# Fix FireFox 1.0 spoofing issue



## betterpc (Dec 18, 2004)

The problem is caused due to an unintended result of the IDN (International Domain Names) implementation, which allows using international characters in domain names.

Visitors believe they are on a trusted site, but they are not.

Read more...


----------



## mach9 (Jan 26, 2004)

Thanks betterpc for the link and information. :up:


----------



## dugq (Jul 16, 2004)

This problem effects all non-IE browsers (arr, the irony)

Safari users can look here

http://forum.osnn.net/showthread.php?t=55474

There doesnt seem to be a Opera fix yet but you can use Proxomitron, downloaded here (its a very good program which I would highly recommend even without this problem), install and setup instructions can be found in there too

http://www.sankey.ws/proxomitron.html

With the filter set here (install instructions are in the readme file)

http://www.kye-u.com/proxo/forums/index.php?showtopic=131&st=225entry3846

This should work on any other PC browser


----------



## mach9 (Jan 26, 2004)

For more information: http://www.slashdot.org/ and http://www.mozillazine.org/talkback.html?article=6073. The filter addition is one way of approaching this. Another-temporary one is to type in your address bar about:config , hit enter. Scroll down to 'network.enableIDN'. Rt-click and go to toggle click to change value to false. Mozilla is working on better long term solutions. This entry is the default on all current builds. Checkout the above articles for a much fuller discussion.


----------



## dugq (Jul 16, 2004)

Unfortunately the "network.enableIDN" changes back when you restart Firefox.


----------



## guitarman1 (Nov 27, 2004)

dugq said:


> Unfortunately the "network.enableIDN" changes back when you restart Firefox.


Isn't this why you download 'Spoofstick' extension ! I downloaded it a couple of months back ,it seems to work fine. Another excellent extension to FF is rightclick MS IE ,very handy for those occaisional sites that don't work properly in FF (MS sites, some bank sites and others) FF :up:, IE :down:


----------



## dugq (Jul 16, 2004)

Yep, soopfstick was updated a few days ago to fix the problem


----------



## mach9 (Jan 26, 2004)

dugg:

I've started and restarted Firefox a number of times since the about:config, find network.enableIDN and toggle value to false fix. It's still there, same as I set it "false". Have used spoofstick for months and recently installed the new version. Also did the adblock filter thing. Three pronged attack on the issue. Hope all these work until the "final fix" is in.  Probably "overkill".


----------



## dugq (Jul 16, 2004)

My bad, although the network.enableIDN is still set to false after a restart, it will no longer pass the spoof test (although yours will since you have installed the other fixes).


----------



## mach9 (Jan 26, 2004)

dugg- :up:


----------



## Kenny94 (Dec 16, 2004)

Here's a javascript code to check spoofed URLs. Right click your address bar and select delete, and copy and paste the code below to your address bar and press enter. Works with most browsers. Try it on this site. Enjoy........

javascript:alert("Actual URL address: " + location.protocol + "//" + location.hostname + "/");


----------



## Stoner (Oct 26, 2002)

Thanks Kenny94 :up:......


----------



## dugq (Jul 16, 2004)

Hi kenny94, I tried that on the shmoo test sites http://www.shmoo.com/idn/ as well as http://www.pаypal.com/ and I couldn't get it to work.


----------



## Stoner (Oct 26, 2002)

Kenny?

I tried dugq's paypal url and the script didn't work for me 




edit: now I see the difference. The first 'a' in paypal is of a smaller font, I didn't recognize the difference immediately.


----------



## Kenny94 (Dec 16, 2004)

Bingo! Stoner you caught it. Again, enjoy......


----------



## dugq (Jul 16, 2004)

I hate to be a pain, but I think this depends upon the fonts which are installed, I've unistalled all but the fonts I regularly use and this is what I get


----------



## Stephen47 (Oct 4, 2002)

I tried to install this extension but it doesn't seem to download and install. What am I doing wrong?


----------



## dugq (Jul 16, 2004)

What extension are you talking about, there have been two mentioned, Adblock and Spoofstick?


----------



## Stephen47 (Oct 4, 2002)

Adblock


----------



## dugq (Jul 16, 2004)

Personally I'm no expert on firefox and rarely us it, although I know that adblock is a useful extension even without this threat. But it isn't very likely that you will get many replies to your question in this thread. Try posting the question in the web and email section, you will probably get a quicker answer.


----------



## Stoner (Oct 26, 2002)

Stephen47 said:


> I tried to install this extension but it doesn't seem to download and install. What am I doing wrong?


Make sure that you have the option to instal checkmarked.
Go tools>options>web features and place a checkmark in the box "allow web sites to instal software"

Hope that helps


----------



## dmonixed (Feb 12, 2005)

http://secunia.com/multiple_browsers_idn_spoofing_test/
this sites the one that i used to test my browser and it worked when you do the test it will be a secunia.com page but in the url it will say paypal.com if you fail the test, and im gonna try betterpc's links instructions rigth now and let you know how that goes...ok i installed adblock and entered the new rule or whatever and it seems to work becuase before on the webpage for the test a page showed up but now it will not work but all other links and pages work, wheww(wipes my forhead) that had me sweatin a little bit, now i gotta fix my moms pc, and she uses paypal alot i hope she hasnt been hijacked in any case im gonna have her change her account info asap, thanks for the link betterpc....and Stephen47, u have to have allow all websites to install like someone said and then you will get a popblock type message at top of webpage because you have to allow that webpage to install if that doesnt work must be some other issue


----------



## dugq (Jul 16, 2004)

Opera press releases
Opera Tackles Phishing: Second Beta of the Opera Browser Available Today
Oslo, Norway - February 25, 2005

Opera Software ASA today released the second Beta version of its next browser, which includes an answer to the recent security debate over Web site spoofing. In this Beta, the browser displays security information inside the address bar, located next to the padlock icon that indicates the level of security present on a site.

The small, yellow security bar appears on secure sites and displays the name of the organization that owns the certificate. By clicking on the bar the user has access to more information about the validity of the certificate. These anti-spoof measures help users make educated decisions about a site's validity and security.

"One of the most important measures to counter phishing attacks is the use of security certificates," says Christen Krogh, Opera's Vice President of Engineering. "The challenge for browser vendors is to better explain the verification of certificates and to make the user more aware of this additional verification before entering into secure transactions."

To address Internationalized Domain Names (IDN) concerns, Opera's second Beta only displays localized domain names from certain top level domains (TLD). Opera selects TLDs that have established strict policies on the domain names they allow to be registered. This ensures that users who depend on IDN, for example when accessing sites under .jp or .kr, will have a favorable user experience.

Opera will regularly update its list of trusted TLDs, ensuring maximum protection and the best possible user experience.

Opera stands behind its statement made to Beta News on Feb. 18, 2005, asserting that the IDN problem is not one that can be solved alone, but rather together with other browser vendors, domain name registries, certificate authorities and other members of the Internet community. Opera has taken the initiative to assemble a group to evaluate joint solutions.

What else to look for in Opera's Beta 2:
Easier customization and skinning
Online Certificate Status Protocol (OCSP) verifies that the certificate has not been revoked by the certificate authorities
Atom newsfeeds

Beta 2 is available for download at http://www.opera.com/download/?ver=8.0b2

For a complete list of features, view the changelog at http://www.opera.com/windows/changelogs/800b2/

Users must be aware that a beta should be used for preview purposes only, as it is not a final product and does not contain all the features that are expected with the final release.


----------



## jdl (Jan 4, 2005)

The Mozilla Foundation on Thursday released its first security update to Firefox, comprising a series of patches intended to prevent *spoofing and phishing* attacks and fix glitches that cause the browser to crash.

The security update, Firefox 1.0.1, can be downloaded immediately at http://www.mozilla.org/, and it will be available within a few days via Firefox's automatic update feature.

The file is an executable...just click and it will install over version 1.0.


----------

