This Week in Security: Unicode Strikes Again, Trust No One (Redditor), and More

There’s a popular Sysadmin meme that system problems are “always DNS”. In the realm of security, it seems like “it’s always Unicode“. And it’s not hard to see why. Unicode …read more Continue reading This Week in Security: Unicode Strikes Again, Trust No One (Redditor), and More

Is there any benefit to normalize unicode/utf-8 names that I am overlooking?

Reading how Spotify was normalizing unicode inconsistently, and now I’m questioning if I am overlooking any issue on accepting non-normalized usernames.
From what I can tell, lowercase was first used on unix because users had to log in fro… Continue reading Is there any benefit to normalize unicode/utf-8 names that I am overlooking?

Is OK to accept multibyte unicode codepoints as recipient address for Sendmail and Postfix?

I am working on a server software that receives an utf-8 encoded email address to send an email to.
I permit multibyte unicode characters (emoji etc.). Then I pass that email address to Sendmail to send an email with Postfix.
Is that dange… Continue reading Is OK to accept multibyte unicode codepoints as recipient address for Sendmail and Postfix?