403 Forbidden


nginx
403 Forbidden

403 Forbidden


nginx
Follow us:
403 Forbidden

403 Forbidden


nginx

Microsoft Pri0

Welcome to Microsoft Pri0: That's Microspeak for top priority, and that's the news and observations you'll find here from Seattle Times technology reporter Matt Day.

February 6, 2007 at 7:44 AM

RSA: These guys can break the bank

SAN FRANCISCO — The RSA Conference 2007, a gathering of 15,000 of computer security professionals, is getting under way this morning with keynote presentations from Microsoft Chairman Bill Gates and Chief Research and Strategy Officer Craig Mundie. Their topic: “The Imperative to Connect: Advancing Trust in Computing.” Also on the agenda: Executives of EMC’s security division, RSA; John W. Thompson, chairman and CEO of Symantec; and a panel of cryptographers.

So who’s here? Presumably, at least some of the attendees can step up to the consumer-facing Web site of a fictional bank — Big Safe Bank — and do some damage. The attackers in this fictional scenario are given some “helpful information,” including customer ID numbers, account numbers and passwords.

Here are five tasks laid out as part of the conference’s interactive testing challenge. I imagine most would attendees say they’re here to stop people from doing these and other nefarious things.

Find a way to impersonate a user when sending a message using the “Contact Us” feature.

Create a new account and escalate user privileges by exploiting the Web site’s vulnerability to a SQL injection.

Execute a phishing attack that would cause an actual user to unknowingly transfer money to a West Indies Bank account.

Transfer money to the West Indies account without any intervention from the victim user.

Borrow money past the user’s allowed loan amount.

Comments | More in Security & privacy

COMMENTS

No personal attacks or insults, no hate speech, no profanity. Please keep the conversation civil and help us moderate this thread by reporting any abuse. See our Commenting FAQ.



The opinions expressed in reader comments are those of the author only, and do not reflect the opinions of The Seattle Times.


403 Forbidden

403 Forbidden


nginx
403 Forbidden

403 Forbidden


nginx