Do not trust me: Using malicious IdPs for analyzing and attacking Single Sign-On

Single Sign-On (SSO) systems simplify login procedures by using an an Identity Provider (IdP) to issue authentication tokens which can be consumed by Service Providers (SPs). Traditionally, IdPs are modeled as trusted third parties. This is reasonable for SSO systems like Kerberos, MS Passport and SAML, where each SP explicitely specifies which IdP he trusts. However, in open systems like OpenID and OpenID Connect, each user may set up his own IdP, and a discovery phase is added to the protocol flow. Thus it is easy for an attacker to set up its own IdP. In this paper we use a novel approach for analyzing SSO authentication schemes by introducing a malicious IdP. With this approach we evaluate one of the most popular and widely deployed SSO protocols - OpenID. We found four novel attack classes on OpenID, which were not covered by previous research, and show their applicability to real-life implementations. As a result, we were able to compromise 11 out of 16 existing OpenID implementations like Sourceforge, Drupal and ownCloud. We automated discovery of these attacks in a open source tool OpenID Attacker, which additionally allows fine-granular testing of all parameters in OpenID implementations. Our research helps to better understand the message flow in the OpenID protocol, trust assumptions in the different components of the system, and implementation issues in OpenID components. It is applicable to other SSO systems like OpenID Connect and SAML. All OpenID implementations have been informed about their vulnerabilities and we supported them in fixing the issues

Science in the virtual learning environment as more than online conversation

The asynchronous computer conference still finds itself largely ignored as an effective vehicle for supporting student-centered, collaborative learning experiences. When it is employed the quality of the learning experience varies widely. The literature reports students either unengaged with the medium or overwhelmed by the discussion threads.The online discussion itself tends to take on the nature of an accumulation of independent facts and little peer-to-peer engagement. It is recognised that learning environments in introductory science courses play a crucial role in Higher Education, and dialogic inquiry is understood to play a vital role in the study and understanding of science. According to Biggs “constructively aligned” learning environments in which careful attention is given to the relationship between learning outcomes, learning activities and teaching practice and assessment strategy are supportive of inquiry.Based on a series of introductory online physical science modules, designed and taught by the author for the University of Maryland University College (UMUC), it is shown that an aligned virtual learning environment is feasible and supports deep learning. Key factors instrumental to the successful delivery include clear communication of tutor and student role, ample opportunities for social networking and a range of creative learning activities and meaningful assessment tasks. The asynchronous conference plays a central role in which ideas are not only shared but critically examined and improved. Interaction goes far beyond conversation, reaching a deeper level of collaborative inquiry and ultimately knowledge construction.Science educators are encouraged to incorporate asynchronous conferencing to undergraduate science courses with the aim of fostering collaborative inquiry and critical thinking skills. The case study demonstrates that if the above described features are realised in the online design, the asynchronous conference by default becomes the showplace for knowledge construction from the outset and increasingly the students’ major learning resource3

Government and Social Media: A Case Study of 31 Informational World Cities

Social media platforms are increasingly being used by governments to foster user interaction. Particularly in cities with enhanced ICT infrastructures (i.e., Informational World Cities) and high internet penetration rates, social media platforms are valuable tools for reaching high numbers of citizens. This empirical investigation of 31 Informational World Cities will provide an overview of social media services used for governmental purposes, of their popularity among governments, and of their usage intensity in broadcasting information online.Comment: In Proceedings of the 47th Hawaii International Conference on System Sciences (pp. 1715-1724). IEEE Computer Society, 201

Algorithm-Based Recruiting Technology in the Workplace

Traditional recruiting methods are inefficient and cost employers valuable time, money, and human resources. Additionally, traditional recruiting is subject to the biases and prejudices of a human recruiter. Machine learning, algorithm-based recruiting technology promises to be an efficient and effective solution to employee recruiting by utilizing 21st century technology to engage, screen, and interview top talent. While the promise of algorithm-based deci- sion-making is attractive to many business owners, the practical legal considerations of its use for an ordinary small-to-medium sized employer have not been discussed. Legal scholarship in the area of algorithm-based employment decision making has primarily focused on data-driven unlawful discrimination and proposed government regulation. This Comment fills that gap by providing a summary of algorithm-based recruiting technology, its legal effects, and the best practices for an employer or an unfamiliar employment lawyer interested in adopting algorithm-based recruiting technology

Diagnostic efficiency of the computerized PTSD scale – multimedia version (CPS-M) in assessing posttraumatic stress disorder

The most commonly used interview for posttraumatic stress disorder (PTSD) is the Clinician-Administered PTSD Scale (CAPS), a semi-structured interview patterned after the DSM-IV criteria (Blake et al., 1990). The Computerized PTSD Scale – Multimedia Version (CPS-M: Richard, Mayo, Bohn, Haynes, & Kolman, 1997) is a computerized interview that is modeled after the CAPS. This study examined how well the CPS-M agreed with the CAPS diagnostically in a clinical sample. Ninety veterans completed the test protocol consisting of paper-and-pencil measures, the CPS-M, and the CAPS interview. Correlations between the CAPS and CPS-M were high at the item, subscale, and full-scale levels. Confidence interval analysis revealed that the CPS-M scales were not significantly different from their CAPS counterparts but failed to establish equivalence. Alpha scores for the scales indicated good internal consistency on both the CAPS and CPS-M. Difference scores between the two instruments were normally distributed, and scale effect sizes were negligible. ROC curve analysis for the CPS-M revealed high diagnostic accuracy. These results present a strong case for more widespread use of the CPS-M in the assessment of PTSD

Simulation-based feed rate adaptation considering tool wear condition

The process forces generated in machining are related to a deflection of the milling tool, which results in shape deviations. In addition to process parameters like feed rate, width and depth of cut or cutting speed, the wear condition of the tool has a significant influence on the shape deviation during flank milling. In process planning it is important to take the tool condition and the ideal time for tool change into account when selecting the process parameters. An assistance system is being researched at the Institute of Production Engineering and Machine T ools (IFW) in cooperation with Kennametal Shared Services GmbH to support this task. T he assistance system adjusts automatically the feed rate considering a predefined maximum shape deviation. Additionally, it identifies an optimal moment for tool change. T he advantages of the system are particularly evident in planning of individual milling processes. T he assistance system is based on a combination of a material removal simulation and empirical models of the shape error. For this purpose, spindle currents as well as measured shape errors are stored in a database. T hese data are extended by the actual local cutting conditions calculated by a process-parallel material removal simulation. Afterwards, the data is transferred into process knowledge via a Support Vector Machine (SVM). Within a technological NC simulation before the start of manufacturing, the generated knowledge is applied to predict the shape error of the workpiece and to automatically adjust the feed rate. By adapting the feed rate, it is possible to control the tool life. T he required tool change is defined by specifying a limit for the permitted width of flank wear land. T he presented assistance system enables the prediction of the shape error parallel to the manufacturing process and the automatic determination of the feed rate as well as the ideal time for tool change

E-Learning im Deutschunterricht – Beispiel Telelernen

In dieser Arbeit wird untersucht, ob sich Telelernen als Unterrichtsform eignet, wie Unterricht, insbesondere der Deutschunterricht durch Telelernen ergänzt oder sogar – bei Bedarf – ersetzt werden kann und welche didaktischen Voraussetzungen für den Einsatz von Telelernen erfüllt sein müssen. Basierend auf aktuellen Studien und durchgeführten Projekten wird ein Kriterienkatalog entwickelt, welche didaktischen Aspekte beim Telelernen zu berücksichtigen sind. Dieser Kriterienkatalog wird im Rahmen eines Musterprojektes im Fach Deutsch exemplarisch umgesetzt. Unter „Deutschunterricht“ wird hier nicht nur der Unterricht im Rahmen des traditionellen Unterrichtens an inländischen Schulen für Schüler deutscher Muttersprache verstanden, sondern ebenfalls Unterricht beispielsweise an deutschen Schulen im Ausland. Diese Arbeit wird die wichtigsten Aspekte des Unterrichtens von Deutsch als Fremdsprache kurz anschneiden, beschäftigt sich aber hauptsächlich mit dem Unterrichten von Deutsch als Muttersprache und zeigt exemplarisch auf, wie Telelernen im Rahmen des Literaturunterrichts in einer Unterrichtseinheit zur Barocklyrik für Schüler der neunten Klasse eines bayerischen Gymnasiums eingesetzt werden kann