DOCSLIB.ORG

Forensic Analysis of Communication Records of Messaging Applications from Physical Memory

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

ARTICLE IN PRESS JID: COSE [mNS; October 24, 2018;11:47 ] computers & security xxx (xxxx) xxx Available online at www.sciencedirect.com j o u r n a l h o m e p a g e : w w w . e l s e v i e r . c o m / l o c a t e / c o s e Forensic analysis of communication records of messaging applications from physical memory ∗ Diogo Barradas , Tiago Brito, David Duarte, Nuno Santos, Luís Rodrigues INESC-ID, Instituto Superior Técnico, Universidade de Lisboa, Portugal a r t i c l e i n f o a b s t r a c t Article history: Inspection of physical memory allows digital investigators to retrieve evidence otherwise Received 2 May 2018 inaccessible when analyzing other storage media. In this paper, we analyze in-memory com- Accepted 23 August 2018 munication records produced by instant messaging and email applications, both in desktop Available online xxx web-based applications and native applications running in mobile devices. Our results show that, in spite of the heterogeneity of data formats specific to each application, communica- Keywords: tion records can be represented in a common application-independent format. This format Digital forensics can then be used as a common representation to allow for general analysis of digital ar- Instant-messaging tifacts across various applications. Then, we introduce RAMAS, an extensible forensic tool Memory forensics which aims to ease the process of analysing communication records left behind in physical Mobile applications memory by instant-messaging and email clients. Web-applications © 2018 Elsevier Ltd. All rights reserved. communication records exchanged in web-applications are 1. Introduction not stored in desktops’ persistent storage. This fact compli- cates the task of forensic analysts in acquiring digital ev- Instant-messaging (IM) and email applications such as Face- idence. In contrast, while native applications (e.g. in mo- book’s chat and Gmail clients, respectively, are widely used bile devices) may leverage persistent storage, such appli- communication services that allow individuals to exchange cations’ persistent state can be tampered with or inten- messages over the Internet. Given the nature of the exchanged tionally deleted. By focusing on physical memory analy- data, digital artifacts left by such applications may hold highly sis, our goal is to complement the functionality of exist- relevant forensic value. This is particularly true if, from such ing forensic tools which focus on the analysis of persistent artifacts, it is possible to recover communication records of state, e.g., local logs ( Al Mutawa et al., 2011; Yang et al., past conversations providing information about the content 2016 ) or databases ( Anglano, 2014; Anglano et al., 2017 ), of exchanged messages, identity of communicating parties, or and to address a latent need for the analysis of high-level time-related information. data found lingering in memory dumps ( Simon and Slay, To assist analysts in recovering such artifacts, we aim 2009 ). to develop a forensic tool for the extraction of conversa- Although prior work has employed memory forensic tech- tion records left by messaging applications in physical mem- niques on web-messaging applications, existing tools tend to ory dumps . Web-based messaging applications run inside a be highly application-dependent. For example, Wong et al. browser and are becoming increasingly popular since users do present techniques that allow for the recovery of digital ar- not need to install them on their computers. Unfortunately, tifacts for the Facebook messaging service ( Wong et al., 2011 ). However, the proposed techniques cannot directly be applied ∗ Corresponding author. E-mail addresses: [email protected] (D. Barradas), [email protected] (T. Brito), [email protected] (D. Duarte), [email protected] (N. Santos), [email protected] (L. Rodrigues). https://doi.org/10.1016/j.cose.2018.08.013 0167-4048/© 2018 Elsevier Ltd. All rights reserved. Please cite this article as: Diogo Barradas et al., Forensic analysis of communication records of messaging applications from physical memory, Computers & Security (2018), https://doi.org/10.1016/j.cose.2018.08.013 ARTICLE IN PRESS JID: COSE [mNS; October 24, 2018;11:47 ] 2 computers & security xxx (xxxx) xxx to multiple other applications due to the heterogeneity of evidence from several applications or across memory images data formats implemented by each application. Furthermore, ( Section 4 ). the fact that web-based applications run inside a browser may interfere with the durability of applications’ artifacts in memory, for example due to the memory management pol- 2. Digital forensics study icy implemented by the browser. Existing works on browser forensics concentrate only on the extraction of browser- This section presents the digital forensics study that we car- specific artifacts (e.g., browsing history, web cache) leav- ried out in order to assess the existence of communication ing aside the recovery of application-specific artifacts which records in physical memory produced by messaging applica- may provide evidence (Ohana and Shashidhar, 2013). tions. This study lays the ground for the subsequent develop- Past developments in the use of memory forensic tech- ment of a forensic tool which enables the automatic extrac- niques have also been successful in the identification of ar- tion of such records. tifacts produced by a small range of native mobile applica- tions ( Nisioti et al., 2017 ) such as Facebook Messenger. While 2.1. Goals of the forensics study the extraction of communication records holds in the writing of complex regular expressions, it is unknown whether this More concretely, the goal of this study is to check whether and technique can be effectively applied in recovering communi- in which conditions communication records can be obtained cation records from several other popular messaging applica- from memory dumps. In particular, our research is driven by tions in the wild. two key questions: In this paper we make three key contributions. First, we present a digital forensics study aimed to systematically an- alyze the digital artifacts left in memory by several popu- How are messages represented in memory? The program- lar IM and email applications. Our study covers the analy- mers of web-based messaging applications are free to im- sis of artifacts produced by web-applications, when executed plement them using a range of different technologies. Some on various browsers, and also the analysis of artifacts pro- design decisions comprise the choice of front-end and back- duced by mobile applications. We successfully identified and end programming languages (e.g. Javascript, PHP), others in- retrieved IM communication records from web-applications volve selecting the data representation format of communi- such as Facebook, Twitter and Skype, as well as email records cation records (e.g. JSON, XML, binary). In a similar way, the from Outlook and a generic Roundcube email web-client. Our developers of mobile applications have a multitude of tech- study helps to characterize how the communication records of nologies available when programming such applications (e.g. web-based messaging applications are typically represented native app development, HTML5-based apps). This hetero- and to identify how browser-specific mechanisms may affect geneity in data representation and platforms may impact the the durability of such records in memory. Our study also al- way communication records are loaded into memory and con- low us to identify and assess the durability of communication tribute for the absence of a common model of the structure of records produced by mobile applications such as WhatsApp, communication records among different implementations of Viber or Hangouts ( Section 2 ). browsers, applications, and/or operating systems. Thus, this Second, we introduce the design and implementation of fact implies that a tool developed for analysing this kind of a forensic tool called RAMAS, which consists of a collabora- evidence would exhibit the additional complexity of having to tive and extensible framework for analysis of communica- take into account such differences between record structures, tion records from volatile memory. RAMAS is able to extract even when analysing a single application. We aim to assess such records from multiple messaging applications and dis- whether there is a common model which allows for the inter- play the extracted records on a user-friendly timeline. RA- pretation of textual application data lingering in memory. MAS is designed in a modular fashion so as to accommodate an ever-growing number of applications and allow collabora- How long do messages persist in memory? The persistence tive development and maintenance of the system by indepen- of in-memory data structures pertaining to a given web- dent forensic analysts. This goal is achieved through the im- application may be affected by the browser where the applica- plementation of extraction modules: each module contains a tion runs. First, we must ascertain whether the browser runtime set of (simple) rules that allow RAMAS to extract the records environment imposes limitations on the ability to recover com- of a specific application and represent them on a common munication records from physical memory. In particular, to application-independent format ( Section 3 ). provide the interaction with web-applications, web-browsers Lastly, we present an experimental
Recommended publications
  • Master's Thesis Electronic Gatekeeper Using ETHERNET

    Master's Thesis Electronic Gatekeeper Using ETHERNET

    University of West Bohemia Faculty of Applied Sciences Department of Computer Science and Engineering Master’s thesis Electronic Gatekeeper using ETHERNET Plzeň 2019 Hamza Elghoul Místo této strany bude zadání práce. Declaration I hereby declare that this master’s thesis is completely my own work and that I used only the cited sources. Plzeň, 2 May 2018 Hamza Elghoul Abstract The aim of this thesis is the analysis and the realization of a budget 2-way communication system using ETHERNET connection, more specific- ally a door intercom station (hereinafter ”Bouncer” or "Gatekeeper"), where it is possible to make voice calls between two CLIENTS, a CALLER and a CALLEE with an acceptable to minimal delay. There are many alternative methods available for implementing such sys- tems, this project will try to compare some of these solutions and choose the most convenient platform according to a number of factors, such as band- width, processing power needed and communication protocols in question. Keywords: VoIP, SIP,SDP, server, client, LAN, ethernet, embedded, audio, raspberry pi Contents Page List of Figures7 1 Preface 10 2 Analysis 11 2.1 Objectives and Requirements................. 11 2.2 Hardware............................ 12 2.2.1 Arduino......................... 12 2.2.2 RaspberryPi 3 Model B................ 13 2.2.3 Banana Pi........................ 14 2.2.4 Orange Pi........................ 15 2.2.5 CubieBoard 2...................... 16 2.2.6 Beagle Bone Black................... 16 2.3 Application........................... 18 2.4 Audio capture and digitalisation................ 19 2.4.1 Signaling Protocols................... 20 2.5 Communication Protocol.................... 23 2.5.1 Session Initiation Protocol............... 23 2.5.2 Real Time Protocol..................
  • Deploy Your Chatbots Everywhere Bots Are Taking Over!

    Deploy Your Chatbots Everywhere Bots Are Taking Over!

    Deploy your Chatbots Everywhere Bots are taking over! By 2021, more than 50% enterprises will spend more on chatbots than traditional mobile apps Source: Gartner Top Strategic Predictions for 2018 and Beyond Every major messaging platform supports Conversational Apps and Chatbots already ➀ Build Once, Deploy to all Messaging Platforms with a Single API Businesses building conversational interfaces typically want to deploy over multiple messaging channels. B2C apps need Consumer Messengers. B2B apps need Enterprise (Team) Messengers. Integrating with each messaging Client System platform is highly resource consuming - Conversational Interface Business Autochat Omni-channel API due to different APIs and capabilities. Logic - Internal API Integrations Autochat provides one-click integrations with most popular messengers. Messages are also auto-translated to match capability of the end messenger. Consumer Messengers Business Messengers FB Messenger, Telegram, Slack, Microsoft Teams, Viber, WeChat, iMessage, Flock, Cisco Spark, Stride, Whatsapp, etc. etc. ➁ Full-featured, Native Messaging SDKs for Web, Android & iOS Many businesses like to enable conversational interfaces within their web and mobile apps as well. This requires building a custom messenger inside their apps. They also need to provide a user experience at par with leading messengers like Facebook Messenger and Slack. Users Client System expect rich messaging features like - Conversational Interface Business Autochat Omni-channel API typing indicators, images, buttons, Logic quick replies, webviews. - Internal API Integrations Autochat provides full featured real time messaging SDKs that can be integrated in no time. Consumer Messengers Business Messengers Native Messaging SDKs FB Messenger, Telegram, Slack, Microsoft Teams, - Web, Android, iOS Viber, WeChat, iMessage, - Feature rich Flock, Cisco Spark, Whatsapp, etc.
  • Whatsapp Acceptance: a Comparison Between Individualistic and Collectivistic Cultures

    Whatsapp Acceptance: a Comparison Between Individualistic and Collectivistic Cultures

    IBIMA Publishing Journal of Internet Social Networking & Virtual Communities https://ibimapublishing.com/articles/JISNVC/2020/914643/ Vol. 2020 (2020), Article ID 914643, 10 pages, ISSEN: 2166-0794 DOI: 10.5171/2020.914643 Research Article WhatsApp Acceptance: A Comparison Between Individualistic and Collectivistic Cultures Serri FAISAL and Ghassan AL-QAIMARI Emirates College of Technology. UAE Correspondence should be addressed to: Serri FAISAL; [email protected] Received date: 20 November 2019; Accepted date: 7 May 2020; published date: 16 June 2020 Copyright © 2020. Serri FAISAL and Ghassan AL-QAIMARI. Distributed under Creative Commons Attribution 4.0 International CC-BY 4.0 Abstract Social media applications led by WhatsApp have exhibited a great adoption rate in individualistic and collectivistic societies. To study the factors which influence the adoption of software applications across cultures, the application design was studied by researchers in both individualistic and collectivistic societies. Most of such studies concentrated on the application design from the developer's point of view. Differently, this research study empirically explores the factors that influence the adoption of smartphone apps, such as WhatsApp, from the user's perspective. Therefore, the focus in this paper is on the moderating effect of Hofstede’s cross- cultures dimension, individualism vs. collectivism (IDV), and the interconnection between the persuasive system design (PSD) and acceptance. A total of 488 responses were collected from societies which span on the spectrum of IDV to include two individualistic societies, Netherlands and Germany, and two collectivistic societies, Malaysia and the Kingdom of Saudi Arabia. The overall results indicate that persuasive design principles are relevant to cultures across the globe.
  • Yahoo Messenger Error Code 7 Softpedia

    Yahoo Messenger Error Code 7 Softpedia

    Yahoo Messenger Error Code 7 Softpedia Available now for Linux, Mac OS X, and Microsoft Windows. Mozilla Thunderbird 38.0 Arrives with GMail OAuth2 and Yahoo Messenger Support. DESKTOP Windows Messenger, Google Talk, ICQ, Skype), but it can also directly access social with red highlights), or change font to code style (which is especially useful if you're trying There are tons of emoticons you can play with (smiley faces, objects and symbols), and some of them are compatible with Yahoo! Clear Yahoo Messenger cache in Windows. Caution: These steps apply to 32-bit and 64-bit versions of Windows XP, Windows Vista, Windows 7, and Windows. ManyCam also allows you to broadcast four video windows simultaneously or picture in picture video. wont finish downloading, gets stuck everytime and Im on an i7 the exe file runs (and I assume pulls more code down from web) Norton says Trojan. Operating Systems, Windows XP/Vista/7/8 Yahoo Messenger. Yahoo! Messenger can be run on various versions of the Windows operating Download Skype 7.1 Offline Installer Latest Version 2015 Download Skype. -Softpedia.com can add not only keystrokes and mouse actions to your scripts but also manage windows, Facebook, Yahoo, AOL, Hotmail So im using this for a game and it works great but theres one issue it doesnt June 19 at 7:32am. Yahoo Messenger Error Code 7 Softpedia >>>CLICK HERE<<< Telegram Desktop is a powerful, cross-platform messenger app that enables iOS (known as Telegram Messenger) and Windows Phone, but also desktop a valid mobile phone number, which is used for generating a security code.
  • Guess Who's Texting You? Evaluating the Security of Smartphone

    Guess Who's Texting You? Evaluating the Security of Smartphone

    Guess Who’s Texting You? Evaluating the Security of Smartphone Messaging Applications Sebastian Schrittwieser, Peter Fruhwirt,¨ Peter Kieseberg, Manuel Leithner, Martin Mulazzani, Markus Huber, Edgar Weippl SBA Research gGmbH Vienna, Austria (1stletterfirstname)(lastname)@sba-research.org Abstract been the subject of an ample amount of past research. The common advantages of the tools we examined lie in In recent months a new generation of mobile messag- very simple and fast setup routines combined with the possi- ing and VoIP applications for smartphones was introduced. bility to incorporate existing on-device address books. Ad- These services offer free calls and text messages to other ditionally these services offer communication free of charge subscribers, providing an Internet-based alternative to the and thus pose a low entry barrier to potential customers. traditional communication methods managed by cellular However, we find that the very design of most of these mes- network carriers such as SMS, MMS and voice calls. While saging systems thwarts their security measures, leading to user numbers are estimated in the millions, very little atten- issues such as the possibility for communication without tion has so far been paid to the security measures (or lack proper sender authentication. thereof) implemented by these providers. The main contribution of our paper is an evaluation of the In this paper we analyze nine popular mobile messaging security of mobile messaging applications with the afore- and VoIP applications and evaluate their security models mentioned properties and the possibilities of abuse in real- with a focus on authentication mechanisms. We find that a world scenarios.
  • Icaeyeblinkmetrics() Version 3.2

    Icaeyeblinkmetrics() Version 3.2

    Documentation for: icaeyeblinkmetrics() Version 3.2 This EEGLAB toolbox is designed for automated/semi-automated selection of ICA components associated with eye- blink artifact using time-domain measures. The toolbox is based on the premises that 1) an ICA component associated with eye blinks should be more related to the recorded eye blink activity than other ICA components, and 2) removal of the ICA component associated with eye blinks should reduce the eye blink artifact present within the EEG following back projection. Other than the EEG input, the only required input for the function is specification of the channel that exhibits the artifact (in most cases the VEOG electrode). This can either be stored within the EEG.data matrix or within EEG.skipchannels. It will then identify eye-blinks within the channel to be used for computation of the metrics listed below. If you are not sure what channel to choose, you can let the function determine the channel where the artifact maximally presents but this does slow the function down. The toolbox does not change the data in any way, it only provides an output stored in ‘EEG.icaquant’ providing: 1. Metrics: a. The correlation between the measured artifact in the artifact channel and each ICA component. (i.e. how similar the ICA component is to the eye blink) b. The adjusted normalized convolution of the ICA component activity with the measured artifact in the artifact channel. (i.e., how well does the ICA component overlap with the eye blink) c. The percent reduction in the artifact present in the EEG for each ICA component if it was removed.
  • Polycom Realpresence Trio ™ Hands-On Testing of an All-In-One Audio, Content, and Video Conferencing Device for Small Meeting Rooms

    Polycom Realpresence Trio ™ Hands-On Testing of an All-In-One Audio, Content, and Video Conferencing Device for Small Meeting Rooms

    June 2017 Evaluation of Polycom RealPresence Trio ™ Hands-on testing of an all-in-one audio, content, and video conferencing device for small meeting rooms. This evaluation sponsored by: Background Founded in 1990 and headquartered in San Jose, California, Polycom is a privately-held 1 company that develops, manufactures, and markets video, voice, and content collaboration and communication products and services. The company employs approximately ~ 3,000 people and generates more than $1B in annual revenue. Polycom has been in the conference phone business since the early 1990s2, and to date has shipped more than six million analog and digital conference phones – all with the familiar Polycom three-legged “starfish” design (see images below). In October 2015, Polycom announced the RealPresence Trio 8800 – a multi-function conferencing device intended for use in small, medium, and large meeting rooms. Figure 1: Polycom SoundStation IP4000 (L) and Polycom RealPresence Trio 8800 (R) In April 2017, Polycom commissioned members of our South Florida test team to perform a third-party assessment of the RealPresence Trio 8800 solution. This document contains the results of our hands-on testing. Note – For readability and brevity’s sake, throughout this document we will refer to the Polycom RealPresence Trio 8800 as the Trio 8800 or simply Trio. 1 Polycom was acquired by private equity firm Siris Capital in September 2016 2 Source: https://en.wikipedia.org/wiki/Polycom#Polycom_audio_and_voice © 2018 Recon Research | www.reconres.com | Page 2 Understanding
  • Arabic Domain Names

    Arabic Domain Names

    Arabic Domain Names SaudiNIC’s Experiences and Initiatives Relate to UA Raed Alfayez, SaudiNIC ICANN 55, Marrakech, March 2016 Agenda • About SaudiNIC • SaudiNIC Previous Work – IDN Assessment reports – Raseel – An Arabic Email System • What's Next? About SaudiNIC • Administering the domain name space under: – (.sa) since 1995 .2010 since (.ﺔﯾدوﻌﺳﻟا) – • Operated by a government organization: – CITC (Communication and Information Technology Commission) • Coordinating with regional and international bodies in order to present the local community needs • Leading the local and regional communities efforts towards supporting Arabic language in Domain Names since 2001 (more than 15 years of experience) SaudiNIC Previous Work Arabic IDN pilot projects • GCC Pilot Project (2004-2005) • Arab League (2005 - 2009) Tools, algorithms and solutions to manage variants: • Master Key Algorithm • Filters • Variant Management System (VMS) IDN Assessment Reports Arabic Email Project (Raseel) IDN Assessment Reports Conducted and Published a number of IDN Assessment Reports: • IDN Top Level Domain Evaluations and Testing Report 2007 • with the cooperation of the Arabic Domain Name Pilot Project Team. • Arabic IDN Test Results for Browsers 2010 • Mozilla Firefox & Microsoft IE 2014 • IDN Assessment Report IDN Assessment Reports - 2014 • Goal: –to study and assess end-user experiences regarding IDNA implementations for Arabic domain names. • Covered many areas and behaviors • Developed –methodology for Test Case Modeling and Generation –online system to capture results IDN Assessment Reports - 2014 • IDNA support ≠ browsers’ address bars support. • User acceptance for IDNA is less than 1% (Excluding address bar in some web browsers) – It’s been more than 10 years since the publication of IDNA RFCs, and still less than 1%! • How long do we need for Internationalized Email (IDN Email) to be fully deployed! – Do we need to wait 10+ years to get a 1% acceptance! • RFCs are not enough, we need accelerators.
  • Servicio De Mensajería De Correo Utilizando Software Libre Para

    Servicio De Mensajería De Correo Utilizando Software Libre Para

    Servicio de mensajería de correo utilizando software libre para mejorar el tiempo de respuesta de atención Tesis para optar el Título de Ingeniero de Sistemas y Cómputo Presentado por César Antonio Rojo López Asesor Dr. Santiago Raúl Gonzales Sánchez Lima – Perú Noviembre de 2020 DEDICATORIA Dedico este trabajo a mi familia particularmente a mis padres Mercedes López de Rojo y César Rojo Fernando como también a mi prometida Ximena Veliz que dia a dia me dan fuerza y motivacin para seguir adelante, como también al Gerente General de TecnoWeb Latam Diego Benavente por brindarme todas las herramientas para la implementación tecnologcia. 2 ÍNDICE ÍNDICE DE FIGURAS ............................................................................................................................. 5 INDICE DE TABLAS ............................................................................................................................... 7 RESUMEN ................................................................................................................................................. 8 ABSTRACT ............................................................................................................................................... 9 INTRODUCCIÓN ................................................................................................................................... 10 CAPÍTULO I: PLANTEAMIENTO DEL PROBLEMA ..................................................................... 12 1.1. Situación Problemática ..........................................................................................................
  • The Best Just Got Better!

    The Best Just Got Better!

    NOVEMBER, 2012 The Best Just Got Better! Project Analytics Release Highlights Establish better investigation leads by viewing statistics on communications and identifying relationship strengths via volume of events, as well as regular and irregular New Decoding patterns. Statistics are generated by data types such as chats, calls, SMS and emails, from file system and physical extractions. Exclusive – BlackBerry® Results are presented in a graph and table view. messenger (groups, attachments and deleted data) Quickly identify: • Whom the device owner communicates with the most Exclusive – Nokia BB5 – File system reconstruction and • Preferred communication channels decoding of selected data • Communication directions - incoming and outgoing calls, SMS, MMS, emails, View Android application les chat messages etc. New apps on iPhone, Android and BlackBerry Enhanced data types from phones with Chinese chipsets and more… UFED Physical / Logical Analyzer Features: Improved TomTom trip-log decryption process* Industry First! Mobile Malware Detection Timeline graph Malware detection allows UFED Physical Analyzer users to perform on-demand Export locations to KML les searches for viruses, spyware, Trojans and other malicious payloads in files extracted Export emails to EML les using physical or file system methods – applicable to ALL smartphones. Embedded text viewer There's more: • Ongoing malware signature updates Advanced lter improvements • UFED Physical Analyzer 3.5 is now integrated with award-winning security software – BitDefender *Available within UFED Physical Analyzer only • Once infected files have been identified, a detailed list containing malware data, file name, path, size and other information is presented Vast Performance Improvements Coping with the ever growing amount of data available in smartphones, Cellebrite has re-designed the UFED Physical Analyzer engine for much faster decoding, scrolling, sorting and searching among huge amounts of data – pictures, files etc.
  • Client-Side Name Collision Vulnerability in the New Gtld Era: a Systematic Study

    Client-Side Name Collision Vulnerability in the New Gtld Era: a Systematic Study

    Session D5: Network Security CCS’17, October 30-November 3, 2017, Dallas, TX, USA Client-side Name Collision Vulnerability in the New gTLD Era: A Systematic Study Qi Alfred Chen, Matthew Thomas†, Eric Osterweil†, Yulong Cao, Jie You, Z. Morley Mao University of Michigan, †Verisign Labs [email protected],{mthomas,eosterweil}@verisign.com,{yulongc,jieyou,zmao}@umich.edu ABSTRACT was recently annouced (US-CERT alert TA16-144A), which specif- The recent unprecedented delegation of new generic top-level do- ically targets the leaked WPAD (Web Proxy Auto-Discovery) ser- mains (gTLDs) has exacerbated an existing, but fallow, problem vice discovery queries [79, 87]. In this attack, the attacker simply called name collisions. One concrete exploit of such problem was needs to register a domain that already receives vulnerable internal discovered recently, which targets internal namespaces and en- WPAD query leaks. Since WPAD queries are designed for discover- ables Man in the Middle (MitM) attacks against end-user devices ing and automatically conguring web proxy services, exploiting from anywhere on the Internet. Analysis of the underlying prob- these leaks allows the attacker to set up Man in the Middle (MitM) lem shows that it is not specic to any single service protocol, but proxies on end-user devices from anywhere on the Internet. little attention has been paid to understand the vulnerability status The cornerstone of this attack exploits the leaked service dis- and the defense solution space at the service level. In this paper, covery queries from the internal network services using DNS- we perform the rst systematic study of the robustness of internal based service discovery.
  • Allworx 9204 Phone Guide

    Allworx 9204 Phone Guide

    Allworx® Phone Guide 9204 No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopy, recording, or otherwise without the prior written permission of Allworx. © 2009 Allworx, a wholly owned subsidiary of PAETEC. All rights reserved. Allworx is a registered trademark of Allworx Corp. All other names may be trademarks or registered trademarks of their respective owners. Phone Guide – 9204 Table of Contents 1 GETTING STARTED.....................................................................................................................................................1 1.1 WHAT IS IN THE BOX? ...............................................................................................................................................1 1.2 CONNECTING THE PHONE .........................................................................................................................................1 2 ADJUSTING YOUR PHONE.........................................................................................................................................3 2.1 BASE ASSEMBLY AND ADJUSTING THE ANGLE OF THE PHONE.....................................................................................3 2.2 VOLUME...................................................................................................................................................................3 3 INTRODUCTION TO YOUR ALLWORX PHONE ........................................................................................................4