SlideShare uma empresa Scribd logo
1 de 20
Baixar para ler offline
©




               Elgg Email Integration
                           Michael Jett <mjett@mitre.org>




                                                      Approved	
  for	
  Public	
  Release:	
  12-­‐1298


Thursday, April 12, 2012
©




                           Handshake
                                       Approved	
  for	
  Public	
  Release:	
  12-­‐1298


Thursday, April 12, 2012
©

                           What is Handshake?

                           business net working prototype built on
                           top of the elgg platform
                           created to support relationships
                           bet ween current employees, industry,
                           vendors, academia, sponsors, former
                           employees, and other FFRDCs

                                                        Approved	
  for	
  Public	
  Release:	
  12-­‐1298


Thursday, April 12, 2012
©

                            Email Integration?


                           A feature which allows users to
                           communicate directly with the elgg
                           platform from their email client



                                                       Approved	
  for	
  Public	
  Release:	
  12-­‐1298


Thursday, April 12, 2012
©

                                         Why?

                           Increased accessibility (mobile, box-top)
                           Familiar ground for veteran users
                           List-ser v transition
                           Convenience


                                                          Approved	
  for	
  Public	
  Release:	
  12-­‐1298


Thursday, April 12, 2012
©

                            Not a new concept

                           facebook
                           moodle
                           WordPress
                           Blogger


                                          Approved	
  for	
  Public	
  Release:	
  12-­‐1298


Thursday, April 12, 2012
©

                           Basic Flow
          System issues a user a        my.special.email@domain.com
           special email address


                                   User sends an email to
                                    this special address


     System receives email
    and performs an action                        Approved	
  for	
  Public	
  Release:	
  12-­‐1298


Thursday, April 12, 2012
©

                                      Concerns

                           Security
                           Server resource consumption
                           Maintenance
                           Storage


                                                         Approved	
  for	
  Public	
  Release:	
  12-­‐1298


Thursday, April 12, 2012
©

                             Security Threats

                           Email address spoofing
                           Unintentional for warding of email
                           secrets
                           Maliciously flooding ser ver with email
                           traffic


                                                         Approved	
  for	
  Public	
  Release:	
  12-­‐1298


Thursday, April 12, 2012
©

                           Security Specifics?
                                          Where do we
                                       Embed, Issue, or Store
                                              them?

                                         Do they expire?

              Tokens, Keys, Specials

                                               Approved	
  for	
  Public	
  Release:	
  12-­‐1298


Thursday, April 12, 2012
©




                   Security Approaches


                                 Approved	
  for	
  Public	
  Release:	
  12-­‐1298


Thursday, April 12, 2012
©

                                  User Expired
                           User is issued a special email address to
                           perform an action
                           User may regenerate a new email
                           address if they feel it has been
                           compromised
                           eg (my.silly.email@elggbook.com)

                                                          Approved	
  for	
  Public	
  Release:	
  12-­‐1298


Thursday, April 12, 2012
©

                                User Expired
                   Advantages                 Disadvantages

                       Manageable            Requires IP Monitoring

                       Usable                Requires Extensive
                                             logging



                           silly.email.address@elggbook.com

                                                      Approved	
  for	
  Public	
  Release:	
  12-­‐1298


Thursday, April 12, 2012
©

                               System Expired


                           System automatically expires email
                           address within a specific time frame.

                            valid.for.30.days@elggbook.com

                                                        Approved	
  for	
  Public	
  Release:	
  12-­‐1298


Thursday, April 12, 2012
©

                               System Expired
                   Advantages             Disadvantages


                       Security is more   Requires extra system
                       centralized        resources to validate
                                          expired emails




                                                   Approved	
  for	
  Public	
  Release:	
  12-­‐1298


Thursday, April 12, 2012
©




                           Our Approach


                                      Approved	
  for	
  Public	
  Release:	
  12-­‐1298


Thursday, April 12, 2012
©

                                Our Approach

                           System Expired
                           Signature embedding to thwart
                           spoofing attempts
                           Action embedding


                                                      Approved	
  for	
  Public	
  Release:	
  12-­‐1298


Thursday, April 12, 2012
©




                Huh? Example Please!?
                           create.comment.123+8vFBxhiU@elggbook.com


                       Do?                Where?

                                                           Security!
                                What?                     Approved	
  for	
  Public	
  Release:	
  12-­‐1298


Thursday, April 12, 2012
©

                                  Acquisition
                                                            How does a user obtain one
                                                            of these “special” email
                                                            addresses?

                           Automatically embedded in
                           notifications
    To: billy@bob.com
    From: no.reply@elggbook.com

    Someone commented on your discussion topic

    Email a reply                           href=”mailto:create...
                                                       Approved	
  for	
  Public	
  Release:	
  12-­‐1298


Thursday, April 12, 2012
©




                           Conclusion


                                        Approved	
  for	
  Public	
  Release:	
  12-­‐1298


Thursday, April 12, 2012

Mais conteúdo relacionado

Destaque

ElggCamp Santiago> For Developers!
ElggCamp Santiago> For Developers!ElggCamp Santiago> For Developers!
ElggCamp Santiago> For Developers!Condiminds
 
'State of Elgg' Brett Profitt #ECSF
'State of Elgg' Brett Profitt #ECSF'State of Elgg' Brett Profitt #ECSF
'State of Elgg' Brett Profitt #ECSFCondiminds
 
'Finding Baby Bear's Bed: a tale of two spaces' Jon Dron #ECSF
'Finding Baby Bear's Bed: a tale of two spaces' Jon Dron #ECSF'Finding Baby Bear's Bed: a tale of two spaces' Jon Dron #ECSF
'Finding Baby Bear's Bed: a tale of two spaces' Jon Dron #ECSFCondiminds
 
'Not a developer? not a problem!' Brett Profitt #ECSF
'Not a developer? not a problem!' Brett Profitt #ECSF'Not a developer? not a problem!' Brett Profitt #ECSF
'Not a developer? not a problem!' Brett Profitt #ECSFCondiminds
 
'Best Practices for Elgg Plugin Developers' Cash Costello #ECSF
'Best Practices for Elgg Plugin Developers' Cash Costello #ECSF'Best Practices for Elgg Plugin Developers' Cash Costello #ECSF
'Best Practices for Elgg Plugin Developers' Cash Costello #ECSFCondiminds
 
Exercicio inorganica
Exercicio inorganicaExercicio inorganica
Exercicio inorganicaKelly Candido
 
жизненный путь
жизненный путьжизненный путь
жизненный путьtiskovich
 
Presentacion razas de perros
Presentacion razas de perrosPresentacion razas de perros
Presentacion razas de perroslorenaricardoecci
 
81-47148-1466487088-certificate
81-47148-1466487088-certificate81-47148-1466487088-certificate
81-47148-1466487088-certificateCarlos F Muniz
 
преобразующее мышление
преобразующее мышлениепреобразующее мышление
преобразующее мышлениеtiskovich
 
основатели финансового менеджмента
основатели финансового менеджментаоснователи финансового менеджмента
основатели финансового менеджментаtiskovich
 
CEO Forum 2015 Stefanos Komninos
CEO Forum 2015 Stefanos KomninosCEO Forum 2015 Stefanos Komninos
CEO Forum 2015 Stefanos KomninosStefanos Komninos
 
4.3.2 balanceo ecuaciones ii resulta
4.3.2 balanceo ecuaciones ii  resulta4.3.2 balanceo ecuaciones ii  resulta
4.3.2 balanceo ecuaciones ii resultaJorge Arizpe Dodero
 

Destaque (20)

ElggCamp Santiago> For Developers!
ElggCamp Santiago> For Developers!ElggCamp Santiago> For Developers!
ElggCamp Santiago> For Developers!
 
'State of Elgg' Brett Profitt #ECSF
'State of Elgg' Brett Profitt #ECSF'State of Elgg' Brett Profitt #ECSF
'State of Elgg' Brett Profitt #ECSF
 
'Finding Baby Bear's Bed: a tale of two spaces' Jon Dron #ECSF
'Finding Baby Bear's Bed: a tale of two spaces' Jon Dron #ECSF'Finding Baby Bear's Bed: a tale of two spaces' Jon Dron #ECSF
'Finding Baby Bear's Bed: a tale of two spaces' Jon Dron #ECSF
 
'Not a developer? not a problem!' Brett Profitt #ECSF
'Not a developer? not a problem!' Brett Profitt #ECSF'Not a developer? not a problem!' Brett Profitt #ECSF
'Not a developer? not a problem!' Brett Profitt #ECSF
 
'Best Practices for Elgg Plugin Developers' Cash Costello #ECSF
'Best Practices for Elgg Plugin Developers' Cash Costello #ECSF'Best Practices for Elgg Plugin Developers' Cash Costello #ECSF
'Best Practices for Elgg Plugin Developers' Cash Costello #ECSF
 
Manual zanussi encimera zav6040 xba
Manual zanussi   encimera zav6040 xbaManual zanussi   encimera zav6040 xba
Manual zanussi encimera zav6040 xba
 
Tarea marelly
Tarea marellyTarea marelly
Tarea marelly
 
Manual zanussi encimera zei6632 fba
Manual zanussi   encimera zei6632 fbaManual zanussi   encimera zei6632 fba
Manual zanussi encimera zei6632 fba
 
Manual zanussi encimera zei6640 fbv
Manual zanussi   encimera zei6640 fbvManual zanussi   encimera zei6640 fbv
Manual zanussi encimera zei6640 fbv
 
Exercicio inorganica
Exercicio inorganicaExercicio inorganica
Exercicio inorganica
 
жизненный путь
жизненный путьжизненный путь
жизненный путь
 
Presentacion razas de perros
Presentacion razas de perrosPresentacion razas de perros
Presentacion razas de perros
 
Arqmanpc unidad 1
Arqmanpc unidad 1Arqmanpc unidad 1
Arqmanpc unidad 1
 
81-47148-1466487088-certificate
81-47148-1466487088-certificate81-47148-1466487088-certificate
81-47148-1466487088-certificate
 
преобразующее мышление
преобразующее мышлениепреобразующее мышление
преобразующее мышление
 
Manual zanussi encimera zei6632 xba
Manual zanussi   encimera zei6632 xbaManual zanussi   encimera zei6632 xba
Manual zanussi encimera zei6632 xba
 
основатели финансового менеджмента
основатели финансового менеджментаоснователи финансового менеджмента
основатели финансового менеджмента
 
CEO Forum 2015 Stefanos Komninos
CEO Forum 2015 Stefanos KomninosCEO Forum 2015 Stefanos Komninos
CEO Forum 2015 Stefanos Komninos
 
4.3.2 balanceo ecuaciones ii resulta
4.3.2 balanceo ecuaciones ii  resulta4.3.2 balanceo ecuaciones ii  resulta
4.3.2 balanceo ecuaciones ii resulta
 
IoT Demo
IoT Demo IoT Demo
IoT Demo
 

Mais de Condiminds

Introducción a las Metodologías Ágiles
Introducción a las Metodologías ÁgilesIntroducción a las Metodologías Ágiles
Introducción a las Metodologías ÁgilesCondiminds
 
Querés hacer tu Caralibro? | Emilio Gonzalez | Condiminds
Querés hacer tu Caralibro? | Emilio Gonzalez | Condiminds Querés hacer tu Caralibro? | Emilio Gonzalez | Condiminds
Querés hacer tu Caralibro? | Emilio Gonzalez | Condiminds Condiminds
 
10 Tips para una Red de Nicho | Condiminds
10 Tips para una Red de Nicho | Condiminds10 Tips para una Red de Nicho | Condiminds
10 Tips para una Red de Nicho | CondimindsCondiminds
 
Bienvenida ElggCampBA 2010
Bienvenida ElggCampBA 2010Bienvenida ElggCampBA 2010
Bienvenida ElggCampBA 2010Condiminds
 
Social Enterprise Guru Device
Social Enterprise Guru DeviceSocial Enterprise Guru Device
Social Enterprise Guru DeviceCondiminds
 
Desarrollo de Redes Sociales para Social Enterprise, Powered by Elgg
Desarrollo de Redes Sociales para Social Enterprise, Powered by ElggDesarrollo de Redes Sociales para Social Enterprise, Powered by Elgg
Desarrollo de Redes Sociales para Social Enterprise, Powered by ElggCondiminds
 
Elgg para Mkt online en el #barcampba
Elgg para Mkt online en el #barcampbaElgg para Mkt online en el #barcampba
Elgg para Mkt online en el #barcampbaCondiminds
 
Elgg Camp Buenos Aires - Español
Elgg Camp Buenos Aires - EspañolElgg Camp Buenos Aires - Español
Elgg Camp Buenos Aires - EspañolCondiminds
 

Mais de Condiminds (8)

Introducción a las Metodologías Ágiles
Introducción a las Metodologías ÁgilesIntroducción a las Metodologías Ágiles
Introducción a las Metodologías Ágiles
 
Querés hacer tu Caralibro? | Emilio Gonzalez | Condiminds
Querés hacer tu Caralibro? | Emilio Gonzalez | Condiminds Querés hacer tu Caralibro? | Emilio Gonzalez | Condiminds
Querés hacer tu Caralibro? | Emilio Gonzalez | Condiminds
 
10 Tips para una Red de Nicho | Condiminds
10 Tips para una Red de Nicho | Condiminds10 Tips para una Red de Nicho | Condiminds
10 Tips para una Red de Nicho | Condiminds
 
Bienvenida ElggCampBA 2010
Bienvenida ElggCampBA 2010Bienvenida ElggCampBA 2010
Bienvenida ElggCampBA 2010
 
Social Enterprise Guru Device
Social Enterprise Guru DeviceSocial Enterprise Guru Device
Social Enterprise Guru Device
 
Desarrollo de Redes Sociales para Social Enterprise, Powered by Elgg
Desarrollo de Redes Sociales para Social Enterprise, Powered by ElggDesarrollo de Redes Sociales para Social Enterprise, Powered by Elgg
Desarrollo de Redes Sociales para Social Enterprise, Powered by Elgg
 
Elgg para Mkt online en el #barcampba
Elgg para Mkt online en el #barcampbaElgg para Mkt online en el #barcampba
Elgg para Mkt online en el #barcampba
 
Elgg Camp Buenos Aires - Español
Elgg Camp Buenos Aires - EspañolElgg Camp Buenos Aires - Español
Elgg Camp Buenos Aires - Español
 

Último

UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 

Último (20)

UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 

'Elgg email integration' Mike Jett #ECSF

  • 1. © Elgg Email Integration Michael Jett <mjett@mitre.org> Approved  for  Public  Release:  12-­‐1298 Thursday, April 12, 2012
  • 2. © Handshake Approved  for  Public  Release:  12-­‐1298 Thursday, April 12, 2012
  • 3. © What is Handshake? business net working prototype built on top of the elgg platform created to support relationships bet ween current employees, industry, vendors, academia, sponsors, former employees, and other FFRDCs Approved  for  Public  Release:  12-­‐1298 Thursday, April 12, 2012
  • 4. © Email Integration? A feature which allows users to communicate directly with the elgg platform from their email client Approved  for  Public  Release:  12-­‐1298 Thursday, April 12, 2012
  • 5. © Why? Increased accessibility (mobile, box-top) Familiar ground for veteran users List-ser v transition Convenience Approved  for  Public  Release:  12-­‐1298 Thursday, April 12, 2012
  • 6. © Not a new concept facebook moodle WordPress Blogger Approved  for  Public  Release:  12-­‐1298 Thursday, April 12, 2012
  • 7. © Basic Flow System issues a user a my.special.email@domain.com special email address User sends an email to this special address System receives email and performs an action Approved  for  Public  Release:  12-­‐1298 Thursday, April 12, 2012
  • 8. © Concerns Security Server resource consumption Maintenance Storage Approved  for  Public  Release:  12-­‐1298 Thursday, April 12, 2012
  • 9. © Security Threats Email address spoofing Unintentional for warding of email secrets Maliciously flooding ser ver with email traffic Approved  for  Public  Release:  12-­‐1298 Thursday, April 12, 2012
  • 10. © Security Specifics? Where do we Embed, Issue, or Store them? Do they expire? Tokens, Keys, Specials Approved  for  Public  Release:  12-­‐1298 Thursday, April 12, 2012
  • 11. © Security Approaches Approved  for  Public  Release:  12-­‐1298 Thursday, April 12, 2012
  • 12. © User Expired User is issued a special email address to perform an action User may regenerate a new email address if they feel it has been compromised eg (my.silly.email@elggbook.com) Approved  for  Public  Release:  12-­‐1298 Thursday, April 12, 2012
  • 13. © User Expired Advantages Disadvantages Manageable Requires IP Monitoring Usable Requires Extensive logging silly.email.address@elggbook.com Approved  for  Public  Release:  12-­‐1298 Thursday, April 12, 2012
  • 14. © System Expired System automatically expires email address within a specific time frame. valid.for.30.days@elggbook.com Approved  for  Public  Release:  12-­‐1298 Thursday, April 12, 2012
  • 15. © System Expired Advantages Disadvantages Security is more Requires extra system centralized resources to validate expired emails Approved  for  Public  Release:  12-­‐1298 Thursday, April 12, 2012
  • 16. © Our Approach Approved  for  Public  Release:  12-­‐1298 Thursday, April 12, 2012
  • 17. © Our Approach System Expired Signature embedding to thwart spoofing attempts Action embedding Approved  for  Public  Release:  12-­‐1298 Thursday, April 12, 2012
  • 18. © Huh? Example Please!? create.comment.123+8vFBxhiU@elggbook.com Do? Where? Security! What? Approved  for  Public  Release:  12-­‐1298 Thursday, April 12, 2012
  • 19. © Acquisition How does a user obtain one of these “special” email addresses? Automatically embedded in notifications To: billy@bob.com From: no.reply@elggbook.com Someone commented on your discussion topic Email a reply href=”mailto:create... Approved  for  Public  Release:  12-­‐1298 Thursday, April 12, 2012
  • 20. © Conclusion Approved  for  Public  Release:  12-­‐1298 Thursday, April 12, 2012