Members of SBA are at the CCC Camp in Mildenberg, Germany which takes place in an old brick factory from August 13-17, 2015. Despite attending talks on new attacks they will participate in the CTF and present some of their work in workshops & lightning talks.
The video presentation of the Security Afterworks Summer Special: Hacking Team Hacked? is now available on YouTube. The summer special took place on August 6, 2015 at SBA Research. More Information
The paper “Exciting FPGA Cryptographic Trojans using Combinatorial Testing” by Paris Kitsos (TEI of Western Greece and Industrial Systems Institute/RC ‘Athena’), Dimitris. E. Simos (SBA Research), Jose Torres-Jimenez (CINVESTAV-Tamaulipas) and Artemios G. Voyiatzis (SBA Research and Industrial Systems Institute/RC ‘Athena’) has been accepted for publication in the 26th IEEE International Symposium on Software Reliability Engineering (ISSRE 2015). ISSRE is one of the leading conferences for software reliability and testing. The results of this work establish a new research field for combinatorial testing and hardware malware detection.
On August 4th, 2015 Bernhard Garn presents the paper “Attack Pattern-Based Combinatorial Testing with Constraints for Web Security Testing” at the IEEE International Conference on Software Quality, Reliability and Security 2015 (QRS 2015) . The paper is a joint work between the Graz University of Technology (J. Bozic and F. Wotawa) and SBA Research (B. Garn, I. Kapsalis, D. Simos, S. Winkler). The results of the paper establish CT as an alternative method for web application security testing (focussing on XSS attacks), in particular when compared to fuzzers.
QRS 2015 takes place in Vancouver, Canada from August 03-05, 2015.
Aaron Zauner presented our preliminary results on the usage of TLS in the email ecosystem at the IETF meeting last week. As part of our project TLSiP we are actively scanning the Internet (/0) for TLS configurations as well as its problems with it.
As expected, TLS in email is way worse than in HTTPS: RC4 is supported by up to 80% across protocols, half of the certificates are self-signed and weak ciphers like RC2-CBC-MD5 are accepted by 40% of the servers using SMTP.
You can find the slides of his presentation here.
After a fruitful semester at SBA Research during his sabbatical leave between February and July 2015, Artemios G. Voyiatzis will be joining SBA Research on August 2015 and further develop our research programme. Artemios, a designated ACM Senior Member (2015), also joins the Vienna ACM SIGSAC Chapter. With Artemios onboard, SBA Research is now represented by two members in the ERCIM Security and Trust Management (STM) Working Group.