The visitors of the Positive Hack Days 2012, which took place in the Digital October Center, not only had a chance to listen to reports by information security professionals or watch the epic CTF battle, but take part in discussions over important industry issues at specialized sections.
Among such discussion platforms, there was a section called How to Protect Money, moderated by Artem Sychev (Head of Information Security Department, Rosselkhoznamk). Along with theory – discussions over the security challenges of the banking sector, – the section offered a practical task: the $natch competition. The competition tried out participants’ skills of exploitation of typical remote banking vulnerabilities, rather logic than web ones.
Specially for the competition, we developed our own remote banking system from scratch and imbedded common vulnerabilities revealed by Positive Technologies experts in the course of security assessment of such systems. The solution called PHDays I-Bank was a standard Internet bank with a web interface, PIN code to access the account and a processing.