Slashdot Mirror


Mozilla Drops Support for International Domains

tsu doh nimh writes "Netcraft has the story that Mozilla has decided to drop support for international domain names in future versions of its Firefox Web browser. The decision comes after demonstrations by the Schmoo Group that the feature can be used to aid in phishing scams and other browser naughtiness." From the article: "The attack can be disabled in Firefox and Mozilla by setting 'network.enableIDN' to false in the browser's configuration (enter about:config in the address bar to access the configuration functions). The Mozilla development team today made this the default setting. Users who want IDN support will be able to turn it on, but will be warned about the risks involved."

6 of 365 comments (clear)

  1. Drops? by Scrameustache · · Score: 5, Insightful

    There's a difference between "drops support" and "sets that option to 'off' by default", you know.

    --

    You can't take the sky from me...

  2. Re:Drops? by bob65 · · Score: 4, Insightful

    No they didn't. They temporarily changed the default. Support for it certainly is still there.

  3. We need to tighten up web certificates by EsbenMoseHansen · · Score: 4, Insightful

    Well, you wouldn't trust a site that doesn't present a valid certificate. The problem is that obtaining such is too expensive for many.

    We need a reliable way for the a domain owner to get a certificate issued for that domain. This is mostly a bureaucratic problem, which could be solved, people willing.

    --
    Religion is regarded by the common people as true, by the wise as false, and by rulers as useful.
  4. Re:Fix it now. by Neurowiz · · Score: 4, Insightful

    Nope. Did exactly that. about:config, clear cache, restart Firefox, test at secuna - wham. The spoof still works.

    The Adblock method of stopping this (mentioned earlier) is a nice workaround. Adblock has become quite a useful tool.

    --
    Neurowiz
  5. It's like curing calluses by chopping the legs off by melted · · Score: 4, Insightful

    It's like curing calluses by chopping the legs off. It's about time that someone with a brain came in and fixed this phishing problem once and forever. Disabling international domains is not a solution. Remember, majority of the population of this planet doesn't speak English. Why should they NOT use their native alphabet?

  6. Re:That's False by interiot · · Score: 4, Insightful

    I dunno... when your entire security is dependent on the user being able to notice slight pixel changes on the screen, something seems a little broken...