Adrian Dabrowski: Best Student Paper Award – ACSAC 2014

Adrian Dabrwoski received the award for the best student paper at ACSAC 2014 for his paper. You can find a preprint here.

Adrian Dabrowski, Nicola Pianta, Thomas Klepp, Martin Mulazzani, and Edgar Weippl. Imsi-Catch Me If You Can: Imsi-Catcher-Catchers. In Proceedings of the 30th Annual Computer Security Applications Conference (ACSAC), December 2014.

Best Paper Award: Adrian Dabrowski, Nicola Pianta, Thomas Klepp, Martin Mulazzani, and Edgar Weippl. Imsi-Catch Me If You Can: Imsi-Catcher-Catchers. In Proceedings of the 30th Annual Computer Security Applications Conference (ACSAC), December 2014.

Adrian Dabrowski

Markus Klemen @ (ISC)2 Security Congress EMEA 2014

Markus Klemen was invited to participate as panelist in the inagurate (ISC)2 Security Congress EMEA 2014, which took place from 9th to 10th of December 2014 in London, UK.
The Panel was about “Educating the Future: What Can Employers be Doing?”.

(ISC)2 is the global, not-for-profit leader in educating and certifying information security professionals throughout their careers with more than 90.000 members worldwide.

Website

Markus Klemen is part of the managing board of the (ISC)2 Austria Chapter, which was founded by SBA Research in 2013.

Edgar Weippl gives a keynote on Empirical Research in Information Security

At IIWAS 2014 Edgar Weippl gives a keynote on Empirical Research in Information Security.

Edgar Weippl on empirical research in information security

Digital Discourse – Insights into Lived Participation

“That would have never occurred to experts.” – Opportunities and Limits of Digital Citizen Participation

Today the event “Digital Discourse | Insights into Lived Participation”, supported by SBA Research and organized by Liquid Participation, took place.

What expectations are linked to participatory online processes? How is the process design for initiators, and which forms of joint decision-making processes can be implemented with the existing resources (technical, financial and human)? These and other questions about the future development will be discussed.

More information about the event here.

video summary of the event

ARES 2014 Special Issue in ‘Computers and Security’ (COSE) published by Elsevier

Call for Papers

Important Dates

  • Paper submission due: January 31, 2015
  • Final decision:  June 30, 2015

Guest Editor: Edgar Weippl

ESORICS 2015 in Vienna

ESORICS 2015 will be held in Vienna from September 21-25. SBA Research is the local organizer, Edgar Weippl serves together with Peter Y A Ryan (University of Luxembourg) as Program Chair.

Submission Deadline: April 4, 2015

ESORICS 2015

 

 

 

 

 

 

iPRES 2014 Best Paper Award goes to researchers at SBA

iPresBestPaper

For the second time in a row the Best Paper Award of the International Conference on Preservation of Digital Objects (iPRES 2014) has been awarded to the researchers from SBA.

In this year´s edition Tomasz Miksa and his co-authors were rewarded for their contribution “VPlan – Ontology for Collection of Process Verification Data”. This paper is a direct outcome of their activities in the EU funded FP7 project TIMBUS.

The iPRES is an annual scientific conference, and the major gathering of experts in the field of digital preservation, gathering several hundreds of researchers. The iPRES 2014 was held from 6-10 October 2014 in Melbourne, Australia.

Hollywood Hacking, CSI in IT and more – SBAR at the European Researchers’ Night 2014

SBA Research participates with three topics at the European Researchers’ Night:

2014-09-26 19.44.17

  1. Security on the Internet: Facebook, WhatsApp, Instagramm & Co.
  2. Hollywood Hacking: A Reality Check
  3. Digital Forensics – CSI in IT

Shellshock a.k.a. Bashbleed

What is Shellshock?

On 24/09/2014, a security vulnerability was published as CVE-2014-6271 (also Shellshock or Bashbleed). The vulnerability is in the command line software bash which is used in practically all Linux systems as the default shell. Due to an error when parsing environment variables, it is possible to execute arbitrary commands. The vulnerability can under certain circumstances be exploited by an external attacker.

Update 29/09/2014: The gap is already exploited for automated attacks, shown through the observation of Honeypot systems.

Impact

The danger is that bash is used implicitly in many places, whereby external attack opportunities over the Internet exist. Most obviously are attacks over web servers that offer CGI scripts. Running CGI scripts includes invoking the bash, whereby user inputs are entrained as environment variables. Therefore, it is possible for an attacker – under certain circumstances – to execute own commands on the vulnerable web server and thus to take over this web server!

More information about checks and rectification can be found here.

Contact

For more information or assistance with checks please contact: bashbleed@sba-research.org

SBA Research – I like IT

SBA Research at the IT action day #digtialcitywien

digitalcitywien  Digital City