[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] state of homograph attacks
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: Re: [Full-Disclosure] state of homograph attacks
- From: Markus Wernig <listener@xxxxxxxxxx>
- Date: Mon, 07 Feb 2005 22:33:39 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Valdis.Kletnieks@xxxxxx wrote:
| On Mon, 07 Feb 2005 11:06:18 PST, Richard Jacobsen said:
|
|
|>Open up firefox, put about:config into the address bar, and then change
|>network.enableIDN to false by double clicking on it. If it is working
|>successfully, you should get a message "domainname.com could not be
found"
|>when clicking on an IDN link. You shouldn't need to restart your browser.
|
|
| The actual bug referenced by Gerald is that if you use about:config to
set it,
| it *works* without having to restart, but at the next restart of the
browser,
| the setting no longer works...
|
Yes, it does set network.enableIDN = false, but on startup this seems to
get ignored. What I had to do to disable it (probably a brute hack):
there's a line in ~/.mozilla/firefox/whatever.default/compreg.dat that
reads along the lines of
"{4byteshex-2byteshex-2byteshex-2byteshex-6byteshex},@mozilla.org/network/idn-service;1,,nsIDNService,rel:libnecko.so"
The head of the file says "don't edit", but after deleting the above
line, firefox wasn't able to resolve the punycode url anymore after a
restart.
krgds /markus
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCB96y8BX/d8pVi/cRAtyWAJwKetoAuGeeh8z4s4sGHKoq7yaPnwCgj2BB
QhmbAv3HPQRoFyGV48gHddY=
=HMJk
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html