[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] state of homograph attacks
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: Re: [Full-Disclosure] state of homograph attacks
- From: Markus Wernig <listener@xxxxxxxxxx>
- Date: Tue, 08 Feb 2005 01:18:01 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Peter Besenbruch wrote:
| Markus Wernig wrote:
|
|> Yes, it does set network.enableIDN = false, but on startup this seems to
|> get ignored. What I had to do to disable it (probably a brute hack):
|> there's a line in ~/.mozilla/firefox/whatever.default/compreg.dat that
|> reads along the lines of
|>
"{4byteshex-2byteshex-2byteshex-2byteshex-6byteshex},@mozilla.org/network/idn-service;1,,nsIDNService,rel:libnecko.so"
|>
|>
|> The head of the file says "don't edit", but after deleting the above
|> line, firefox wasn't able to resolve the punycode url anymore after a
|> restart.
|
|
| Unfortunately, Firefox 1.0 for Linux still displays punycode after
| deleting the line. They demo on http://www.shmoo.com/idn/ still works.
|
Well, I do run FF 1.0 on linux here (1.0-r3 on gentoo, but I do realize
that it's a source install, self-compiled), and even after re-enabling
network.enableIDN in about:config, it _does_ display the unicode
character (cyrillic "a") on the page, but does _NOT_ load the URL when
clicking on any of the links.
Funny detail: when hovering over the link, the status bar displays the
paypal "lookalike", as soon as I click on it, it changes to
"p%D0%B0ypal.com" - but that's probably more for a FF bugtracking list ...
lg /m
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCCAU58BX/d8pVi/cRAgzkAKDHVUxe2XQ4wnmyUVmtAaBQOFYbrwCcCza0
LQDHJMcvG1C4LsLUSjRssBE=
=BYKL
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html