Floragasse 7 – 5th floor, 1040 Vienna
Subscribe to our Newsletter

SBA Research is a research center for Information Security
funded partly by the national initiative for COMET Competence Centers for Excellent Technologies.

Upcoming Events:

Panorama24
28.11.2024
Linux Security for Embedded Systems Workshop
05.12.2024
Vienna Unikraft Workshop 2024
07.12.2024 - 08.12.2024

Recent News:

SIM-Karten-Security

Die von den Geheimdiensten abgegriffenen Verschlüsselungscodes seien „das Allerheiligste einer SIM-Karte“ und würden als Basis für alle anderen Verschlüsselungsfunktionen im Mobilnetz verwendet, sagt Dabrowski (Futurezone, Futurezone (2))… Read More

Security Afterworks am 12. Februar 2015

Das erste Security Afterworks im Jahr 2015 beschäftigte sich mit dem Thema “Mobile Security”. Adrian Dabrowski informierte zu Bedrohungen ausgehend von simulierten Mobilfunkzellen (s.g. IMSI Catcher) und wie diese aufgespürt werden können. Danach ging es mit den Hot Topics des 31. Chaos Communication Congress weiter, der Ende Dezember 2014 in… Read More

SBA Research beim Safer Internet Day

Heute findet bereits zum zwölften Mal der internationale Safer Internet Day statt. Der Schwerpunkt liegt dabei auf einem „besseren Internet für Kinder und Jugendliche“, ganz nach dem Motto: „Let’s create a better internet together!“ Katharina Krombholz von SBA Research hat mit zwei Schulklassen Themen rund um “Privatsphäre, Verschlüsselung und co. Read More

ICISSP conference: panel and invited talk

Edgar Weippl organized a panel discussion (Günther Pernul, Stefan Furnell, and Bryan Ford) on Mon Feb 9, 2015 at the ICISSP conference. On Tuesday Edgar gave an invited talk on Research Challenges in Applied and Empirical Information Security Research (as an adhoc substitute for a… Read More

SBA Research @ TU Ball

SBA Research invited Key Researchers and members of the Scientific Board to join us for the ball of the Vienna University of Technology on January 29, 2015 at Hofburg. Stefan Katzenbeisser, Volkmar Lotz, Davide Balzarotti, Engin Kirda and Christopher Kruegel spent this wonderful evening with us. Read More

10K

We are taking part in Syssec's 10Kstudents initiative: "The goal of the 10KStudents challenge is to improve cyber security by teaching Ten Thousand University Students the basic concepts of software vulnerabilities and secure programming. " Read More

SBA Security Advisory – KNX management software ETS – remote code execution vulnerability (CVE-2015-8299)

The vulnerability is caused by a buffer overflow in a memcpy operation when parsing specailly crafted KNXnet/IP packets in the Group messages monitor (aka. Falcon). An according proof-of-concept exploit which was tested on an affected ETS version installed on a Windows XP SP3 can be found below. The proof-of-concept exploit generates the UDP packet which triggers the vulnerability and should at least crash the application (it requires python and scapy to run). Read More
SBA Security Advisory – KNX management software ETS – remote code execution vulnerability (CVE-2015-8299)