|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-Disclosure] state of homograph attacks
From: Markus Wernig (listener
wernig.net)
Date: Mon Feb 07 2005 - 15:33:39 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Valdis.Kletnieksvt.edu wrote:
| On Mon, 07 Feb 2005 11:06:18 PST, Richard Jacobsen said:
|
|
|>Open up firefox, put about:config into the address bar, and then change
|>network.enableIDN to false by double clicking on it. If it is working
|>successfully, you should get a message "domainname.com could not be
found"
|>when clicking on an IDN link. You shouldn't need to restart your browser.
|
|
| The actual bug referenced by Gerald is that if you use about:config to
set it,
| it *works* without having to restart, but at the next restart of the
browser,
| the setting no longer works...
|
Yes, it does set network.enableIDN = false, but on startup this seems to
get ignored. What I had to do to disable it (probably a brute hack):
there's a line in ~/.mozilla/firefox/whatever.default/compreg.dat that
reads along the lines of
"{4byteshex-2byteshex-2byteshex-2byteshex-6byteshex},mozilla.org/network/idn-service;1,,nsIDNService,rel:libnecko.so"
The head of the file says "don't edit", but after deleting the above
line, firefox wasn't able to resolve the punycode url anymore after a
restart.
krgds /markus
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCB96y8BX/d8pVi/cRAtyWAJwKetoAuGeeh8z4s4sGHKoq7yaPnwCgj2BB
QhmbAv3HPQRoFyGV48gHddY=
=HMJk
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]