Anthony Zboralski aka gaius

Presentation Title: Information Security in Banking
Presentation Details:

The presentation is aimed at both business users and technical people; using a language and examples both factions can understand. This presentation highlights challenges facing the Banking Industry today andin the near future. The talk is based on the speaker’s experience pen testing and auditing some of the largest
bank in Asia and will describe intrinsic problems in the banking infrastructure: (core banking, online banking, SMS banking, network of trust, threats from third party contractors, from insiders, etc…).

This presentation will focus on ways to defeat information security by ways of deception and taking advantage of specific subtleties in human behaviour. Social engineering attacks will be described in full to provide sufficient background and awareness during everyday business activities. It will also describe how security mechanisms such as firewalls, intrusion detection systems and VPN often give a false sense of safety when security isn’t integrated into business process.

The presentation will include 3 real-world case studies:

Case Study I: Penetration testing a major Asian bank (profiling, war dialing, war driving, internet pen test, social engineering, physical pen test, internal pen test, core banking pen test). The speaker will show how an attacker can compromise the most up to date and “secure” systems sometimes without using any exploits.

Case Study II: Core Banking Audit, taking a look at security through obscurity; cases of insider hacking and fraud in which employee erased loan files and tried to manipulate interest rates, vendor tempering with production environment, etc.

Wireless Security Survey in Jakarta (ATM banking transactions broadcasted in plain-text over wireless, another bank broadcasting multi-million dollars bank wires in plain-text, an entire credit card department exposed to attacks). Never-seen-before screenshots will be displayed (what the eye doesn’t see, the heart don’t grieve about.)

About Anthony:

Anthony Zboralski leads Bellua Asia Pacific, an Information Security consulting company based In Jakarta, Indonesia. He has more than 9 years of experience performing penetration tests, assessments, forensics and related services for some of the largest banks in Asia and a dozen Fortune 500 companies including Aerospatiale, Air France, Allianz, AXA, Electricite de France, Lagardere-Matra…

He is also known as Gaius, one of HERT cofounders and wrote some articles for phrack and hert.org (tunnelx, ciscogdb, procx, etc.). Anthony has been involved into hacking and security community since 1989 (started on x25 with otosync and bayernpower [Matthias]). He is 29 now, living in Indonesia with wife and two kids.

Posted by Administrator @ 2004-11-22 11:13 am

Event Organizers


E-Security Gulf Group  


Hack In The Box (M) Sdn. Bhd.  


Sponsors


Microsoft Corporation  


Argus Systems Group 


Bahrain International Circuit 


Gulf Air 


Kingdom University, Bahrain 


Instec Digital Systems 


Oracle Corporation 


SIAG 


Duroob Technology 


Qatar Airways 


Supporting Organizations


Bellua Asia Pacific  


X-Focus China  


Bahrain Information Technology Society 

Hack In The Box (M) Sdn. Bhd.