Chapter PDF
Keywords
- Authentication Protocol
- Internet Banking
- Authentication Procedure
- Central Infrastructure
- Responsible Disclosure
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Adams, C., Lloyd, S.: Understanding PKI—Concepts, Standards, and Deployment Considerations, 2nd edn. Addison-Wesley (2003)
Anderson, R.: Why cryptosystems fail. In: ACM 1st Conference on Computer and Communication Security. Fairfax, VA, USA (1993)
Anderson, R., Bond, M., Clulow, J., Skorobogatov, S.: Cryptographic processors—a survey. Technical Report 641, University of Cambridge (2005). URL http://www.cl.cam.ac. uk/˜mkb23/research/Survey.pdf
Andrews, M., Whittaker, J.A.: How to BreakWeb Software—Functional and Security Testing of Web Applications and Web Services. Addison-Wesley (2006)
BankID: Hva gjør kunden ved mistanke om at noe er galt? (2007). URL http://www. bankid.no/index.db2?id=4066. Last checked March 2008 (in Norwegian)
Berkman, O., Ostrovsky, O.M.: The unbearable lightness of pin cracking. In: Financial Cryptography and Data Security (FC). Lowlands, Scarborough, Trinidad/Tobago (2007). URL http://www.arx.com/documents/The_Unbearable_Lightness_of_ PIN_Cracking.pdf
Biancuzzi, F.: Disclosure Survey (2006). URL http://www.securityfocus.com/ columnists/415. Last checked March 2008
Christey, S., Wysopal, C.: Responsible vulnerability disclosure process (2002). URL http://www.whitehats.ca/main/about_us/policies/ draft-christey-wysopal-vuln-disclosure-00.txt. Last checked March 2008
Cranor, L.F., Garfinkel, S. (eds.): Security and Usability—Designing Secure Systems That People Can Use. O’Reilly (2005)
Espelid, Y., Netland, L.H., Klingsheim, A.N., Hole, K.J.: A proof of concept attack against norwegian internet banking systems. In: Proc. Financial Cryptography and Data Security (2008)
Gartner: Gartner study finds significant increase in e-mail phishing attacks (2004). URL http://www.gartner.com/press_releases/asset_71087_11.html. Last checked March 2008
Gjøsteen, K., Hole, K.J.: Nei, ennå ikke trygg. Aftenposten (29. Nov, 2007). URL http: //www.aftenposten.no/meninger/debatt/article2126133.ece. Last checked March 2008 (in Norwegian)
Güuhring, P.: Concepts against man-in-the-browser attacks (2006). URL http://www2. futureware.at/svn/sourcerer/CAcert/SecureClient.pdf. Last checkedMarch 2008
Gundel, T.: Phishing and internet banking security (2005). URL ftp://ftp.software. ibm.com/software/tivoli/whitepapers/Phishing_and_Internet_ Banking_Security.pdf
Hoglund, G., McGraw, G.: Exploiting Software—How to Break Code. Addison-Wesley(2004)
Hole, K.J., Moen, V., Klingsheim, A.N., Tande, K.M.: Lessons from the Norwegian ATM system. IEEE Security & Privacy 5(6), 25–31 (2007)
Hole, K.J., Moen, V., Tjøstheim, T.: Case study: Online banking security. IEEE Security & Privacy 4(2), 14–20 (2006)
Hole, K.J., Tjøstheim, T., Moen, V., Netland, L., Espelid, Y., Klingsheim, A.N.: Next generation internet banking in Norway. Tech. Rep. 371, Institute of Informatics, University of Bergen (2008). Available at: http://www.ii.uib.no/publikasjoner/texrap/ pdf/2008-371.pdf
Huseby, S.H.: Innocent Code. Wiley (2004)
Kent, S.T., Millett, L.I. (eds.): IDs—Not That Easy: Questions About Nationwide Identity Systems. The National Academies Press (2002)
Kent, S.T., Millett, L.I. (eds.): Who Goes There? Authentication Through the Lens of Privacy. The National Academies Press (2003)
Marsh, S., Dibben, M.R.: Trust, untrust, distrust and mistrust—an exploration of the darker side. In: iTrust 2005, LNCS, vol. 3477, pp. 17–33. Springer (2005)
Schneier, B.: Two-factor authentication: too little, too late. Communications of the ACM 48(4), 136 (2005)
Sun Microsystems, Inc.: Applets. URL http://java.sun.com/applets/. Last checked March 2008
The Norwegian Banks’ Payment and Clearing Centre: BankID FOI white paper (Release 2.0.0) (2006). (in Norwegian)
Viega, J., McGraw, G.: Building Secure Software—How to Avoid Security Problems the Right Way. Addison-Wesley (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 IFIP International Federation for Information Processing
About this paper
Cite this paper
Espelid, Y., Netland, L., Klingsheim, A.N., Hole, K.J. (2008). Robbing Banks with Their Own Software—an Exploit Against Norwegian Online Banks. In: Jajodia, S., Samarati, P., Cimato, S. (eds) Proceedings of The Ifip Tc 11 23rd International Information Security Conference. SEC 2008. IFIP – The International Federation for Information Processing, vol 278. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-09699-5_5
Download citation
DOI: https://doi.org/10.1007/978-0-387-09699-5_5
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-09698-8
Online ISBN: 978-0-387-09699-5
eBook Packages: Computer ScienceComputer Science (R0)