RE: Attack vectors through Unassigned Code Points in IDN

From: Chris Weber (chris@casabasecurity.com)
Date: Wed Mar 18 2009 - 20:17:38 CST

  • Next message: John H. Jenkins: "Re: Attack vectors through Unassigned Code Points in IDN"

    I've looked on three systems, two Mac's - one is a colleagues, and one is my
    wife's which I don't do any funky stuff on. And on my Windows system, I
    looked at these in 'all' available fonts I have. Most of the fonts
    installed showed empty whitespace, including Arial Unicode MS, Courier New,
    Lucida Sans Unicode, and Everson Mono. Some fonts, not many, showed boxes

    Do you know which font you used and could you try a few more on Mac? How
    does system and application configuration determine which font displays a
    character when many fonts are capable?

    When you say you think I have a font installed incorrectly on these three
    systems, do you mean the font is the problem or the way it's installed is
    the problem?

    -Chris

    -----Original Message-----
    From: unicode-bounce@unicode.org [mailto:unicode-bounce@unicode.org] On
    Behalf Of John H. Jenkins
    Sent: Wednesday, March 18, 2009 3:54 PM
    To: Unicode List
    Subject: Re: Attack vectors through Unassigned Code Points in IDN

    On Mar 18, 2009, at 4:23 PM, Chris Weber wrote:

    > My question is - why would these code point ranges U+115A..U+1160
    > and U+11A3..U+11A7 render as white space in Mac and Windows? This
    > isn't just a product of Firefox, which I agree handles this poorly.
    > In any application (e.g. notepad) they show as white space. I
    > would expect them to map to a box or other no-glyph-exists fallback.
    >

    On my Mac they are not white space. It looks like you have a font
    installed that (incorrectly IMHO) uses a blank glyph to display them.

    =====
    John H. Jenkins
    jenkins@apple.com

    This archive was generated by hypermail 2.1.5 : Wed Mar 18 2009 - 20:22:05 CST