advertising
Link to jump to start of content The Seattle Times Company Jobs Autos Homes Rentals NWsource Classifieds seattletimes.com
The Seattle Times Business & Technology
Traffic | Weather | Your account Movies | Restaurants | Today's events

News, analysis and perspectives from the
technology team at The Seattle Times.
Have a news tip? Follow the links below to e-mail us.

All blogs and discussions:

Go

February 6, 2007

RSA: These guys can break the bank

Posted by Benjamin J. Romano at 7:44 AM

SAN FRANCISCO -- The RSA Conference 2007, a gathering of 15,000 of computer security professionals, is getting under way this morning with keynote presentations from Microsoft Chairman Bill Gates and Chief Research and Strategy Officer Craig Mundie. Their topic: "The Imperative to Connect: Advancing Trust in Computing." Also on the agenda: Executives of EMC's security division, RSA; John W. Thompson, chairman and CEO of Symantec; and a panel of cryptographers.

So who's here? Presumably, at least some of the attendees can step up to the consumer-facing Web site of a fictional bank -- Big Safe Bank -- and do some damage. The attackers in this fictional scenario are given some "helpful information," including customer ID numbers, account numbers and passwords.

Here are five tasks laid out as part of the conference's interactive testing challenge. I imagine most would attendees say they're here to stop people from doing these and other nefarious things.

Find a way to impersonate a user when sending a message using the "Contact Us" feature.

Create a new account and escalate user privileges by exploiting the Web site's vulnerability to a SQL injection.

Execute a phishing attack that would cause an actual user to unknowingly transfer money to a West Indies Bank account.

Transfer money to the West Indies account without any intervention from the victim user.

Borrow money past the user's allowed loan amount.


Share:    Digg     Newsvine

Tricia Duryee
Tricia Duryee
E-mail|Bio


Angel Gonzalez
Angel Gonzalez
E-mail|Bio


Kristi Heim
Kristi Heim
E-mail|Bio


Benjamin J. Romano
Benjamin J. Romano
E-mail|Bio


Mark Watanabe
Mark
Watanabe

E-mail|Bio

Marketplace

advertising

advertising