Boing Boing 

Domo Arigato, Mr Roboto

Roboto, the new “house” font for Android 4, was branded a haphazard mash of classic typefaces. The longer you look at it–and the technological constraints that it aims to transcend-the clearer its virtues become.

Read the rest

Font swap in iBooks

Apple is a cipher, and its reasons for making changes often a mystery. A new update to iBooks for iOS devices adds a full-screen mode, a night-time reading color theme, and nicer covers for free, public-domain books. The release notes mention four new fonts, all superb choices, but avoid the fact that three less-loved fonts were removed.

Read the rest

In Stereo banners from LPs

From How to Be a Retronaut, a "Stereo Stack" anthology: 4,000+ pixels of "In Stereo" logos from LP jackets, ganked from the Stereo Stack site.

Stereo Stack

Shape Type: typography game of graceful curves

Shape Type is a new HTML5 typography game from the creator of Kern Type; this time around, you have to drag curve-adjustment tools to perfect letterforms.

Shape Type (via Waxy)

Unicode's "right-to-left" override obfuscates malware's filenames

Unicode has a special character, U+202e, that tells computers to display the text that follows it in right-to-left order; this facility is used to write text in Arabic, Hebrew, and other right-to-left scripts. However, this can (and is) also used by malware creeps to disguise the names of the files they attach to their phishing emails. For example, the file "CORP_INVOICE_08.14.2011_Pr.phylexe.doc" is actually "CORP_INVOICE_08.14.2011_Pr.phyldoc.exe" (an executable file!) with a U+202e placed just before "doc."

This is apparently an old attack, but I've never seen it, and it's a really interesting example of the unintended consequences that arise when small, reasonable changes are introduced into complex systems like type-display technology.

Some email applications and services that block executable files from being included in messages also block .exe programs that are obfuscated with this technique, albeit occasionally with interesting results. I copied the program that powers the Windows command prompt (cmd.exe) and successfully renamed it so that it appears as “evilexe.doc” in Windows. When I tried to attach the file to an outgoing Gmail message, Google sent me the usual warning that it doesn’t allow executable files, but the warning message itself was backwards:

“evil ‮”cod.exe is an executable file. For security reasons, Gmail does not allow you to send “this type of file.

Unfortunately, many mail applications don’t or can’t reliably scan archived and zipped documents, and according to Commtouch and others, the malicious files manipulated in this way are indeed being spammed out within zip archives.

(via Command Line)