| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4207DEB3.5080707@wernig.net>
From: listener at wernig.net (Markus Wernig)
Subject: state of homograph attacks
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Valdis.Kletnieks@...edu wrote:
| On Mon, 07 Feb 2005 11:06:18 PST, Richard Jacobsen said:
|
|
|>Open up firefox, put about:config into the address bar, and then change
|>network.enableIDN to false by double clicking on it. If it is working
|>successfully, you should get a message "domainname.com could not be
found"
|>when clicking on an IDN link. You shouldn't need to restart your browser.
|
|
| The actual bug referenced by Gerald is that if you use about:config to
set it,
| it *works* without having to restart, but at the next restart of the
browser,
| the setting no longer works...
|
Yes, it does set network.enableIDN = false, but on startup this seems to
get ignored. What I had to do to disable it (probably a brute hack):
there's a line in ~/.mozilla/firefox/whatever.default/compreg.dat that
reads along the lines of
"{4byteshex-2byteshex-2byteshex-2byteshex-6byteshex},@mozilla.org/network/idn-service;1,,nsIDNService,rel:libnecko.so"
The head of the file says "don't edit", but after deleting the above
line, firefox wasn't able to resolve the punycode url anymore after a
restart.
krgds /markus
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCB96y8BX/d8pVi/cRAtyWAJwKetoAuGeeh8z4s4sGHKoq7yaPnwCgj2BB
QhmbAv3HPQRoFyGV48gHddY=
=HMJk
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists