Windows 7 systems are susceptible to Firewire-based attacks as well, as the Security Research Lab demonstrates. Besides a description how password authentication can be bypassed through memory manipulation via Firewire ports, the implications on BitLocker, Encrypted File System (EFS) and Windows Domains are described as well. A whitepaper can be downloaded here:

http://www.securityresearch.at/publications/windows7_firewire_physical_attacks.pdf

In the course of analysis, a software defense against Firewire-based attacks on Windows systems was developed, which is described in a second whitepaper:

http://www.securityresearch.at/publications/windows_firewire_blocker.pdf

The software is free for personal use – use at your own risk:

http://www.securityresearch.at/publications/firewireblocker.zip

Please visit our new web site for details…

http://www.sba-research.org

Die Big Days 2009 sind nun zu Ende und Ihr konstruktives Feedback hat dazu beigetragen, dass unser „Hacking“ Vortrag zum gesamt besten Vortrag der diesjährigen Veranstaltung gewählt wurde! Dafür möchten wir uns bei Ihnen bedanken!

Inzwischen wurden die Gewinner der beiden X-Box Pakete ermittelt und werden diese in den nächsten Tagen erhalten. Die Namen der Gewinner und weitere Informationen und Links zu unseren Vorträgen finden Sie auf:

http://www.securityresearch.at/bigdays/

Die Slides der Vorträge können Sie unter folgender Adresse downloaden:

http://www.microsoft.com/austria/events/bigdays/nachlese.mspx

Our paper “An Evaluation of Technologies for the Pseudonymization of Medical Data” was accepted for publication.

Our paper “An Empirical Study about the Status of Business Process Management” was accepted for publication.

We are attending the IEEE International Conference on Systems and present our latest research results regarding pseudonymization. We received the best paper award for the paper “Technologies for the Pseudonymization of Medical Data: A Legal Evaluation”.

We took the second place with the project Secure 2.0 (FIT-IT) in this year’s FIT-IT awards.

Ludwig Fuchs (http://www-ifs.uni-regensburg.de/index.php?id=34) gave an excellent talk on combining role mining and role engineering.

Stefan Sackmann (http://www.telematik.uni-freiburg.de/mitarbeiter/sackmann/) gave a talk on risk management. We will start a collaboration with his group. Stefan Fenz will manage the joint research efforts.

Today, the FIT-IT project Secure 2.0 – Securing the Information Sharing on Web 2.0 has been officially launched at Secure Business Austria.