I found this to be a most interesting read.
https://www.zachaysan.com/writing/20...dth-characters
https://www.zachaysan.com/writing/20...rinting-update
I found this to be a most interesting read.
https://www.zachaysan.com/writing/20...dth-characters
https://www.zachaysan.com/writing/20...rinting-update
"I just remembered something that happened a long time ago."
a good text editor can clean that. for delicate content, copy the text in a good text editor of your choice and use whatever it has to offer. also use features like "show invisibles" for control.
Your account has been disabled.
his own story makes him look dishonest (reason for writing), unpatriotic (kept quiet), suspicious for both being involved in questionable activity (finding that blackhat) and possibly in an intelligence operation (white house didn't pay him a visit)Originally Posted by blog
and some of his advice makes little sense: no raw documents=no proof, multiple leakers as if its a crowded marketplace, manual retyping may add criminal charges, short excerpts means little leakageAvoid releasing excerpts and raw documents.
Get the same documents from multiple leakers to ensure they have the exact same content on a byte-by-byte level.
Manually retype excerpts to avoid invisible characters and homoglyphs.
Keep excerpts short to limit the amount of information shared.
Use a tool that strips non-whitelisted characters from text before sharing it with others.
True, but non technically-inclined people don't know this and the common wisdom is that "if you paste stuff in Notepad, it loses all formatting and is 'safe' to handle", when this issue doesn't even rely on text formatting.
A cheap workaround I found is to paste the text, but save the file as ANSI and say yes when told that you will lose all Unicode characters. After reopening, the zero-width characters will have transformed into question marks. The problems are that 1. you won't be able to clean text using any characters outside your system locale's code page (which is what "ANSI" actually stands for in Notepad); 2. you have to delete those question marks manually.
I think the author is/was a cybersecurity consultant, so it makes sense that he'd be hired to find a hacker. I didn't really understand the part about the White House, though.
"I just remembered something that happened a long time ago."
just like in the movies, eh?
you'd expect them to question everyone who openly admits having relevant information about their leaks, unless he is already working for their team, which would also explain the kind of advice mentioned aboveI didn't really understand the part about the White House, though.
Here are 2 interesting extensions concerning Zero Width Characters:
FF addon to detect it:
ZeroWidth Detection
This addon detect static zero width characters as on the site you provide, and (if the appropriate option is selected) dynamically inserted ZWC too, as in umpox.com/zero-width-detection.Checks websites that you visit for invisible zero-width characters and replaces them with a specified character. Has the ability to copy all the characters found.
FF addon to use it:
inØsight — Zero Width Obfuscation
Stay protected from Canary Traps while having the capability to hide in plain sight whether that's for hiding personal information or talking to a friend.
Completely open source, advertisement, and log free.
By default all sites support version 1, however rarely some sites such as twitter restrict *some* characters and in that case you can click on the scroll bar inside the ui and use version 2.0 instead.
Version 2.1 supports Protonmail.
More in-depth list to come out in the future.
This page may be useful too:
Python3 code to encode/decode text into zero-width characters
Last edited by Renk; 09.09.18 at 18:31.
Nice finds. Here is an article which elaborates even more on this matter and will let you test those addons.
https://blog.fastforwardlabs.com/201...anography.html
For a similar concept, see https://www.xn--e1awd7f.com/
"I just remembered something that happened a long time ago."
Alas, the second addon doesn't seem to work here. Tried to insert "anon is a pr0n addict!!!" in my message, but it failed miserabilly
Yes, similar concept although a little less subtle. But dangerous nevertheless. In FF/about:config you have to set network.IDN_show_punycode to true in order to never be fooled by this homoglyph attack.For a similar concept, see https://www.xn--e1awd7f.com/
Last edited by Renk; 09.09.18 at 21:23.
That's because it's smart, I'm only a casual watcherAlas, the second addon doesn't seem to work here. Tried to insert "anon is a pr0n addict!!!" in my message, but it failed miserabilly
"I just remembered something that happened a long time ago."
Posting Permissions
Reply With Quote
Bookmarks