The deployment of Internationalized Domain Names (IDNs) reached the root of the DNS infrastructure in recent weeks with the creation of four internationalized Country Code Top Level Domains (ccTLDs). Mentioned in our Cyber Risk Report, these newly deployed IDNs represent Egypt, Saudi Arabia, the United Arab Emirates, and the Russian Federation.
IDNs leverage Unicode to display various non-Latin scripts, such as Arabic or Chinese, within computer applications. An encoding syntax called Punycode bidirectionally transforms the Unicode that is needed to represent these scripts into the subset of the Latin script that is used for domain names. This essentially reduces the scripts of the world into a form suitable for processing by applications that have no understanding of Unicode. This, for example, transforms the newly minted TLD for Saudi Arabia, السعودية, into xn--mgberp4a5d4ar so that it can be processed similarly to any ASCII-based domain name.
Punycode has several advantageous characteristics. For example, it encodes the discrete components of a DNS name individually making it possible to encode only part of a DNS name. Encoded name components are prefixed with xn--. One such partially-encoded DNS name is xn--vckfdb7e3c7hma3m9657c16c.jp which, with one encoded and one unencoded label, represents the Japan Registry Services. This partial encoding has allowed the use of local languages in parts of the world for several years without support for IDNs at the DNS root.
Allowing users to connect with one another or online resources without the constraint or burden of Latin characters is certainly a good thing. However, there are security risks to be understood.
Spring is finally here, and besides being a good time to clean the attic, garage or basement, it is also a good time to clean the configuration on your Cisco IOS devices — removing unneeded ACEs from ACLs, maybe setting some interfaces as passive, removing VLANs from trunks, etc.
And while doing said cleaning, hey, why not also check the device configuration against the Cisco Guide to Harden Cisco IOS Devices, to make sure we’re doing our best to keep those Cisco IOS devices as secure as possible?
When looking over the recommendations on the hardening guide, time and again people are puzzled by this line:
“Issue the no mop enabled command in interface configuration mode in order to disable the Maintenance Operation Protocol (MOP) service.”
And they come back to us with questions like, “what is MOP, why do I have to disable it, and is it even relevant if I’m not running DECnet?” Well, today we hope to clear up some of the confusion that might surround the unMOPping of a Cisco IOS device, so gather round for a story. Sorry, no marshmallows, but I think it will be interesting nonetheless.
This week we’re trying something new and a little different (at least for us). We’ve created a poll that we hope will be a fun addition to the Cisco Security blog.
Background On This Week’s Poll: You may have heard of this social network called Facebook. It used to be that people joined Facebook as part of a University affiliation and it was mostly used to keep track of school friends. Users let others know about their interests, hobbies, and favorite bands. As Facebook has grown it has morphed from a way to connect with friends into one of the de-facto ways people communicate with many in their personal life and, increasingly, in the business realm. This extends to bosses, high school friends and frienemies, and that second cousin twice removed.
When security professionals are left scratching their heads trying to twiddle the nerd knobs or decipher the market-speak of Facebook’s opt-out dialogs, how does this bode for an ordinary user?
Last weekend I had a friend quit Facebook while we were IM’ing on Gmail. I was surprised how easily he made this decision, as it seemed to be rather drastic. I asked him if it was because of the recent privacy trends and he said, “no, I’m just getting tired of not knowing what I’m sharing.” While an anecdote isn’t the singular of data, quitting Facebook has apparently been a growingtrend. Read Write Web noted that leaving isn’t so easy (emotionally?), and Facebook has been working to quell some people’s fears. All this has left me wondering:
On May 1, 2010, smoke was observed in Times Square in New York City, emitting from a sport utility vehicle laden with an improvised explosive device. After authorities disarmed the device, an investigation began to uncover the identity and whereabouts of those responsible for assembling and attempting to detonate the device. As a result of the investigation, Faisal Shahzad was identified as a suspect, placed on the Transportation Security Administration’s (TSA) no-fly list, and later captured after he attempted to fly to Dubai on Emirates Airlines.
Authorities are calling this capture a success: the bomb did not detonate, no lives were lost, and a suspect is in custody. Yet just four months prior, the White House cited “totally unacceptable” systemic failure after Umar Farouk Abdulmutallab was unsuccessful in his detonation of plastic explosives concealed in his underwear during a Christmas Day transatlantic flight to the U.S. Both scenarios seem similar: failed explosion, no lives lost, suspected perpetrator apprehended. Yet, the first is a “failure” and the second a “success?” How can this be? Politics aside, I think there is an answer.
As highlighted in this week’s Cyber Risk Report, the FTC is raising concerns on how consumer data is collected and shared within the context of social media. Facebook is at the front and center of this issue with its user base estimated at over 400 million people globally. But it should also be top of mind for a different reason: its privacy policies seem to be shifting with regularity, dragging an increasingly complex and confusing interface for managing that privacy along in tow. Wired’s Eliot Van Buskirk stated that Facebook is “leaving the onus on users to figure out its Rubik’s Cube-esque privacy controls.” I agree.
When security professionals are left scratching their heads trying to twiddle the nerd knobs or decipher the market-speak of Facebook’s opt-out dialogs, how does this bode for an ordinary user?
