On Thu, 17 Feb 2005 08:50:55 +0800 Robert Storey <y2kbug@xxxxxxxxxxxxxx> wrote: > No, not really the downloading of a program. Rather, to get you to > click to go to a web site that will look just like Citibank or Amex so > that you enter confidential info that will then be recorded. > > >From what I understand, Mozilla will now ship with the > internationalization features turned off by default. The article you > were referring to (worth reading!) was publicised on Slashdot: > > http://slashdot.org/article.pl?sid=05/02/15/1922215&tid=154&tid=1 > > cheers, > Robert Let me add to what I wrote above. You can (and should) turn off the internationalization feature in Mozilla and Firefox. "The attack can be disabled in Firefox and Mozilla by setting 'network.enableIDN' to false in the browser's configuration (enter about:config in the address bar to access the configuration functions). The Mozilla development team today made this the default setting. Users who want IDN support will be able to turn it on, but will be warned about the risks involved." -- Robert
