DOCSLIB.ORG

Chapter 5 New Internet Applications

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

CHAPTER 5 NEW INTERNET APPLICATIONS 5.1 INSTANT MESSAGING (IM) 5.1.1 OVERVIEW OF INSTANT MESSAGING (IM) Instant messaging (IM) is an extension of e-mail that allows two or more people to contact each other via direct, live communication. To use instant messaging, you specify a list of friends and register with an instant messaging server. Whenever you connect to the Internet, [1] special software informs your messaging server that you are online. In response, the server will notify you if any of your contacts are online. At the same time, it notifies your friends that you are online. You can then send messages directly back and forth to one another. Most instant messaging programs also include video conferencing features, file sharing, and remote assistance. Many businesses routinely use these instant messaging features. Instant messaging is a popular variation of chat in which you are informed when someone on your buddy list—a list containing the names of friends and associates that you specify—are on line; when they are on line, you can send them a message that immediately appears on their [2] screen (See Figure 5-1). You can then have a real—time typed conversation. Figure 5-1 Instant Messaging 《计算机英语(第五版)》 CHAPTER 5 As of 2010, social networking providers often offer IM abilities. Facebook Chat is a form [3] of instant messaging, and Twitter can be thought of as a Web 2.0 instant messaging system . Similar server-side chat features are part of most dating websites, such as OKCupid or Plenty [4] of Fish . The spread of smartphones and similar devices in the late 2000s also caused increased competition with conventional instant messaging, by making text messaging services still more ubiquitous. Many instant messaging services offer video calling features, voice over IP and web [5] conferencing services . Web conferencing services can integrate both video calling and instant messaging abilities. Some instant messaging companies are also offering desktop [6] sharing, IP radio, and IPTV to the voice and video features . Each modern IM service generally provides its own client, either a separately installed piece of software, or a browser-based client. These usually only work with the supplier company’s service, although some allow limited function with other services. Third party client software applications exist, that will connect with most of the major IM services. Adium, [7] Empathy, Miranda IM, Pidgin, Qnext and Trillian are a few of the common ones . Standard complementary instant messaging applications offer functions like file transfer, contact list(s), the ability to hold several simultaneous conversations, etc. These may be all the functions that a small business needs, but larger organizations will require more sophisticated [8] applications that can work together . The solution to finding applications capable of this is to use enterprise versions of instant messaging applications. These include titles like XMPP, Lotus Sametime, Microsoft Office Communicator, etc., which are often integrated with other [9] enterprise applications such as workflow systems . These enterprise applications, or enterprise application integration (EAI), are built to certain constraints, namely storing data in a common format. NOTES [1] that 引导的是宾语从句。 [2] 本句是用分号隔开的两个句子,前一个句子中,in which 引导的是定语从句,此 从句中 when 引导的又是时间状语从句;两个破折号中间的句子是同位语。 [3] Facebook Chat,脸谱聊天。有关 Facebook,请见 5.1.3 节。 Twitter,推特。有关 Twitter,请见 5.1.4 节。 [4] OKCupid,免费的在线约会(online dating),是一个朋友和社交网站,其特点是 成员之间可以猜谜和讨论问题。Plenty of Fish,“很多鱼”网站。 [5] voice over IP,即 IP 电话,有关 IP 电话的内容,请见 3.1.3 节 NOTES[6]。 [6] IP radio,即 Radio over IP。IP TV,即交互式网络电视,是一种利用宽带网,集 互联网、多媒体、通信等技术于一体,向家庭用户提供包括数字电视在内的多种交互式 服务的崭新技术。它能够很好地适应当今网络技术的飞速发展。 [7] Adium,是用于 OS X 操作系统的自由和开源即时消息客户端软件,支持 124 CHAPTER 5 NEW INTERNET APPLICATIONS Windows Live Messenger、Yahoo! Messenge、Google Talk、ICQ、XMPP 等多个 IM 网。 Empathy,是 IM 和 Vo IP 客户端软件,支持文本、语音、视频、文件传输和各种 IM 协 议上的应用程序之间的通信。 Miranda IM,为微软 Windows 设计的开源多协议即时消 息应用软件。 Pidgin,(以前的名字是 Gaim),是一个开源多平台即时消息客户软件。 Qnext,是一个安全远程文件访问的应用软件,可使用计算机和移动设备,所访问的文件 可放在多个存储设备或云服务设备上。Trillian,是为微软 Windows、苹果 Mac OS X、 Linux、Android、iOS 等系统设计的专利多协议即时消息应用软件。 [8] 并列句,两个句子中都有 that 引导的定语从句。 [9] which 引导的是非限定性定语从句。XMPP(Extensible Messaging and Presence Protocol),可扩展的消息和展示协议,是一种基于 XML 的面向消息的中间件的通信协 议。Lotus Sametime,以前是 IBM Lotus Sametime,现为 IBM Sametime,是为企业提供 实时统一通信和合作的客户-服务器应用和中间件的平台。其功能有消息展示、企业即时 消息、Web 会议、团体合作以及通话和集成等。 Microsoft Office Communicator,现在是 Skype for Business,是与 Microsoft Lync Server 一起使用的即时消息客户端软件。 Workflow system,即 WfMS(Workflow Management System),是用来建立、执行和监视 科学工作流的基础软件结构。 KEYWORDS IM (Instant Messaging) 即时消息 live communication 实时通信 online 在线,联机 video conferencing 视频会议 file sharing 文件共享 remote assistance 远程辅助 chat 聊天,闲谈 buddy list 好友目录 social network 社交网 smartphone 智能电话 browser-based client 基于浏览器的客户(端) file transfer 文件传输 enterprise version 企业版 workflow system 文件流系统 EAI(Enterprise Application Integration) 企业应用软件集成 EXERCISES True/False 1. ________ IM is an extension of E-mail. 2. ________ To use instant messaging, you should register with an IM server. 125 《计算机英语(第五版)》 CHAPTER 5 3. ________ When you connect to the Internet, a special program informs you that you are online. 4. ________ In the process of using IM, an instant messaging server will notify you if any of your contacts are online. 5. ________ Using IM, you can send messages directly back and forth to one another. 6. ________ Only a few of instant messaging can use remote assistance. 7. ________ Instant messaging is a special variation of chat. 8. ________ In Instant messaging you are informed when someone on your buddy list. 9. ________ A list containing the names of friends and associates is the buddy list. 10. ________ Using IM, you can send your friends a message that will appear on their screen for several minutes. 11. ________ Twitter can be thought as a Web 2.0 IM system. 12. ________ Web conferences integrated video calling with IM abilities. 13.________ IPTV is an interactive network television. 14. ________ Today most IM services provide their own browser-based client only. 15. ________ Original standard of IM offers file transfer, contact lists and several simultaneous conversations. 16. ________ XMPP is an abbreviation for Extensible Messaging and Presence Protocol. 5.1.2 QQ 1. Overview of the QQ Tencent QQ, generally referred to as QQ, is the most popular free instant messaging computer program in Mainland China. As of September 30, 2010, the active QQ user accounts for QQ IM amounted to 636.6 million, possibly making it the world’s largest online [1] community. The number of simultaneous online QQ accounts exceeded 100 million. In th February 2011, QQ.com ranked 10 overall in Alexa’s internet rankings just behind Twitter [2] ranked 9th. The program is maintained by Tencent Holdings Limited (HKEX: 0700), owned [3] in part by Naspers. Since its entrance into Chinese households QQ quickly emerged as a [4] modern cultural phenomenon, now being portrayed in popular culture. Aside from the chat program, QQ has also developed many sub-features including games, virtual pets, ringtone downloads, music, shopping, blogs, microblogging, and group and voice chat etc. The current version of QQ is QQ2010 beta2. Tencent periodically releases special versions of QQ to coincide with events such as the Olympics or Chinese New Year. The official client runs on Microsoft Windows and a beta public version was launched for [5] Mac OS X version 10.4.9 or newer. The Web versions, WebQQ (full version) and WebQQ [6] Mini (Lite version), which makes use of Ajax, are currently available. 126 CHAPTER 5 NEW INTERNET APPLICATIONS As of January 2015, there are 829 million active QQ accounts, with a peak of 176.4 million simultaneous online QQ users. 2. QQ International (1) Windows In 2009 QQ began to expand its services internationally with its QQ International client for Windows distributed through a dedicated English-language portal. QQ International offers non-Mandarin speakers the opportunity to use all the features of its Chinese counterpart to get in touch with other QQ users via chat and videocalls, it provides [7] a non-Mandarin interface to access Qzone, Tencent’s social network . The client supports English, French, Spanish, German, Korean, Japanese and Classical Chinese. A wealth of third-party applications is bundled with QQ International and it is mainly aimed at making cross-cultural communications in and out of China more convenient. One of the main features of QQ International is the optional and automatic machine translation of all chats. (2) Android An Android version of QQ International was released in September 2013. The client’s interface is in English, French, Spanish, German, Korean, Japanese and Classic Chinese. In addition to text messaging, users can send each other images, video, and audio media messages. Moreover, users can share multimedia content with all contacts through the client’s Qzone interface. The live translation feature is available for all incoming messages and supports up to 18 languages. (3) iOS / iPhone QQ International for iPhone and iOS devices was released at the end of 2013, fully equivalent to its Android counterpart. 3. Web QQ Tencent launched its web-based QQ formally on 15 September 2009, the latest version of which being 3.0. Rather than solely a web-based IM, WebQQ 3.0 functions more like its own operating system, with a desktop in which web applications can be added. 4. Open source and cross-platform clients Using reverse engineering, open source communities have come to understand the QQ protocol better and have attempted to implement client core libraries compatible with more [8] user-friendly clients . Most of these clients are cross-platform, so they are usable on operating systems which the official client does not support. However, these implementations had only a subset of the functions of the official client and therefore were more limited in features.
Recommended publications
  • Instant Messaging: Keeping Your Child Safe and Secure

    Instant Messaging: Keeping Your Child Safe and Secure

    Online Instant Messaging: Keeping Your Child Safe and Secure Presented by: Meredith Stannard, Nauset Regional High School [email protected] Barbara Dominic, Nauset Regional Middle School [email protected] Kathy Schrock, Nauset Public Schools [email protected] Spring 2003 1 Instant messages are lasting ©2001. USA Today. http://www.usatoday.com/tech/news/2001-06-21-teens-im-lasting.htm By Karen Thomas, USA TODAY Breaking up. Making up. Making plans. Asking out. Saying "hey." From the mundane to the emotionally charged, there are no limits to the ways today's kids connect and bond over instant messages (IMs) — those pop-up text windows used for carrying on real-time conversations online. "It's not just empty chatter. They're using (IMs) to have difficult conversations — someone's talking behind your back and you want to confront them," says Amanda Lenhart of the Pew Internet & American Life project. Its survey, out Thursday, finds that nearly three-fourths of online kids ages 12 to 17 rely on IMs to keep in touch with friends. Caroline Barker, 16, is among 35% of teens who use IMs daily; she chats with about 10 close friends and 50 acquaintances in the Bethesda, Md., area. "It's especially good for making plans, or if you're just bored," she says. "It's a given that everybody has it," adds her friend Valerie Hutchins, 15. These Maryland friends IM while doing homework, talking on the phone and watching TV. And they offer insight to the complex social rules that come with a form of communication that still has many adults bewildered.
  • Universidad Pol Facultad D Trabajo

    Universidad Pol Facultad D Trabajo

    UNIVERSIDAD POLITÉCNICA DE MADRID FACULTAD DE INFORMÁTICA TRABAJO FINAL DE CARRERA ESTUDIO DEL PROTOCOLO XMPP DE MESAJERÍA ISTATÁEA, DE SUS ATECEDETES, Y DE SUS APLICACIOES CIVILES Y MILITARES Autor: José Carlos Díaz García Tutor: Rafael Martínez Olalla Madrid, Septiembre de 2008 2 A mis padres, Francisco y Pilar, que me empujaron siempre a terminar esta licenciatura y que tanto me han enseñado sobre la vida A mis abuelos (q.e.p.d.) A mi hijo icolás, que me ha dejado terminar este trabajo a pesar de robarle su tiempo de juego conmigo Y muy en especial, a Susana, mi fiel y leal compañera, y la luz que ilumina mi camino Agradecimientos En primer lugar, me gustaría agradecer a toda mi familia la comprensión y confianza que me han dado, una vez más, para poder concluir definitivamente esta etapa de mi vida. Sin su apoyo, no lo hubiera hecho. En segundo lugar, quiero agradecer a mis amigos Rafa y Carmen, su interés e insistencia para que llegara este momento. Por sus consejos y por su amistad, les debo mi gratitud. Por otra parte, quiero agradecer a mis compañeros asesores militares de Nextel Engineering sus explicaciones y sabios consejos, que sin duda han sido muy oportunos para escribir el capítulo cuarto de este trabajo. Del mismo modo, agradecer a Pepe Hevia, arquitecto de software de Alhambra Eidos, los buenos ratos compartidos alrrededor de nuestros viejos proyectos sobre XMPP y que encendieron prodigiosamente la mecha de este proyecto. A Jaime y a Bernardo, del Ministerio de Defensa, por haberme hecho descubrir las bondades de XMPP.
  • Business-To-Government Malware”

    Business-To-Government Malware”

    HACKINGTEAM AND GAMMA INTERNATIONAL IN “BUSINESS-TO-GOVERNMENT MALWARE” Sergey @k1k Golovanov, Malware Expert Kaspersky Lab MAIL_TO:[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected] ... DATE_TIME: 24.07.2012 5:52:00 ATTCH: AbodeFlashPlayer.zip (~1M) TEXT: From: Kev http://www.slate.com/blogs/future_tense/2012/08/20/moroccan_websi te_mamfakinch_targeted_by_government_grade_spyware_from_hac king_team_.html http://www.bloomberg.com/photo/security- researcher-morgan-marquis-boire- /214749.html HOW WE CAN BE SURE THAT IT IS HACKINGTEAM? Remote Control System (RCS) http://www.hackingteam.it/index.php/remote-control-system HOW WE CAN BE SURE THAT IT IS HACKINGTEAM? https://www.virustotal.com/en/file/81e9647a3371568cddd0a4db597de8423179773d910 d9a7b3d945cb2c3b7e1c2/analysis/ hxxp://rcs-demo.hackingteam.it/***ploit.doc2 HOW WE CAN BE SURE THAT IT IS HACKINGTEAM? /Users/guido/Projects/driver-macos/ WHAT CAN IT DO? http://wikileaks.org/spyfiles/files/0/31_200810-ISS-PRG- HACKINGTEAM.pdf WHAT CAN IT DO? 1.Self-replication via USB flash drive (3 methods) 2. Infection of virtual VMware machines by copying itself into the autorun folder on the virtual drive 3. Infection of mobile BlackBerry and Windows CE devices 4. Ability to self-update 5. Installation of drivers 6. Signed HOW IT IS PROPAGATING? 1.Social engineering: Self-signed JAR files Filenames like FlashUpdate.exe 2.
  • Openfire Service Level Agreement

    Openfire Service Level Agreement

    Service Level Agreement Technical Services — Communications Service University Technology Services 1. Overview This Service Level Agreement (SLA) is between University Technology Services (UTS) and either departments or groups choosing to utilize the internal Oakland University instant messaging (OUIM) service. The OUIM service is currently referenced by talk.oakland.edu and runs XMPP/Jabber software called Openfire. Under this SLA, UTS agrees to provide specific information technology (IT) services. This SLA also covers performance and reliability targets and objectives. Section 7 requires the signature and contact information of the group coordinator as an agreement to the SLA. OUIM is an online service that is available on campus and off campus. The requirements to utilize the service are a NetID, an XMPP client, and an Internet connection. XMPP clients are available online. The UTS Helpdesk supports the XMPP clients Spark, Pidgin, and Adium. Instructions are available on the UTS Web site at http://www.oakland.edu/?id=13849&sid=70. 2. Purpose The purpose of this SLA is to establish a cooperative partnership between UTS staff members with the community of customers who may opt into its use by clarifying roles, setting expectations, and providing service objectives and limitations. 3. Terms of Agreement This service is provided on an ongoing basis. From time to time, it may be reviewed and modified by UTS. Modifications to this agreement will be done at the sole discretion of UTS and the Technical Support and Services team (TSS). 4. Service Hours Regularly scheduled maintenance will be scheduled during low-use hours as much as possible; such work will be done either before 8:00 A.M.
  • Unpermitted Resources

    Unpermitted Resources

    Process Check and Unpermitted Resources Common and Important Virtual Machines Parallels VMware VirtualBox CVMCompiler Windows Virtual PC Other Python Citrix Screen/File Sharing/Saving .exe File Name VNC, VPN, RFS, P2P and SSH Virtual Drives ● Dropbox.exe ● Dropbox ● OneDrive.exe ● OneDrive ● <name>.exe ● Google Drive ● etc. ● iCloud ● etc. Evernote / One Note ● Evernote_---.exe ● onenote.exe Go To Meeting ● gotomeeting launcher.exe / gotomeeting.exe TeamViewer ● TeamViewer.exe Chrome Remote ● remoting_host.exe www.ProctorU.com ● [email protected] ● 888­355­3043 ​ ​ ​ ​ ​ ​ ​ Messaging / Video (IM, IRC) / .exe File Name Audio Bonjour Google Hangouts (chrome.exe - shown as a tab) (Screen Sharing) Skype SkypeC2CPNRSvc.exe Music Streaming ● Spotify.exe (Spotify, Pandora, etc.) ● PandoraService.exe Steam Steam.exe ALL Processes Screen / File Sharing / Messaging / Video (IM, Virtual Machines (VM) Other Saving IRC) / Audio Virtual Box Splashtop Bonjour ● iChat ● iTunes ● iPhoto ● TiVo ● SubEthaEdit ● Contactizer, ● Things ● OmniFocuse phpVirtualBox TeamViewer MobileMe Parallels Sticky Notes Team Speak VMware One Note Ventrilo Windows Virtual PC Dropbox Sandboxd QEM (Linux only) Chrome Remote iStumbler HYPERBOX SkyDrive MSN Chat Boot Camp (dual boot) OneDrive Blackboard Chat CVMCompiler Google Drive Yahoo Messenger Office (Word, Excel, Skype etc.) www.ProctorU.com ● [email protected] ● 888­355­3043 ​ ​ ​ ​ ​ ​ ​ 2X Software Notepad Steam AerooAdmin Paint Origin AetherPal Go To Meeting Spotify Ammyy Admin Jing Facebook Messenger AnyDesk
  • Case No COMP/M.6281 - MICROSOFT/ SKYPE

    Case No COMP/M.6281 - MICROSOFT/ SKYPE

    EN Case No COMP/M.6281 - MICROSOFT/ SKYPE Only the English text is available and authentic. REGULATION (EC) No 139/2004 MERGER PROCEDURE Article 6(1)(b) NON-OPPOSITION Date: 07/10/2011 In electronic form on the EUR-Lex website under document number 32011M6281 Office for Publications of the European Union L-2985 Luxembourg EUROPEAN COMMISSION Brussels, 07/10/2011 C(2011)7279 In the published version of this decision, some information has been omitted pursuant to Article MERGER PROCEDURE 17(2) of Council Regulation (EC) No 139/2004 concerning non-disclosure of business secrets and other confidential information. The omissions are shown thus […]. Where possible the information omitted has been replaced by ranges of figures or a general description. PUBLIC VERSION To the notifying party: Dear Sir/Madam, Subject: Case No COMP/M.6281 - Microsoft/ Skype Commission decision pursuant to Article 6(1)(b) of Council Regulation No 139/20041 1. On 02.09.2011, the European Commission received notification of a proposed concentration pursuant to Article 4 of the Merger Regulation by which the undertaking Microsoft Corporation, USA (hereinafter "Microsoft"), acquires within the meaning of Article 3(1)(b) of the Merger Regulation control of the whole of the undertaking Skype Global S.a.r.l, Luxembourg (hereinafter "Skype"), by way of purchase of shares2. Microsoft and Skype are designated hereinafter as "parties to the notified operation" or "the parties". I. THE PARTIES 2. Microsoft is active in the design, development and supply of computer software and the supply of related services. The transaction concerns Microsoft's communication services, in particular the services offered under the brands "Windows Live Messenger" (hereinafter "WLM") for consumers and "Lync" for enterprises.
  • Novell Messenger 3.0 May 2015

    Novell Messenger 3.0 May 2015

    Novell Messenger 3.0 May 2015 1Overview The information in this Readme file pertains to Novell Messenger 3.0. Novell Messenger 3.0 offers enhanced functionality over prior Messenger versions: Mobile Applications: Novell Messenger 3.0 provides native applications for iOS, Android, and BlackBerry devices. For more information, see “Using Novell Messenger on Your Mobile Device” in the Novell Messenger 3.0 Client User Guide. For information about the administrative tasks associated with Messenger mobile applications, see “Managing Messenger Mobile Applications” in the Novell Messenger 3.0 Administration Guide. Simultaneous Client Connections: Novell Messenger 3.0 allows you to maintain simultaneous connections to your Messenger system from multiple workstations or devices. For example, you can be connected to Messenger on your workstation, and then connect to Messenger from a mobile device without being logged out of Messenger on your workstation. For more information about this feature, see “Limiting Physical Access to Client Workstations” in “Securing Novell Messenger” in the Novell Messenger 3.0 Administration Guide. Update Clients (Look and Feel): Novell Messenger 3.0 provides an updated look and feel for both the Windows and Linux/Mac client interfaces. The Messenger 3.0 release also contains the following changes: Removal of NetWare support: With Messenger 3.0 and later, NetWare is no longer supported. ConsoleOne download option: If you have not already installed ConsoleOne, it is available with the Messenger distribution. 2 System Requirements Novell Messenger 3.0 system requirements (including requirements for mobile devices) are listed in “Novell Messenger Hardware and Software Requirements” in the Novell Messenger 3.0 Installation Guide.
  • Forensic Artefacts Left by Pidgin Messenger 2.0

    Forensic Artefacts Left by Pidgin Messenger 2.0

    digital investigation 4 (2007) 138–145 available at www.sciencedirect.com journal homepage: www.elsevier.com/locate/diin Forensic artefacts left by Pidgin Messenger 2.0 Wouter S. van Dongen Fox-IT Forensic IT Experts, Olof Palmestraat 6, 2616 LM Delft, The Netherlands article info abstract Article history: Pidgin, formerly known as Gaim, is a multi-protocol instant messaging (IM) client that sup- Received 23 July 2007 ports communication on most of the popular IM networks. Pidgin is chiefly popular under Revised 23 November 2007 Linux, and is available for Windows, BSD and other UNIX versions. This article presents Accepted 21 January 2008 a number of traces that are left behind after the use of Pidgin on Linux, enabling digital in- vestigators to search for and interpret instant messaging activities, including online con- Keywords: versations and file transfers. Specifically, the contents and structures of user settings, log Pidgin files, contact files and the swap partition are discussed. In addition looking for such infor- Gaim mation in active files on a computer, forensic examiners can recover deleted items by Instant messenger searching a hard drive for file signatures and known file structures detailed in this article. Internet chat ª 2008 Elsevier Ltd. All rights reserved. Linux messenger MSN ICQ Yahoo! IRC 1. Introduction Gaim would become Pidgin, libgaim would become libpurple, and gaim-text would become finch. The name Pidgin was cho- This article is a continuation of the series of articles dealing sen as a reference to the term ‘Pidgin’, which describes com- with artefacts left by popular instant messaging clients.
  • A User Study of Off-The-Record Messaging

    A User Study of Off-The-Record Messaging

    A User Study of Off-the-Record Messaging Ryan Stedman Kayo Yoshida Ian Goldberg University of Waterloo 200 University Avenue West Waterloo, Ontario, Canada N2L 3G1 {rstedman@cs, k2yoshid@math, iang@cs}.uwaterloo.ca ABSTRACT Keywords Instant messaging is a prevalent form of communication ac- OTR, Usable Security, Instant Messaging, Think Aloud ross the Internet, yet most instant messaging services pro- vide little security against eavesdroppers or impersonators. 1. INTRODUCTION There are a variety of existing systems that aim to solve There has been much research into creating privacy-en- this problem, but the one that provides the highest level hancing technologies, especially since the Internet has started of privacy is Off-the-Record Messaging (OTR), which aims to play an essential role in everyday life. However, not many to give instant messaging conversations the level of privacy of these technologies have seen widespread adoption. One available in a face-to-face conversation. In the most recent of the reasons for this is that many of these technologies redesign of OTR, as well as increasing the security of the provide insufficient usability [8]. protocol, one of the goals of the designers was to make OTR The process of evaluating and enhancing usability is im- easier to use, without users needing to understand details of portant in order for a privacy-enhancing technology to pro- computer security such as keys or fingerprints. vide benefits to ordinary users. Since privacy is not just To determine if this design goal has been met, we con- intended for computer scientists or cryptographers, but for ducted a user study of the OTR plugin for the Pidgin in- everyone, these technologies should be accessible to the gen- stant messaging client using the think aloud method.
  • Client-Side Name Collision Vulnerability in the New Gtld Era: a Systematic Study

    Client-Side Name Collision Vulnerability in the New Gtld Era: a Systematic Study

    Session D5: Network Security CCS’17, October 30-November 3, 2017, Dallas, TX, USA Client-side Name Collision Vulnerability in the New gTLD Era: A Systematic Study Qi Alfred Chen, Matthew Thomas†, Eric Osterweil†, Yulong Cao, Jie You, Z. Morley Mao University of Michigan, †Verisign Labs [email protected],{mthomas,eosterweil}@verisign.com,{yulongc,jieyou,zmao}@umich.edu ABSTRACT was recently annouced (US-CERT alert TA16-144A), which specif- The recent unprecedented delegation of new generic top-level do- ically targets the leaked WPAD (Web Proxy Auto-Discovery) ser- mains (gTLDs) has exacerbated an existing, but fallow, problem vice discovery queries [79, 87]. In this attack, the attacker simply called name collisions. One concrete exploit of such problem was needs to register a domain that already receives vulnerable internal discovered recently, which targets internal namespaces and en- WPAD query leaks. Since WPAD queries are designed for discover- ables Man in the Middle (MitM) attacks against end-user devices ing and automatically conguring web proxy services, exploiting from anywhere on the Internet. Analysis of the underlying prob- these leaks allows the attacker to set up Man in the Middle (MitM) lem shows that it is not specic to any single service protocol, but proxies on end-user devices from anywhere on the Internet. little attention has been paid to understand the vulnerability status The cornerstone of this attack exploits the leaked service dis- and the defense solution space at the service level. In this paper, covery queries from the internal network services using DNS- we perform the rst systematic study of the robustness of internal based service discovery.
  • Implementing Reliable Instant Messaging at Your Library

    Implementing Reliable Instant Messaging at Your Library

    Implementing Reliable Instant Messaging at Your Library Karen McCoy Adult Services Librarian Farmington Public Library, NM Some background… More libraries are communicating with patrons in real time over the internet “Online real-time chat reference services have become increasingly prevalent in many types and sizes of libraries” (1). BUT… “Because no IM technology standard has been approved by all the major players, IM has long been problematic to libraries… but newer IM products can help resolve these dilemmas.”(2). 1. Kwon, Nahyun, & Gregory, Vicki L. (2007). The effects of librarians' behavioral performance on user satisfaction in chat reference services. Reference & User Services Quarterly. 47, 137-148, 137. 2. Rethlefsen, Melissa L. (Summer 2007). Product Pipeline. Netconnect, 14-16 Instant Messaging vs. Chat Software What’s the difference? Chat Software: fee-based, usually only used in businesses and libraries (usually part of a consortium to reduce cost) also referred to as “virtual reference” or “chat reference.” Instant Messaging: FREE to libraries and patrons, more often used by people in their daily lives, generally not platform dependent (1), more compatible in a Web 2.0 environment A recent trend in reference service seems to be a move from use of chat reference software to use of IM (2). 1. Johnson, Kris. “Pros & Cons of IM/SMS Virtual Reference.” NMLA/MPLA Presentation. March, 2007 2. Naylor, Sharon, Stoffel, Bruce, & Van Der Laan, Sharon (2008). Why isn't our chat reference used more? Reference & User Services Quarterly.
  • Online Security for Independent Media and Civil Society Activists

    Online Security for Independent Media and Civil Society Activists

    Online Security for Independent Media and Civil Society Activists A white paper for SIDA’s October 2010 “Exile Media” conference Eric S Johnson (updated 13 Oct 2013) For activists who make it a priority to deliver news to citizens of countries which try to control the information to which their citizens have access, the internet has provided massive new opportunities. But those countries’ governments also realise ICTs’ potential and implement countermeasures to impede the delivery of independent news via the internet. This paper covers what exile media can or should do to protect itself, addressing three categories of issues: common computer security precautions, defense against targeted attacks, and circumventing cybercensorship, with a final note about overkill (aka FUD: fear, uncertainty, doubt). For each of the issues mentioned below, specific ex- amples from within the human rights or freedom of expression world can be provided where non-observance was cata- strophic, but most of those who suffered problems would rather not be named. [NB Snowden- gate changed little or nothing about these recommendations.] Common computer security: The best defense is a good … (aka “lock your doors”) The main threats to exile media’s successful use of ICTs—and solutions—are the same as for any other computer user: 1) Ensure all software automatically patches itself regularly against newly-discovered secu- rity flaws (e.g. to maintain up-to-date SSL certificate revocation lists). As with antivirus software, this may cost something; e.g. with Microsoft (Windows and Office), it may re- quire your software be legally purchased (or use the WSUS Offline Update tool, which helps in low-bandwidth environments).