Respondus LockDown Browser Revisited: Disclosure

Presenter Information

Donald Moncrief

Document Type

Oral Presentation

Campus where you would like to present

SURC 140

Start Date

16-5-2013

End Date

16-5-2013

Abstract

This is a follow up to last year’s “Well That Was Easy: Misdirecting Respondus LockDown Browser for Fun and Profit” wherein we demonstrated the ability to direct the Respondus LockDown Browser to an arbitrary IP address of our choosing. For various reasons we chose not to disclose at that time specific details about how this was achieved or the methodology used to discover the vulnerability. In this presentation, we will make those disclosures, discuss some periphery findings we made during the course of our research, and talk about the reasons for not disclosing last year.

Faculty Mentor(s)

Chet Claar

Additional Mentoring Department

ITAM

This document is currently not available here.

Share

COinS
 
May 16th, 10:10 AM May 16th, 10:30 AM

Respondus LockDown Browser Revisited: Disclosure

SURC 140

This is a follow up to last year’s “Well That Was Easy: Misdirecting Respondus LockDown Browser for Fun and Profit” wherein we demonstrated the ability to direct the Respondus LockDown Browser to an arbitrary IP address of our choosing. For various reasons we chose not to disclose at that time specific details about how this was achieved or the methodology used to discover the vulnerability. In this presentation, we will make those disclosures, discuss some periphery findings we made during the course of our research, and talk about the reasons for not disclosing last year.