Official Gmail Blog: A first step toward more global email

2014.08.25

But all that could change. In 2012, an organization called the Internet Engineering Task Force IETF created a new email standard that supports addresses with non-Latin and accented Latin characters e.g. ?????.????. In order for this standard to become a reality, every email provider and every website that asks you for your email address must adopt it. That’s obviously a tough hill to climb. The technology is there, but someone has to take the first step.

via Official Gmail Blog: A first step toward more global email.

 

The TL;DR is: Google is enabling non-latin chars in email addresses (cf RFC6530). Whether this will encourage widespread acceptance of this is going to be interesting to see; like IPv4, everyone’s gotten used to The Way We Do It Now. And like IPv6, I doubt there’s going to be much switchover unless it’s forced.

One obvious benefit would be to employ char-sets in the email header as part of heuristic anti-spam measures in a more nuanced way (as opposed to “anything non-LATIN-1 gets more weight when spam/ham score is being calculated”) — you’d be able to say “well, we have customers in Russia, so Cyrillic is OK, but we have no market in Asia so Asian languages have a higher spam score”.

Categories : News

Lorem Ipsum: Of Good & Evil, Google & China — Krebs on Security

2014.08.23

Steganography by gaming google translate with Lorem Ipsum

Lorem Ipsum: Of Good & Evil, Google & China — Krebs on Security.

 

Categories : News
Tags :       

Juniper SRX: selectively disable TCP SYN or Sequence checking | Bart Jansens

2014.08.14

Juniper SRX: selectively disable TCP SYN or Sequence checking | Bart Jansens.

Quite a bit of useful stuff on this netsec guy’s blog, worth your time if you’re poking at junos devices.

Categories : HowTo
Tags :     

Yahoo email anti-spoofing policy breaks mailing lists

2014.08.10
Categories : News

Schneier on Security

2014.08.08

Schneier on Security. One of the best infosec blogs out there.

Categories : News  Security
Tags :   

Cryptolocker keys made available

2014.08.06
Categories : News

QoS / CoS on JunOS

2014.08.02

anything in [square brackets] needs to be changed or specified

First, define the QoS (CoS — Class of Service — in Juniper parlance) filters. This entails creating the classifiers, drop-profiles, forwarding-classes, scheduler-maps and schedulers. For the needs of this particular setup, I had to guarantee that the network control traffic (hellos, keepalives, etc) got through and the rest of the 30meg pipe that provided the office internet was to be shaped to prioritize traffic sensitive to delay (read: VoIP).

set interface [interface] per-unit-scheduler
set class-of-service classifiers dscp [mark_traffic_filter] forwarding-class expedited-forwarding loss-priority low code-points ef
set class-of-service classifiers dscp [mark_traffic_filter]  forwarding-class network-control loss-priority low code-points nc1
set class-of-service classifiers dscp [mark_traffic_filter] forwarding-class assured-forwarding loss-priority low code-points af11
set class-of-service classifiers dscp [mark_traffic_filter] forwarding-class best-effort loss-priority medium-low code-points be
set class-of-service drop-profiles be_drop_profile fill-level 50 drop-probability 10
set class-of-service drop-profiles be_drop_profile fill-level 75 drop-probability 15
set class-of-service drop-profiles be_drop_profile fill-level 95 drop-probability 20
set class-of-service forwarding-classes queue 0 best-effort
set class-of-service forwarding-classes queue 0 priority low
set class-of-service forwarding-classes queue 1 assured-forwarding
set class-of-service forwarding-classes queue 1 priority high
set class-of-service forwarding-classes queue 2 expedited-forwarding
set class-of-service forwarding-classes queue 2 priority high
set class-of-service interfaces reth0 unit 102 scheduler-map [name_cos_filter]
set class-of-service interfaces reth0 unit 102 shaping-rate 30m
set class-of-service scheduler-maps [name_cos_filter] forwarding-class network-control scheduler nc_scheduler
set class-of-service scheduler-maps [name_cos_filter] forwarding-class expedited-forwarding scheduler ef_scheduler
set class-of-service scheduler-maps [name_cos_filter] forwarding-class assured-forwarding scheduler af11_scheduler
set class-of-service schedulers ef_scheduler transmit-rate 29m
set class-of-service schedulers ef_scheduler buffer-size percent 30
set class-of-service schedulers ef_scheduler priority high
set class-of-service schedulers af11_scheduler transmit-rate remainder
set class-of-service schedulers af11_scheduler buffer-size percent 50
set class-of-service schedulers af11_scheduler priority medium-high
set class-of-service schedulers nc_scheduler transmit-rate 1m
set class-of-service schedulers nc_scheduler buffer-size percent 20
set class-of-service schedulers nc_scheduler priority strict-high

Once the CoS stuff is in place, you have to apply it to a firewall policy, so that it actually affects traffic:

set firewall family inet filter egress_cos_filter term office_voip from destination-address 1.1.1.0/24
set firewall family inet filter egress_cos_filter term office_voip from destination-address 256.256.256.0/24
set firewall family inet filter egress_cos_filter term office_voip from destination-address 192.168.2.0/22
set firewall family inet filter egress_cos_filter term office_voip from destination-address 127.0.0.0/22
set firewall family inet filter egress_cos_filter term office_voip from protocol udp
set firewall family inet filter egress_cos_filter term office_voip from destination-port 3479
set firewall family inet filter egress_cos_filter term office_voip from destination-port 15044
set firewall family inet filter egress_cos_filter term office_voip from destination-port 5060
set firewall family inet filter egress_cos_filter term office_voip from destination-port 5199
set firewall family inet filter egress_cos_filter term office_voip then count office_voip
set firewall family inet filter egress_cos_filter term office_voip then forwarding-class expedited-forwarding
set firewall family inet filter egress_cos_filter term non_voip_traffic then count non_voip_traffic_counter
set firewall family inet filter egress_cos_filter term non_voip_traffic then forwarding-class assured-forwarding
set firewall family inet filter egress_cos_filter term non_voip_traffic then accept

The count office_voip part of the filter stanza is there just to verify that the filter is actively affecting traffic (the office_voip count should go up if it is).

Further reading:

http://www.juniper.net/techpubs/software/junos-security/junos-security95/junos-security-swconfig-interfaces-and-routing/default-cos-section.html

http://www.juniper.net/techpubs/en_US/junos12.3/topics/concept/cos-qfx-series-traffic-control-profiles-understanding.html

http://dataplumber.wordpress.com/2011/12/30/junos-qos-notes/

http://jsrx.juniperwiki.com/index.php?title=COS

Categories : HowTo
Tags :