http://www.edbott.com/weblog/archives/000449.html Last month, I predicted that as Firefox became more popular it would face more and more attacks from the Internet’s dark side. A security bulletin issued today appears to identify the first widespread security exploit aimed at non-Microsoft browsers. Ironically, you’re protected if you use Internet Explorer, but you’re vulnerable if you use most Mozilla-based browsers, including Firefox 1.0; this vulnerability also affects Safari 1.2.5 (Macintosh) and Opera 7.54, and perhaps other versions of those browsers as well. Here’s how it works: You visit an innocent-looking Web page or receive a seemingly authentic e-mail. You click a link that appears to take you to a trusted site (the security advisory uses PayPal as an example) using your default browser, Firefox. The URL in the Address bar says you’re at PayPal’s site, and the locked padlock icon in the lower right corner indicated that you’re on a secure site. The only trouble is, you’re not at PayPal’s site. You’ve just landed at a site owned by someone who wants to steal your information, and even a careful and suspicious visitor can be fooled by this exploit. The exploit happens because of a flaw in the way these browsers handle “punycode” – links that use codepages and scripts that are similar to Latin-based characters. And the same technique could be used for any site. A demonstration of the exploit appears here: http://www.shmoo.com/idn/ Don’t worry, the demo is harmless. But a scam artist who can cut and paste HTML source code can turn the landing page into an exact duplicate of PayPal’s site, or your online banking portal, or a shopping site, or anything they want. This sort of scam will fool a lot of people. The only indication that you’re not at the correct site appears if you choose the option to use a secure logon and check the security certificate. Even then,... en-us http://www.texas----holdem.us online poker texas holdem texas hold'em texas hold'em]]>