Abracadabra URL FilterTry it / Buy it... – Free for home users Abracadabra URL Filter fixes a recently discovered flaw in Microsoft Internet Explorer that makes it easy for someone to scam you out of personal information such as passwords or credit card details by disguising their website as a trusted site, such as your bank or service provider.
The flaw is known as the “URL Spoofing Vulnerability”, and was originally discovered by the researcher “Zap the Dingbat”.
The vulnerability occurs when there is a non-printable character in a URL. The non-printable character and any that follow it are not shown in the IE address bar. By combining this with a browser feature used to pass usernames to authenticate with a website, a specially crafted URL can make you believe you are browsing a trusted website, when you are not.
The original example by Zap the Dingbat is here: http://www.zapthedingbat.com/security/ex01/vun1.htm
The Microsoft write up is here: http://support.microsoft.com/?id=833786
Secunia have a write up here: http://www.secunia.com/advisories/10395/
They also have a test page for the issue here: http://www.secunia.com/internet_explorer_address_bar_spoofing_test/ Which gives a demonstration of the vulnerability.
There is a better test page here: http://johannes.homepc.org/ievuln.html Which has tests for several incarnations of the vulnerability.
Abracadabra URL Filter works with all of the tests on these pages. How it worksURL Filter works by disabling browsing to any URL that includes non-printable characters. When a URL with any non-printable characters is encountered, an error message is displayed.
As with any Shareware product, you should try before you buy. Please download the software and evaluate it using the test pages mentioned above to ensure it works on your system before you buy. LicensingURL Filter is free for home users, for a single PC. For business users, or home users with multiple PCs to protect, the cost is $US1 per PC, with a minimum purchase of $5. PlatformsAbracadabra URL Filter protects Internet Explorer 5.0 or higher.
|
||
Unless otherwise stated
Co. Tyrone
Northern Ireland