Secure Business Austria » News

Web Salon 2012

mleithner — Wed, 01 Feb 2012 13:46:46 +0000

Heute (1. Februar) um 19 Uhr bietet Manuel Leithner im Rahmen des Web Salon 2012, veranstaltet von saferinternet.at, in Form eines Webinars praktische Tips und Informationen zum Thema Sicherheit auch für Computerunvertraute an. Die Teilnahme ist frei, Anmeldung jedoch erforderlich.

BSidesVienna Public Transport Talk

mleithner — Mon, 23 Jan 2012 12:04:22 +0000

At BSidesVienna 2012, Manuel Leithner gave a talk on public transport titled “Hackers on a train – Toying with transportation”, detailing equipment and possible flaws in the on-board network infrastructure and ticketing system of WESTbahn.

Sieg beim iCTF 2011

mleithner — Sat, 03 Dec 2011 02:40:26 +0000

Das Team der TU Wien “We_0wn_Y0u” konnte beim iCTF 2011 unter der Leitung von Adrian Dabrowski den Sieg erringen. In einem bis zuletzt spannenden neunstündigem Wettbewerb gegen über 85 internationale Mitbewerberteams stellten auch Martin Mulazzani, Peter Frühwirt und Manuel Leithner als Vertreter von SBA Research ihre Fähigkeiten rund um Angriffe auf und Verteidigung von IT-Infrastruktur unter Beweis.

Das finale Scoreboard ist hier ersichtlich. Mit einem breit gefächertem internationalen Teilnahmefeld (u.A. USA, Russland und China) zählt die iCTF zu den größten Capture the Flag-Contests weltweit. Foto

Pressecoverage von Standard, Presse, Kurier, Krone, Österreich

Secure development of web-applications – Secure Coding I + II

lzechner@ — Thu, 29 Sep 2011 13:27:44 +0000

Severin Winkler is holding several lessons on secure development of web-applications in cooperation with CON•ECT. The core components of these talks are the top ten security leaks of web applications in 2010 identified by OWASP. The lessons include advanced security topics necessary for the development of modern web-applications and offer a focus on attack scenarios and counter strategies. (mehr…)

USENIX Security ’11: Dark Clouds on the Horizon

mmulazzani — Wed, 22 Jun 2011 09:27:31 +0000

In August we will present our work on cloud storage security at the 20th USENIX Security Symposium in San Francisco. The paper, in essence, outlines new attacks on cloud storage services that use server-side data deduplication.

It includes a security analysis of Dropbox, a popular cloud storage service. By manipulating the client software unauthorized data access becomes possible, if the hash values of the files are known to an attacker. This attack is completely undetectable to the victim, and novel compared to recent attacks discussed in the media. Data possession proofs which have been used so far in the context of assessing whether a cloud storage operator is still in possession of a file are the only countermeasure.

We further define online slack space as a method to hide data in the cloud to thwart forensic investigations. Compared to regular file slack all files are stored in the cloud without leaving any evidence on local persistent storage.

You can find the paper here: Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space. We have contacted Dropbox and they implemented countermeasures for our attacks while investigating the use of data possession proofs on the client side.

Leak in Tor for Android (Orbot)

mleithner — Mon, 02 May 2011 15:35:44 +0000

While performing traffic analysis on the current development version of Orbot, the official Android for Tor app, Manuel Leithner (Junior Researcher, SBA Research gGmbH) discovered that certain types of traffic (including VPN, GPS and videos) were not tunnelled through Tor. He subsequently developed a patch that enables full and enforced transparent proxying for all TCP and DNS traffic through the anonymisation service.

IEEE Internet Computing Special Issue on Security and Privacy in Social Networks

mhuber — Wed, 02 Feb 2011 15:46:08 +0000

Our manuscript “Friend-in-the-middle Attacks: Exploiting Social Networking Sites for Spam” has been accepted for the upcoming special issue on Security and Privacy in Social Networks in the IEEE Journal of Internet Computing in May/Jun 2011. Preprint is available here.

In this article we have introduced friend-in-the-middle (FITM) attacks which are active eavesdropping attacks against social networking sites. By cloning a user’s authentication cookie which is transmitted in an unencrypted way, it becomes possible to completely impersonate the user. This can then be used to collect sensitive information in an automated fashion which ultimately enables large context-aware spam campaigns that propagate via social phishing. FITM attacks are applicable to the great majority of currently deployed SNSs, such as Facebook, Friendster, and Orkut. Based on FITM attacks we described three subsequent exploits: (1) Friend injection, (2) Application injection, and (3) Social engineering. We furthermore evaluated the impact of a large-scale spam attack on basis of FITM attacks. We therefore set-up a Tor exit node and analyzed the passing through HTTP traffic. Our experiments showed that finding possible FITM attack seeds for spam campaigns is cheap regarding time and hardware resources. Our attack simulation results furthermore suggest that based on the 4000 possible Facebook attack seeds we observed within two weeks, ~300.000 users could have been targeted with context-aware spam.

There are a number of limited protection strategies available to social networking users, such as using browser extensions such as EFF HTTPS Everywhere. The Tor browser bundles include the EFF HTTPS Everywhere extension since May 2010. Social networking providers ultimately have to protect their users against FITM attacks by securing the communication channels of their services with HTTPS. At the time of writing Facebook has announced that they will offer optional HTTPS support for their web service. We strongly advice users to make use of this option once it will become available to everyone.

Entry in IEEE Xplore

Information Security Knowledge Management Survey

sfenz — Wed, 12 Jan 2011 12:54:07 +0000

We kindly ask you to participate in our information security knowledge management survey. The survey is conducted by publicly-funded research institutions SBA Research (AT), Newcastle University (UK), and Vienna University of Technology (AT). We conduct the survey to explore potential ways of enabling companies and professionals to share information security knowledge through the application of collaborative semantic web technologies. The aggregated survey results will be published within publically-accessible research publications.

Survey: http://www.sba-research.org/survey/index.php?sid=73314

Thank you for your support.

CCS & AISec

sschrittwieser — Mon, 18 Oct 2010 07:58:48 +0000

We are attending CCS 2010 in Chicago and present a poster and a paper at the AISec Workshop, http://www.aisec.info.

“INFORM” awarded 2nd place

mmulazzani — Wed, 23 Jun 2010 10:15:40 +0000

The SBA FIT-IT proposal “INFORM” (Internet Forensic Framework) has been awarded the 2nd place in the competition for the best proposal among all proposals for “Trust in IT-Systems” in 2009.

The goal of “INFORM” is to study current challenges in computer forensics and to produce tools that enricht the toolset of a forensic analysist. In the traditional approach, the seizure of the suspects hard drives is used to analyse traces of malicious activities. With the widesread availability of hard drive encryption tools, online file storate systems and bootable Linux distributions that leave no traces on the hard drive, new tools and procedures are needed to support the evidence collection process. Social networks and anonymization networks pose further challenges for online forensics that will be adressed by “INFORM”.

The news report on futurezone and derstandard.