mailing list archives
Re: state of homograph attacks
From: Markus Wernig <listener () wernig net>
Date: Mon, 07 Feb 2005 22:33:39 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Valdis.Kletnieks () vt edu wrote:
| On Mon, 07 Feb 2005 11:06:18 PST, Richard Jacobsen said:
|>Open up firefox, put about:config into the address bar, and then change
|>network.enableIDN to false by double clicking on it. If it is working
|>successfully, you should get a message "domainname.com could not be
|>when clicking on an IDN link. You shouldn't need to restart your browser.
| The actual bug referenced by Gerald is that if you use about:config to
| it *works* without having to restart, but at the next restart of the
| the setting no longer works...
Yes, it does set network.enableIDN = false, but on startup this seems to
get ignored. What I had to do to disable it (probably a brute hack):
there's a line in ~/.mozilla/firefox/whatever.default/compreg.dat that
reads along the lines of
The head of the file says "don't edit", but after deleting the above
line, firefox wasn't able to resolve the punycode url anymore after a
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
-----END PGP SIGNATURE-----
Full-Disclosure - We believe in it.