Unicode mirror character?

We've talked about attacks using the RLO (U+202E RIGHT TO LEFT OVERRIDE) character in the past, which shifts the 'visual' display of a string from the position it's placed inside that string. So for example:

document[U+202E]fdp.exe visually looks like documentexe.pdf

I talked about these and other attacks of this sort here http://www.casaba.com/products/UCAPI/. In fact we're starting to hear of real world attacks using these techniques to bypass spam and other filters. Firefox closed a bug in their file download dialog box.

I see a big difference between attacks leveraging BIDI text and the playful sort of 'mirror' effects you get from tools like http://txtn.us/mirror-words-flip-text-reverse-words-upside-down-words-and-text.

!luʇmɿɒʜ ƨɒ mɘɘƨ ƚ'nƨɘob ƚxɘƚ bɘɿoɿɿim ɘʜƚ


Well, you can abuse it for pishing attacks. Take this URL for example:

 ‮http://www.example.com?site/moc.elgoog.www//:ptth

It looks like if you click it it will take you to google.com, where in reality it will take you to example.com. Not all browsers support it, though.


There are no digital risks, but there can be human risks as it may cause things to be misread or misinterpreted.