Discover how a security expert exploited vulnerabilities in a Norwegian bank's systems using only pen and paper in this eye-opening conference talk from BSidesLV 2021. Explore the intricacies of Norwegian social security numbers, bank account validation processes, and security questions as the speaker walks through their methodical approach to exposing critical flaws. Learn about the power of social engineering, insufficient controls, and the importance of granular security measures in financial institutions. Gain valuable insights into vulnerability disclosure policies, cultural differences in banking practices, and the evolving landscape of digital security. Engage with thought-provoking questions on the future of banking security and the role of physical bank offices in an increasingly digital world.
Overview
Syllabus
Introduction
Background information
The situation in Norway
What is disposition
The red flag
The power of journey
The alternative
The paper form
Norwegian social security numbers
Validating Norwegian social security numbers
Figuring out my bank account number
Security questions
Insufficient controls
Legal agreements
Using time
Lack of granularity
Disclosure
Feedback
Additional Takeaways
Vulnerability Disclosure Policy
Whats next
Questions
Social and cultural differences
Taxes
Cash banks
Bank offices
Bank ID
Clearing Central
Kittens
Outro
Taught by
BSidesLV
