We’ve talked about attacks using the RLO (U+202E RIGHT TO LEFT OVERRIDE) character in the past, which shifts the ‘visual’ display of a string from the position it’s placed inside that string. So for example:
document[U+202E]fdp.exe visually looks like documentexe.pdf
I talked about these and other attacks of this sort here http://www.casaba.com/products/UCAPI/. In fact we’re starting to hear of real world attacks using these techniques to bypass spam and other filters. Firefox closed a bug in their file download dialog box.
I see a big difference between attacks leveraging BIDI text and the playful sort of ‘mirror’ effects you get from tools like txtn.us.
!luʇmɿɒʜ ƨɒ mɘɘƨ ƚ’nƨɘob ƚxɘƚ bɘɿoɿɿim ɘʜƚ