Hello and welcome to the Thursday, November 20th,

20th, 2025 edition of the Sands Inlet Storm Center's Stormcast.

My name is Johannes Ulrich, recording today from Jacksonville, Florida.

And this episode is brought you by the sands.edu undergraduate certificate program in Applied Cybersecurity.

Today's diary was inspired by the classwarm malware that we had a couple weeks ago.

This was this set of digital studio code extensions that injected malware. and the malware was sort of invisible

because it used these Unicode variance selectors, which is one of those features that people

aren't really aware of that it even exists in Unicode. And then I wanted to summarize some of these

often overlooked security issues when it comes to Unicode. And then I wanted to summarize some of these sort of often overlooked security issues

may come to Unicode, people usually focus more on things like, lookalike domain names, which

personally I actually don't really consider such a big deal. Many browsers, like in particular,

Chrome, is pretty good about not displaying many of these domain names,

but instead we also have the same issue in applications.

We do have some character conversions that can cause issues like cross-ed scripting and SQL injection,

and then, yeah, variance selectors that may appear to display a different

text than is then actually being interpreted by your system. Same with left to right versus right

to left text directions that can also cause issues with visual code reviews.

So just want to summarize this quickly,

there isn't really that much to it.

But if you have any other ideas about important things with Unicode,

let me know.

I'm thinking about doing at least one more follow-up on this with regular expressions and Unicode,

...