Chrome and Firefox Phishing

[Tippon]

A new phishing attack has been identified that affects Chrome and Firefox. There’s a manual fix for Firefox (including Tor), and Chrome will be fixed in a new update.

https://www.wordfence.com/blog/2017/04/chrome-firefox-unicode-phishing/

[Richard]

Thank you Tippon; warning, be careful how you search in Firefox . If you do it the wrong way you will not find the entry – I missed it the first time.

All corrected now, so thank you.

[Bob Williams]

Many thanks Tippon, sorted that. Addition to Richard’s warning: mistake can be made if you do not type “about:config” in the LOCATION bar. (the bar directly underneath the Firefox tab.)

I picked that up by reading your comment Richard, which made me think, thanks.

When the Thought Police arrive at your door, think -
I'm out.

[doctoryorkie]

+1. :good:

Laptop T420 i5 8GB SSD 2x Spinners Optimus GFX
HTPC 5350 8GB SSD 2x Spinners Antec 300
Desktop 2700K 16GB Revo x2 GTX570SC Antec900
Server N54L 8GB SSD 6x Spinners HD6450

[Richard]

Apparently the problem has been splashing about in the mud for years, perhaps as far back as 2005 without anyone taking action.

[Bob Williams]

Richard wrote:

Apparently the problem has been splashing about in the mud for years, perhaps as far back as 2005 without anyone taking action.

Well, we just did Richard!  :good: :yahoo:

 

When the Thought Police arrive at your door, think -
I'm out.

[Richard]

Bob Williams wrote:

Richard wrote:

Apparently the problem has been splashing about in the mud for years, perhaps as far back as 2005 without anyone taking action.

Well, we just did Richard!

I meant to put in place a fix, though apparently IE is not affected, or so I am told. The problem sort of comes with stop gaps adopted without thinking them through at the technical level, in spite of several past attempts to start a solution.

Edited typos.

[Ed P]

Richard wrote:

Bob Williams wrote:

Richard wrote:

Apparently the problem has been splashing about in the mud for years, perhaps as far back as 2005 without anyone taking action.

Well, we just did Richard!

I meant to put in place a fix, though apparently IE is not affected, or so I am told. The problem sort of comes with stop gaps adopted without thinking them through at the technical level, in spite of several past attempts to start a solution. Edited typos.

Unless things have changed IE is completely vulnerable. I’m not certain about Edge as I do not have a Phishing example to use.

link

[Tippon]

@edps There’s an example site in the link above  :good:

[Ed P]

It will not work in Edge because the certificate is forged.

[Richard]

Ed P wrote:

Richard wrote:

Bob Williams wrote:

Richard wrote:

Apparently the problem has been splashing about in the mud for years, perhaps as far back as 2005 without anyone taking action.

Well, we just did Richard!

I meant to put in place a fix, though apparently IE is not affected, or so I am told. The problem sort of comes with stop gaps adopted without thinking them through at the technical level, in spite of several past attempts to start a solution. Edited typos.

Unless things have changed IE is completely vulnerable. I’m not certain about Edge as I do not have a Phishing example to use. link

I do not usually use IE, but I tried it this morning and the response was to not show the spoofed result but to show the address in garbled characters, just as the modified Firefox does. This will not stop numpties but should give others fair warning. I cannot be bothered to try Edge as I find it too slow and hard to figure out what Edge is doing, besides I have to take someone to hospital shortly.

[Author]

Posts