Folker Reichert, Asien und Europa im Mittelalter. Studien zur Geschichte des Reisens. Göttingen/Bristol, CT, Vandenhoeck & Ruprecht 2014

Peer Reviewe

Fünftausend Jahre Stiftungen

Nach der schriftlichen Überlieferung lassen sich Stiftungen bis etwa 3000 v. Chr. zurückverfolgen und in Babylon und Ägypten auffinden. Sie dienten demnach ursprünglich dem Kult, genauer der Ernährung, der Götter sowie der Versorgung der Ahnen für ihr postmortales Dasein. Erst seit der sogenannten Achsenzeit, nach Karl Jaspers um die Mitte des ersten Jahrtausends v. Chr., ging es bei Stiftungen um den Menschen, und zwar um den Stifter selbst oder bestimmte von ihm im Sinne der Wohltätigkeit Begünstigte. Die monotheistischen Religionen Vorderasiens, die in dieser Hinsicht vielleicht durch den persischen Zoroastrismus beeinflusst wurden, haben den sehr erfolgreichen Typ der Stiftungen für das Seelenheil entfaltet. Dieser trat neben oder an die Stelle der älteren Stiftungen für die Seele, die lediglich die nachtodliche Weiterexistenz fördern sollten, und zielte auf eine gesteigerte, glückselige Existenzform durch die Gnade oder in der Nähe Gottes. Die zweite universalhistorische Zäsur brachte dem Stiftungswesen erst die Moderne, indem sie das religiös begründete Motiv der dauernden Zwecksetzung des Stiftungskapitals aufhob. Die „operativen“ und „Gebrauchsstiftungen“ der Gegenwart, im Wesentlichen eine amerikanische Erfindung, brechen mit einer jahrtausendealten Sinngebung, um der Erfahrung des unaufhaltsamen gesellschaftlichen und kulturellen Wandels gerecht zu werden.According to the written record foundations can be traced back to roughly 3000 B. C. and were found in Babylon and Egypt. They originally served the cult, or more precisely the nourishment, of the gods as well as the provision of ancestors in the post-mortal state. Beginning from the time of the so-called Axial Age, according to Karl Jasper around the middle of the first millennium B. C., endowments involved people, that is the founder himself or beneficiaries designated by him in the spirit of philanthropy. The monotheistic religions of the Near East, which in this respect were perhaps influenced by Persian Zoroastrianism, developed an extremely successful type of foundation, namely the foundation for salvation. This appeared alongside or replaced the older foundations for the soul, which were essentially meant to support one’s continuing existence in the afterlife and aimed at an enhanced and blissful form of existence through the mercy of or closeness to God. The second universal historical caesura for foundations was brought about by modernity, by removing the religiously-motivated motivation for the lasting purpose of the endowment. The „operative“ or „provisional endowments“ of the present, essentially an American innovation, have parted ways with a millennia-old interpretation, in order to meet the requirements of inexorable societal and cultural change.Peer Reviewe

Identifying and Preventing Large-scale Internet Abuse

The widespread access to the Internet and the ubiquity of web-based services make it easy to communicate and interact globally. Unfortunately, the software and protocols implementing the functionality of these services are often vulnerable to attacks. In turn, an attacker can exploit them to compromise, take over, and abuse the services for her own nefarious purposes. In this dissertation, we aim to better understand such attacks, and we develop methods and algorithms to detect and prevent them, which we evaluate on large-scale datasets.First, we detail Meerkat, a system to detect a visible way in which websites are being compromised, namely website defacements. They can inflict significant harm on the websites’ operators through the loss of sales, the loss in reputation, or because of legal ramifications. Meerkat requires no prior knowledge about the websites’ content or their structure, but only the Uniform Resource Identifier (URI) at which they can be reached. By design, Meerkat mimics how a human analyst decides if a website was defaced when viewing it in a browser, by using computer vision techniques. Thus, it tackles the problem of detecting website defacements through their attention-seeking nature, their goal and purpose, rather than code or data artifacts that they might exhibit. In turn, it is much harder for an attacker to evade our system, as she needs to change her modus operandi. When Meerkat detects a website as defaced, the website can automatically be put into maintenance mode or restored to a known good state.An attacker, however, is not limited to abuse a compromised website in a way that is visible to the website’s visitors. Instead, she can misuse the website to infect its visitors with malicious software (malware). Although malware is well studied, identifying malicious websites remains a major challenge in today’s Internet. Second, we introduce Delta, a novel, purely static analysis approach that extracts change-related features between two versions of the same website, uses machine learning to derive a model of website changes, detects if an introduced change was malicious or benign, identifies the underlying infection vector based on clustering, and generates an identifying signature. Furthermore, due to the way Delta clusters campaigns, it can uncover infection campaigns that leverage specific vulnerable applications as a distribution channel, and it can greatly reduce the human labor necessary to uncover the application responsible for a service’s compromise.Third, we investigate the practicality and impact of domain takeover attacks, which an attacker can similarly abuse to spread misinformation or malware, and we present a defense on how such takeover attacks can be rendered toothless. Specifically, the new elasticity of Internet resources, in particular Internet protocol (IP) addresses in the context of Infrastructure-as-a-Service cloud service providers, combined with previously made protocol assumptions can lead to security issues. In Cloud Strife, we show that this dynamic component paired with recent developments in trust-based ecosystems (e.g., Transport Layer Security (TLS) certificates) creates so far unknown attack vectors. For example, a substantial number of stale domain name system (DNS) records points to readily available IP addresses in clouds, yet, they are still actively attempted to be accessed. Often, these records belong to discontinued services that were previously hosted in the cloud. We demonstrate that it is practical, and time and cost-efficient for attackers to allocate the IP addresses to which stale DNS records point. Further considering the ubiquity of domain validation in trust ecosystems, an attacker can impersonate the service by obtaining and using a valid certificate that is trusted by all major operating systems and browsers, which severely increases the attackers’ capabilities. The attacker can then also exploit residual trust in the domain name for phishing, receiving and sending emails, or possibly distributing code to clients that load remote code from the domain (e.g., loading of native code by mobile apps, or JavaScript libraries by websites). To prevent such attacks, we introduce a new authentication method for trust-based domain validation that mitigates staleness issues without incurring additional certificate requester effort by incorporating existing trust into the validation process.Finally, the analyses of Delta, Meerkat, and Cloud Strife have made use of large-scale measurements to assess our approaches’ impact and viability. Indeed, security research in general has made extensive use of exhaustive Internet-wide scans over the recent years, as they can provide significant insights into the state of security of the Internet (e.g., if classes of devices are behaving maliciously, or if they might be insecure and could turn malicious in an instant). However, the address space of the Internet’s core addressing protocol (Internet Protocol version 4; IPv4) is exhausted, and a migration to its successor (Internet Protocol version 6; IPv6), the only accepted long-term solution, is inevitable. In turn, to better understand the security of devices connected to the Internet, in particular Internet of Things devices, it is imperative to include IPv6 addresses in security evaluations and scans. Unfortunately, it is practically infeasible to iterate through the entire IPv6 address space, as it is 296 times larger than the IPv4 address space. Without enumerating hosts prior to scanning, we will be unable to retain visibility into the overall security of Internet-connected devices in the future, and we will be unable to detect and prevent their abuse or compromise. To mitigate this blind spot, we introduce a novel technique to enumerate part of the IPv6 address space by walking DNSSEC-signed IPv6 reverse zones. We show (i) that enumerating active IPv6 hosts is practical without a preferential network position contrary to common belief, (ii) that the security of active IPv6 hosts is currently still lagging behind the security state of IPv4 hosts, and (iii) that unintended default IPv6 connectivity is a major security issue

Rudolf Schieffer, Christianisierung und Reichsbildungen. Europa 700–1200. München, Beck 2013

Dieser Beitrag ist mit Zustimmung des Rechteinhabers aufgrund einer (DFG-geförderten) Allianz- bzw. Nationallizenz frei zugänglich.Peer Reviewe

Karl Ubl, Sinnstiftungen eines Rechtsbuchs. Die Lex Salica im Frankenreich. (Quellen und Forschungen zum Recht im Mittelalter, Bd. 9.) Ostfildern, Thorbecke 2017

Dieser Beitrag ist mit Zustimmung des Rechteinhabers aufgrund einer (DFG-geförderten) Allianz- bzw. Nationallizenz frei zugänglich.Peer Reviewe

Stiftung und Memoria

Mit seinen Studien zum mittelalterlichen Stiftungswesen hat Michael Borgolte seit den achtziger Jahren eine sozialgeschichtliche Wende in der Stiftungsforschung der Vormoderne herbeigeführt. Maßgeblich war dabei die Einsicht, dass der Zweck der Stiftung, die Memoria des Stifters oder anderer von ihm benannter Personen auf Dauer zu sichern, nicht durch eine juristische Konstruktion, sondern nur durch den Austausch von Gabe und Gegengabe gesichert werden konnte. Der Initiator beziehungsweise die Verwalter seiner Stiftung und die Empfänger der Stiftungserträge standen in einem Verhältnis gegenseitiger Verpflichtungen, das oft über Jahrhunderte hin durch immer neue Aktualisierungen des Stifterwillens lebendig blieb. Mit diesem Ansatz hat Michael Borgolte Stiftungen des Mittelalters weit über das liturgische Gedenken hinaus untersucht und besonders karitativen und wissenschaftlichen Stiftungszwecken Beachtung geschenkt. Das Studium der Stiftungen eignet sich aber auch zur Erkenntnis einer Gesellschaft in ihren Zusammenhängen; deshalb beschrieb er Stiftung als „totales System“ und untersuchte das Verhältnis von „Stiftung und Staat“ oder „Stiftung und Mäzenatentum“. In neueren Abhandlungen hat Michael Borgolte interkulturelle Vergleiche in dia- wie synchroner Dimension angestellt, zwischen dem vormodernen und dem neueren Stiftungswesen ebenso, wie zwischen den lateinisch-christlichen, byzantinischen, russisch-orthodoxen, jüdischen und vor allem muslimischen Stiftungen des mittelalterlichen Jahrtausends. Die hier vorgelegte Sammlung seiner wichtigsten Aufsätze und Beiträge bieten deshalb keinen Abschluss, sondern eher eine Zwischenbilanz auf dem Weg zu einer Universalgeschichte des vormodernen Stiftungswesens

Olaf Asbach, Europa – Vom Mythos zur Imagined Community? Zur historischen Semantik ‚Europas‘ von der Antike bis ins 17. Jahrhundert. (Europa und Moderne, Bd. 1.) Hannover, Wehrhahn 2011

Dieser Beitrag ist mit Zustimmung des Rechteinhabers aufgrund einer (DFG-geförderten) Allianz- bzw. Nationallizenz frei zugänglich.Peer Reviewe