[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: browser security flaws not being addressed

* paul wrote:

> I'm surprised it's taking so long for the mozilla (and opera) folks to  
> address these security issues, which sound pretty severe, if you're doing  
> banking and such on line.
> http://www.theregister.co.uk/2005/02/07/browsers_idn_spoofing/
> http://itmanagement.earthweb.com/secu/article.php/3440971

This is NOT a browser flaw per se IDN is just a stupid idea! What an
easy way to allow people to spoof domains and certificates!

The folks at opera have alledgedly said, according to one online
resource, that they have correctly implemented IDN and will not be
making any changes. I quite believe they have implemented IDN correctly,
that was never in question.

In the meantime any URL with xn-- in it should be avoided unless you
know the implications.

To disable IDN support in firefox:

and a trustbar for firefox which shows IDN/SSL info:



Reply to: