Okay, so you want to figure out why fast.com below doesn't turn into a link, dont you? Okay, let's walk through the process in this thread and find how to reverse-engineer this trick.https://twitter.com/SwiftOnSecurity/status/998334747125407744 …
-
Show this thread
-
First, know that everything you see on a screen is potentially a lie. You need machine analysis to figure out what's actually inside my tweet, and to know why Twitter isn't creating the link, which would normally look like this:http://fast.com
1 reply 16 retweets 115 likesShow this thread -
We need a Unicode analyzer. Unicode is how modern systems encode text, and it has thousands of weird tricks you can't see. 1.) Copy this text into your clipboard: fast.com 2.) Search for a Unicode analyzer on Google, or use this: http://www.fontspace.com/unicode/analyzer/ … 3.) Paste and hit "GO!"
2 replies 14 retweets 116 likesShow this thread -
Okay, here's the analysis of fast.com. Everything looks good, until the fifth line. "U+200BZERO WIDTH SPACE" What the heck is that? As I said before, there are thousands of typesetting tricks required for machines to properly manipulate text in all its forms, and this is one.pic.twitter.com/RpnpztCUBx
7 replies 15 retweets 133 likesShow this thread -
Here's the Wikipedia article on the ZERO WIDTH SPACE, or ZWSP https://en.wikipedia.org/wiki/Zero-width_space … Now, that's great, but how do you use this character? How do you type or copy a something that has a size of zero? Luckily, there's a Windows utility for this!
5 replies 9 retweets 96 likesShow this thread -
Go to Start, type "charmap" and hit Enter. 1.) Click Advanced 2.) The unicode CODEPOINT for this character is 200B, so type that in and hit ENTER 3.) It will find it in the grid above for you, then hit SELECT 4.) Hit COPY 5.) Go to Twitter, type "FAST" hit CTRLV then type ".COM"pic.twitter.com/4kVR7Cg09W
6 replies 14 retweets 143 likesShow this thread -
And that's how you use Unicode to subvert the system and make a tweet that says google.com
11 replies 18 retweets 181 likesShow this thread -
ư͍̗̤͔͎͕̝n͖͝i̤̱̠̭c̮͚̤̠o̺̖̼̣ͅd̵͉e͔͕̭̪̺ ͙͇̲͎̬̫̜m̧̳e̤̞̠̝̱a̜̦̬͍̩͡n͞s҉̭ ͙̜̟̱̤̙͎c̹h̬͈͝a̳̜̩̤̭̤̥͜o͎̙͇̟̙͙̺͡s̞
10 replies 135 retweets 477 likesShow this thread -
THIS is also why REPORTERS AND SOURCES should NOT COPY AND PASTE SOURCE MATERIAL. You should really type it. There are many, many tricks like this you can use to "watermark" text that __LOOKS NORMAL TO HUMANS__ but will actually let internal threat investigators track the source
22 replies 200 retweets 549 likesShow this thread
Default paste action should strip formatting and invisible chars/homoglyph attacks/etc. It's ridiculous how often not even fonts are stripped from past into news articles...
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.