Subscribe
About

Phishing flaw in non-MS browsers?

By Damian Clarkson, ITWeb junior journalist
Johannesburg, 08 Feb 2005

Phishing flaw in non-MS browsers?

A researcher is warning of a security weakness that could let an attacker spoof Web sites on non-Microsoft browsers, news.com reports.

Speaking at the ShmooCon hacker convention this weekend, security expert Eric Johanson says the problem arises because certain browsers support a standardised way of representing domain names in the letters or characters of any language.

The standard, called Internationalised Domain Names, allows companies to register domain names that appear to be the same in different languages.

That encoding scheme could enable an attacker to create a fake Web site for a phishing scam, he says. A spoofed link would seem to be a legitimate URL in the address bar of affected browsers -Opera, Apple Computer`s Safari, and the Mozilla and Firefox browsers.

But instead of taking the victim to the trusted site, the link would lead to a fake site with a domain rendered as the same address under the IDN process.

Sub $100 laptop in the works

MIT`s Media Labs founder says he is developing a Linux-based laptop that will sell for less than $100 (R600).

Nicholas Negroponte told the BBC that he hoped it would become an education tool in developing countries, adding that one laptop per child could be "very important to the development of not just that child but now the whole family, village and neighbourhood".

He described the device as a stripped down laptop, which would run a Linux-based operating system. "We have to get the display down to below $20, to do this we need to rear project the image rather than using an ordinary flat panel.

"The second trick is to get rid of the fat - if you can skinny it down you can gain speed and the ability to use smaller processors and slower memory."

The device will probably be exported as a kit of parts to be assembled locally to keep costs down.

Simplifying cell phone Linux

MontaVista Software yesterday launched a programme to make it simpler for cell phone makers and wireless carriers to use the Linux operating system.

According to zdnet, mobile phone companies, Motorola, NEC and Panasonic all have partnerships with Montavista. In addition, NTT Docomo just invested $3 million in the embedded systems specialist.

Marketing VP Peder Ulander says there are difficulties in ensuring Linux and higher-level software works well with the wide variety of components used in cell phones, adding that it generally takes 16 to 18 months to get all the hardware and software working together.

As a result, MontaVista is launching MobilLinux Open Framework, a collection of software packages and specific chip hardware designed to work together, so phone makers can reduce integration time.

Phone spammers named and shamed

The Federal Communications Commission (FCC) published a list of Web sites yesterday that the agency says transmits unwanted e-mail and text messages to cell phones.

According to AP, cell phone companies submitted the domain names to the FCC, and the list deals only with sites that spam cell phone users.

Sites on the list have 30 days to stop transmitting unwanted e-mail messages, unless the recipient has given permission to receive the message.

Share