Full Disclosure mailing list archives
Re: state of homograph attacks
From: Markus Wernig <listener () wernig net>
Date: Tue, 08 Feb 2005 01:18:01 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Peter Besenbruch wrote: | Markus Wernig wrote: | |> Yes, it does set network.enableIDN = false, but on startup this seems to |> get ignored. What I had to do to disable it (probably a brute hack): |> there's a line in ~/.mozilla/firefox/whatever.default/compreg.dat that |> reads along the lines of |> "{4byteshex-2byteshex-2byteshex-2byteshex-6byteshex},@mozilla.org/network/idn-service;1,,nsIDNService,rel:libnecko.so" |> |> |> The head of the file says "don't edit", but after deleting the above |> line, firefox wasn't able to resolve the punycode url anymore after a |> restart. | | | Unfortunately, Firefox 1.0 for Linux still displays punycode after | deleting the line. They demo on http://www.shmoo.com/idn/ still works. | Well, I do run FF 1.0 on linux here (1.0-r3 on gentoo, but I do realize that it's a source install, self-compiled), and even after re-enabling network.enableIDN in about:config, it _does_ display the unicode character (cyrillic "a") on the page, but does _NOT_ load the URL when clicking on any of the links. Funny detail: when hovering over the link, the status bar displays the paypal "lookalike", as soon as I click on it, it changes to "p%D0%B0ypal.com" - but that's probably more for a FF bugtracking list ... lg /m -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFCCAU58BX/d8pVi/cRAgzkAKDHVUxe2XQ4wnmyUVmtAaBQOFYbrwCcCza0 LQDHJMcvG1C4LsLUSjRssBE= =BYKL -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- state of homograph attacks fulldisclosure (Feb 06)
- Re: state of homograph attacks Simon Roberts (Feb 06)
- Re: state of homograph attacks Gerald Holl (Feb 07)
- Re: state of homograph attacks Richard Jacobsen (Feb 07)
- Re: state of homograph attacks Valdis . Kletnieks (Feb 07)
- Re: state of homograph attacks Markus Wernig (Feb 07)
- Re: state of homograph attacks Peter Besenbruch (Feb 07)
- Re: state of homograph attacks Markus Wernig (Feb 07)
- Re: state of homograph attacks Richard Jacobsen (Feb 07)
- Re: state of homograph attacks Nick FitzGerald (Feb 07)
- RE: state of homograph attacks Aditya Deshmukh (Feb 08)