From:         Patrick Douglas Crispen 
Subject:      Tourbus - 16 Feb 05 - MS and Norton Updates / Firefox Fixes


The Internet Tourbus - U.S. Library of Congress ISSN #1094-2239
Copyright © Bob Rankin and Patrick Crispen - All rights reserved

Howdy, y'all, and greetings once again from deep behind the orange curtain in beautiful Irvine, California, America's #1 Valentine candy.

TOURBUS is made possible by the kind support of our sponsors. Please take a moment to visit today's sponsors and thank them for keeping our little bus of Internet happiness on the road.

On with the show...

50 Free Gmail accounts Audience: Everyone

By now you've probably heard about Gmail, Google's by-invitation-only webmail service. Gmail gives you 1 gigabyte of email storage so you never have to throw away another email message.

Your fearless bus driver has fifty [50] Google Gmail accounts to give away, and I immediately thought of you. So here's what I am going to do: The first fifty people who send an email to get an account.

By the way, re-read that last sentence. Hitting reply in your email program and replying to today's Tourbus post *WON'T* work. You must send a brand new email to The first fifty people who do will get an account.

Good luck. :)

It's Update Time! Audience: Pretty Much Everyone

It's update time! If you have Windows XP and/or if you use Internet Explorer 6, fire up Internet Explorer and run Windows Update by either choosing Tools > Windows Update or going to

in IE. Microsoft released a dozen patches last week, eight of which are critical. Run the Express Install and get all the critical updates--I think I ended up downloading a total of 10 updates on my XP Pro laptop--and be prepared to restart your computer when you are finished. Make sure to run Windows Update a second time just to double-check you have all of the available updates.

If you have Norton Antivirus--or, for that matter, almost any other Symantec product--make sure to manually run Live Update by opening your Symantec or Norton product and clicking on the Live Update button as soon as possible. There is a flaw in a bunch of Norton/Symantec products that could potentially cause those products to open and run a virus rather than kill it. Eeek! Fortunately, there's a patch that fixes this flaw. And, of course, Symantec's patch requires you to restart your computer when you are finished. :(

Fixing Firefox Audience: All Firefox users on all platforms

Now let's deal with that browser URL [actually "IDN homographic"] spoofing vulnerability we talked about last week. If you missed my last post, can find a pretty-ified version of it [with pictures and everything!] at

Through this IDN homographic spoofing vulnerability criminals could trick you into thinking you're at a legitimate web site--PayPal, for example--when instead you're at a site created by the criminal to collect sensitive financial information from you. This vulnerability affects

  • Camino
  • Epiphany
  • Firefox
  • Galeon
  • Konqueror
  • Mozilla
  • Netscape Navigator
  • Opera
  • Safari
  • on both the PC and Mac platforms. But it does *NOT* affect Internet Explorer.

    In my last post I also mentioned there was no way to fix this vulnerability. That's no longer true. There are now a couple fixes for Firefox. What about the other browsers? Your guess is as good as mine. If you know how to fix the spoofing vulnerability in non- Firefox browsers, please take a second and drop me a line in the "Voices from the Back of the Bus" section of the Tourbus Forums at

    How do you fix Firefox? Well, before we get to the fixes that work, we first have to talk about the fixes that don't.

    Firefox "fixes" that aren't really fixes

    There is a mess of misinformation floating around the net right now about how to fix this IDN homographic spoofing vulnerability in Firefox. I've seen many reputable sites recommend tweaking Firefox's about:config or even hacking compreg.dat. I don't recommend either approach.

    Why shouldn't you open Firefox's about:config and set network.enableIDN to false? Because it doesn't work! Or at least it shouldn't. When you restart Firefox, the network.enableIDN flag is automatically reset to true, despite any changes you may have made in about:config. Worse still, about:config doesn't always show you that Firefox reset the flag--about:config may still show the flag as set to false when, in reality, it's not. This is a known bug that will be resolved when the next version of Firefox is released.

    If you were able to get the network.enableIDN flag to work correctly in your version of Firefox, you are a better person than most. According to Bugzilla, it simply shouldn't work. As a favor to me, please restart Firefox and test that spoofed PayPal URL at

    one more time just to make sure your browser truly is protected from the IDN homographic spoofing vulnerability.

    What about hacking Firefox's compreg.dat file? Unfortunately, compreg.dat is updated every time you install a new extension. So that's not really a permanent fix.

    What about downloading a new copy of Firefox from Mozilla's "latest aviary" directory? Well, that's a cute idea, but the files in that directory aren't quite ready for public consumption. [I may be wrong, but I think the aviary files are pre-beta versions of the next version of Firefox.]

    So most of the "fixes" currently floating around the net aren't really fixes at all. Or at least *I* don't think they're fixes. If you disagree, or if you just want to see what your fellow bus riders think about what I just wrote, drop in on the "Voices from the Back of the Bus" section of the Tourbus Forums at

    Fixes that work

    Now let's focus on fixes that DO work.

    The first way to "fix" the IDN homographic spoofing vulnerability in Firefox is to use the new, updated version of the SpoofStick browser extension available for free at

    SpoofStick adds a little box to the top of your Firefox browser window showing you the REAL address of the page you are currently visiting. If there is a difference between the address displayed in Firefox's address bar and the address displayed in SpoofStick, you know something is wrong.

    Notice how I said you need the "new, updated SpoofStick browser extension?" Older versions of SpoofStick--versions downloaded and installed any time before last Thursday, February 10th--do *NOT* protect you from IDN homographic spoofs. You need the latest version of SpoofStick to catch those.

    Fortunately, downloading and installing the latest version of SpoofStick is a snap:

    1. In Firefox, go to

    2. Click on the "Download Now" button at the bottom of the page.

    3. A yellow box appears near the top of your browser window
    telling you that Firefox prevented from installing software on your computer. Bummer. Click on the "Edit Options" button to the right of that yellow box.

    4. Click on the "Allow" button to add to the
    list of sites you trust.

    5. Click on the "OK" button to close the "Allowed Sites" window.

    6. Click on that "Download Now" link again.

    7. When the "Software Installation" window appears, wait a few
    seconds and then click on the "Install Now" button.

    8. Once the install is finished, close Firefox completely.

    9. Restart Firefox.

    10. Head on over to and click on that fake PayPal link.

    Ta-da! Firefox's address bar shows the address as http://www.pÓ but SpoofStick shows [in glaring green text] the address is Problem solved.

    Or is it? All SpoofStick does is tell you when your browser has been spoofed. Firefox is still vulnerable. If you want to *BLOCK* Firefox from visiting any of these easily-spoofed IDN web sites [which, I admit, is a temporary solution until the internet's grey beards find a better, more permanent fix], skip SpoofStick altogether and get Adblock instead.

    Adblock is a free Firefox extension that, tweaked properly, blocks most web page ads. [That's a topic for another Tourbus post.] Adblock can also be used to protect Firefox from IDN homographic spoofs. Here's how:

    1. In Firefox, go to

    2. Click on Install Now.

    3. is already listed as a trusted site in Firefox, so
    you don't have to go through the "Allow" routine you had to go through with SpoofStick. Instead, when the "Software Installation" window appears, wait a few seconds and then click on the "Install Now" button.

    4. Once the install is finished, close Firefox completely.

    5. Restart Firefox.

    6. In Firefox, go to Tools > Adblock > Preferences.

    7. This is the tricky part: Under Adblock Options [which is in
    the upper right corner of the Adblock Preference window next to the word "Help"] make sure there is a checkmark next to "Site Blocking."

    8. In the "New Filter" box, cut and paste the following:


    9. Press the Enter or Return key on your keyboard.

    10. Adblock will pop up a warning window telling you that the
    filter you just entered will be interpreted as a regular expression. I have no idea what that means. Just click on the "OK" button.

    11. Click on the "Done" button in Adblock.

    That's it. Head on over to

    and click on that fake PayPal link. The link is clickable, but Adblock prevents the spoofed page from even loading.

    Problem solved! :)

    A *HUGE* thank you goes out to Kevin Millican for figuring out the Adblock fix and posting it to the MozillaZine Forums.

    That's it for today. Have a safe and happy week, and we'll talk again soon.

    The Internet Tourbus - U.S. Library of Congress ISSN #1094-2239
    Copyright © Bob Rankin and Patrick Crispen - All rights reserved
               .~~~.  ))
     (\__/)  .'     )  ))       Patrick Douglas Crispen
     /o o  \/     .~
    {o_,    \    {    
      / ,  , )    \  
      `~  -' \    } ))    AOL Instant Messenger: Squirrel2K
     _(    (   )_.'
    ---..{____}                  Warning: squirrels.

    MS and Norton Updates-Firefox Fixes, viruses, hoaxes, urban legends, search engines, cookies, cool sites
    TOURBUS Site Search