Matching Items (3)

154704-Thumbnail Image.png

E-mail header injections - an analysis of the World Wide Web

Description

E-Mail header injection vulnerability is a class of vulnerability that can occur in web applications that use user input to construct e-mail messages. E-Mail injection is possible when the mailing

E-Mail header injection vulnerability is a class of vulnerability that can occur in web applications that use user input to construct e-mail messages. E-Mail injection is possible when the mailing script fails to check for the presence of e-mail headers in user input (either form fields or URL parameters). The vulnerability exists in the reference implementation of the built-in “mail” functionality in popular languages like PHP, Java, Python, and Ruby. With the proper injection string, this vulnerability can be exploited to inject additional headers and/or modify existing headers in an e-mail message, allowing an attacker to completely alter the content of the e-mail.

This thesis develops a scalable mechanism to automatically detect E-Mail Header Injection vulnerability and uses this mechanism to quantify the prevalence of E- Mail Header Injection vulnerabilities on the Internet. Using a black-box testing approach, the system crawled 21,675,680 URLs to find URLs which contained form fields. 6,794,917 such forms were found by the system, of which 1,132,157 forms contained e-mail fields. The system used this data feed to discern the forms that could be fuzzed with malicious payloads. Amongst the 934,016 forms tested, 52,724 forms were found to be injectable with more malicious payloads. The system tested 46,156 of these and was able to find 496 vulnerable URLs across 222 domains, which proves that the threat is widespread and deserves future research attention.

Contributors

Agent

Created

Date Created
  • 2016

152278-Thumbnail Image.png

A framework for extended acquisition and uniform representation of forensic email evidence

Description

The digital forensics community has neglected email forensics as a process, despite the fact that email remains an important tool in the commission of crime. Current forensic practices focus mostly

The digital forensics community has neglected email forensics as a process, despite the fact that email remains an important tool in the commission of crime. Current forensic practices focus mostly on that of disk forensics, while email forensics is left as an analysis task stemming from that practice. As there is no well-defined process to be used for email forensics the comprehensiveness, extensibility of tools, uniformity of evidence, usefulness in collaborative/distributed environments, and consistency of investigations are hindered. At present, there exists little support for discovering, acquiring, and representing web-based email, despite its widespread use. To remedy this, a systematic process which includes discovering, acquiring, and representing web-based email for email forensics which is integrated into the normal forensic analysis workflow, and which accommodates the distinct characteristics of email evidence will be presented. This process focuses on detecting the presence of non-obvious artifacts related to email accounts, retrieving the data from the service provider, and representing email in a well-structured format based on existing standards. As a result, developers and organizations can collaboratively create and use analysis tools that can analyze email evidence from any source in the same fashion and the examiner can access additional data relevant to their forensic cases. Following, an extensible framework implementing this novel process-driven approach has been implemented in an attempt to address the problems of comprehensiveness, extensibility, uniformity, collaboration/distribution, and consistency within forensic investigations involving email evidence.

Contributors

Agent

Created

Date Created
  • 2013

152509-Thumbnail Image.png

Telling your stories: designing an online email based storytelling group for older adults

Description

The aim of this study is to test the feasibility of building a storytelling system for older adults to tell and share their life stories based on email. It is

The aim of this study is to test the feasibility of building a storytelling system for older adults to tell and share their life stories based on email. It is measured by the level of participation and people's acceptance of the system. The central goals were to empower people over 60 years old by providing a platform for them to share their wonderful life experience and perspectives on life and lead social services into the digital age by bridging traditional roundtable interaction and modern digital communication. A prototype was built to test the level of participation of the system and follow-up interviews were conducted in order to deeply understand people's acceptance. Content analysis was used to analyze the stories to ascertain what common themes were present. Key design considerations and key factors that affect the feasibility of storytelling system were discussed. This research expands on current research and implementation of Internet-based storytelling system and shed light on the future of combining storytelling with older adults' existing Internet knowledge. Key findings of this research are :(1) Frequency of reminiscence trigger and the number of active participants affect the level of participation collectively. Frequency is considered to be a key determinant. High frequency indicates high level of participation. (2) Categories of topics do not affect the level of participation significantly but serve as key attractions that enhance people's acceptance of the system. (3) Older adults highly accept and get involved in the new email storytelling system. This storytelling program helps them recall their memories and have a profound effect on their own introspection.

Contributors

Agent

Created

Date Created
  • 2014