“There are technical ways to minimize the scale of such attacks, but there is no one hundred percent protection.”

Media: Kurier & Fututrezone

Ping Identity Agentless Integration Kit before 1.5 is susceptible to Reflected Cross-site Scripting at the /as/authorization.oauth2 endpoint due to improper encoding of an arbitrarily submitted HTTP GET parameter name.

Full security advisory: https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190305-01_Ping_Identity_Agentless_Integration_Kit_Reflected_XSS

Ludwig Kampel joined the International IFIP Cross Domain Conference for Machine Learning & Knowledge Extraction (CD-MAKE) 2019, a conference aiming to bridge and connect the domains of  data fusion, preprocessing, mapping, knowledge representation as well as data protection, safety ans security amongst others.

On the third day of the conference Ludwig presented the paper “Knowledge Extraction for Cryptographic Algorithm Validation Test Vectors by Means of Combinatorial Coverage Measurement”, a joint work with Dimitris E. Simos and Bernhard Garn from SBA Research and D. Richard Kuhn and Raghu N. Kacker from NIST that presents a combinatorial analysis of the AES Algorithm Validation Suite based upon extracted Input Parameter Models. The presentation was well received and generated a good response from the audience.

The first International Summer School on Security & Privacy for Blockchains and Distributed Ledger Technologies started with the official opening remarks from Edgar Weippl and Brigitte Lutz (City of Vienna).
Philipp Schindler then kicked off the main track with his talk on “Building Blocks for Blockchains and Distributed Systems“.

45 participants from 14 countries will be joining the event´s first edition. The agenda is packed with numerous deeply technical sessions, lightning talks, poster pitches and a hackathon.

The Summer School will be taking place from September 2 -5, 2019 and is organized by TU Wien, Princeton University and SBA.

How a free data transfer can connect with IT-Security will be discussed at the Privacy and Ethics at Forum Alpbach. TU Austria, a merge of the Technical University Vienna, Technical University Graz and the University of Leoben, is organizing a highly engaged Breakout Session and Workshop. Several Topics are covering different aspects which play an integral role for Cybersecurity. These Topics reach from cryptography to software design over to legal and ethical questions and many more.

Read more

European Forum Alpbach

Katharina Pfeffer joined the Seminar on Software Protection Decision Support and Evaluation Methodologies taking place from August 11-16 at Schloss Dagstuhl.

This Dagstuhl Seminar on Software Protection Decision Support and Evaluation Methodologies addressed open challenges in developing a holistic, generally applicable methodology and tool support to model and evaluate the strength of software protections as defenses against man-at-the-end attacks such as reverse-engineering and software tampering. Such a methodology and supporting tools are necessary to (partially) automate the selection and deployment of techniques that protect the confidentiality and integrity of various types of assets embedded in software.

Artificial Intelligence – certainly one of the most hyped topics of our time – has been the motto of this year´s IMPACT.
Bestseller author Karl Olsberg´s highly anticipated keynote on “Artificial Intelligence and Human Stupidity” opened the door for a lively discussion shedding light on myth and reality.

As a further point of the program SBA´s researchers introduced ongoing projects and provided insights into future questions and challenges. While mingling guests enjoyed the chance to get a closer look at posters and find out more about current research in a direct discussion.

As the evening progressed conversations moved to the terrace. Warm weather allowed 100 guests to enjoy the end of the day in a pleasant atmosphere.