DISQUS

Hello! Climb to the Stars is using DISQUS, a powerful comment system, to manage its comments. Learn more.

Community Page

climbtothestars.org Jump to website »

Subscribe
- New Comments
Community
Top Commenters
- Lyonel Kaufmann
  30 comments · 1 points
- Stephanie Booth
  20 comments · 3 points
- Baudouin
  9 comments · 1 points
- Scott Jarkoff
  4 comments · 4 points
- notafish
  3 comments · 1 points
Popular Threads
Recent Comments
- Thanks for the mention, and good to meet you at last!
  8 months ago by David Terrar
  
  in Somesso - David Terrar: Building Sustainable Corporate Web Communities
- You are of course right with your remarks on Headshift not being a startup. See my longer reply at: http://blog.invisible.ch/2008/11/02/somesso/
  8 months ago by Jens-Christian Fischer
  
  in Somesso Startups
- The photos are missing, I'll add them. When I'm not about to drop, like right now.
  8 months ago by Stephanie Booth
  
  in Thomas Power: Shedding light on social networking for your business
- some thing about given the cosmetics and related products mentions as they are used
  8 months ago by perfume shop
  
  in Lush in Lausanne
- Very nice analysis and i think online community do search and get information also. http://www.oxyshopping.com
  8 months ago by Reetika
  
  in Somesso - David Terrar: Building Sustainable Corporate Web Communities

Climb to the Stars

Jump to original thread »

Problème de sécurité dans navigateurs non-IE (Firefox, Safari…)

Started by Stephanie Booth · 10 months ago

Un gros trou de sÃ©curitÃ© dans nos navigateurs, semble-t-il. Pour une fois, les utilisateurs de IE ne semblent pas avoir de soucis Ã Â se faire. Ne cliquez jamais sur les liens dans vos e-mails. ... Continue reading »

6 comments

Steph
4 years ago

En anglais, une explication plus explicite de comment ça fonctionne:

http://www.livejournal.com/users/rjl20/446919.html

En gros, IDN permet l'utilisation de caractères utf-8 dans les URL. Cet exploit utilise la ressemblance graphique de certains caractères pour envoyer l'utilisateur sur un autre site que celui qu'il imagine. Dans le "proof of concept" publié par le groupe Shmoo, le premier "a" de "paypal" est remplacé dans l'URL par un caractère dont la forme graphique ressemble à s'y méprendre à un "a" normal, mais qui est en fait un autre caractère.

reply

Steph
4 years ago

Une explication un peu plus technique en français (merci Corsac):

http://www.k-otik.com/bugtraq/bulletins/908

reply

Steph
4 years ago

Qui s'est endormi, Chris?

reply

chris waigl
4 years ago

C'est ta faute, avec notre discussion sur les allophones !! Bleah. J'ai changé le titre du billet, bien sur, mais pas le permalien.

reply

dr Dave
4 years ago

This potential exploit was mentioned, discussed, waved around and overall beaten to death when the idea of allowing unicode characters in domain names first came up, I'd say, about a full year ago. I do remember, among other thing, the usual 500+ thread on Slashdot at the time...

Whoever at Apple and Mozilla (and most of all the people who came with the RFC) didn't see that one coming is not only ridiculously stupid (unicode collisions and their dangers usually stand somewhere in the second paragraph in any text talking about encodings) but also very, very deaf.

reply

Timtom
4 years ago

Si jamais, le plugin Saft pour Safari permet d'afficher un message d'alerte s'il identifie une URL IDN et en affiche le contenu réel.

reply

Add New Comment

Returning? Login

DISQUS

Community Page

Subscribe

Community

Top Commenters

Popular Threads

Recent Comments

Climb to the Stars

Problème de sécurité dans navigateurs non-IE (Firefox, Safari…)

6 comments

Add New Comment