lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4208A5F3.28028.D6FA503@localhost>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: state of homograph attacks

Valdis Kletnieks wrote:

> The actual bug referenced by Gerald is that if you use about:config to set it,
> it *works* without having to restart, but at the next restart of the browser,
> the setting no longer works...

At least in the standard (binary distribution) Windows build of Mozilla 
1.0 the bug is even worse in that once you've properly set 
network.enableIDN to "false" and restarted Mozilla, about.config still 
shows the value of network.enableIDN as "false", even though the 
browser is now actually running with IDN support.


Regards,

Nick FitzGerald

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ