UCL Computer Security Newsletter - April/May 2010
The purpose of this newsletter is to keep all security reps and other
interested parties informed about what is happening around UCL
regarding computer security. Further information from the Computer
Security Team is always available at http://www.ucl.ac.uk/isd/common/cst.
1. UCL Information Security Policy
The policy pages have been copied to the new ISD website. As long as you have used the correct URLs as we have advised in the past, you don't need to do anything as redirects will be put in place. Please take this as a reminder to check any references you make to policy. All new references should point to
and specifically (e.g. Computing Regulations): http://www.ucl.ac.uk/isd/common/cst/swg/policy/public-policy/Regulations
This will always point to the latest version.
Do NOT refer directly to http://www.ucl.ac.uk/isd/common/cst/swg/policy/public-policy/Regulations_ISC_200912 or any URL with a date stamp like this.
2. Moderating user content
To mitigate against liability for user-generated content, have well-publicised and efficient take-down procedures. Further details at http://www.jisclegal.ac.uk/Default.aspx?tabid=243&id=1243 and see also
http://www.ucl.ac.uk/isd/common/cst/good_practice/legalwebsite for original CST advice.
3. New location for CST
We are now based on the Ground Floor in Central house, 14 Upper Woburn Place, London WC1H 0HY. Phone numbers remain the same.
4. International Domain Names
Not sure how this will come out, but the new IDNs going live might be some food for thought - thanks to Tomo at the London Business school for this item (slightly edited by myself).
ICANN, the authority responsible for domain names, amongst other stuff, has announced support for the first International Domain Names (IDN) went live last Thursday for
• Egypt: مصر (Egypt)
• Saudi Arabia: السعودية (AlSaudiah)
• United Arab Emirates: امارات (Emarat)
This means that provided your application supports IDN, then you can now browse to sites such as:
Note: Older browsers such as Internet Explorer 6 does not support IDN without a browser plugin. For more information see http://support.microsoft.com/kb/842848
The IDN URL above is for the Egyptian Ministry of Communications. Note how the URL can be reversed, depending upon the language/script, such that the arabic roughly translates to http:// egypt . ministry-communications . www whereas in roman script the most-significant part of the domain name is put at the end of the URL - ie. http://www.mcit.gov.eg/
The IDN URL is converted into ASCII punycode for processing, and will typically look something like the following when ASCIIed. The tell-tale sign for an IDN URL is that each section of the domain name that has been IDN'd starts with "xn--" (that is xn followed by 2 hyphens)
As there has been a lack of coordination via ICANN the browser people are playing catch up. Currently Safari is reportedly the only browser to maintain the IDN script in the address bar of the browser (assuming the foreign character set is present on the local workstation), others just show the ASCII punycode currently, which really is a phishers paradise.
With our international and diverse community in London HE, we need to be aware of this development. Other countries are in the process of registering top-level domain names, so expect some others to crop up soon.
Please note all correspondence from the UCL Computer Security Team is digitally signed either with personal PGP keys or the CERT team key (public keys available from http://www.ucl.ac.uk/isd/common/cst/contacts).
This newsletter and previous ones are available at http://www.ucl.ac.uk/isd/common/cst/cst-newsletters (except currently the March 2007 one as that had sensitive information in it).
We welcome feedback on the content and organisation of documents on our web page.