lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


On Thu, Apr 17, 2014 at 11:25 PM, William Ahern
<william@25thandclement.com> wrote:
> Sometime in the near future there's going to be an avalanche of Unicode
> exploits: from string comparison bugs to perhaps even buffer overflows, all
> because people erroneously believed they understood how it works, or didn't
> consider that what they didn't know might actually matter in ways that
> weren't obvious to them. (I certainly don't understand all the relevant
> security-critical bits.)


Well, there already have been unicode-based exploits and Bruce
Schneier, the guy who taught Chuck Norris how to divide by zero [2],
wrote about it as well.


[1] http://www.jefftk.com/p/is-unicode-safe
[2] http://www.schneierfacts.com/fact/81
[3] "Unicode is just too complex to ever be secure. "
https://www.schneier.com/crypto-gram-0007.html#9

-- 
NI!

() - www.asciiribbon.org
/\ - ascii ribbon campaign against html e-mail and proprietary attachments