40 点作者 TangerineDream9 天前

3 条评论

I also rerported that to github some years ago and pointed them to use a library of mine to catch such confusables, libu8ident. No reaction whatsoever. Compilers and binutils didn't care neither. They don't care about strings, but even not about names.

评论 #44010070 未加载

fsflover9 天前

Qubes OS protects from such attacks by running all software in isolated VMs and not passing the unicode symbols to the host by default, <a href="https://www.qubes-os.org/news/2024/07/13/qubes-os-4-2-2-has-been-released/" rel="nofollow">https://www.qubes-os.org/news/2024/07/13/qubes-os-4-2-2-has-...</a>

评论 #44004149 未加载

graemep9 天前

Surely the fact that the change is in a domain name (and the diff shows this) is a red flag?

评论 #44003645 未加载

Detecting Malicious Unicode

3 条评论

Detecting Malicious Unicode

3 条评论