TSB podcast 217: What the hell is the braille space and why is it being discussed?

The technology blog and podcast and TSB

Content provided by Jared Rimer. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Jared Rimer or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.

6M ago 3:15:51

MP3•Episode home

Hello folks, welcome to the security box, podcast 217. Its been a long time since we did how notes, as NCSAM doesn't necessarily need show notes per see. We've got a great topic on something I blogged and we talked about awhile back about the braille space. No, not the way braille is written as you know it, but a hexidecimal character used to cause havoc. We'll explain on this podcast. Besides that, we're going to have the news, the notes, the landscape, answers to trivia and more. Please feel free to participate. Starting with this podcast, we're going to have our click to call wigit available so you can feel free to use it to call the comment line and leave your message or talk to us, depending on availability. Thanks so much for listening to the program, and we hope you enjoy! The braille space When writing braille, it is no different than writing print. But braille can be written with hexidecimal characters just like other languages using a computer keyboard. We found an article talking about the fact that this braille character is used to actually hide file extensions, amking you think you're opening one type of file, but opening another. On September 16, 2024: Robert Stepp responded to the email I sent him iquiring to the braille space as a character, and he wrote the following. Hi, There is nothing special about a "braille" space. The 0x2800 character is simply a space in the 8-dot braille page of Unicode (three bytes in UTF-8). Apparently 0x2800 is interesting because is shows as nothing but is parsed as non-whitespace. A bogus filename SomeName.pdfxxxxxxxxxxxxxxxxxxxx.hta where x is the braille space, when written to a FileName box (whose length is too short to show the final .hta without scrolling) appears to be a .pdf file when it is actually a .hta (private malware) file. Any Unicode character, not known by Windows controls to be whitespace (space, thin-space, zero-width- space, etc) would work just as well for this visualization spoof. To read the entire blog post including the article which will lead to our discussion, I did not know there was something called a braille space is the article in which I wrote, linking to the article from Bleeping Computer. For those that just want to dive in to the Bleeping computer article, Windows vulnerability abused braille “spaces” in zero-day attacks will be your article. Thanks Bob for your great insite! Its much appreciated. Contacting the podcast If you would like to contact the podcast folk, please use the following info which goes to Jared and can be shared with the rest of the contributors as needed:

Email/imessage: [email protected] or [email protected] which go to Jared.
Text or WhatsApp: 804-442-6975
Call the comment line at (888) 405-7524 or use the click to call button located in the show notes. If available, Jared can take your call below. You may also call long distance by calling (818) 527-4754.

Supporting the podcast If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone. Inte

370 episodes

#Tech #Jared Rimer #Weve Got