I hope you all look forward to BSides London 2015, https://www.securitybsides.org.uk. In case you want to tweet about it, this year we are using the #BSidesLDN2015 hash tag. The event will take place on Wednesday 3/Jun/2015 at the ILEC Conference Centre, 47 Lillie Road, SW6 1UD, London (see the MAP).
As a side note, this year InfoSecurity Europe in London will take place between the dates 2nd and 4th/June/2015. Usually, Security BSides London is in line with InfoSec and the event takes place on the first day of InfoSec. However, this year, make sure you note down that the event will take place on the second day of InfoSec (see InfoSec).
I am happy to see that my talk for this year is number 2 on the list of submissions (CFP Submissions). Voting for the talks opened today 20/Apr/2015 and it will be running until 1/May/2015. Please find some more information about my talk in the section below (click Read More). You can find/follow me at twitter @drgfragkos and I really hope you spread the word regarding this talk to your friends and followers.
Currently the schedule for voting and announcing talks is as follows:
Apr 20th - Community voting on CFP submissions to open
May 01st - Community voting on CFP submissions to close
May 04th - Feverishly count all the votes
May 05th - Notify everyone who submitted of the result
May 08th - Deadline for successful speakers to confirm attendance
May 10th - Define schedule, Publish schedule
The time-line of this research and back story:
After working for a couple of years on this subject, I really believe it is time to take the complete version of this talk to BSides London.
I had the opportunity last year (2014) at BSides London to do a 15-minute lightning talk about this, which included a brief introduction to the subject and more specifically on how it is be possible to take advantage of the features in Point-of-Sales (POS) devices.
A couple of months later, I was invited to BSides Manchester in order to do an hour long presentation about this subject, giving out more details on what I had discovered. I also had the opportunity to present my talk at EMF camp in August 2014 with a lot less technical details. Since then I have been doing some more research on the matter and moved towards the exploitation of Virtual Terminals. I was given the opportunity to present my additional research on Virtual Terminals at Securi-tay IV which is the conference for the Abertay Ethical Hacking Society.
Having the opportunity to present this new and complete version of my talk at BSides London this year will allow me to reach out to more people regarding my findings, raise awareness and allow security researchers/professionals to take a look at the Card Payment Industry (PCI) and card payments, from a different perspective. Due to the sensitive content, previous parts of this talk have never been recorded and I really hope all attendees will respect that and will not try to secretly record the presentation.
I really hope my talk gets voted so I can present this very interesting subject among all of you, who have been contacting me for this presentation. You can actually vote for up to 10 talks, so I really hope mine is one of them :D
Here is a copy of the abstract of my submitted talk for future reference:
2. Virtual Terminals, POS Security and becoming a billionaire overnight!
Dr. Grigorios Fragkos - @drgfragkos
Abstract:
Very few people use cash nowadays, as most use a debit or a credit card for their everyday needs. These transactions are performed through a Point-of-Sale (POS) device or through a Virtual Terminal. All the certified POS devices and Virtual Terminal applications, make use of strong encryption and secure communication channels in order to connect to the authorisation servers, and complete the transactions. Equally, in 2014 we saw the evolution of POS-affecting malware, where some large/global organizations like Target, Home Depot, and UPS were targeted by the BlackPOS, FrameworkPOS, and Backoff respectively, ending up in millions of card details being stolen, and millions of customers being affected from identity theft and financial fraud.
Following on the above, during this presentation, a number of features (provided in POS devices as standard functionality) and the ability to misuse them during a transaction will be demonstrated. But the main focus will be on a Threat Modelling engagement, undertaken against Virtual Terminals. More specifically, I will demonstrate the major difference between last year's POS malware targeting Card Holder Data (CHD) and a different approach, which targets the actual money directly. In other words, I will show you how I could have ended up with billions in my account, without having to steal a single card number. Dr. Grigorios Fragkos, follow: @drgfragkos
The presenter says...
The level of difficulty of this talk is 3 and I consider it is suitable for Techies, Business, Pentesters, Hackers, Any Geek
This talk has not been presented at other conferences and it can not be filmed.
Click here to vote for the Security BSides London talks and I really hope you vote my talk as well!
I am looking forward to the event, hoping to have a chance to speak to all of you at the conference and potentially share a drink or two. I really appreciate your interest in this field and I can only hope my talk will keep you all excited once more. I really believe that anyone who has the opportunity to be at this conference should not miss the chance. We are all going to be there and if you have like five minutes to spare, come and say hi.
As a side note, this year InfoSecurity Europe in London will take place between the dates 2nd and 4th/June/2015. Usually, Security BSides London is in line with InfoSec and the event takes place on the first day of InfoSec. However, this year, make sure you note down that the event will take place on the second day of InfoSec (see InfoSec).
I am happy to see that my talk for this year is number 2 on the list of submissions (CFP Submissions). Voting for the talks opened today 20/Apr/2015 and it will be running until 1/May/2015. Please find some more information about my talk in the section below (click Read More). You can find/follow me at twitter @drgfragkos and I really hope you spread the word regarding this talk to your friends and followers.
Currently the schedule for voting and announcing talks is as follows:
Apr 20th - Community voting on CFP submissions to open
May 01st - Community voting on CFP submissions to close
May 04th - Feverishly count all the votes
May 05th - Notify everyone who submitted of the result
May 08th - Deadline for successful speakers to confirm attendance
May 10th - Define schedule, Publish schedule
After working for a couple of years on this subject, I really believe it is time to take the complete version of this talk to BSides London.
I had the opportunity last year (2014) at BSides London to do a 15-minute lightning talk about this, which included a brief introduction to the subject and more specifically on how it is be possible to take advantage of the features in Point-of-Sales (POS) devices.
A couple of months later, I was invited to BSides Manchester in order to do an hour long presentation about this subject, giving out more details on what I had discovered. I also had the opportunity to present my talk at EMF camp in August 2014 with a lot less technical details. Since then I have been doing some more research on the matter and moved towards the exploitation of Virtual Terminals. I was given the opportunity to present my additional research on Virtual Terminals at Securi-tay IV which is the conference for the Abertay Ethical Hacking Society.
Having the opportunity to present this new and complete version of my talk at BSides London this year will allow me to reach out to more people regarding my findings, raise awareness and allow security researchers/professionals to take a look at the Card Payment Industry (PCI) and card payments, from a different perspective. Due to the sensitive content, previous parts of this talk have never been recorded and I really hope all attendees will respect that and will not try to secretly record the presentation.
I really hope my talk gets voted so I can present this very interesting subject among all of you, who have been contacting me for this presentation. You can actually vote for up to 10 talks, so I really hope mine is one of them :D
Here is a copy of the abstract of my submitted talk for future reference:
2. Virtual Terminals, POS Security and becoming a billionaire overnight!
Dr. Grigorios Fragkos - @drgfragkos
Abstract:
Very few people use cash nowadays, as most use a debit or a credit card for their everyday needs. These transactions are performed through a Point-of-Sale (POS) device or through a Virtual Terminal. All the certified POS devices and Virtual Terminal applications, make use of strong encryption and secure communication channels in order to connect to the authorisation servers, and complete the transactions. Equally, in 2014 we saw the evolution of POS-affecting malware, where some large/global organizations like Target, Home Depot, and UPS were targeted by the BlackPOS, FrameworkPOS, and Backoff respectively, ending up in millions of card details being stolen, and millions of customers being affected from identity theft and financial fraud.
Following on the above, during this presentation, a number of features (provided in POS devices as standard functionality) and the ability to misuse them during a transaction will be demonstrated. But the main focus will be on a Threat Modelling engagement, undertaken against Virtual Terminals. More specifically, I will demonstrate the major difference between last year's POS malware targeting Card Holder Data (CHD) and a different approach, which targets the actual money directly. In other words, I will show you how I could have ended up with billions in my account, without having to steal a single card number. Dr. Grigorios Fragkos, follow: @drgfragkos
The presenter says...
The level of difficulty of this talk is 3 and I consider it is suitable for Techies, Business, Pentesters, Hackers, Any Geek
This talk has not been presented at other conferences and it can not be filmed.
Click here to vote for the Security BSides London talks and I really hope you vote my talk as well!
I am looking forward to the event, hoping to have a chance to speak to all of you at the conference and potentially share a drink or two. I really appreciate your interest in this field and I can only hope my talk will keep you all excited once more. I really believe that anyone who has the opportunity to be at this conference should not miss the chance. We are all going to be there and if you have like five minutes to spare, come and say hi.
No comments:
Post a Comment