Floragasse 7 – 5th floor, 1040 Vienna
Subscribe to our Newsletter

SBA Research at the EU Korea Conference on Science and Technology (EKC 2014)


Aljosha Judmayer and Martin Mulazzani will present recent research results of SBA Research at the EU Korea Conference on Science and Technology, including methods to detect and prevent HTTP session hijacking, as well as large-scale exploitation of online services and social engineering. The EKC2014 will be held from 23rd to 25th of July 2014 at the Vienna University of Economics and Business.

You can find the program here: http://www.ekc2014.org/program/spschedule

Scheduled talks of SBA Research:

24/07/2014

11:50 – 12:15
Advanced Persistent Threats & Social Engineering
Martin Mulazzani, SBA Research, Austria

Abstract: In our interconnected world where firewalls, anti-virus and authentication have become ubiquitous, the human has become the weakest link. Social engineering attacks and advanced persistent threats have successfully surpassed the insider threat in in many cooperations. This is in particular dangerous for e-banking and mobile banking, where users are tricked into fraudulent transactions. In this talk we give examples on how interconnected services and the different perception of security can become troublesome for users and cooperations in terms of security, and discuss our research results in popular online services used by millions of users every day.

12:15 – 12:40
Browser Fingerprinting for Authentication
Aljosha Judmayer, SBA Research, Austria

Abstract: Modern browsers are distinct in numerous ways. Even though the browser market is dominated by just five browsers, advertisers are actively using subtle differences to track users across different websites and to monetize their online behaviour. However, these can also be used to counter online espionage. This talk gives an overview of browser fingerprinting and how it is used today. We present a proof-of-concept framework that uses browser fingerprinting to enhance user authentication and overall HTTP session security. The framework can mitigate different attacks on local as well as across networks.