Well, I was tempted to join the discussion for a while now, but one of the
things that stopped me was that I didn't quite understand why it was so
focused on the bidi stuff.
To make a certain portion of the text look like something else should be
easier than that. OK, invisible non-spacing glyphs would be just one more
method, I guess. I was thinking of replacing some characters with their
look-alikes (probably even rendered from the same data in a font), like
using U+0430 instead of U+0061 (Cyrillic 'a' instead of Latin 'a').
Maybe digitally signed messages and bank accounts are not that good of an
example, since people would be more careful there. Another case where this
may get exploited will be domain names, once Unicode is allowed there. While
www.example.com may be a company I trust, www.example.com with a Cyrillic
'a' in it may be a hacker (and no, I did not imply he/she would be from a
county that uses Cyrillic) trying to get me to visit the site.
Yes, it's a fraud. And I want to thank John for pointing that out. But we're
making it a hell of a lot easier now. In ASCII, all one could try was
www.examp1e.com and a couple of other tricks, but it was maybe 10 tricks in
ASCII, some more in case of Latin 1. How many are there with Unicode? Ummmm,
a million?
Well, nothing wrong with Unicode of course. Just means that there will need
to be an option in your browser to reject any site without a digital
certificate, and perhaps it will need to be turned on by default. So, there
are ways to fight this (and I am afraid relying on police will not do it),
but maybe these things should be well in place before someone gets a chance
to exploit the new ways.
Just a thought.
Regards,
Lars
> -----Original Message-----
> From: John Hudson [mailto:tiro@tiro.com]
> Sent: Wednesday, February 06, 2002 01:54
> To: Unicode List
> Subject: Re: Unicode and Security
>
>
> At 09:39 2/5/2002, John H. Jenkins wrote:
>
> >Y'know, I must confess to not following this thread at all.
> Yes, it is
> >impossible to tell from the glyphs on the screen what
> sequence of Unicode
> >characters was used to generate them. Just *how*, exactly,
> is this a
> >security problem?
>
> I was wondering the same thing.
>
> I can make an OpenType font for that uses contextual substitution to
> replace the phrase 'The licensee also agrees to pay the type designer
> $10,000 every time he uses the lowercase e' with a series of
> invisible
> non-spacing glyphs. Of course, the backing store will contain
> my dastardly
> hidden clause and that is the text the unwitting victim will
> electronically
> sign. Hahahaha, he laughed maniacally!
>
> This has nothing to do with encoding, does not rely on difficult and
> totally improbable manipulation of a bidirectional algorithm
> and, most
> relevantly, is *not* a security problem in the OpenType font
> specification.
> It is an example of fraud. I suppose if there was a software
> solution to
> all such dangers, we wouldn't need police, felony charges, the court
> system, prisons, or any of the other things we rely on to
> protect honest
> people against dishonest.
>
> John Hudson
>
> Tiro Typeworks www.tiro.com
> Vancouver, BC tiro@tiro.com
>
> ... es ist ein unwiederbringliches Bild der Vergangenheit,
> das mit jeder Gegenwart zu verschwinden droht, die sich
> nicht in ihm gemeint erkannte.
>
> ... every image of the past that is not recognized by the
> present as one of its own concerns threatens to disappear
> irretrievably.
> Walter Benjamin
>
This archive was generated by hypermail 2.1.2 : Wed Feb 06 2002 - 13:45:39 EST