used on your machines. The
attack relies on padding the hostname with Unicode characters that, for
the typeface used, are rendered as white spaces.
Whether Safari devs are to blame here exclusively, I'm not sure - IDN
concept is by itself pretty evil, and this can be viewed simply a clever
take on homograph attacks.
/mz
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]