“Die letzten Veröffentlichungen sind zwar relativ gewichtig, weil es sich um sensible Daten handelt, aber technisch gesehen nicht unbedingt aufwendig”, sagt Martin Mulazzani von SBA Research, einem Wiener Forschungsinstitut für IT-Security (derstandard.at)

Severin Winkler is holding several lessons on secure development of web-applications in cooperation with CON•ECT. The core components of these talks are the top ten security leaks of web applications in 2010 identified by OWASP. The lessons include advanced security topics necessary for the development of modern web-applications and offer a focus on attack scenarios and counter strategies. (mehr…)

Guest speaker Melanie Volkamer: Usable Security in the Context of Electronic Elections

The subject of electronic voting has enjoyed several years of considerable interest both from election officials and IT security and cryptography researchers. The interest of election officials is based especially on the possibility to obtain fast and accurate results. Scientists are interested in the balance between anonymity and verifiability. Due to the different interests, there exists a gap between the complex but verifiable election protocols that are discussed in conferences and the black box-systems that are used in practice. This gap, which is also evident in many other applications, can only be closed by methods of the research area called ‘Usable Security’. Recent results on the example of the Helios Internet voting system will be presented during the talk. The presentation will also provide an overview of my previous research in the field of electronic voting and on current and planned projects in the area of ‘Usable Security’.

We are going to present our social snapshot forensic tool at the Annual Computer Security Applications Conference (ACSAC) 2011.

Abstract:
Recently, academia and law enforcement alike have shown a strong demand for data that is collected from online social networks. In this work, we present a novel method for harvesting such data from social networking websites. Our approach uses a hybrid system that is based on a custom add-on for social networks in combination with a web crawling component. The datasets that our tool collects contain profile information (user data, private messages, photos, etc.) and associated meta-data (internal timestamps and unique identifiers). These social snapshots are significant for security research and in the field of digital forensics. We implemented a prototype for Facebook and evaluated our system on a number of human volunteers. We show the feasibility and efficiency of our approach and its advantages in contrast to traditional techniques that rely on application-specific web crawling and parsing. Furthermore, we investigate different use-cases of our tool that include consensual application and the use of sniffed authentication cookies. Finally, we contribute to the research community by publishing our implementation as an open-source project.

You can find the paper here: Social Snapshot ACSAC11 preprint

Today, Edgar Weippl speaks in Zurich on Cloud Security and takes part in a discussion (more…)

Edgar Weippl takes part in the round table on electronic identities.
9.00 — 16.30, Haus der Europäischen Union
Wipplingerstraße 35, Vienna (more…)

Edgar Weippl presents SBA’s research on cloud security in Zurich at Future network’s meeting (more…).

Edgar Weippl gives a presentation of technical options to provide privacy at the Forum Privacy of the Austrian Computer Society. (ORG, ORF.at)