Linux and Spywares - lack of reading
Robert Storey
y2kbug at ms25.hinet.net
Thu Feb 17 12:53:53 UTC 2005
On Thu, 17 Feb 2005 00:44:14 -0500
Gene Heskett <gene.heskett at verizon.net> wrote:
> On Wednesday 16 February 2005 20:02, Robert Storey wrote:
>
> >Let me add to what I wrote above. You can (and should) turn off the
> >internationalization feature in Mozilla and Firefox.
> >
> >"The attack can be disabled in Firefox and Mozilla by setting
> >'network.enableIDN' to false in the browser's configuration (enter
> >about:config in the address bar to access the configuration
> > functions). The Mozilla development team today made this the
> > default setting. Users who want IDN support will be able to turn it
> > on, but will be warned about the risks involved."
>
> I've done this, to copies of both that are about a month old. Is this
>
> really sufficient?
Yes, that's all you really need to do to stop this particular exploit.
Of course, that's no guarantee that some other exploit won't be
uncovered in the future.
I guess it should be pointed out that IDN support is not a bug, it's a
feature. Unfortunately, it's a feature that could be used by those with
a mind to do evil.
cheers,
Robert
More information about the users
mailing list