Skip to main content
SpringerLink
Log in
Book cover

International Joint Conference SOCO’13-CISIS’13-ICEUTE’13 pp 517–526Cite as

Disclosure of Sensitive Information in the Virtual Learning Environment Moodle

  • Conference paper

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 239))

Abstract

In recent years, the use of Virtual Learning Environments (VLEs) has greatly increased. Due to the requirements stated by the Bologna process, many European universities are changing their education systems to new ones based on information and communication technologies. The use of web environments makes their security an important issue, which must be taken into full consideration. Services or assets of the e-learning systems must be protected from any threats to guarantee the confidentiality of users’ data. In this contribution, we provide an initial overview of the most important attacks and countermeasures in Moodle, one of the most widely used VLEs, and then we focus on a type of attack that allows illegitimate users to obtain the username and password of other users when making a course backup in specific versions of Moodle. In order to illustrate this information we provide the details of a real attack in a Moodle 1.9.2 installation.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   169.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. EHEA: European Higher Education Area website 2010–2020 (2010), http://www.ehea.info .

  2. González, J., Jover, L., Cobo, E., Muño, P.: A web-based learning tool improves student performance in statistics: A randomized masked trial. Computers & Education 55(2), 704–713 (2010)

    Article  Google Scholar 

  3. McCray, G.: The hybrid course, merging on-line instruction and the traditional classroom. Inform. Tech. Managem. 1(4), 307–327 (2000)

    Article  Google Scholar 

  4. Prendes Espinosa, M.: Plataformas de campus virtual de software libre. Análisis comparativo de la situación actual en las universidades españolas (2009)

    Google Scholar 

  5. Moodle: Moodle.org, About (2012), http://moodle.org/about/

  6. Moodle: Moodle.org, Moodle Statistics (2012), http://moodle.org/stats/

  7. Gutiérrez, E., Trenas, M., Ramos, J., Corbera, F., Romero, S.: A new Moodle module supporting automatic verification of VHDL-based assignments. Computers & Education 54(2), 562–577 (2010)

    Article  Google Scholar 

  8. Luminita, D.: Information security in e-learning platforms. Procedia-Social and Behavioral Sciences 15(15), 2689–2693 (2011)

    Article  Google Scholar 

  9. Zamzuri, Z.F., Manaf, M., Ahmad, A., Yunus, Y.: Computer security threats towards the e-learning system assets. In: Zain, J.M., Wan Mohd, W.M.B., El-Qawasmeh, E. (eds.) ICSECS 2011, Part II. CCIS, vol. 180, pp. 335–345. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  10. Nickolova, M., Nickolov, E.: Threat model for user security in e-learning systems. Int. J. Inform. Tech. Knowledge 1, 341–347 (2007)

    Google Scholar 

  11. Bradbury, D.: The dangers of badly formed websites. Computer Fraud & Security, 12–14 (January 2012)

    Google Scholar 

  12. Scholte, T., Balzarotti, D., Kirda, E.: Have things changed now? An empirical study on input validation vulnerabilities in web applications. Computers & Security 31(3), 344–356 (2012)

    Article  Google Scholar 

  13. Diaz, J., Arroyo, D., Rodriguez, F.B.: An approach for adapting Moodle into a secure infrastructure. In: Herrero, Á., Corchado, E. (eds.) CISIS 2011. LNCS, vol. 6694, pp. 214–221. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  14. Kumar, S., Dutta, K.: Investigation on security in LMS Moodle. Int. J. Inform. Tech. Knowledge Managem. 4(1), 233–238 (2011)

    Google Scholar 

  15. Moodle: Moodle.org, Open-source community-based tools for learning (2012), http://moodle.org

  16. Stapic, Z., Orehovacki, T., Danic, M.: Determination of optimal security settings for LMS Moodle. In: 31st MIPRO International Convention on Information Systems Security, pp. 84–89 (2008)

    Google Scholar 

  17. Miletić, D.: Moodle Security. Packt Publishing, Birmingham (2011)

    Google Scholar 

  18. NIST: Guide to General Server Security. National Institute of Standard and Technology, SP 800-123 (2008)

    Google Scholar 

  19. Dagon, D., Lee, W., Lipton, R.: Protecting secret data from insider attacks. In: S. Patrick, A., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 16–30. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  20. Rivest, R.: The MD5 message-digest algorithm. Technical Report RFC 1321, Internet Activities Board (1992)

    Google Scholar 

  21. Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Inc., Boca Raton (1996)

    Book  Google Scholar 

  22. Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  23. Sotirov, A., Stevens, M., Appelbaum, J., Lenstra, A., Molnar, D., Osvik, D., de Weger, B.: MD5 considered harmful today. In: Announced at the 25th Chaos Communication Congress (2008)

    Google Scholar 

  24. Sasaki, Y., Aoki, K.: Finding preimages in full MD5 faster than exhaustive search. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 134–152. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  25. Forchino, L.: MD5 Decrypt online (2012), http://www.md5decrypt.org

  26. Domains By Proxy: Hashcat–advanced password recovery (2012), http://hashcat.net

Download references

Author information

Authors and Affiliations

  1. Information Security Institute (ISI), Spanish National Research Council (CSIC), Madrid, Spain

    Víctor Gayoso Martínez & Luis Hernández Encinas

  2. Department of Applied Mathematics, E.T.S.I.I. of Béjar, University of Salamanca, Salamanca, Spain

    Ascensión Hernández Encinas & Araceli Queiruga Dios

Authors
  1. Víctor Gayoso Martínez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Luis Hernández Encinas
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ascensión Hernández Encinas
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Araceli Queiruga Dios
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Víctor Gayoso Martínez .

Editor information

Editors and Affiliations

  1. Department of Civil Engineering, University of Burgos, Burgos, Spain

    Álvaro Herrero

  2. Department of Civil Engineering, University of Burgos, Burgos, Spain

    Bruno Baruque

  3. German Workforce ADL Partnership Laboratory, Waltershausen, Germany

    Fanny Klett

  4. Scientific Network for Innovation and Research Excellence, Machine Intelligence Research Labs (MIR Labs), Auburn, Washington, USA

    Ajith Abraham

  5. Department of Computer Science Faculty of Ele. Eng. & Computer Science, VŠB-TU Ostrava, Ostrava, Czech Republic

    Václav Snášel

  6. Department of Computer Science, University of Sao Paulo at Sao Carlos, Sao Carlos, Brazil

    André C.P.L.F. de Carvalho

  7. DeustoTech Computing, University of Deusto, Bilbao, Spain

    Pablo García Bringas

  8. Department of Computer Science Faculty of Elec. Eng. and Comp. Science, VŠB-TU Ostrava, Ostrava, Czech Republic

    Ivan Zelinka

  9. University of Salamanca, Salamanca, Spain

    Héctor Quintián

  10. University of Salamanca, Salamanca, Spain

    Emilio Corchado

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Martínez, V.G., Encinas, L.H., Encinas, A.H., Dios, A.Q. (2014). Disclosure of Sensitive Information in the Virtual Learning Environment Moodle. In: Herrero, Á., et al. International Joint Conference SOCO’13-CISIS’13-ICEUTE’13. Advances in Intelligent Systems and Computing, vol 239. Springer, Cham. https://doi.org/10.1007/978-3-319-01854-6_53

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-01854-6_53

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-01853-9

  • Online ISBN: 978-3-319-01854-6

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation