Duration 50:52
16+
Play
Talk video

Are You Trading Stocks Securely? Exposing Security Flaws in Trading Technologies

Alejandro Hernandez
Senior Security Consultant at IOActive
  • Video
  • Theses
  • Video
Black Hat USA 2018
August 4 2019, Las Vegas, USA
Black Hat USA 2018
Video
Are You Trading Stocks Securely? Exposing Security Flaws in Trading Technologies
Purchased
In cart
Free
Free
Free
Free
Free
Free
Add to favorites
6.44 K
I like 0
I dislike 0
Purchased
In cart
Free
Free
Free
Free
Free
Free
  • Description
  • Transcript
  • Discussion

About speaker

Alejandro Hernandez is a security consultant who has been involved in the scene for over 15 years. Nowadays, he works for the company IOActive, where he has had the chance to work in companies in different countries including Mexico, South Africa, Germany, China, Netherlands, United States, South Corea and England. As a research enthusiast, he had the chance to present twice in Black Hat Arsenal: in 2011, DotDotPwn (directory traversal fuzzer), and in 2014, Melkor (ELF file format fuzzer). He has also been speaker in other conferences such as DEF CON (Village) and BruCON (Belgium). Recently, he has been bridging cybersecurity with another subject he has interest in: money markets. Self-forged initially, later on he took some stock trading courses in the Mexican Stock Exchange (BMV) to gain the understanding on how the digitally-ruled financial markets work nowadays.

About talk

Topic: IT

In this talk, vulnerabilities that affect millions of traders will be shown in detail. Among them are unencrypted authentication, communications, passwords and trading data; remote DoS that leave the applications useless, weak password policies, hardcoded secrets, poor session management, etc.

02:33 What the New York Stock Exchange looks like now

04:05 The specifics of cyber attacks on stock exchanges

06:08 What is the Meta Trader platform for

Share

Hi everyone, good morning. 00:00 Thank you for being here. 00:00 I'm super excited to be here. 00:04 This is my very first briefing. 00:06 I do on Black Hat. 00:08 Previously, I had a chance to present 2 tools on the Arsenal in 2000 and 00:10 , 12:15 but this is my first time here. 00:16 My name is Alexandro Hernandez. 00:18 I'm from Chapas, Mexico, which is in the SE of the country right over there. 00:20 And I have been doing consulting and research, 00:26 for you, active for almost 6 years now. 00:29

I come from our computer Sciences background. 00:32 I didn't study anything related to finance or economics. 00:35 I must self-doubt on these topics. 00:39 An later on. 00:41 I took a couple of courses in the Mexican Stock Exchange in Mexico City, 00:41 an with a few other brokers. 00:48 And in the end I decided to breach both topics. 00:50 I'm interested in right and I found interesting results. 00:53 I will share with you today. 00:57 Um. 00:59

This will be the agenda will be discussing today a quick introduction. 01:02 The core of the research of my analysis, 01:07 the boner abilities. 01:10 The responsible disclosure process regulators organizations. 01:10 Some other ideas. 01:16 I have in mind that either I or you could develop in the future after the talk and in the end recommendations and conclusions for training up 01:16 a quick disclaimer. 01:27

All the testing was performed using paper money, 01:27 which is demo accounts fake money right. 01:32 I I only tested applications for end users mobile websites and desktop applications and the web servers that communicate these applications. 01:36 I didn't test anything else, 01:45 the steel. 01:47 There are a lot of technologies behind this there. 01:47 A lot of protocols that are a lot of other devices for example, 01:51 phones with embedded software. 01:55

I didn't have access to this information and finally, this talk is not about high-frequency trading nor blockchain nor how to get rich. 01:55

Full transcript of the talk will be available after the purchase
Cackle comments for the website

Buy this talk

Access to the talk «Are You Trading Stocks Securely? Exposing Security Flaws in Trading Technologies»
Purchased
In cart
Free
Free
Free
Free
Free
Free

Video

Get access to all videos “Black Hat USA 2018”
Purchased
In cart
Free
Free
Free
Free
Free
Free
Ticket

Interested in topic «IT»?

You might be interested in videos from this event

September 28 2018
Moscow
16
83
app store, apps, development, google play, mobile, soft

Similar talks

Patrick Wardle
Chief Research Officer at Digita Security
Purchased
In cart
Free
Free
Free
Free
Free
Free
Sen Nie
Security Researcher at KeenLab, Tencent
Ling Liu
Engineer at KeenLab
Wenkai Zhang
Security Researcher at KeenLab
Yuefeng Du
Security Researcher at KeenLab
Purchased
In cart
Free
Free
Free
Free
Free
Free

Buy this video

Video

Access to the talk 'Are You Trading Stocks Securely? Exposing Security Flaws in Trading Technologies'
Purchased
In cart
Free
Free
Free
Free
Free
Free

Conference Cast

With ConferenceCast.tv you get access to our library of the world's best conference talks.

Conference Cast
154 conferences
6352 speakers
2110 hours of content