[sword-devel] Unraveling Unicode: A Bag of Tricks for Bug Hunting

David Haslam d.haslam at ukonline.co.uk
Wed Jul 8 06:45:07 MST 2009


Somewhat off-topic, but of potential interest to all of us who use
Unicode....

The Black Hat ® Technical Security Conference: USA 2009 (Las Vegas, July
25-30)
includes a presentation by Chris Weber, with the title, 
http://blackhat.com/html/bh-usa-09/bh-usa-09-speakers.html#Weber Unraveling
Unicode: A Bag of Tricks for Bug Hunting .

Here is the opening paragragh of the description....

The complex landscape of Unicode provides many angles for exploiting
software and end users. We've known about some of these for years, we've
seen buffer overflows exploited because of faulty Unicode handling, and
we've seen homograph attacks in URL's. However, the real mysteries remain
latent, unapparent to most software developers and even to the security
community. I'm going to raise awareness around the interesting attack
vectors and new areas of research into Unicode, as well as open people's
eyes to the modern Visual Spoofing attacks of today.

.....more

-- David




-- 
View this message in context: http://www.nabble.com/Unraveling-Unicode%3A-A-Bag-of-Tricks-for-Bug-Hunting-tp24391860p24391860.html
Sent from the SWORD Dev mailing list archive at Nabble.com.




More information about the sword-devel mailing list