SBA @ 29c3

Sebastian Schrittwieser presented a talk on ethics in computer security research at the Chaos Communication Congress (29c3) in Hamburg. You can watch the recording on Youtube.


Haya Shulman: Towards a Secure DNS

Towards a Secure DNS (Dec 13, 2pm, SBA)

Most caching DNS resolvers still rely for their security, against poisoning, on validating that the DNS responses contain
some ‘unpredictable’ values, copied from the request. These values include the 16 bit identifier field, and other fields, randomised and validated by different ‘patches’ to DNS. We investigate the prominent patches, and show how off-path attackers can circumvent all of them, exposing the resolvers to cache poisoning attacks. We present countermeasures preventing our attacks; however, we believe that our attacks provide additional motivation for adoption of DNSSEC (or other MitM-secure defenses). We then investigate vulnerabilities in DNSSEC configuration among resolvers and zones, which reduce or even nullify the protection offered by DNSSEC. Finally we provide our recommendations and countermeasures to prevent the vulnerabilities.

Tutorial @ SBA: Towards a Secure DNS









FemTech Success

The last FemTech internships were very successful. The work of Katharina Krombholz led to a journal publication (‘Fake Identities in Social Media – A case study on the sustainability of the Facebook business model’) which was adopted by Springer Journal of Service Science Research.

SBA at the IBM DeveloperWorks Days 2012 in Zurich

Edgar Weippl gives a talk on secure software development for mobile devices at the IBM DeveloperWorks Days 2012 in Zurich.

SBA Research at the IT SeCX at FH St. Pölten

On 09/11/2012 SBA Research presents at the IT-SeCX an der FH St. Pölten. at FH St. Pölten. Sebastian Schrittwieser talks about “WhatsApp and Co.: Attack Vectors in Smartphone Messengers”.






2nd Young Researcher’s Day – 29/11/2012

After a successful 1st Young Researcher’s Day in March 2012, we now start in round two! Ingrid Schaumüller-Bichl and Edgar Weippl cordially invite to the 2nd Young Researcher’s Day which will take place during the OCG working group „IT Security“ on 29/11/2012.

The basic idea behind this event is the desire that every Austrian institution that offers a security course or teaching focus, provides their best students with the opportunity to present their own work in order to further a “youth network”. Details about the program can be found here: 2nd Young Researcher’s Day

The Young Researcher’s Day takes place on the premises of the OCG (Dampfschiffstraße 4, 1030 Vienna).

We ask you to register until 26/11/2012: Yvonne Poul (

IFIP TC8 meeting

A Min Tjoa (TC 8 vice chair) and Edgar Weippl (WG 8.4 chair) presented their activities at the TC 8 meeting in Volendam near Amsterdam.

IPICS Summer School 2012, 03-14 September 2012

SBA hosts the IPICS academic Summer School 2012. 25 students and 22 lecturers from 18 European Universities participate (more..).

SBA Research participated at DEFCON 2012

Researchers of SBA Research and the SecLab of the Vienna University of Technology participated successfully in the world’s most recognized capture the flag tournament at DEFCON 2012 in Las Vegas

Following a tough qualification with hundreds of competing teams, our team “We_Own_You” made its way to the final round with only the 20 top teams.

In the main event, the teams of students and professionals compete vigorously against each other, using binary exploits and reverse-engineering to attack, and patching custom services to defend.

After (almost) 72 hours of non-stop hacking, our team of 16 students was happy to see the Nevada sun again 🙂

While we did not make it to the very top this year, we were still able to show our strengths and skills, gather novel impressions, and of course gain new CTF experiences.








After all the hacking (and being hacked), we finally could enjoy the Vegas’ Strip under the motto “What happens in Vegas…”

ARES conference

SBA organizes the ARES 20120 conference in Prague








The ARES Conference Team: (from left to right) A Min Tjoa, Edgar Weippl, Yvonne Poul,   Stefan Jakoubi, Simon Tjoa