Una proposta per il servizio di Posta Elettronica del CNR

A proposal for the CNR electronic mail serviceUna proposta per la ristrutturazione del servizio di Posta Elettronica del CN

EXPLORATION OF THE DESIGN OF A COMPLEX E-MAIL SYSTEM

The management of an Internet service involves a variety of aspects, ranging from the economic to the technical and organizational. Cost reduction, management simplification and improvement of service quality are the fundamental targets of every Internet service project. In geographically widespread organizations where numerous servers are used in order to implement distributed network services, both costs and human labor for maintenance and management are greatly multiplied. We believe that security and maintenance problems, and thus cost, could be reduced by transferring from a distributed to a centralized service. However, this choice would undermine the flexibility needed by local administrators in order to be able to administer their own services. This paper describes a hybrid service management model (partly centralized, partly distributed) and outlines the results we obtained by applying this model to the e-mail service of our organization

Why doesn’t Jane protect her privacy?

End-to-end encryption has been heralded by privacy and security researchers as an effective defence against dragnet surveillance, but there is no evidence of widespread end-user uptake. We argue that the non-adoption of end-to-end encryption might not be entirely due to usability issues identified by Whitten and Tygar in their seminal paper “Why Johnny Can’t Encrypt”. Our investigation revealed a number of fundamental issues such as incomplete threat models, misaligned incentives, and a general absence of understanding of the email architecture. From our data and related research literature we found evidence of a number of potential explanations for the low uptake of end-to-end encryption. This suggests that merely increasing the availability and usability of encryption functionality in email clients will not automatically encourage increased deployment by email users. We shall have to focus, first, on building comprehensive end-user mental models related to email, and email security. We conclude by suggesting directions for future research

Email Server as a Windows Network Service

Email je jednou z nejpoužívanějších služeb na dnešním Internetu. Téměř neexistuje uživatel, který by neměl alespoň jednu vlastní schránku. Tyto schránky jsou ale většinou umístěny na cizích serverech. Pokud se uživatel rozhodne si vyzkoušet provozovat vlastní emailový server, musí si většinou nainstalovat unixový systém a následně podstoupit složitou konfiguraci emailového serveru. Cílem této práce je seznámit čtenáře s historií a základními protokoly pro emailovou komunikaci a dále navrhnout a implementovat emailový server pro platformu Windows NT, jenž bude lehce konfigurovatelný.Email is one of the most used services on the Internet. It's hard to find a user with less than one own mailbox. These mailboxes are usually located on servers controlled by someone else than mailbox owners. Users trying to create their own email serverhave to install unix system and go through hard configuration process of the email server. Purpose of this work is to familiriaze reader with email history and protocols and then introduce design and implementation of an email server with easy configuration for Windows NT platform.

Facebook Social Network Datamining and Reconstruction of Captured Communication

Tato práce se zabývá sociální síti Facebook z pohledu počítačové forenzní vědy se zaměřením na získávání citlivých a potenciálně užitečných informací o sledovaných uživatelích. Cílem této bakalářské práce je implementace nástrojů k rekonstrukci síťové komunikace a dolování dat z této sociální sítě. Jádro aplikace bylo implementováno ve frameworku pro zpracování zachycené komunikace Netfox.Framework, který je vyvíjen na Fakultě informačních technologií, Vysokého učení technického v Brně. Pro zachycení dešifrovatelné komunikace byl využit útok Man-in-the-Middle. Pro dolování dat bylo využito nástroje Selenium WebDriver, který funguje jako DOM parser. Vytvořené řešení poskytuje možnost rekonstruovat konverzace mezi uživateli, přidávání stavů, komentářů a souborů. Z pohledu dolování dat poskytuje vytvořené řešení možnost získání veřejných informací o uživatelích, zejména místa, na kterých se uživatel v poslední době pohyboval, události, kterých se účastnil či se plánuje účastnit, fotoalba a fotky, seznam jeho kamarádů a seznam společných kamarádů s jiným uživatelem. V rámci řešení byla provedena analýza dat, implementace aplikace, testování na laboratorních datech a výkonnostní analýza.This thesis deals with social network Facebook from perspective of computer forensic science with focus on obtaining sensitive information about tracked users. Its main goal is implementation of the tools for reconstruction of captured communication and Facebook data mining. Core of this application has been implemented in framework for processing of captured communication Netfox.Framework, which is being developed by Faculty of Information Technology, Brno University of Technology. Man-in-the-Middle attack has been used for capturing of decipherable communication. Selenium WebDriver has been used as a tool for data mining. Developed solution is able to reconstruct Facebook conversations between users, addition of new statuses and comments, and interception of sent files. Data mining module is able to obtain public information about tracked users, especially places they recently visited, past and upcoming events, public user details, albums and photos, friendlists and mutual friends with other users. As part of the bachelor thesis, data analysis, implementation of the application, validity testing and benchmark analysis have been performed.

A security analysis of email communications

The objective of this report is to analyse the security and privacy risks of email communications and identify technical countermeasures capable of mitigating them effectively. In order to do so, the report analyses from a technical point of view the core set of communication protocols and standards that support email communications in order to identify and understand the existing security and privacy vulnerabilities. On the basis of this analysis, the report identifies and analyses technical countermeasures, in the form of newer standards, protocols and tools, aimed at ensuring a better protection of the security and privacy of email communications. The practical implementation of each countermeasure is evaluated in order to understand its limitations and identify potential technical and organisational constrains that could limit its effectiveness in practice. The outcome of the above mentioned analysis is a set of recommendations regarding technical and organisational measures that when combined properly have the potential of more effectively mitigating the privacy and security risks of today's email communications.JRC.G.6-Digital Citizen Securit