AITP of Hampton Roads, Va. (Association of Information Technology Professionals)
October 2005 Newsletter

www.aitp-hr.com


Our Next Meeting is 
Tuesday, October 4, 2005

Point Plaza Suites & Conference Hotel at I-64 & US 17, Newport News, Va.

Social Hour - 5:30 PM
Dinner - 6:30 PM
Program - 7:30 PM

Members - $17 
Spouse/Significant Other - $20 
Guests - $20 
Students - $14

If you will be joining us for the speaker and not for dinner, we request a donation of $5. 

For Reservations: Call Digital Applications Inc., at 827-1250 no later than noon on the Friday preceding the meeting.

Officers and Directors

OFFICERS

George Koscho, President 382-8909 
Clifton Hayes, Past President 460-7284 
Jim Pollan, Vice President 865-1400 ext 210 
Bill Shumate, Secy./Treasurer 827-1250
Alan Sutton, Association Liaison 486-1700

DIRECTORS

Clara Fox, Awards  826-0519
Ed Miller, Newsletter / Website 553-0128 
Bill Oshel, Program 249-2846 

Welcome New Members!

The Hampton Roads Chapter is proud to recognize the following new members:

Sheryl Smith
Steve Tyler
Kelley Dubois
William Phillips
Jeanine Taylor
Charles Anderson

Calendar
Oct 4 Scott Dewhirst, NN Waterworks
Nov 1 
Max Bartholomew, 
Dominion Resources
Dec 6 Scott Striepe, NASA

Understanding Internationalized Domain Names
by Mindi McDowell

You may have been exposed to internationalized domain names (IDNs) without realizing it. While they typically do not affect your browsing activity, IDNs may give attackers an opportunity to redirect you to a malicious web page.

What are internationalized domain names? To decrease the amount of confusion surrounding different languages, there is a standard for domain names within web browsers. Domain names are included in the URL (or web address) of web site. This standard is based on the Roman alphabet (which is used by the English language), and computers convert the various letters into numerical equivalents. This code is known as ASCII (American Standard Code for Information Interchange). However, other languages include characters that do not translate into this code, which is why internationalized domain names were introduced.

To compensate for languages that incorporate special characters (such as Spanish, French or German) or rely completely on character representation (such as Asian or Arabic languages), a new system had to be developed. In this new system, the base URL (which is usually the address for the home page) is dissected and converted into a format that is compatible with ASCII. The resulting URL (which contains the string "xn--" as well as a combination of letters and numbers) will appear in your browser's status bar. In newer versions of many browsers, it will also appear in the address bar.

What are some security concerns?

Attackers may be able to take advantage of internationalized domain names to initiate phishing attacks (see Avoiding Social Engineering and Phishing Attacks for more information). Because there are certain characters that may appear to be the same but have different ASCII codes (for example, the Cyrillic "a" and the Latin "a"), an attacker may be able to "spoof" a web page URL. Instead of going to a legitimate site, you may be directed to a malicious site, which could look identical to the real one. If you submit personal or financial information while on the malicious site, the attacker could collect that information and then use and/or sell it.

How can you protect yourself?

* Type a URL instead of following a link - Typing a URL into a browser rather than clicking a link within a web page or email message will minimize your risk. By doing this, you are more likely to visit the legitimate site rather than a malicious site that substitutes similar-looking characters. * Keep your browser up to date - Older versions of browsers made it easier for attackers to spoof URLs, but most newer browsers incorporate certain protections. Instead of displaying the URL that you "think" you are visiting, most browsers now display the converted URL with the "xn--" string. Internet Explorer does not currently support IDNs, so you will see an error message if you try to visit a URL that includes non-ASCII characters. * Check your browser's status bar - If you move your mouse over a link on a web page, the status bar of your browser will usually display the URL that the link references. If you see a URL that has an unexpected domain name (such as one with the "xn--" string mentioned above), you have likely encountered an internationalized domain name. If you were not expecting an internationalized domain name or know that the legitimate site should not need one, you may want to reconsider visiting the site. Browsers such as Mozilla and Firefox include an option in their security settings about whether to allow the status bar text to be modified. To prevent attackers from taking advantage of JavaScript to make it appear that you are on a legitimate site, you may want to make sure this option is not enabled.

Authors: Mindi McDowell, Will Dormann, Jason McCormick Produced 2005 by US-CERT, a government organization.

Visit the Chapter Store

Buy Hampton Roads AITP Merchandise!
Books, T-shirts, Hats, Coffee Mugs and MORE!  Support the Hampton Roads AITP Chapter Store today!

www.aitp-hr.com/rstore.htm
Yellow T-shirt with AITP Hampton Roads logo, only $14.99
Green T-shirt with AITP Hampton Roads logo, only $14.99
10 pack of 2.25 inch AITP Hampton Roads Buttons! Only $11.99
Don't forget Fido! Hampton Roads AITP logo Doggie T-Shirt, just $13.99
Hampton Roads AITP Teddy Bear, $14.99
Women's Pink T-Shirt with Hampton Roads AITP logo, $14.99

Also, get books and CD's at Amazon! The chapter earns commissions on everything we sell. Start your search here!

Search Now:

 

Contact Us

AITP 
The Association of 
Information Technology Professionals

c/o Digital Applications Inc
2714 W Mercury Blvd, Hampton, VA 23666
Phone: (757) 827-1250

 

  
October Meeting Preview

Our October 4th meeting will feature a presentation by Scott Dewhirst. He will speak on the technology used in the water industry. Scott is employed by The City of Newport News in the Waterworks/Public Utilities Department. He currently serves as the Chief of Facilities Engineering where he oversees the engineering support for all of the Waterworks facilities ranging from dams, storage tanks, pump stations, and water treatment facilities. He is a registered Professional Engineer in Virginia and South Carolina where he previously was employed as an engineering consultant. Scott is a native of Virginia. He was born and raised in Richmond and attended Virginia Tech where he obtained his Bachelor’s and Master’s degrees in Civil and Environmental Engineering, respectively. He has always been a proud Hokie, even before the recent success of the Hokie football team!

Please plan on joining us for this very interesting presentation and bring a guest.
September Meeting Highlights


Our September 6th meeting featured a presentation and a tour of the Cavalier Telephone center in Norfolk. 

Our host for the evening was Steve Tyler. Steve was joined by Ray Sprinkle and Clint McDonald and they presented "Central Office Operations and Carrier Class VoIP Delivery". They discussed how a telephone company manages and delivers service, in particular Voice over IP.

Steve Tyler has been in the telecommunications field for the past 10 years supporting enterprises customers throughout the Mid-Atlantic. Before that he was a network manager for one of the areas largest healthcare systems. His title with Cavalier is Major Account Executive, and currently works in Tidewater.


 
Tell a friend about AITP!


  

 
 

 

 
Thanks for your support!

Thanks for your subscription!