Tuesday, February 08, 2005

Firefox - Opera Users Beware

Browser feature could make scams easier

-quote from article -

The browser feature meant to permit Web addresses in Chinese, Arabic and other languages could encourage online fraudsters by making scam Web sites look legitimate to visitors. ... Officially, the Internet's Domain Name System supports only 37 characters - the 26 letters, 10 numerals and a hyphen.

But in recent years, in response to a growing Internet population worldwide, engineers have been working on ways to trick the system into understanding other languages.

Engineers have rallied around a character system called Unicode. The newly discovered exploit takes advantage of the fact that characters that look alike can have two separate codes in Unicode and thus appear to the computer as different. For example, Unicode for "a" is 97 under the Latin alphabet, but 1072 in Cyrillic.

Subbing one for the other can allow a scammer to register a domain name that looks to the human as "paypal.com," tricking users into giving passwords and other sensitive information at what looks like a legitimate site.
prying1 sez - Be careful out there - Bad guys want your money!
Better to take an extra minute and go through an extra step or two. - Contacting the scammer will only encourage them to send more spoofs.

If you want to do something about spoofs send the email with headers to the company in question addressed to abuse@companyname AND spoof@companyname - Return emails will let you know which one clicks. - I currently have: spoof@eBay.com, spoof@PayPal.com, abuse@yahoo.com, abuse@citibank.com plus several more.

scams@fraudwatchinternational.com is an excellent place to send the spoofs. Check out their site. - http://fraudwatchinternational.com/

For the 441/Nigerian scams I check the headers for the originating IP and carry that number to: http://www.domainwhitepages.com/ - from there I can find the IP the scammer has and forward the email with headers to them directly. Although sometimes the header may be forgedand the email is kicked back as "Not ours."

back to the article:

Some browsers, including Firefox, let users deactivate the other character sets but doing so is complicated and would cut off access to the relatively few sites that use non-English characters in their addresses.

A better solution is to always manually type Web address directly into a browser rather than clicking on a link sent via e-mail or even copying and pasting that link.

Update already - from - aliceandbill.com - an anonymous poster said this:

Type about:config in the address bar to access the configuration settings.

change 'network.enableIDN' to false (double click on theat line)
this disables the feature that allows the exploit.

I found a sample page, and information about it at http://www.shmoo.com/idn/ as well as the method of stopping it for mozilla based browsers.

The results of the change is that a faked address will not be found.
Try the sample on the page above before, and after making the change.

It's also fairly rare that you can fix a bug in IE by just changing a setting that doesn't have a major effect on the rest of the way you browse the web. Props to the response above. - David

prying1 checked it out further online, tried it and it does work - Send this one to those you love...