Re: The state of homograph attacks

Author	All Replies
BeesTea Network Janitor Premium,VIP join:2003-03-08 00000 1 edit	reply to BeesTea Re: The state of homograph attacks The workaround for firefox seems to be an edit to your compreg.dat. For windows c:\Documents and Settings\$USER\Application Data\Mozilla\Firefox\Profiles\default.random\compreg.dat For UNIX ~/.mozilla/firefox/default.random/compreg.dat Removing the line that references IDN makes the problem go away. Using Find, there was a single reference for the UNIX host and 2 for the Win32 host. Removing the lines and restarting the browser makes the attack fail regardless of the about:config/userprefs.js value. Here's an example entry. {4byteshex-2byteshex-2byteshex-2byteshex-6byteshex},@mozilla.org/network/idn-service;1,,nsIDNService,rel:libnecko.so Cheers, -BeesT -- echo 16i[q]sa[ln0=aln100%Pln100/snlbx]sbA0D4D465452snlb xq \|dc
	to forum · permalink · 2005-02-07 18:08:06 ·
Cudni La Merma - Vigilado Premium,MVM join:2003-12-20 Someshire kudos:13 1 edit	It works. After making a backup of compreg.dat i placed # to remark out the line BeesTea mentioned. Exploit fails Cudni
	to forum · permalink · 2005-02-07 18:18:18 ·

sybille Not only "just visiting" Premium join:2004-04-06 France	reply to BeesTea Confirmed on Linux, also. Thanks again, BeesTea .
	to forum · permalink · 2005-02-07 18:25:35 ·
SUMware Premium join:2002-05-21 kudos:2	reply to BeesTea On Win98 the file is located here: C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\default.xtu\compreg.dat And your fix works here, too!
	to forum · permalink · 2005-02-07 18:41:21 ·
EGeezer Summertime Premium join:2002-08-04 Midwest kudos:7 Reviews: ·Callcentric 1 edit	reply to BeesTea Re: BeesTea's fix - worked! It worked here too - BeesTea gets the medal! The applicable file and entry was found by searching for compreg.dat - found it in applications/data/Mozilla/firefox/profiles/... then searched for IDN and commented the line with "#". Also found compreg.dat in [drive]/program Files/Mozilla Firefox/Components too, but commenting the line in that file didn't fix it. (Using win98SE, current patches) EG
	to forum · permalink · 2005-02-07 20:24:09 ·
raydsltech join:2004-07-04 Concord, NC	reply to BeesTea Re: The state of homograph attacks thanks BeesTea for the great fix to a serious problem. i updated all the users on my and kids workstation. thanks again for the post!
	to forum · permalink · 2005-02-07 20:24:44 ·
Blackbird Built for Speed Premium join:2005-01-14 Fort Wayne, IN kudos:2	reply to BeesTea Well done, BeesTea!!! Your fix works perfectly!
	to forum · permalink · 2005-02-08 01:08:58 ·
huntandpeck join:2002-01-01 Alexandria, VA	reply to BeesTea said by BeesTea: The workaround for firefox seems to be an edit to your compreg.dat. I have sixteen compreg.dat files on my computer, but not a one labeled Firefox (the others are for Phoenix, Firebird61, Firebird7, Thunderbird). Win XP Pro sp1 What next? Cliff
	to forum · permalink · 2005-02-08 08:57:18 ·
Cudni La Merma - Vigilado Premium,MVM join:2003-12-20 Someshire kudos:13	Did you keep every single iteration of what is now Firefox starting with phoenix? If you don't have Firefox already maybe take latest nightly build where compreg.dat fix is not needed »forums.mozillazine.org/viewtopic···#1217051 file locations »www.mozilla.org/products/firefox···lefolder Cudni -- Whether you think that you can, or that you can't, you are usually right. Help yourself so God can help you..it does exactly what it says on the sig
	to forum · permalink · 2005-02-08 09:29:57 ·
huntandpeck join:2002-01-01 Alexandria, VA	said by Cudni: Did you keep every single iteration of what is now Firefox starting with phoenix? No, I didn't keep every one, but some of them apparently did not get removed. I think what happened once is that I removed the old program and ended up losing all my bookmarks, so I became reluctant to uninstall the others. I am now running Firefox 1.0. How can I get rid of everything and start again, but keep my bookmarks? Thanks, Cliff
	to forum · permalink · 2005-02-09 00:16:30 ·
redxii Premium,Mod join:2001-02-26 Sherwood, MI Reviews: ·Clear Wireless ·Suddenlink Host: Broadband Tweaks Suddenlink ISDN Fiber Optic AOL Broadband 1 edit	said by huntandpeck: I am now running Firefox 1.0. How can I get rid of everything and start again, but keep my bookmarks? Go to: C:\Documents and Settings\yourname\Application Data\Mozilla\Firefox\Profiles\68u373cy.default (This folder varies) Your bookmarks are bookmarks.html. The bookmarks.bak file doesn't really matter. -- Asus A7N8X-X, Athlon XP 2400+ @ 2.0GHz, 768MB Crucial DDR RAM (PC2100), GeForce FX 5600Ultra 128MB, Samsung SD-616T 16x DVD-ROM and Sony CRX215E1 48x24x48 CD-RW, 40GB & 120GB HDD. Why Linux sux
	to forum · permalink · 2005-02-09 00:26:01 ·
huntandpeck join:2002-01-01 Alexandria, VA	said by redxii: said by huntandpeck: I am now running Firefox 1.0. How can I get rid of everything and start again, but keep my bookmarks? Go to: C:\Documents and Settings\yourname\Application Data\Mozilla\Firefox\Profiles\68u373cy.default (This folder varies) Your bookmarks are bookmarks.html. The bookmarks.bak file doesn't really matter. I don't have any entry in my Doc&Set folder called Applications, and I went though every folder individually under both my name and All Users and did not find the file; however, a search for bookmark* turned it up (along with 218 other files and folders). I shudder to think of having to reinstall XP, along with all my applications, myriad upgrades, my network, recalibrate my monitors, and whatever else, but it would be the thing to do. Thanks, Cliff
	to forum · permalink · 2005-02-09 02:01:14 ·
shdesigns Powered By Infinite Improbabilty Drive Premium join:2000-12-01 Stone Mountain, GA Reviews: ·Atlantic Nexus	I had problems with dissapearing bookmarks after editing compreg.dat. BTW, use wordpad in windows, the file is in unix format and notepad will not edit it correctly. The bookmark likst was empty. I click on manage bookmarks and they all were there. After I closed the manage screen, the bookmarks returned again in the menu. Weird. -- Scott Henion Embedded Systems Consultant, shenion on #ATUhttp://shdesigns.org
	to forum · permalink · 2005-02-09 02:35:48 ·
B Premium,MVM join:2000-10-28	"Application Data" (not Applications) might be marked hidden and/or system. (On Win9x it's under the Windows directory.) It's a Microsoft thing. The Bookmarks file (along with other profile directory entities) should only be edited or manipulated while Mozilla/Fireweasel is SHUT DOWN. Otherwise your changes are not likely to take. It's a Mozilla thing. -- B -- In a realm outside causality and function
	to forum · permalink · 2005-02-09 11:03:08 ·
huntandpeck join:2002-01-01 Alexandria, VA	said by B: "Application Data" (not Applications) might be marked hidden and/or system. The Bookmarks file (along with other profile directory entities) should only be edited or manipulated while Mozilla/Fireweasel is SHUT DOWN. I have told my system to show hidden files and I know enough to shut the program down before editing the file; however, now that I've found my bookmarks file, I'm going to eradicate every trace of Mozilla-based programs I can find and start all over. Thanks, Cliff
	to forum · permalink · 2005-02-09 17:35:34 ·

Broadband Tech > Security > Security > The state of homograph attacks

Re: BeesTea's fix - worked!

Re: The state of homograph attacks