SBA Research is a research center for Information Security funded partly by the national initiative for COMET Competence Centers for Excellent Technologies.
Manuel found and reported a vulnerability. Excerpt from the changelog (Piwik 1.6): “Security: we would like to thank the following people for their responsible disclosure: […] Secure Business Austria […] Thank you to all these people for disclosing security issues to the Piwik team, ensuring a healthy and safe… Read More
Securing XML archives for Search Based Applications (Talk by John Tait; Oct 19; 10am SBA) There has been a recent trend to produce what are known as Search Based Applications. One strand of this work is based on the observation that many organisation keep legacy transaction orientated systems up and… Read More
Clemens Kolbitsch recently finished his PhD supervised by Engin Kirda and Chris Kruegel. Tomorrow, he will present his paper “The Power of Procrastination: Detection and Mitigation of Execution-Stalling Malicious Code” at CCS 2011. Clemens will shortly join our partner company TLLOD.
“Die letzten Veröffentlichungen sind zwar relativ gewichtig, weil es sich um sensible Daten handelt, aber technisch gesehen nicht unbedingt aufwendig”, sagt Martin Mulazzani von SBA Research, einem Wiener Forschungsinstitut für IT-Security (derstandard.at)… Read More
Guest speaker Melanie Volkamer: Usable Security in the Context of Electronic Elections The subject of electronic voting has enjoyed several years of considerable interest both from election officials and IT security and cryptography researchers. The interest of election officials is based especially on the possibility to obtain fast and… Read More
We are going to present our social snapshot forensic tool at the Annual Computer Security Applications Conference (ACSAC) 2011. Abstract: Recently, academia and law enforcement alike have shown a strong demand for data that is collected from online social networks. In this work, we present a novel method for… Read More
Together with sipgate and ISMK Stralsund, Gabriel Gegenhuber, researcher at SBA Research and University of Vienna, and Michael Pucher, researcher at SBA research, discovered and investigated a vulnerability in the Voice of LTE (VoLTE) stack that is broadly used within MediaTek-based smartphones. ∞
In the Mediatek modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. ∞