Cisco Blogs


Cisco Blog > Security

Attend the 2013 PCI Community Meeting for the Latest Core PCI Standards

The Payment Card Industry (PCI) Security Standards Council (SSC) is an open global forum for the ongoing development, enhancement, storage, dissemination, and implementation of security standards for account data protection. The 2013 meeting will focus on the updates to core PCI standards: PCI DSS, PTS PA-DSS.

Getting the latest information about the PCI Data Security Standard (DSS) is vital as products and technologies continue to change at a rapid pace. Being part of the conversations, networking with like-minded professionals, and interacting directly with payment card brands are just a few of the benefits of attending the seventh annual PCI SSC North American Community Meeting. The meeting runs September 24–26, 2013, at the Mandalay Bay Convention Center in Las Vegas, Nevada.

Read More »

Tags: , , ,

BREACH, CRIME and Black Hat

During the last three years, the security research community has been having a lot of fun with SSL/TLS uncovering a few nifty attacks. First, in 2011, Juliano Rizzo and Thai Duong released the details about the BEAST attack on Transport Layer Security (TLS) at the ekoparty Security Conference in Buenos Aires, Argentina. I wrote a brief overview of the attack at the following blog post:
http://blogs.cisco.com/security/beat-the-beast-with-tls

In 2012, again at the ekoparty Security Conference in Buenos Aires, Rizzo and Duong revealed a compression side-channel attack against HTTPS called CRIME. This year at Black Hat USA, Angelo Prado, Neal Harris, and Yoel Gluck uncovered a new attack and a tool they called BREACH, which is based on some of the previous research by the folks behind CRIME.

Read More »

Tags: , , ,

Error Correction Using Response Policy Zones: Eliminating the Problem of Bitsquatting

A memory error is a condition that occurs any time one or more bits being read from memory have changed state from what was previously written.  By even the most conservative of estimates Internet devices experience more than 600,000 memory errors per day.  Cosmic radiation, operating a device outside its recommended environmental conditions, and defects in manufacturing can all cause a “1” in memory to become a “0” or vice-versa.  Most of these bit errors are harmless, but occasionally the bit error occurs inside a domain name or URL, and this can affect where Internet traffic is directed.  The term “bitsquatting”, which refers to the practice of registering a domain name one binary digit different than another, is a term coined after a similar term, “cybersquatting” –the practice of registering an unofficial domain which could be confused for a legitimate one.

For example, the fully qualified domain name “www.cisco.com” could by changing only a single binary digit become the bitsquat domain name “wwwncisco.com”.  In this example, the dot separating the second and third level domain names has experienced a bit error, and changed to become the letter “n”.

Binary representation of a dot versus the character "n"

Binary representation of a dot versus the character “n”

Read More »

Tags: , , ,

Summary: Hacking Made Easy – Courtesy of IoT

With the emergence of the Internet of Things (IoT), technology has become an integral part of our daily lives and promises to become even more prevalent in the near future. While this is normally a good thing – making our lives easier and more comfortable, any technology can be just as easily turned against us if it hasn’t been properly secured. In fact, there seems to be a direct correlation between the value of a connected object in our daily lives and the degree of pain inflicted if that object falls prey to hackers. Two recent articles in well-known publications highlight this fact.

Because IoT puts technology closer to home than ever before, much more is at stake than with prior networks.  As a result, the need for proper security can’t be emphasized enough.

Read the full Hacking Made Easy – Courtesy of IoT blog to learn more and to and gain access to the two articles.

Tags: , , , ,

How Secure is Your Secure Access?

In June, I attended the Gartner Security Summit in Washington, D.C. where I was asked by quite a few security executives, “My network folks just bought ISE, but what is ISE and what type of security does it provide?”  Fast forward to July, and I wish I had this SANS review on ISE to offer a month earlier.  (SANS, as many security professionals know, is a highly regarded organization on IT security and cyber security.) Read More »

Tags: , , , , , , , , , , ,