Hacker News new | past | comments | ask | show | jobs | submit login
‫‬‏‮txet lanoitcerid-iB (wikipedia.org)
105 points by mquandalle on Nov 27, 2014 | hide | past | favorite | 14 comments

You can exploit this trick to some extent to name a file in a way that spoofs its real extension. E.g. name an .exe file such that it looks like if it was .doc (and give the exe an icon associated often with .doc to be even more convincing).

Pretty dangerous, but at least my browser corrects it in the address bar.

Nice - confuses XFCE as well: http://oirase.annexia.org/tmp/hackernews.png

Chrome tab has the title inverted as well

The URL is on the left of the submission title.

Is this somehow related?

The submission title is actually "txet lanoitcerid-iB", with a Right To Left Override control character at the front. The whole line is in reverse it just doesn't look like it when rendered in your browser. There's a variety of control characters in unicode which let you stack, reverse, raise and lower individual pieces of text as you desire.

‮.ekil skool yllaer ti tahw ees ll'uoy dna enil siht gnitsap dna ypoc yrT

Interesting, I viewedmthe source of the page, and some of the tags are reversed too.

Is this an exploit/attack vector?

Anything that can confuse a person is a potential exploit vector.

That said, I don't know of any specific exploits which rely on this behavior.

Take a closer look at the URL while you're at it. It may look like an obscure domain, but its really not.

Yes, right click -> inspect element on the link.

Check your browsers title bar right now.

You can do the same with sourcecode too.

    System.out.println("Do ‮live‭"); // not ‬doog
Right-left-override is fun, but to see it really shine you have to combine it with some pop-directional-formatting.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact