This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Indhold leveret af Jared Rimer. Alt podcastindhold inklusive episoder, grafik og podcastbeskrivelser uploades og leveres direkte af Jared Rimer eller deres podcastplatformspartner. Hvis du mener, at nogen bruger dit ophavsretligt beskyttede værk uden din tilladelse, kan du følge processen beskrevet her https://da.player.fm/legal.
Player FM - Podcast-app
Gå offline med appen Player FM !
Gå offline med appen Player FM !
TSB podcast 217: What the hell is the braille space and why is it being discussed?
MP3•Episode hjem
Manage episode 450396798 series 2441665
Indhold leveret af Jared Rimer. Alt podcastindhold inklusive episoder, grafik og podcastbeskrivelser uploades og leveres direkte af Jared Rimer eller deres podcastplatformspartner. Hvis du mener, at nogen bruger dit ophavsretligt beskyttede værk uden din tilladelse, kan du følge processen beskrevet her https://da.player.fm/legal.
Hello folks, welcome to the security box, podcast 217. Its been a long time since we did how notes, as NCSAM doesn't necessarily need show notes per see. We've got a great topic on something I blogged and we talked about awhile back about the braille space. No, not the way braille is written as you know it, but a hexidecimal character used to cause havoc. We'll explain on this podcast. Besides that, we're going to have the news, the notes, the landscape, answers to trivia and more. Please feel free to participate. Starting with this podcast, we're going to have our click to call wigit available so you can feel free to use it to call the comment line and leave your message or talk to us, depending on availability. Thanks so much for listening to the program, and we hope you enjoy! The braille space When writing braille, it is no different than writing print. But braille can be written with hexidecimal characters just like other languages using a computer keyboard. We found an article talking about the fact that this braille character is used to actually hide file extensions, amking you think you're opening one type of file, but opening another. On September 16, 2024: Robert Stepp responded to the email I sent him iquiring to the braille space as a character, and he wrote the following. Hi, There is nothing special about a "braille" space. The 0x2800 character is simply a space in the 8-dot braille page of Unicode (three bytes in UTF-8). Apparently 0x2800 is interesting because is shows as nothing but is parsed as non-whitespace. A bogus filename SomeName.pdfxxxxxxxxxxxxxxxxxxxx.hta where x is the braille space, when written to a FileName box (whose length is too short to show the final .hta without scrolling) appears to be a .pdf file when it is actually a .hta (private malware) file. Any Unicode character, not known by Windows controls to be whitespace (space, thin-space, zero-width- space, etc) would work just as well for this visualization spoof. To read the entire blog post including the article which will lead to our discussion, I did not know there was something called a braille space is the article in which I wrote, linking to the article from Bleeping Computer. For those that just want to dive in to the Bleeping computer article, Windows vulnerability abused braille “spaces” in zero-day attacks will be your article. Thanks Bob for your great insite! Its much appreciated. Contacting the podcast If you would like to contact the podcast folk, please use the following info which goes to Jared and can be shared with the rest of the contributors as needed:
…
continue reading
- Email/imessage: jaredrimer@986themix.com or tech@menvi.org which go to Jared.
- Text or WhatsApp: 804-442-6975
- Call the comment line at (888) 405-7524 or use the click to call button located in the show notes. If available, Jared can take your call below. You may also call long distance by calling (818) 527-4754.
326 episoder
MP3•Episode hjem
Manage episode 450396798 series 2441665
Indhold leveret af Jared Rimer. Alt podcastindhold inklusive episoder, grafik og podcastbeskrivelser uploades og leveres direkte af Jared Rimer eller deres podcastplatformspartner. Hvis du mener, at nogen bruger dit ophavsretligt beskyttede værk uden din tilladelse, kan du følge processen beskrevet her https://da.player.fm/legal.
Hello folks, welcome to the security box, podcast 217. Its been a long time since we did how notes, as NCSAM doesn't necessarily need show notes per see. We've got a great topic on something I blogged and we talked about awhile back about the braille space. No, not the way braille is written as you know it, but a hexidecimal character used to cause havoc. We'll explain on this podcast. Besides that, we're going to have the news, the notes, the landscape, answers to trivia and more. Please feel free to participate. Starting with this podcast, we're going to have our click to call wigit available so you can feel free to use it to call the comment line and leave your message or talk to us, depending on availability. Thanks so much for listening to the program, and we hope you enjoy! The braille space When writing braille, it is no different than writing print. But braille can be written with hexidecimal characters just like other languages using a computer keyboard. We found an article talking about the fact that this braille character is used to actually hide file extensions, amking you think you're opening one type of file, but opening another. On September 16, 2024: Robert Stepp responded to the email I sent him iquiring to the braille space as a character, and he wrote the following. Hi, There is nothing special about a "braille" space. The 0x2800 character is simply a space in the 8-dot braille page of Unicode (three bytes in UTF-8). Apparently 0x2800 is interesting because is shows as nothing but is parsed as non-whitespace. A bogus filename SomeName.pdfxxxxxxxxxxxxxxxxxxxx.hta where x is the braille space, when written to a FileName box (whose length is too short to show the final .hta without scrolling) appears to be a .pdf file when it is actually a .hta (private malware) file. Any Unicode character, not known by Windows controls to be whitespace (space, thin-space, zero-width- space, etc) would work just as well for this visualization spoof. To read the entire blog post including the article which will lead to our discussion, I did not know there was something called a braille space is the article in which I wrote, linking to the article from Bleeping Computer. For those that just want to dive in to the Bleeping computer article, Windows vulnerability abused braille “spaces” in zero-day attacks will be your article. Thanks Bob for your great insite! Its much appreciated. Contacting the podcast If you would like to contact the podcast folk, please use the following info which goes to Jared and can be shared with the rest of the contributors as needed:
…
continue reading
- Email/imessage: jaredrimer@986themix.com or tech@menvi.org which go to Jared.
- Text or WhatsApp: 804-442-6975
- Call the comment line at (888) 405-7524 or use the click to call button located in the show notes. If available, Jared can take your call below. You may also call long distance by calling (818) 527-4754.
326 episoder
Alle episoder
×Velkommen til Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.