The Schmoo Group (http://www.shmoo.com/) 0wned Firefox and basically
everything except IE with International Domain Support. It might be a wise
security move to turn this functionality off in your browsers until updated
versions address the vulnerability, as phishing scams are expected to erupt
utilizing this exploit shortly.
1) Goto your Firefox address bar. Enter about:config and press enter.
Firefox will load the (large!) config page.
2) Scroll down to the line beginning network.enableIDN -- this is
International Domain Name support, and it is causing the problem here. We
want to turn this off -- for now. Ideally we want to support international
domain names, but not with this problem.
3) Double-click the network.enableIDN label, and Firefox will show a dialog
set to 'true'. Change it to 'false' (no quotes!), click Ok. You are done.
4) Go check out the shmoo demo (above) again and notice it no longer works.
I used #Develop for a while and was impressed with how far it has come in the last year. It appears to be a very good development effort overall, although it is not as feature rich as VS.NET (or Eclipse, from which it seems to take its inspiration). The only issues I had with it was the tendency to change UI toolkits every couple of releases (I preferred the Magic library to whatever it is they are using now), and the lack of an integrated debugger. Of course, it is an open source, plugin based architecture, so I am sure contributers will be stepping up soon. As far as good free alternatives, you could do a lot worse than this one. They also have some very interesting documentation if you are interested in writing plugin-based apps in general.
Slashdot Mirror
Details here: http://www.shmoo.com/idn/homograph.txt
Watch the exploit in action here: http://www.shmoo.com/idn/
To patch this (in most browsers):
1) Goto your Firefox address bar. Enter about:config and press enter. Firefox will load the (large!) config page.
2) Scroll down to the line beginning network.enableIDN -- this is International Domain Name support, and it is causing the problem here. We want to turn this off -- for now. Ideally we want to support international domain names, but not with this problem.
3) Double-click the network.enableIDN label, and Firefox will show a dialog set to 'true'. Change it to 'false' (no quotes!), click Ok. You are done.
4) Go check out the shmoo demo (above) again and notice it no longer works.
I believe it does this for communication with the google website, so your desktop results show up alongside web results.
Ummmm...maybe not everyone wants to use Firefox? Maybe MS is targetting users who actually like and use MSN? They do exist, you know.
I used #Develop for a while and was impressed with how far it has come in the last year. It appears to be a very good development effort overall, although it is not as feature rich as VS.NET (or Eclipse, from which it seems to take its inspiration). The only issues I had with it was the tendency to change UI toolkits every couple of releases (I preferred the Magic library to whatever it is they are using now), and the lack of an integrated debugger. Of course, it is an open source, plugin based architecture, so I am sure contributers will be stepping up soon. As far as good free alternatives, you could do a lot worse than this one. They also have some very interesting documentation if you are interested in writing plugin-based apps in general.