SyScan'06 Highlight - Is Phone Banking Safe?

To: security-basics@xxxxxxxxxxxxxxxxx, firewalls@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, focus-ids@xxxxxxxxxxxxxxxxx, newslist@xxxxxxxxxxxxxxxxxxxxxx, forensics@xxxxxxxxxxxxxxxxx, vuln-dev@xxxxxxxxxxxxxxxxx, webappsec@xxxxxxxxxxxxxxxxx, funsec@xxxxxxxxxxxx
Subject: SyScan'06 Highlight - Is Phone Banking Safe?
From: thomas48 <thomas48@xxxxxxxxxxxxxx>
Date: Wed, 28 Jun 2006 12:21:50 +0800
Cc: organiser@xxxxxxxxxx
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: Mozilla Thunderbird 1.0.7 (Windows/20050923)

This is a brand new presentation and its going public for the very firsttime in SyScan'06.

Marek Bialowlowy is a Polish security researcher based in Southeast Asiawhose expertise is researching into mobile technologies like phonebanking, wifi and bluetooth etc. In this presentation in SyScan'06, hewill present his shocking findings in one of the most popular bankingapplication.

Use of a telephone in banking is considerably widespread. The mostpopular is certainly the interactive voice response (IVR) technology,which has been adopted by nearly all major banks. There is also a newsuccessor of this technology that is a mobile banking. It is mainlybased on SMS or STK (SimToolkit) and the popularity of it is rapidlyincreasing largely thanks to the popularity of mobile phones. Certainlywith benefits of new technology also come new threats which have to beaddressed. Meanwhile, the old IVR based technology still lacks security,which questions the overall safety of using phone in banking services.

The presentation summarises results of comprehensive analysis into phonebanking security and introduces never previously presented attackscenarios on phone banking systems, reveals the security weakness inphone banking systems of a major banks and explains some potentialmethods of minimising the risks.


Other presentations at SyScan'06 include:

Unpacking Malware, Trojans and Worms - Paul Craig
Towards Automated Botnet Detection and Mitigation - Thorsten Holz
I-worm Fuzzer: A new propagation type of worm - Enrique Sanchez
Securing Linux/Unix Systems - Andrew Griffiths
VoIP Security Issues - Hendrik Scolz
Exploiting Embedded System - Barnaby Jack
Reverse Engineering Microsoft Binaries - Alexander Sotirov
Feeding Fuzzing - ByteRage
Writing behind a Buffer - Angelo Rosiello
Skeletons in Microsoft Closet - Andre Protas
Binary Analysis; finding secrets in ISAPIs
Yet Another Web Application Testing Toolkit - Fyodor Yarochkin
Oracle Rootkit and Viruses - Alexander Kornbrust
Attacking Microsoft Vista - Joanna Rutkowska


For more information, please visit
http://www.syscan.org

Prev by Date: [ GLSA 200606-27 ] Mutt: Buffer overflow
Next by Date: AzDGDatingPlatinum<<--v1.1.0 "view.php" SQL Injection
Previous by thread: [ GLSA 200606-27 ] Mutt: Buffer overflow
Next by thread: AzDGDatingPlatinum<<--v1.1.0 "view.php" SQL Injection
Index(es):
- Date
- Thread