linuxdcpp-team team mailing list archive
-
linuxdcpp-team team
-
Mailing list archive
-
Message #09091
[Bug 1425276] Re: The Unicode mirror character and possibly other similar ones can be used for nick spoofing in ADC hubs
** Attachment added: "spoofing_dcpp_sends_msg_to_airdc.jpg"
https://bugs.launchpad.net/dcplusplus/+bug/1425276/+attachment/5542073/+files/spoofing_dcpp_sends_msg_to_airdc.jpg
--
You received this bug notification because you are a member of
Dcplusplus-team, which is subscribed to DC++.
https://bugs.launchpad.net/bugs/1425276
Title:
The Unicode mirror character and possibly other similar ones can be
used for nick spoofing in ADC hubs
Status in AirDC++:
Confirmed
Status in DC++:
Confirmed
Bug description:
Basically what's described at http://stackoverflow.com/questions/3115204/unicode-mirror-character used by some recent malware to trick with file extensions seems to be working for DC++, too.
See the attached screenshot. It produces various other funny effects throughout the DC++ interface where the nick is displayed alone or in conjunction with other text/data.
For other possible problematic chars cologic suggests that anything in
http://www.fileformat.info/info/unicode/block/general_punctuation/list.htm
from U+2000 to U+206F inclusive is pretty suspect. Some look like they
have legitimate use, though, (U+2030 to U+205E inclusive, for
example). But, minimally, filtering out a few of the codepoints from
that block: LEFT-TO-RIGHT OVERRIDE (U+202D), RIGHT-TO-LEFT OVERRIDE
(U+202E), LEFT-TO-RIGHT EMBEDDING (U+202A), RIGHT-TO-LEFT EMBEDDING
(U+202B), POP DIRECTIONAL FORMATTING (U+202C), etc.
Also here's a handy list of possible other suspects:
http://kb.mozillazine.org/Network.IDN.blacklist_chars
To manage notifications about this bug go to:
https://bugs.launchpad.net/airdcpp/+bug/1425276/+subscriptions
References
