Follow us:

Microsoft Pri0

Welcome to Microsoft Pri0: That's Microspeak for top priority, and that's the news and observations you'll find here from Seattle Times technology reporter Matt Day.

February 6, 2007 at 7:44 AM

RSA: These guys can break the bank

SAN FRANCISCO — The RSA Conference 2007, a gathering of 15,000 of computer security professionals, is getting under way this morning with keynote presentations from Microsoft Chairman Bill Gates and Chief Research and Strategy Officer Craig Mundie. Their topic: “The Imperative to Connect: Advancing Trust in Computing.” Also on the agenda: Executives of EMC’s security division, RSA; John W. Thompson, chairman and CEO of Symantec; and a panel of cryptographers.

So who’s here? Presumably, at least some of the attendees can step up to the consumer-facing Web site of a fictional bank — Big Safe Bank — and do some damage. The attackers in this fictional scenario are given some “helpful information,” including customer ID numbers, account numbers and passwords.

Here are five tasks laid out as part of the conference’s interactive testing challenge. I imagine most would attendees say they’re here to stop people from doing these and other nefarious things.

Find a way to impersonate a user when sending a message using the “Contact Us” feature.

Create a new account and escalate user privileges by exploiting the Web site’s vulnerability to a SQL injection.

Execute a phishing attack that would cause an actual user to unknowingly transfer money to a West Indies Bank account.

Transfer money to the West Indies account without any intervention from the victim user.

Borrow money past the user’s allowed loan amount.

Comments | More in Security & privacy

COMMENTS

No personal attacks or insults, no hate speech, no profanity. Please keep the conversation civil and help us moderate this thread by reporting any abuse. See our Commenting FAQ.



The opinions expressed in reader comments are those of the author only, and do not reflect the opinions of The Seattle Times.


The Seattle Times

The door is closed, but it's not locked.

Take a minute to subscribe and continue to enjoy The Seattle Times for as little as 99 cents a week.

Subscription options ►

Already a subscriber?

We've got good news for you. Unlimited seattletimes.com content access is included with most subscriptions.

Subscriber login ►
The Seattle Times

To keep reading, you need a subscription upgrade.

We hope you have enjoyed your complimentary access. For unlimited seattletimes.com access, please upgrade your digital subscription.

Call customer service at 1.800.542.0820 for assistance with your upgrade or questions about your subscriber status.

The Seattle Times

To keep reading, you need a subscription.

We hope you have enjoyed your complimentary access. Subscribe now for unlimited access!

Subscription options ►

Already a subscriber?

We've got good news for you. Unlimited seattletimes.com content access is included with most subscriptions.

Activate Subscriber Account ►