Linux and Spywares - lack of reading

Robert Storey y2kbug at ms25.hinet.net
Thu Feb 17 12:53:53 UTC 2005


On Thu, 17 Feb 2005 00:44:14 -0500
Gene Heskett <gene.heskett at verizon.net> wrote:

> On Wednesday 16 February 2005 20:02, Robert Storey wrote:
> 
> >Let me add to what I wrote above. You can (and should) turn off the
> >internationalization feature in Mozilla and Firefox.
> >
> >"The attack can be disabled in Firefox and Mozilla by setting
> >'network.enableIDN' to false in the browser's configuration (enter
> >about:config in the address bar to access the configuration
> > functions). The Mozilla development team today made this the
> > default setting. Users who want IDN support will be able to turn it
> > on, but will be warned about the risks involved."
> 
> I've done this, to copies of both that are about a month old.  Is this
> 
> really sufficient?

Yes, that's all you really need to do to stop this particular exploit.
Of course, that's no guarantee that some other exploit won't be
uncovered in the future.

I guess it should be pointed out that IDN support is not a bug, it's a
feature. Unfortunately, it's a feature that could be used by those with
a mind to do evil.

cheers,
Robert




More information about the fedora-list mailing list