SmoothWall | News

» Company Information » Case Studies & Testimonials » Press, Reviews & PR » Key Staff Biographies » News Archive » Events » Jobs

» Cyberbullying Best Practice » Secure Wireless » Anonymous Proxies » Load Balancing » Blocking Ultrasurf and HTTPS proxies » Virtualized Web Filtering » Guide to Safe Social Networking » ROI Calculator

- Unified Threat Management - » UTM-1000 Series Appliance » UTM-300 Series Appliance » UTM-100 Series Appliance - Web Content Filtering - » Guardian SWG-1200 Series Appliance » Guardian SWG-700 Series Appliance - Full Product List -

- Web Content Filtering - » Network Guardian » School Guardian » Mobile Guardian - Firewall & VPN - » Advanced Firewall » Corporate Firewall - Email Security - - Bandwidth Management - - Full Product List -

» Find a Partner » Become a Partner » PartnerNet this is a link to external content

» Support from SmoothWall » Submit a Support Ticket this is a link to external content

» FAQ & Knowledge Base » Hardware Compatibility this is a link to external content

» Manuals » Supported Products » Blocklist Addition/Removal this is a link to external content

» Password Generator

» Ask a Question » Request Web Demo » Evaluate

Company - Here you can read about SmoothWall the company, customer case studies, PR, staff bios, news, events and careers opportunities »

Solutions -
Contains information on applying our products to solve real world problems »

Software - Contains information on all of our software products »

Hardware - Contains information on our hardware appliance family »

Partners - Here you can locate your nearest SmoothWall partner, read about how to become a partner or, if you are a partner, access selling tools, products for download and services »

Support - Here you can submit a support request, read FAQs and answers, download the latest documentation, find out which products are supported, submit web and IP address to our blocklist management system and generate high strength passwords »

Contact Us - Contains information on how to get in touch with our offices; enables you to ask our sales team a question, request a web demo or product evaluation; lists our PR contacts; and submit a support request »

home » news »

Firefox Fends Off Paypal Fraudsters, Microsoft Browsers Still Bugged

Tuesday 6th October 2009

On Monday, a hacker published a counterfeit (null-prefix) SSL certificate for PayPal that exploits a hole in Microsoft browsers to appear legitimate to unsuspecting users of the online payment service.

Internet Explorer, Google Chrome and Apple Safari (for Windows) are all vulnerable because they all use the same Crypto API to parse SSL certificates. Even though the certificate is obviously fraudulent, when used with a hacking tool called SSLSniff it fools all three browsers and displays a spoofed results page without warnings, so users click through happily to a bogus login page with legitimate-looking 'https' credentials. This is the very definition of a 'Man in the Middle' attack and is alarming because thousands of other financial sites rely on this same technology.

Although Microsoft was alerted to the exploit over nine weeks ago, it has yet to issue a fix, and meanwhile, PayPal say they are working on a technical workaround.

Until Microsoft issues a patch we would advise Windows users (Apple, like Mozilla have already plugged the hole) to access the PayPal site using Firefox (versions 3.5 or 3.0.13 or later).

Guardian users will also be pleased to hear that update #14 (issued in August) augments the existing certificate checking features to recognize SSL certificates that have been 'broken' in this particular way, and hence protects against this critical vulnerability.

More information: The Register

Bookmark this SmoothWall article:
	Digg »		Delicious »		StumbleUpon »

The SmoothWall family of Internet security solutions helps schools, enterprises and small/medium businesses to prevent misuse, block objectionable content and protect against web related threats. Delivered and supported via a global network of partners in over 60 countries, SmoothWall's commercial and open source solutions now safeguard more than a million networks worldwide.

Home	Web Filter \| UTM Appliance \| Firewall \| K12 & Schools \| Web Filtering Appliance