Robert Storey wrote: > "The attack can be disabled in Firefox and Mozilla by setting > 'network.enableIDN' to false in the browser's configuration (enter > about:config in the address bar to access the configuration > functions). The Mozilla development team today made this the > default setting. Users who want IDN support will be able to turn it > on, but will be warned about the risks involved." Gene Heskett replied: > I've done this, to copies of both that are about a month old. Is this > really sufficient? Robert answered. > Yes, that's all you really need to do to stop this particular exploit. > Of course, that's no guarantee that some other exploit won't be > uncovered in the future. You can test at http://secunia.com/multiple_browsers_idn_spoofing_test, or *possibly* by following this link: http://www.paypÐl.com/ (depending on how your e-mail and/or browser is set up). Hope this helps, James. -- James Wilkinson | Say it with flowers, send a triffid. Exeter Devon UK | E-mail address: james | @westexe.demon.co.uk |
