February 08, 2005
Firefox Exploit
For those of you who use Firefox (which should be all of you), there's a homograph exploit that could cause you to fall prey to various phishing scams. There's more information here and here. About twelve hours later, a version that allows you to fix the problem was made available. So, download it, install it, type "about:config" in the address bar and set "network.enableIDN" to "false". I'm inclined to agree that this is largely Verisign's fault, not the browser's, but nevertheless, it's something to be aware of. There are slightly simpler fixes (which you'll find looking at the links I've posted), but none are as permanent as the one I've linked. However, keep in mind that installing an extension wipes this one out, too. I trust the Firefox developers will have this fixed soon, so for now the hack works. Unfortunately, the hack makes the spoofed links return a 404 rather than something else, so it just looks like a broken link. Still, that's better than the consequences of falling for the exploit.
While on the subject of phishing, I'll round out my PSA with a quiz that tests your ability to spot phishing scams.