Vulnerabilities were announced in two of my favorite computer tools on the same day. As slashdot reports, The Shmoo Group showed off a "nasty browser exploit ... works in every browser *except* IE".

All the other browsers support International Domain Name (IDN) characters. Check out the demo.

The funny thing is, I had seen this just last week in an email message that was supposed to come from (uh oh) paypal. [See addendum below] I slide my mouse over the URL and... what-ho! It still said it was taking me to the real paypal site. But, being the bright guys I am, I told Eudora to show me the message source (in a text editor) and I saw that it was actually going to take me to -- well click on the URL above and look at what you see and display the html (the source) and you'll see.

The good news is that it is easy to fix without a new version of Firefox. The workaround, according to mozillaZine is

by disabling IDN support. To do this, you will have to edit compreg.dat, which is located in your Firefox profile directory ( Common profile locations).

Open this file with a text editor which understands the line endings in it, such as Wordpad (or your favourite text editor on other platforms), and comment out all lines containing IDN by adding # at the start of the line.

A simpler way -- entering "about:config" in Firefox's URL window, finding "network.enableIDN," and changing the value to "false" -- did not work.

I read about the Eudora problem in my WatchGuard news feed. It requires an upgrade to Eudora or a switch to another e-mail client, such as Mozilla Thunderbird. I decided I would try to migrate to Thunderbird. I write about it here.

How I got here I describe in Eudora and Firefox Exploits. I won't write about how much or why I like Eudora. (I talk about it briefly in E-mail Security: We Still Don't Bother.) I decided now might be the time to migrate from Eudora to Thunderbird. This is a brief report on what I did.

• First, I checked out whether TB had what I need in an e-mail client. This included
  • Email stored in text files
  • Use of the directory (folder) structure. (So, for example, if I have Inbox, Outbox, Trash, and a folder called Clients with 30 separate mailboxes under it, each mailbox is a separate file, and Clients is a folder with 30 mailboxes in it.)
  • Attachments stored seperately from e-mail. The reason -- I sometimes need to get at my mail folder from a Linux computer and want to still be able to copy and open attachments without having to be at my desk using the email client program.
  • Mailboxes in a user-defined location. Because I sync my desktop and notebook PC and for backing up, I want my mail folder to be in "My Documents."
  • A bunch of other things including complex searches, filtering, and multiple identities
  • E-mail sync with Palm (I sometimes do email on it)
  TB had all these things directly or with extensions.
• I backed up all my email (well, duh!)
• I did a clean install
• I did NOT set up e-mail accounts yet
• I set up TB to store my Local directory (wherein all the email would go) in my preferred email location
• I imported the Eudora address book. Worked!
• I then imported Eudora settings. That worked. It made my email accounts. I went through and tweaked them... by default it had them all set up to 1) automatically check the email (I only autocheck my primary account) and all defaulted to (oh, ick) HTML formatted email.
• Then I imported the mail folders. It seemed to work and put them under a "Eudora mail" folder. Well, I didn't want it there.
• So, I exited, and in Windows went to the directory and cut and pasted the folders it had copied one level up in the TB mail folder. I restarted TB and it worked!

I have a lot of attachments. I could find no description about that problem in a search, and didn't want to spend more time than the cost of a upgrade, so, I went to Plan B,

Plan B was to upgrade Eudora. Right now I have it runnin in sponsored mode. It is no bother to have a little advert on the screen. I will probably pay for it soon. It used to cost $30. Now, it costs $50. I've used and liked Eudora for 10 years or more, 8 or so years of that on my $30 purchase. You know... even in hard times, it is a small price to pay.

I'm upgrading Eudora and sticking with it.