Domain Phishing in Safari

Discussion in 'Mac Apps and Mac App Store' started by Hemingray, Mar 3, 2005.

  1. Hemingray macrumors 68030

    Hemingray

    Joined:
    Jan 9, 2002
    Location:
    Ha ha haaa!
    #1
    Okay, this may be old news to some, but I certainly didn't know about this: :eek:

    http://flashrocket.worldoptimizer.com/article/21/phishing-an-apple-with-idn-domains

    With IDN-Domains, apparently it's possible for a domain name to contain international characters that perfectly resemble English characters, yet are a completely different domain name.

    Now that's scary! :eek:

    [Edit: I tried to show the link to the fake apple.com website here, but apparently the forum won't display the weird "a" correctly... it shows up as a "?"]
     
  2. mkrishnan Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #2
    There is a plug-in fix, within SAFT, for Safari that addresses this: http://haoli.dnsalias.com/

    I think FF 1.0.1 also addresses this. Which reminds me... :rolleyes:
     
  3. Hemingray thread starter macrumors 68030

    Hemingray

    Joined:
    Jan 9, 2002
    Location:
    Ha ha haaa!
    #3
    Good news! According to Apple, the latest security update (05-003) has fixed this problem:

    http://docs.info.apple.com/article.html?artnum=301116

    I'm sure Apple jumped on this one quickly partly because flashrocket showed how easy it was to spoof the apple.com web site. Kudos to him! One less vulnerability to worry about.
     

Share This Page