Threat Level: green Handler on Duty: Basil Alawi S.Taher

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2005-09-10 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Firefox Vulnerability

Published: 2005-09-10
Last Updated: 2005-09-10 18:08:42 UTC
by Koon Yaw Tan (Version: 1)
0 comment(s)
On yesterday diary about Firefox vulnerability, in case you wonder how to get to the site, "What Mozilla users should know about the IDN buffer overflow security issue", here is the link.
Keywords:
0 comment(s)

Netscape URL Domain Name Buffer Overflow

Published: 2005-09-11
Last Updated: 2005-09-11 00:37:23 UTC
by Koon Yaw Tan (Version: 2)
0 comment(s)
Netscape also suffers similar URL Domain Name Buffer Overflow as Firefox. The vulnerability has been confirmed in versions 8.0.3.3 and 7.2. Other versions may also be affected. Currently there is no solution available besides not to browse untrusted websites. You can read the details at Secunia.

[Update 1]
Below is contributed by Juha-Matti on a workaround on this issue:

Manual about:config method for disabling IDN support works fully in Netscape Browser 8 (the newest version 8.0.3.3 was tested) too due to the same Firefox codebase.

Netscape 8 has the same about:config preference "network.enableIDN" in use and the same Filter dialog box when searching the exact preference name. A xpi patch file is not purposed to Netscape, because it will modify the UA string directly (adding "no IDN").

Instructions (same as Mozilla.org FF/Mozilla):
1. Type about:config into the address field and hit Enter.
2. In the Filter toolbar, type network.enableIDN.
3. Right click on the the network.enableIDN item and select Toggle to change value to false.

Keywords:
0 comment(s)

Family News Network of the ICRC - Hurricane Katrina

Published: 2005-09-10
Last Updated: 2005-09-10 17:21:17 UTC
by Koon Yaw Tan (Version: 1)
0 comment(s)
The International Committee of the Red Cross (ICRC) has setup a website to allow people to seek information about relatives who may be affected by the hurricane. The website allows you to register your address so that you can be contacted by others. It may also help you to locate people who may be affected by the hurricane.

However, note that the ICRC has no means of verifying the information sent through the network and thus cannot accept responsibility for any inaccurate information made available on the website.

You can find more details at http://www.familylinks.icrc.org/katrina.
 
Thanks to Melvin. 
Keywords:
0 comment(s)
Diary Archives