Interop ITX 2017 Schedule Builder

Interop ITX 2017 Schedule Builder

View, browse and sort the Interop agenda by track, pass type, format, session day/time, and conference journey. With the Interop ITX Schedule Builder, you can build your schedule in advance and access it during the show via export or in your Interop ITX Mobile App.

In order to best utilize Schedule Builder, please use the login credentials you've set up on this page as your login credentials on the Interop ITX App. You can download the app on iTunes or Google Play.

All SessionsSpeakersMy Schedule
View Sessions As:
  • Live Account Takeover Hack and Tips on Preventing Today's Most Dangerous Application Threat

    Location:  Room 111
    Format: Conference Session
    Track: Security
    Pass Type: All Access, Conference, Thursday Conference - Get your pass now!
    Vault Recording: TBD

    2016 appears to be the year of the hack, with marquee companies experiencing significant breaches on what seems like a daily basis. Account takeover (ATO) hacks have been on the rise within the last few years as hackers have become daringly savvy at acquiring log-in data and putting it to dangerous use -- the LinkedIn and Yahoo incidents being two on record. But while the initial data breach is problematic, the real problems come years afterward. Hackers wait to implement the data -- the compromise phase -- and then use bots to spray the information across the internet hoping to access sensitive information that lives outside of original sites. After the incidents, both LinkedIn and Yahoo advised users to alter passwords, ensuring data would then be safe. What they couldn't control, is that many consumers use the same log-in credentials across many accounts and that information in the hands of a criminal means risk extends beyond the initial breach.

    Society has been dealing with such cyber issues since the dawn of the internet, but these kinds of ATO hacks are changing the game. Prior solutions and changing passwords are no longer enough, as they are no match for today's hackers' tricks.

    In this session, I will stage an ATO attack in real time to show exactly how it is done while underscoring the vulnerabilities that many common sites have allowed it to happen on. I will begin by demonstrating a credential stuffing attack on a simple vulnerable site, fast forwarding to the cat and mouse game of upping your defenses. You'll be able to see how attackers bypass rate limits, geo-fencing, browser profiling and even some types of CAPTCHAs in their pursuit of popping your customers' accounts. The action will finish with a discussion for attendees to better grasp how these attacks can be blocked.