Abstract
In recent years, the use of Virtual Learning Environments (VLEs) has greatly increased. Due to the requirements stated by the Bologna process, many European universities are changing their education systems to new ones based on information and communication technologies. The use of web environments makes their security an important issue, which must be taken into full consideration. Services or assets of the e-learning systems must be protected from any threats to guarantee the confidentiality of users’ data. In this contribution, we provide an initial overview of the most important attacks and countermeasures in Moodle, one of the most widely used VLEs, and then we focus on a type of attack that allows illegitimate users to obtain the username and password of other users when making a course backup in specific versions of Moodle. In order to illustrate this information we provide the details of a real attack in a Moodle 1.9.2 installation.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
EHEA: European Higher Education Area website 2010–2020 (2010), http://www.ehea.info .
González, J., Jover, L., Cobo, E., Muño, P.: A web-based learning tool improves student performance in statistics: A randomized masked trial. Computers & Education 55(2), 704–713 (2010)
McCray, G.: The hybrid course, merging on-line instruction and the traditional classroom. Inform. Tech. Managem. 1(4), 307–327 (2000)
Prendes Espinosa, M.: Plataformas de campus virtual de software libre. Análisis comparativo de la situación actual en las universidades españolas (2009)
Moodle: Moodle.org, About (2012), http://moodle.org/about/
Moodle: Moodle.org, Moodle Statistics (2012), http://moodle.org/stats/
Gutiérrez, E., Trenas, M., Ramos, J., Corbera, F., Romero, S.: A new Moodle module supporting automatic verification of VHDL-based assignments. Computers & Education 54(2), 562–577 (2010)
Luminita, D.: Information security in e-learning platforms. Procedia-Social and Behavioral Sciences 15(15), 2689–2693 (2011)
Zamzuri, Z.F., Manaf, M., Ahmad, A., Yunus, Y.: Computer security threats towards the e-learning system assets. In: Zain, J.M., Wan Mohd, W.M.B., El-Qawasmeh, E. (eds.) ICSECS 2011, Part II. CCIS, vol. 180, pp. 335–345. Springer, Heidelberg (2011)
Nickolova, M., Nickolov, E.: Threat model for user security in e-learning systems. Int. J. Inform. Tech. Knowledge 1, 341–347 (2007)
Bradbury, D.: The dangers of badly formed websites. Computer Fraud & Security, 12–14 (January 2012)
Scholte, T., Balzarotti, D., Kirda, E.: Have things changed now? An empirical study on input validation vulnerabilities in web applications. Computers & Security 31(3), 344–356 (2012)
Diaz, J., Arroyo, D., Rodriguez, F.B.: An approach for adapting Moodle into a secure infrastructure. In: Herrero, Á., Corchado, E. (eds.) CISIS 2011. LNCS, vol. 6694, pp. 214–221. Springer, Heidelberg (2011)
Kumar, S., Dutta, K.: Investigation on security in LMS Moodle. Int. J. Inform. Tech. Knowledge Managem. 4(1), 233–238 (2011)
Moodle: Moodle.org, Open-source community-based tools for learning (2012), http://moodle.org
Stapic, Z., Orehovacki, T., Danic, M.: Determination of optimal security settings for LMS Moodle. In: 31st MIPRO International Convention on Information Systems Security, pp. 84–89 (2008)
Miletić, D.: Moodle Security. Packt Publishing, Birmingham (2011)
NIST: Guide to General Server Security. National Institute of Standard and Technology, SP 800-123 (2008)
Dagon, D., Lee, W., Lipton, R.: Protecting secret data from insider attacks. In: S. Patrick, A., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 16–30. Springer, Heidelberg (2005)
Rivest, R.: The MD5 message-digest algorithm. Technical Report RFC 1321, Internet Activities Board (1992)
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Inc., Boca Raton (1996)
Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)
Sotirov, A., Stevens, M., Appelbaum, J., Lenstra, A., Molnar, D., Osvik, D., de Weger, B.: MD5 considered harmful today. In: Announced at the 25th Chaos Communication Congress (2008)
Sasaki, Y., Aoki, K.: Finding preimages in full MD5 faster than exhaustive search. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 134–152. Springer, Heidelberg (2009)
Forchino, L.: MD5 Decrypt online (2012), http://www.md5decrypt.org
Domains By Proxy: Hashcat–advanced password recovery (2012), http://hashcat.net
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Martínez, V.G., Encinas, L.H., Encinas, A.H., Dios, A.Q. (2014). Disclosure of Sensitive Information in the Virtual Learning Environment Moodle. In: Herrero, Á., et al. International Joint Conference SOCO’13-CISIS’13-ICEUTE’13. Advances in Intelligent Systems and Computing, vol 239. Springer, Cham. https://doi.org/10.1007/978-3-319-01854-6_53
Download citation
DOI: https://doi.org/10.1007/978-3-319-01854-6_53
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-01853-9
Online ISBN: 978-3-319-01854-6
eBook Packages: EngineeringEngineering (R0)