Disclosure of Sensitive Information in the Virtual Learning Environment Moodle | SpringerLink
Skip to main content

Disclosure of Sensitive Information in the Virtual Learning Environment Moodle

  • Conference paper
International Joint Conference SOCO’13-CISIS’13-ICEUTE’13

Abstract

In recent years, the use of Virtual Learning Environments (VLEs) has greatly increased. Due to the requirements stated by the Bologna process, many European universities are changing their education systems to new ones based on information and communication technologies. The use of web environments makes their security an important issue, which must be taken into full consideration. Services or assets of the e-learning systems must be protected from any threats to guarantee the confidentiality of users’ data. In this contribution, we provide an initial overview of the most important attacks and countermeasures in Moodle, one of the most widely used VLEs, and then we focus on a type of attack that allows illegitimate users to obtain the username and password of other users when making a course backup in specific versions of Moodle. In order to illustrate this information we provide the details of a real attack in a Moodle 1.9.2 installation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
JPY 3498
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
JPY 22879
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
JPY 28599
Price includes VAT (Japan)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. EHEA: European Higher Education Area website 2010–2020 (2010), http://www.ehea.info .

  2. González, J., Jover, L., Cobo, E., Muño, P.: A web-based learning tool improves student performance in statistics: A randomized masked trial. Computers & Education 55(2), 704–713 (2010)

    Article  Google Scholar 

  3. McCray, G.: The hybrid course, merging on-line instruction and the traditional classroom. Inform. Tech. Managem. 1(4), 307–327 (2000)

    Article  Google Scholar 

  4. Prendes Espinosa, M.: Plataformas de campus virtual de software libre. Análisis comparativo de la situación actual en las universidades españolas (2009)

    Google Scholar 

  5. Moodle: Moodle.org, About (2012), http://moodle.org/about/

  6. Moodle: Moodle.org, Moodle Statistics (2012), http://moodle.org/stats/

  7. Gutiérrez, E., Trenas, M., Ramos, J., Corbera, F., Romero, S.: A new Moodle module supporting automatic verification of VHDL-based assignments. Computers & Education 54(2), 562–577 (2010)

    Article  Google Scholar 

  8. Luminita, D.: Information security in e-learning platforms. Procedia-Social and Behavioral Sciences 15(15), 2689–2693 (2011)

    Article  Google Scholar 

  9. Zamzuri, Z.F., Manaf, M., Ahmad, A., Yunus, Y.: Computer security threats towards the e-learning system assets. In: Zain, J.M., Wan Mohd, W.M.B., El-Qawasmeh, E. (eds.) ICSECS 2011, Part II. CCIS, vol. 180, pp. 335–345. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  10. Nickolova, M., Nickolov, E.: Threat model for user security in e-learning systems. Int. J. Inform. Tech. Knowledge 1, 341–347 (2007)

    Google Scholar 

  11. Bradbury, D.: The dangers of badly formed websites. Computer Fraud & Security, 12–14 (January 2012)

    Google Scholar 

  12. Scholte, T., Balzarotti, D., Kirda, E.: Have things changed now? An empirical study on input validation vulnerabilities in web applications. Computers & Security 31(3), 344–356 (2012)

    Article  Google Scholar 

  13. Diaz, J., Arroyo, D., Rodriguez, F.B.: An approach for adapting Moodle into a secure infrastructure. In: Herrero, Á., Corchado, E. (eds.) CISIS 2011. LNCS, vol. 6694, pp. 214–221. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  14. Kumar, S., Dutta, K.: Investigation on security in LMS Moodle. Int. J. Inform. Tech. Knowledge Managem. 4(1), 233–238 (2011)

    Google Scholar 

  15. Moodle: Moodle.org, Open-source community-based tools for learning (2012), http://moodle.org

  16. Stapic, Z., Orehovacki, T., Danic, M.: Determination of optimal security settings for LMS Moodle. In: 31st MIPRO International Convention on Information Systems Security, pp. 84–89 (2008)

    Google Scholar 

  17. Miletić, D.: Moodle Security. Packt Publishing, Birmingham (2011)

    Google Scholar 

  18. NIST: Guide to General Server Security. National Institute of Standard and Technology, SP 800-123 (2008)

    Google Scholar 

  19. Dagon, D., Lee, W., Lipton, R.: Protecting secret data from insider attacks. In: S. Patrick, A., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 16–30. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  20. Rivest, R.: The MD5 message-digest algorithm. Technical Report RFC 1321, Internet Activities Board (1992)

    Google Scholar 

  21. Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Inc., Boca Raton (1996)

    Book  Google Scholar 

  22. Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  23. Sotirov, A., Stevens, M., Appelbaum, J., Lenstra, A., Molnar, D., Osvik, D., de Weger, B.: MD5 considered harmful today. In: Announced at the 25th Chaos Communication Congress (2008)

    Google Scholar 

  24. Sasaki, Y., Aoki, K.: Finding preimages in full MD5 faster than exhaustive search. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 134–152. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  25. Forchino, L.: MD5 Decrypt online (2012), http://www.md5decrypt.org

  26. Domains By Proxy: Hashcat–advanced password recovery (2012), http://hashcat.net

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Víctor Gayoso Martínez .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Martínez, V.G., Encinas, L.H., Encinas, A.H., Dios, A.Q. (2014). Disclosure of Sensitive Information in the Virtual Learning Environment Moodle. In: Herrero, Á., et al. International Joint Conference SOCO’13-CISIS’13-ICEUTE’13. Advances in Intelligent Systems and Computing, vol 239. Springer, Cham. https://doi.org/10.1007/978-3-319-01854-6_53

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-01854-6_53

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-01853-9

  • Online ISBN: 978-3-319-01854-6

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics