GI Workshop
A few days ago we submitted a paper to the GI, which is originally a part of an abstract M4z and I did for a seminar. They accepted it, what means it will be printed in their magazine. That alone is nothing too cool, since it is more or less a summary of webbased vulnerabilities, but the really cool thing is, that we will be going to Bonn from the 29th to the 31st of March for a workshop at the Informatiktage 2007. And getting even better, the journey as well as the hotel will be getting paid.
We could choose between several different topics. I clearly decided to attend “Security in Online-Banking”, since it was the only security related.
It seems to be held by someone who is at least related to the “Sparkasse” and I am really interested in their point of view. The Haspa, which is Hamburgs branch of the Sparkasse, needs javascript activated to even be able to reach their online banking service. I do not get why they are doing this?! It does not look too security concerned to me. Well they got TANs, so it is not all that easy to ride the session and transfer money to my own account. But there may be other things, that could be modified. And moreover this urges even security aware people to activate javascript and therefore being vulnerable to potential XSS vulnerabilites.
I guess I will be looking what may be done with Session Riding on their site before then. Perhaps I also find some XSS possibility, but this does not appear too likely after a first look.
If you got something similar or even found already a vulnerbaility, please let me know. Maybe it will arise a bit more of their attention when someone is discussing it with them in person.
However, none the less I am really looking forward to this.
Popularity: unranked [?]