7 matches found
China hit by massive DDoS attack causing the Internet inaccessibility for hours
During the weekend China's Internet was taken down by a powerful distributed denial of service DDoS attack on the .cn domain slowed and blocked Internet access inaccessibility for hours. Security expert clarified that China could have been perpetrated by sophisticated hackers or by a single...
China .cn Domain Available Again after DDoS Attack
Long fingered as the source of denial-of-service attacks and other hacks against foreign interests, China’s .cn domain was targeted on Sunday and approximately one-third of the sites registered to that domain were kept offline for a period of time. A statement from the China Internet Network...
DNS Changes in China Could Thwart Malware
Security researchers believe changes being made by the Chinese government to the DNS process could help limit the number of malicious sites using the .cn top-level domain. Read the full article. eWEEK...
firefox: does not properly prevent the literal rendering of homoglyph characters in IDN domain names (spoof URLs and conduct phishing attacks)
The Internationalized Domain Names IDN blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by...
Design/Logic Flaw
The Internationalized Domain Names IDN blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by...
Code injection
Apple Safari 2, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid...
Design/Logic Flaw
KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the product, which make...