Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] UTF reverse-writing WYSINWG "feature"

from [HASEGAWA Yosuke] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] UTF reverse-writing WYSINWG "feature"
Date: Fri, 31 Aug 2007 10:21:26 +0900 
Hi.

On 8/28/07, Tonu Samuel <tonu@jes.ee> wrote:

But by concerns are related to security. For example even looking title
of this digg.com page with Firefox or Konqueror and you see that browser
name is reversed! I looked into source code with Firefox and lot of
things are reversed too!


In Japan, this trick -- Visual camouflage usgin
Unicode Bidi -- is already known since 2005.
By including RLO(U+202E) in the a file name, Visual spoofing
of the extension is possible.

For example, create a file named such as:
 "this-(U+202E)txt.exe"
And when this file is indicated over theExplorer.exe,
it is visible in "this-exe.txt", like as a TEXT file.
Although this file is visible to txt file seemingly, but, of
course, it operates as exe file.

Here is the sample image on Japanese edition of Windows.
<http://openmya.hacker.jp/hasegawa/public/20061209/momiji9.png>

In Japan, it is already said that the malware which used this
trick is distributed through a Winny the most famous P2P
software in Japan - network.

Execution of malware by this trick can be prevented by
restricting execution of the file which contains RLO in
a filename,using group (or local) policy.


-- 
HASEGAWA Yosuke
    yosuke.hasegawa@gmail.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] Immunity Debugger v1.1 Release, Nicolas Waisman
Next by Date:  [Full-disclosure] [USN-509-1] Linux kernel vulnerabilities, Kees Cook
Previous by Thread:  Re: [Full-disclosure] UTF reverse-writing WYSINWG "feature", Mark Janssen
Next by Thread:  Re: [Full-disclosure] UTF reverse-writing WYSINWG, Juha-Matti Laurio
Indexes:  [Date] [Thread] [Top] [All Lists]