02/07/2005, 11:35am, EST
Monday, February 7th
Security hole threatens Safari, Firefox, others
Filed under: troubleshooting
,
, 18
,
,
,
,
02/07/2005, 11:35am, EST
Monday, February 7th
Filed under: troubleshooting
,
, 18
,
,
,
,
PowerBookMedic will fix any Powerbook, iBook, iPod: We offer Parts, Hard Drives, Superdrives, Ram Upgrades & Repairs all backed up w/ our 1YR Warranty!
Check Out the VIERA from Panasonic!: Enter a New Visual Era with Panasonic VIERA HDTVs. An Enhanced Experience.
Sony Entry-Level Data Projectors With HDMI!: Universally Seen As The Perfect Choice For Education & Business. Bright, Stylish, Easy To Use!
Find Computer Hardware: Local Computer Parts & Retailers - PCs, Macs, Desktops, Laptops.
Apple Cider Vinegar Diet Tabs on Sale: Apple cider vinegar promotes weight loss. The biggest drawback has always been the awful taste and smell! Now, apple cider vinegar is being offered in easy-to-swallow, tablets!
Buy from The Apple Store, iTunes.com, Amazon.com, TechDepot, OfficeDepot, Computers4Sure, or donate.
subscribe to comments
for this article
Enter about:config in the address bar and click Go or hit Enter.
Scroll down to the network.enableIDN preference and double-click so the value is says "false".
The problem is that the setting will be ignored the next time Firefox is started and will have to be reset each time the browser is launched (even if the pref says "false").
This is a pure abuse and disregard of the rules set for IDN handling, where top-level registrars are supposed to be as restrictive as possible in handing out IDN coded domain names. Of course, the ICANN turns a blind eye on the .com, .net and .org TLDs, opening up a can of worms in regard to phishing. Other TLDs are supposed to stick with their alphabet only to minimise problems, but some TLDs have not honoured this ( like Poland f.ex. - they would happily register "ibm·com.pl" - see a possible conflict with "ibm.com.pl" ? :)
http://www.shmoo.com/idn/homograph.txt
Notice the timeline at the end of the document. They reported the problem to the vendors January 19, 2005, and published details of the exploit yesterday (February 6). Does security etiquette call for more time than that? I thought at least 60 days was the norm.