How to unwittingly sign non-repudiable documents with Java applications

Digital signatures allow us to produce documents whose integrity and authenticity, as we generated them, is verifiable by anybody who has access to our public key. Furthermore, we cannot repudiate those documents as something we never saw, let alone signed, since nobody else but us could access our private key. We show how the previous statement can be proved wrong when carefully crafted malicious software is installed on a machine running a Java digital signature application. By using such a software, a user may unwittingly sign another document besides the one he/she intends to digitally sign or sign a different document altogether. Our attack exploits a known vulnerability of the security architecture of the Java run-time environment that allows nonJava malicious software to replace some Java system classes with malicious ones, which then alter the victim application behavior

Implementing an integrated e-government functionality for a marginalized community in the Eastern Cape South Africa

Traditional methods of providing public services to disadvantaged rural communities in South Africa have, over the years, proven to be inefficient and in most such communities, simply non-existent. Although the South African government has taken initiatives to make these public services cheaply and conveniently available online at national level, access at local municipal level is still lacking. The goal of this study is to develop a cost-effective e-government system that will contribute to improved provision of public services to the Dwesa area, a rural community in the Eastern Cape province of South Africa, by the government. A prototype construction approach was used, to develop a cost-effective four-modular web application. Interviews were conducted in the field, resulting in four e-government system modules, based on open-source software, developed and integrated to form a single, dynamic web component that will act as a one-stop shop for Dwesa community members. These are the Dwesa Online Application Centre (DOAC) to apply for important government documents and grants, the Dwesa Online Reporting Centre (DORC) to report various grievances to the responsible agencies, the Dwesa Forum Corner (DFC), a digital community, and the management back-end module. The Dwesa e-government portal was developed using Linux-Apache-MySQL-PHP (LAMP) technology, a Zoop framework to model the individual components and a JQUERY JavaScript library to increase the responsiveness of the user interfaces. The most significant contributions of this thesis have been the development of a cost-effective, integrated e-government functionality, applicable to disadvantaged communities, and the greater understanding this has given of the tools and methodologies that can be used to deliver public services efficiently to citizens. The final evaluation of this e-government system gives significant evidence that the e-government portal provides a solid foundation that will allow e-government implementation to raise the provision of public services to a higher level