Sebastian Schrittwieser presented a talk on ethics in computer security research at the Chaos Communication Congress (29c3) in Hamburg. You can watch the recording on Youtube.
Towards a Secure DNS (Dec 13, 2pm, SBA)
Most caching DNS resolvers still rely for their security, against poisoning, on validating that the DNS responses contain
some ‘unpredictable’ values, copied from the request. These values include the 16 bit identifier field, and other fields, randomised and validated by different ‘patches’ to DNS. We investigate the prominent patches, and show how off-path attackers can circumvent all of them, exposing the resolvers to cache poisoning attacks. We present countermeasures preventing our attacks; however, we believe that our attacks provide additional motivation for adoption of DNSSEC (or other MitM-secure defenses). We then investigate vulnerabilities in DNSSEC configuration among resolvers and zones, which reduce or even nullify the protection offered by DNSSEC. Finally we provide our recommendations and countermeasures to prevent the vulnerabilities.
The last FemTech internships were very successful. The work of Katharina Krombholz led to a journal publication (‘Fake Identities in Social Media – A case study on the sustainability of the Facebook business model’) which was adopted by Springer Journal of Service Science Research.
Edgar Weippl gives a talk on secure software development for mobile devices at the IBM DeveloperWorks Days 2012 in Zurich.
On 09/11/2012 SBA Research presents at the IT-SeCX an der FH St. Pölten. at FH St. Pölten. Sebastian Schrittwieser talks about “WhatsApp and Co.: Attack Vectors in Smartphone Messengers”.
After a successful 1st Young Researcher’s Day in March 2012, we now start in round two! Ingrid Schaumüller-Bichl and Edgar Weippl cordially invite to the 2nd Young Researcher’s Day which will take place during the OCG working group „IT Security“ on 29/11/2012.
The basic idea behind this event is the desire that every Austrian institution that offers a security course or teaching focus, provides their best students with the opportunity to present their own work in order to further a “youth network”. Details about the program can be found here: 2nd Young Researcher’s Day
The Young Researcher’s Day takes place on the premises of the OCG (Dampfschiffstraße 4, 1030 Vienna).
We ask you to register until 26/11/2012: Yvonne Poul (firstname.lastname@example.org).
A Min Tjoa (TC 8 vice chair) and Edgar Weippl (WG 8.4 chair) presented their activities at the TC 8 meeting in Volendam near Amsterdam.
SBA hosts the IPICS academic Summer School 2012. 25 students and 22 lecturers from 18 European Universities participate (more..).
Researchers of SBA Research and the SecLab of the Vienna University of Technology participated successfully in the world’s most recognized capture the flag tournament at DEFCON 2012 in Las Vegas
Following a tough qualification with hundreds of competing teams, our team “We_Own_You” made its way to the final round with only the 20 top teams.
In the main event, the teams of students and professionals compete vigorously against each other, using binary exploits and reverse-engineering to attack, and patching custom services to defend.
After (almost) 72 hours of non-stop hacking, our team of 16 students was happy to see the Nevada sun again 🙂
While we did not make it to the very top this year, we were still able to show our strengths and skills, gather novel impressions, and of course gain new CTF experiences.
After all the hacking (and being hacked), we finally could enjoy the Vegas’ Strip under the motto “What happens in Vegas…”
SBA organizes the ARES 20120 conference in Prague
The ARES Conference Team: (from left to right) A Min Tjoa, Edgar Weippl, Yvonne Poul, Stefan Jakoubi, Simon Tjoa