lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 28 Jun 2006 12:21:50 +0800
From: thomas48 <thomas48@...gnet.com.sg>
To: security-basics@...urityfocus.com, firewalls@...urityfocus.com,
	full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
	focus-ids@...urityfocus.com, newslist@...urity-briefings.com,
	forensics@...urityfocus.com, vuln-dev@...urityfocus.com,
	webappsec@...urityfocus.com, funsec@...uxbox.org
Cc: organiser@...can.org
Subject: SyScan'06 Highlight - Is Phone Banking Safe?


This is a brand new presentation and its going public for the very first 
time in SyScan'06.


Marek Bialowlowy is a Polish security researcher based in Southeast Asia 
whose expertise is researching into mobile technologies like phone 
banking, wifi and bluetooth etc. In this presentation in SyScan'06, he 
will present his shocking findings in one of the most popular banking 
application.

Use of a telephone in banking is considerably widespread. The most 
popular is certainly the interactive voice response (IVR) technology, 
which has been adopted by nearly all major banks. There is also a new 
successor of this technology that is a mobile banking. It is mainly 
based on SMS or STK (SimToolkit) and the popularity of it is rapidly 
increasing largely thanks to the popularity of mobile phones. Certainly 
with benefits of new technology also come new threats which have to be 
addressed. Meanwhile, the old IVR based technology still lacks security, 
which questions the overall safety of using phone in banking services.

The presentation summarises results of comprehensive analysis into phone 
banking security and introduces never previously presented attack 
scenarios on phone banking systems, reveals the security weakness in 
phone banking systems of a major banks and explains some potential 
methods of minimising the risks.

Other presentations at SyScan'06 include:

Unpacking Malware, Trojans and Worms - Paul Craig
Towards Automated Botnet Detection and Mitigation - Thorsten Holz
I-worm Fuzzer: A new propagation type of worm - Enrique Sanchez
Securing Linux/Unix Systems - Andrew Griffiths
VoIP Security Issues - Hendrik Scolz
Exploiting Embedded System - Barnaby Jack
Reverse Engineering Microsoft Binaries - Alexander Sotirov
Feeding Fuzzing - ByteRage
Writing behind a Buffer - Angelo Rosiello
Skeletons in Microsoft Closet - Andre Protas
Binary Analysis; finding secrets in ISAPIs
Yet Another Web Application Testing Toolkit - Fyodor Yarochkin
Oracle Rootkit and Viruses - Alexander Kornbrust
Attacking Microsoft Vista - Joanna Rutkowska


For more information, please visit
http://www.syscan.org


-------------------------------------------------------------------------
Sponsored by: Watchfire

As web applications become increasingly complex, tremendous amounts of 
sensitive data - personal, medical and financial - are exchanged, and 
stored. Consumers expect and demand security for this information. This 
whitepaper examines a few vulnerability detection methods - specifically 
comparing and contrasting manual penetration testing with automated 
scanning tools. Download "Automated Scanning or Manual Penetration 
Testing?" today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000008BOQ
--------------------------------------------------------------------------

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ