Life, Photography, and Security

Random thoughts that have crossed my mind

Thoughts on...

Mon Tue Wed Thu Fri Sat Sun

Subscribe to the RSS feed.


Unicode Security Considerations

Back in 2000, Bruce Schneier described some potential security risks related to Unicode. He was right, and several real attacks have utilized broken unicode parsers to bypass security. Now the Unicode Consortium has released a draft technical report which describes some of the risks and also offers advice to implementers.

One way to misuse Unicode is to use characters that appear virtually the same on screen if a small font is used. This has been used to spoof web site addressess using IDN, but other ways of using “visual spoofing” are also possible.

[/security/masquerading] permanent link