ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Jobs
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


Security threats Toolkit

Keeping security in check

John Verry

Published: 11 Oct 2005 14:30 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

...rolled off our fax machine.

On Thursday afternoon we were on site for a project kick-off meeting in a conference room with carpeting so deep I dropped my pencil and decided not to bother looking for it.

Dinner and dessert
Judging from some of the titles of the individuals at the kick-off meeting (chief information security officer, chief information officer, senior vice-president auditing) , we quickly surmised that their concerns were of a significant nature. Interestingly, they would not detail any specific concerns and we spent the better part of the two-hour meeting discussing their business environment and the critical role of the application under review. After understanding that the application we were looking at processed billions of dollars of transactions on a daily basis, our interest in kicking things off escalated.

Since the application and supporting systems include interfaces to Federal Reserve Banks, we were advised that we could not begin Penetration Testing until after 6:30PM. We gladly accepted an invitation to grab a bite for dinner with the CISO and some of the other key team members on this project.

At 1845 we were back from dinner.

At 1855 we owned the hosted network. That is, we were the Domain Administrator for all of the hosted devices that encompassed the ASP-hosted solution (including redundant database servers, application servers, Domain Controllers, and gateway router.)

At 1900 we owned the application and the database.

At 1901 we jointly realised that we could transfer $100m+ between accounts with the level of privilege we had achieved. The BC Security Administrator monitoring our activities immediately halted our testing.

At 1910 we were on a conference call with BC's executives to discuss next steps.

I would like to tell you that our rapid success in this engagement was a reflection of the brilliance of our ethical hacking team, but that wouldn't be the truth. Unfortunately, our...

For more, click here...

Next

Previous

1 2 3 4 5


  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with Konica

Did you find this article useful?
257 out of 520 people found this useful


In association with Intel

Talkback

Post a comment


Full Talkback thread

2 comments

  1. Nothing new under the sun. This is reality the wor... Arthur B.
  2. Had a similar episode with a client, who had a tem... Anonymous

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:




Related Jobs

SAP FI CO Consultant - Manchester.

Global Banking Group seek IT / IT Audit professional

Medical / Pharmaceutical Device Validation FDA Approval - Bedford

Sentry Posts Blog

Virtual Teams: Small Business Innovati...

Virtual Teams: Small Business Innovation Author: Eric Everson, Founder – MyMobiSafe.com As the founder of MyMobiSafe.com, I’ve found that because of our presence in the industry... More

Post a comment

Mobile Security and Innovation: An Ope...

Mobile Security and Innovation: An Open Case Author: Eric Everson, Founder MyMobiSafe.com The times are changing in the mobile industry as “big wireless” in the US Markets are calling... More

Post a comment

Government launches new e-crime unit

Ok, so this is outside of my main area of focus of sustainable and green tech but I do track some security issues too. I was at a meeting last week with Microsoft's security advisor... More

Post a comment

Featured Oracle Resources

Human Resources Management eBook

Supply Chain Management eBook

Design and Innovation Report

Economist Intelligence Unit Report - Technology and growth at mid-sized companies

See All White Papers