« The emulsion of politics and election administration...MythTorrent »
Feb 08

Discourse.net: If You Use Firefox You Need To Read This

hacks, open source

Link: http://www.discourse.net/archives/2005/02/if_you_use_firefox_you_need_to_read_this.html

If You Use Firefox You Need To Read This

Someone has come up with a Firefox exploit - one that doesn't affect IE users!

You can find links to the details, at Boing Boing: Shmoo Group exploit. Here, however, is the simple info on how to protect yourself (probably):

  1. Goto your Firefox address bar. Enter about:config and press enter. Firefox will load the (large!) config page.

  2. Scroll down to the line beginning network.enableIDN - this is International Domain Name support, and it is causing the problem here. We want to turn this off - for now. Ideally we want to support international domain names, but not with this problem.

  3. Double-click the network.enableIDN label, and Firefox will show a dialog set to 'true'. Change it to 'false' (no quotes!), click Ok. You are done.

I say "probably" because even though this fix works for me, there are reports that it doesn't work for everyone. The test of the exploit is here.

UPDATE [2005-02-07 14:06]: This only works on a per-session basis... that is, if you quit Firefox and restart, the exploit works just as it did before. Checking network.enableIDN in about:config shows it still to be set to false. Setting it to true and then back to false does the trick. Although I don't want to do this every browser session! Crap.

UPDATE [2005-02-08 09:17]: Here is a permanent fix that actually works. Note: on Mac OS X with a recent version of FireFox 1.0 the compreg.dat file resides in:

~/Application Support/Firefox/Profiles/xxxxxxxx.default

Where the xxxxxxxx is different for every user.

2 comments

  1. § Ping said on : 02/07/05 @ 11:26
    Whoever implemented this feature for Firefox deserves to be smacked. Unicode is full of indistinguishable or invisible characters. I can't believe that the implementor missed such a blindingly obvious problem (and that the release manager allowed the patch). The person that did this clearly didn't bother to think about security or usability for even half a second.
  2. § joe® Email said on : 02/07/05 @ 11:36
    So true... I nominate Ping as the official hacker slapper. Incidentally, there's a whole suite of spoofs for the visual cryptography method of electronic voting (developed by David Chaum at Votegrity) that rely on a voter not being able to tell the difference between "George W. Bush" and "George W Bush" (or pixel-level permutations thereof). Humans just weren't made for technology. :)
Contact / Help. (cc) 2021 by Joseph Hall. blog tool / dedicated servers / authors.
Design & icons by N.Design Studio. Skin by Tender Feelings / Skin Faktory.
Entries RSS Comments RSS Log in
And a few words about the structure of the eye . Everyone " retina ". Especially often we hear it buy clomid online in the phrase " retinal detachment ." So what is the retina ? This - the front edge of the brain, the most distant from the brain part of the visual analyzer. The retina receives light first , processes and transforms light energy into irritation - a signal that encodes all the information about what the eye sees . The retina is very complex and in their structure and function . Its structure resembles the structure of the cerebral cortex. The shell of the retina is very thin - about 0.14 mm.