Are You Trading Stocks Securely? Exposing Security Flaws in Trading Technologies

Explore security vulnerabilities in electronic trading platforms and networks in this 51-minute Black Hat conference talk. Delve into the risks associated with the ease and speed of modern financial securities exchange, accessible to anyone with as little as $10. Examine issues like unencrypted communications, denial of service vulnerabilities, weak password policies, and authentication flaws. Learn about trading languages supporting DLL imports, privacy mode concerns, and hardcoded secrets. Discover the implications of inadequate anti-exploitation mitigations and root detection. Gain insights into responsible disclosure practices, the role of regulators and rating organizations, and receive practical recommendations for improving trading technology security.

Intro
black hat Disclaimer
black hat Introduction
black hat Trading software
black hat Unencrypted comms
black hat Denial of Service
black hat Trading languages supporting DLL imports
black hat Passwords stored unencrypted
black hat Trading data stored unencrypted
black hat Weak password policies
black hat Authentication
black hat Session still valid after logout
black hat Privacy mode
black hat Hardcoded secrets
black hat Anti-exploitation mitigations
black hat Root detection
black hat Responsible disclosure
black hat Regulators
black hat Rating organizations
black hat Recommendations
black hat Black Hat Sound Bytes