Monday, February 07, 2005

Slashdot | Shmoo Group Finds Exploit For non-IE Browsers:" Shmoo Group Finds Exploit For non-IE Browsers Posted by Hemos on Monday February 07, @10:30AM from the even-mozilla-is-guilty dept. shut_up_man writes "Saw this on Boing Boing: East coast hacker con Shmoocon ended today and they had a nasty browser exploit to show off... using International Domain Name (IDN) character support to display fake domain names in links and the address bar. Their examples use Paypal (with SSL too) and this looks very useful for phishing attacks. Interesting note that it works in every browser *except* IE (which makes this exploit a lot less dangerous in the end, I suppose)."v The reason IE isn't vulnerable is because it doesn't natively support IDN; with the right plug-in, it too is vulnerable. "
11:15:18 AM    

Thirteen patches planned in next Microsoft security update. Microsoft has telegraphed its plans to release 13 security patches as part of its regular monthly security update next Tuesday. [Computerworld News]

That's tomorrow.

11:09:29 AM