Are You Trading Stocks Securely? Exposing Security Flaws in Trading Technologies

Explore critical security vulnerabilities affecting millions of traders in this 51-minute Black Hat conference talk. Delve into detailed exposés of unencrypted authentication, communications, passwords, and trading data. Discover remote Denial of Service attacks rendering applications useless, weak password policies, hardcoded secrets, and poor session management. Learn about trading languages supporting DLL imports, privacy mode issues, and anti-exploitation mitigations. Gain insights into responsible disclosure practices, the role of regulators and rating organizations, and receive valuable recommendations for improving trading technology security.

Intro
black hat Disclaimer
black hat Introduction
black hat Trading software
black hat Unencrypted comms
black hat Denial of Service
black hat Trading languages supporting DLL imports
black hat Passwords stored unencrypted
black hat Trading data stored unencrypted
black hat Weak password policies
black hat Authentication
black hat Session still valid after logout
black hat Privacy mode
black hat Hardcoded secrets
black hat Anti-exploitation mitigations
black hat Root detection
black hat Other weaknesses
black hat Responsible disclosure
black hat Regulators
black hat Rating organizations
black hat Recommendations
black hat Black Hat Sound Bytes