{"id":34603,"date":"2021-11-04T21:03:57","date_gmt":"2021-11-05T02:03:57","guid":{"rendered":"http:\/\/huewhite.com\/umb\/?p=34603"},"modified":"2021-11-04T21:03:57","modified_gmt":"2021-11-05T02:03:57","slug":"oh-thats-just-lovely","status":"publish","type":"post","link":"https:\/\/huewhite.com\/umb\/2021\/11\/04\/oh-thats-just-lovely\/","title":{"rendered":"Oh, That&#8217;s Just Lovely"},"content":{"rendered":"<p>Maybe we should have just stuck with <strong>ASCII<\/strong> and made everyone learn English after all:<\/p>\n<blockquote><p>Virtually all compilers \u2014 programs that transform human-readable source code into computer-executable machine code \u2014 are vulnerable to an insidious attack in which an adversary can introduce targeted vulnerabilities into any software without being detected, new research released today warns. The vulnerability disclosure was coordinated with multiple organizations, some of whom are now releasing updates to address the security weakness.<\/p>\n<p>Researchers with the\u00a0<strong>University of Cambridge<\/strong>\u00a0discovered a bug that affects most computer code compilers and many software development environments. At issue is a component of the digital text encoding standard\u00a0<a href=\"https:\/\/home.unicode.org\/\" target=\"_blank\" rel=\"noopener\">Unicode<\/a>, which allows computers to exchange information regardless of the language used. Unicode currently defines more than 143,000 characters across 154 different language scripts (in addition to many non-script character sets, such as emojis).<\/p>\n<p>Specifically, the weakness involves Unicode\u2019s bi-directional or \u201c<a href=\"https:\/\/www.w3.org\/International\/articles\/inline-bidi-markup\/uba-basics\" target=\"_blank\" rel=\"noopener\">Bidi\u201d algorithm<\/a>, which handles displaying text that includes mixed scripts with different display orders, such as Arabic \u2014 which is read right to left \u2014 and English (left to right).<em> [<a href=\"https:\/\/krebsonsecurity.com\/2021\/11\/trojan-source-bug-threatens-the-security-of-all-code\/\" target=\"_blank\" rel=\"noopener\"><strong>Krebs On Security<\/strong><\/a>]<\/em><\/p><\/blockquote>\n<p>To think you can stare at source code and not actually be reading the code correctly is a little disconcerting. I mean, you can play bizarre games with the C preprocessor, but this is taking it to a whole new level.<\/p>\n<p>BTW, they&#8217;re calling this <em>Trojan Source<\/em>. Cool name.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Maybe we should have just stuck with ASCII and made everyone learn English after all: Virtually all compilers \u2014 programs that transform human-readable source code into computer-executable machine code \u2014 are vulnerable to an insidious attack in which an adversary can introduce targeted vulnerabilities into any software without being detected, \u2026 <a class=\"continue-reading-link\" href=\"https:\/\/huewhite.com\/umb\/2021\/11\/04\/oh-thats-just-lovely\/\"> Continue reading <span class=\"meta-nav\">&rarr; <\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"nf_dc_page":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-34603","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/posts\/34603","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/comments?post=34603"}],"version-history":[{"count":1,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/posts\/34603\/revisions"}],"predecessor-version":[{"id":34604,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/posts\/34603\/revisions\/34604"}],"wp:attachment":[{"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/media?parent=34603"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/categories?post=34603"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/tags?post=34603"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}