Netcraft toolbar was the only tool to warn me here...

Hi malware fighters,

Take the test with FF or Flock. When you have the Netcraft toolbar installed it prevents you from going to the spoofed URL: http://secunia.com/internet_explorer_address_bar_spoofing_test

link: http://toolbar.netcraft.com/
The Netcraft toolbar may not run on FF 3.0b2.
In about:config create a new boolean extensions.checkUpdateSecurity and set its value to false
Nota Bene: You need to be aware that this bypasses a security measure, potentially someone could replace an add-on update with some malware. See:
https://bugzilla.mozilla.org/show_bug.cgi?id=378216
Downloadlink for Netcraft toolbar add-on:
http://toolbar.netcraft.com/

polonus

Well I don’t have the Netcraft toolbar just FF 2.0.0.13 and I got a warning, see image. I don’t know if this has anything to do with NoScript, possibly XSS protection.

I even clicked Yes just to see if the test would work, but even doing this I didn’t seem to have the vulnerability as I ended back at the same page and not displaying microsoft.com in my address bar.

Since this is supposed to be an IE test what is the reason for suggesting we try it using FF or flock ?

Also, notice that your status bar (lower left corner of IE) only displays "http://www.microsoft.com" when holding the mouse cursor over the link.

This too fails as my status bar shows the full munged URL.

http://www%2Emicrosoft%2Ecom%01%00@secunia.com/internet_explorer_address_bar_spoofing_test/

I tried to install the extension on Vista and FF 3b4. It tells you the extension is not updated enough (for Vista) and the installation fails! :o

You may not need the netcraft toolbar, just try the test first without it. I don’t have it and my standard version of FF didn’t fall for the vulnerability, read my post again.

Opera didn’t fall for the vulnerability either.

In FF3b4 without netcraft (impossible to install anyway) the link looks like normal, no phishing at all. We need an urgent update from Netcraft here!!! ::slight_smile:

So FF3b4 is less secure than FF2.0.0.13, I would be very surprised if that is the case.

Do you have noscript installed ?

??? When I put the pointer on the link to the test site, the status bar of my Firefox 3 beta 4 without the Netcraft add-on shows

[nobbc]http://www.microsoft.com@secunia.com/internet_explorer_address_bar_spoofing_test/[/nobbc]

And when I try to proceed, there comes a warning with yes/no buttons.

You are about to log in to the site "secunia.com" with the username "www%2Emicrosoft%2Ecom%01%00", but the website does not require authentication. This may be an attempt to trick you.

Is “secunia.com” the site you want to visit?

It’s beta, so in some cases, it could be possible but I wonder if this is the case.

Even when I temporally permit the secunia site, I still see the same thing.

I.E.7 passed the test.

@ Rumpelstiltskin
From your reply #5 it looks like you failed the test rather than passed as you mentioned the link looks normal, normal would have been only seeing microsoft.com and not secunia.

You are also getting an alert about possible trick, so again you are passing the test. So a0 you don’t need the netcraft toolbar and they theoretically don’t need to update it to work with the beta as the beta passes the test.

I wonder if there is a strange bug in your Firefox. ;D I may have quoted gdiloren’s post at reply #5 but didn’t write it by myself: You appear to have mistaken me for gdiloren.

I’m sorry to repeat, I have FF 3 b4 and NoScript (last version on) but NOTHING, NOTHING, tells me anything wrong about that site. :o

Oops ;D your right, I was looking at your quotes and saw gdiloren at the top so assumed incorrectly that was who it was from.

Okay, I clicked the link and ended up with page can not be displayed and in the address bar

http://www.microsoft.com%00@secunia.com/internet_explorer_address_bar_spoofing_test/

on the staus bar when hovering over the “Click Here To Preform Test” link

http://www.microsoft.com%00@secunia.com/internet_explorer_address_bar_spoofing_test/

Did I do this right?

Clicking the link should really have given a Confirmation window, Yes, No with the text that it might be trying to trick you. Like the image that I posted.

However, at least the status bar displays that the link is somewhat strange and that it doesn’t display and shows clearly in the address bar. So I would say that was a ‘qualified’ success.