On 11/5/2021 10:50 AM, John Hardin wrote:
And what of the BIDI sequence that actually causes the problem?
1) The authors cite, as Reference 18, a 2011 Krebs article:
'Right-to-Left Override' Aids Email Attacks
https://krebsonsecurity.com/2011/09/right-to-left-override-aids-email-attacks/
That's relevant to SA/Email in a general fashion.
The authors were concerned about their use within compilers (other than
in text strings). They found some bad apples (unnamed) on GitHub. They
also found valid use cases on GitHub as well. Go figure.
All Of Unicode is not the problem.
NONE of Unicode is the problem. The CVEs should've been issued against
the 19 companies/organizations they talked to, not Unicode. Unless you
want to "Adopt-a-Character" or something, Unicode is not going to do
anything about it.
-----
Speaking of the Unicode Consortium's "Adopt-a-Character" program, I
mentioned that to my psychiatrist a while back. "It's only a hundred
bucks", I told her.
She probes, "If you could be a character, which would you be?"
"That's easy", I said, "I'd be a F09F."
"That certainly sounds very specific, Jared. Why that one?" she queried.
I chuckled, "Because then I could hook up with any other character and
make a great Emoji"
Happy Friday,
-- Jared Hall
