2/9/05

Eudora and Firefox Exploits

Vulnerabilities were announced in two of my favorite computer tools on the same day. As slashdot reports, The Shmoo Group showed off a "nasty browser exploit ... works in every browser *except* IE".

All the other browsers support International Domain Name (IDN) characters. Check out the demo.

The funny thing is, I had seen this just last week in an email message that was supposed to come from (uh oh) paypal. [See addendum below] I slide my mouse over the URL and... what-ho! It still said it was taking me to the real paypal site. But, being the bright guys I am, I told Eudora to show me the message source (in a text editor) and I saw that it was actually going to take me to -- well click on the URL above and look at what you see and display the html (the source) and you'll see.

The good news is that it is easy to fix without a new version of Firefox. The workaround, according to mozillaZine is
by disabling IDN support. To do this, you will have to edit compreg.dat, which is located in your Firefox profile directory ( Common profile locations).

Open this file with a text editor which understands the line endings in it, such as Wordpad (or your favourite text editor on other platforms), and comment out all lines containing IDN by adding # at the start of the line.
A simpler way -- entering "about:config" in Firefox's URL window, finding "network.enableIDN," and changing the value to "false" -- did not work.

I read about the Eudora problem in my WatchGuard news feed. It requires an upgrade to Eudora or a switch to another e-mail client, such as Mozilla Thunderbird. I decided I would try to migrate to Thunderbird. I write about it here.

The suspect URL in my email was
http://www.paypal.com@aida-fans.de/phpkit/index.htm


Eric Johanson of The Shmoo Group wrote and corrected me:
This was using the 'username@domain' trick, which has been around for a while (and most of the browsers block or warn users these days).

No comments: