• Technische/r IT-Security-Berater/in (Junior/Senior)
• Berater/in Informationssicherheit
• Junior Researcher (PhD student)

Aljosha Judmayer was invited to give a lightning talk about “Do we need the Blockchain” at the DigitalDays 2017.

The DigitalDays 2017 presented the digital competence of Vienna as a location, all activities related to the DigitalCity.Wien initiative and its partners. Innovative technologies were presented and could be experienced in the “DigitalCity.Wien TechStreet”. In addition, exciting topics from the field of digitization were discussed interactively with experts. The DigitalDays 2017 took place from September 20 – 21, 2017 in the City Hall of Vienna.

Stefan Jakoubi will give a talk on Risk Communication – “To be informed, or not to be informed: that is the question” at DEEPINTEL today.

Making correct and effective decisions requires complete, meaningful and tailored data. This is nothing new and what sounds like an easy challenge is nowadays still surprisingly difficult and not well (enough) implemented.

For further information please see here

Stefan Jakoubi is attending Gartner Security & Risk Management Summit, which takes place from 18-19. Sept. in London, UK.

Further details can be found on their website.

Edgar Weippl gives a technical introduction to Bitcoins (Agenda)

Today Peter Kieseberg is moderating the PwC Security Trend event focusing on Business Continuity, Security Policies and the DSGVO.

Tomasz Miksa has become the chair of the newly endorsed DMP Common Standards working group. He will present the goals of the group for the next 18 months at the 10th Research Data Alliance Plenary in Montreal, Canada.

The group brings together a broad spectrum of stakeholders from all around the world, such as: research funders, data repositories, ICT infrastructure providers, software developers, and researchers representing various scientific domains.

The specific focus of the working group is on developing common information model and specifying access mechanisms that make Data Management Plans (DMPs) machine-actionable. The outputs of this working group will help in making systems interoperable and will allow for automatic exchange, integration, and validation of information exchanged using research data infrastructures.

This should lead to higher reproducibility of computational workflows and increase of trust in scientific data.

To follow the activities and learn more about the DMP Commons Standards WG please visit its official web page.

„Our KIRAS-project “Darknet Analysis” is currently featured with an article in the newspaper “derStandard”, as well as in “derStandard.at”: http://derstandard.at/2000062980138-629/Wenn-die-Daten-von-Unschuldigen-im-Darknet-landen“

The paper “Merged Mining: Curse or Cure?” by Aljosha Judmayer, Alexei Zamyatin, Nicholas Stifter, Artemios G. Voyiatzis, and  Edgar Weippl was accepted for publication at the 1^st International Workshop on Cryptocurrencies and Blockchain Technology (CBT’17), held in conjunction with ESORICS 2017.

Numerous members of SBA are currently at USENIX Security in Vancouver. Katharina Krombholz is presenting our paper ‘“I Have No Idea What I’m Doing” – On the Usability of Deploying HTTPS’, and you’ll be soon able to watch the recording here due to the USENIX open access policy.

News coverage: Bulletproof TLS Newsletter, USENIX ;login: (to appear)

Congratulations to Dr. Merzdovnik, who defended his thesis yesterday!

Numerous members of SBA Research are currently at the SHA2017 hackercamp in the Netherlands. Martin Schmiedecker will present “An academic’s view to incident response” (Details here).

Abstract: A timely reaction to security incidents is without doubts important. And while the techniques of digital forensics can come pretty close to perfect for single-host systems with small hard drive capacity, things can get easily messy with 10+ systems, a mixture of operating systems & mobile devices of various brands, or gigabit network traffic that is partly encrypted.

This talk contains two parts. For one, the do’s and don’ts for incident response from a forensic examiner’s point of view. Is it better to pull the plug, or gracefully shut the machine down, how to capture network traffic, and what to do if the machine is still running and you’d like to image the RAM. In particular, I’ll present a few methods how to capture network traffic for small networks that don’t have a dedicated monitoring port available, and what to do with them. Secondly, a list of things that went wrong when reality kicked in and good intentions do more harm than good. This will include the problems of tool dependency for specific tasks, free log aggregation using graylog and why there is no such thing a s a free lunch, GRR and the riddle for the perfect toolchain.

For the platform Blockchain Austria, a few well-known experts from different areas were found as partners. For example, Blockchainhub Graz, the research center SBA Research and the law firm Stadler Völkel are involved.

Some proposals are presentend in a “9 point plan for Austria”.

For more information please see this article (in german)

Adrian Dabrowski is attending Black Hat USA 2017 security conference, which takes place from July 22 – 27, 2017 in Las Vegas, NV, USA. More than 15.000 people are attending the 20th edition of the conference.