Too Cool for Internet Explorer

Monday, February 7, 2005

Browser Exploit Affects Safari

This is serious, people:

New Nasty Cross-Browser Exploit, Safari Included

The infamous Schmoo group revealed a nasty, nasty browser exploit that works on all modern browsers that support IDN (international domain names), which does NOT include Internet Explorer (unless you’ve loaded a plugin to support IDN).


» Posted by ALBj at 08:23 PM (ET)
Category: News


Thus proving that hackers and scam artists simply want to affect anyone and everyone, regardless of choice of software.

» Posted by Queue
February 8, 2005 08:41 AM

Probably not as serious as some people seem to think. It seems as though it would be targeted primarily at the same people who are vulnerable to e-mail phishing scams, and anyone dumb enough to click on “Go to PayPal” links in their e-mail is probably not going to be smart enough to apply any patches against this, either.

Yes, the demo exploit is on a Web page, but getting someone to go to a malicious Web page in the first place is going to be a challenge. That said, all the Mozilla browsers have a very easy workaround (at least until a patch is available). IE and iCab aren’t vulnerable, because they don’t support IDN, which mostly leaves Safari.

Expect a Security Update from Apple within a week or two.


» Posted by Chris Lawson
February 8, 2005 12:04 PM

Sorry, due to comment spam abuse, new comments on this entry are closed until I find time to upgrade Movable Type and enable registration and moderation.