New Browser Spoofing Vulnerability

From:         Patrick Douglas Crispen 
Subject:      Tourbus - 7 Feb 05 - New Browser Spoofing Vulnerability

TODAY'S TOURBUS STOP[S]: New Browser Spoofing Vulnerability

The Internet Tourbus - U.S. Library of Congress ISSN #1094-2239
Copyright © Bob Rankin and Patrick Crispen - All rights reserved

Howdy, y'all, and greetings once again from deep behind the orange curtain in beautiful Irvine, California, the founding document of New Zealand.

TOURBUS is made possible by the kind support of our sponsors. Please take a moment to visit today's sponsors and thank them for keeping our little bus of Internet happiness on the road.

On with the show...

New Browser Spoofing Vulnerability Audience: Everyone who DOESN'T use Internet Explorer

It looks like there is a new browser spoofing vulnerability that-- brace yourself--DOESN'T affect Internet Explorer. No, really. Affected browsers include Mozilla, Firefox, Safari, Netscape Navigator, and Opera on both PCs and Macs. But NOT Internet Explorer.

The vulnerability displays fake domain names in both hyperlinks and your browser's address bar. Is this earth-shattering? No. Should you lose sleep over it? No. Should you at least know a little about it in order to protect your personal information should something strange happen? ABSOLUTELY!

To see this vulnerability in action, check out

http://www.netsquirrel.com/articles/mozilla_spoofing.html

Now for the REALLY bad news: There's no way to fix this problem. Yet. [Setting network.enableIDN to false in about:config doesn't work and even SpoofStick is fooled by these fake URLs, despite rumors to the contrary floating around the blogsphere.] Should you panic? As I said, no! But, until the browser gurus find a fix, you should take the following precautions:

1. DON'T TRUST HYPERLINKS IN HTML-FORMATTED EMAIL MESSAGES
(emails that display images and hyperlinks and look very much like web pages) even if those email messages are from your friends or family. This is especially true for hyperlinks in email messages from Amazon, AOL, eBay, PayPal, your bank, your credit card company, or any other company you normally do business with. If any web site, financial company, or commercial entity sends you an email asking you to click on a hyperlink in that email to update your account information, DO NOT CLICK ON THAT LINK. Because of this new spoofing vulnerability, you simply cannot trust hyperlinks in HTML- formatted emails to point to the correct URL.

2. BE SUSPICIOUS OF HYPERLINKS ON WEB PAGES YOU HAVE NEVER
VISITED BEFORE. To be completely honest, the chance of you running into a spoofed URL on a web page is pretty slim, and the chance is all but zero on the big .com sites you visit every day. More likely than not, the criminals will be spoofing URLs in email messages, not on Web pages. But, if you are at a web page you have never visited before, exercise a little caution. If something feels wrong, leave.

3. THE BEST WAY TO AVOID BEING HIJACKED BY A SPOOFED URL IS TO
MANUALLY TYPE THE URL USING YOUR BROWSER'S ADDRESS BAR. Remember, the spoof only affects hyperlinks in email messages and web pages, not addresses you manually key in to your browser's address bar. So,to be really safe, if you need to access your account information at Amazon, AOL, eBay, PayPal, your bank or financial institution, your credit card company, or any other company you normally do business with, manually enter the URL.

And stay tuned to Tourbus. When the browser manufacturers release patches, I'll make sure to tell you about them in one of my posts.

That's it for today. Have a safe and happy week, and we'll talk again soon.

           .~~~.  ))
 (\__/)  .'     )  ))       Patrick Douglas Crispen
 /o o  \/     .~
{o_,    \    {              crispen@netsquirrel.com
  / ,  , )    \            http://www.netsquirrel.com/
  `~  -' \    } ))    AOL Instant Messenger: Squirrel2K
 _(    (   )_.'
---..{____}                  Warning: squirrels.