Refine
Year
- 2021 (212) (remove)
Publication Type
- Article (113)
- Conference Proceeding (50)
- Lecture (14)
- Report (14)
- Part of a Book (10)
- Book (5)
- Contribution to a Periodical (3)
- Bachelor Thesis (1)
- Master's Thesis (1)
- Sound (1)
Language
- English (212) (remove)
Keywords
- plant-based diet (6)
- BPMN (2)
- Nachhaltigkeit (2)
- Process-Driven Application (2)
- Strategic Management (2)
- Urban (2)
- active optics (2)
- adaptive optics (2)
- cardiovascular disease (2)
- deformable mirror (2)
Faculty
- Chemieingenieurwesen (CIW) (38)
- Energie · Gebäude · Umwelt (EGU) (32)
- Wirtschaft (MSB) (27)
- Physikingenieurwesen (PHY) (21)
- Gesundheit (MDH) (20)
- Oecotrophologie · Facility Management (OEF) (18)
- Maschinenbau (MB) (14)
- Elektrotechnik und Informatik (ETI) (9)
- Sozialwesen (SW) (8)
- Wandelwerk. Zentrum für Qualitätsentwicklung (6)
TLS is one of today's most widely used and best-analyzed encryption technologies. However, for historical reasons, TLS for email protocols is often not used directly but negotiated via STARTTLS. This additional negotiation adds complexity and was prone to security vulnerabilities such as naive STARTTLS stripping or command injection attacks in the past.
We perform the first structured analysis of STARTTLS in SMTP, POP3, and IMAP and introduce EAST, a semi-automatic testing toolkit with more than 100 test cases covering a wide range of variants of STARTTLS stripping, command and response injections, tampering attacks, and UI spoofing attacks for email protocols. Our analysis focuses on the confidentiality and integrity of email submission (email client to SMTP server) and email retrieval (email client to POP3 or IMAP server). While some of our findings are also relevant for email transport (from one SMTP server to another), the security implications in email submission and retrieval are more critical because these connections involve not only individual email messages but also user credentials that allow access to a user's email archive.
We used EAST to analyze 28 email clients and 23 servers. In total, we reported over 40 STARTTLS issues, some of which allow mailbox spoofing, credential stealing, and even the hosting of HTTPS with a cross-protocol attack on IMAP. We conducted an Internet-wide scan for the particularly dangerous command injection attack and found that 320.000 email servers (2% of all email servers) are affected. Surprisingly, several clients were vulnerable to STARTTLS stripping attacks. In total, only 3 out of 28 clients did not show any STARTTLS-specific security issues. Even though the command injection attack received multiple CVEs in the past, EAST detected eight new instances of this problem. In total, only 7 out of 23 tested servers were never affected by this issue. We conclude that STARTTLS is error-prone to implement, under-specified in the standards, and should be avoided.
What sparks academic engagement with society? A comparison of incentives appealing to motives
(2021)
We report on a watt-level highly efficient europium laser operating at the 5D0→7F4 transition. It is based on the stoichiometric KEu(WO4)2 crystal. Under pumping by a green laser at 532.1 nm, the KEu(WO4)2 laser generated a maximum peak output power of 1.11 W at ∼703nm with a slope efficiency of 43.2% and a linear polarization (????‖????????). A laser threshold as low as 64 mW was achieved. True continuous-wave operation was demonstrated. The polarized emission properties of monoclinic KEu(WO4)2 were determined.
Common boundaries between the physical reality and rising digital media technologies are fading. The age of hyper-reality becomes an age of hyper-aesthetics. Immersive media as well as image technologies – like virtual reality – enable a completely novel form of interaction and corporeal relation to and with the virtual image structures. Virtual Images contributes to the wide range of the hyper-aesthetic image discourse to connect the concept of dynamic virtual images with the approaches in modern media theory, philosophy, perceptual theory, aesthetics, computer graphics, art history and techno-art as well as the complex range of image science. Shared goal is a critical discussion of the specific epistemology of aesthetic and scientific approaches to VR.
This volume discusses the relation of images and technological evolution in the context of virtual reality within the perspective of an autonomous image science.