Salami slicing attacks

Post on 12-Jun-2015

1.392 views 1 download

Preview:

Click to see full reader

Tags:

Report this document
SHARE

description

salami, slicing, rounding, g4m4m

Transcript of Salami slicing attacks

Salami slicing Attacks

gamma95@gmail.com

$whoami

What's salami slicing attacks?

Salami slicing refers to a series of many small actions, often performed by clandestine means, that as an accumulated whole produces a much larger action or result that would be difficult or unlawful to perform all at once. The term is typically used pejoratively. Although salami slicing is often used to carry out illegal activities, it is only a strategy for gaining an advantage over time by accumulating it in small increments, so it can be used in perfectly legal ways as well.

In information security, a salami attack is a series of minor attacks that together results in a larger attack. Computers are ideally suited to automating this type of attack.

Salami slicingHow to cheat water

meter

Salami slicingHow to cheat water meter

Rounding attacks

Rounding attacks

Rounding attacks

Rounding attacksEx1: Internet banking

Rounding attacksEx1: Internet banking

Rounding attacksEx1: Internet banking

Rounding attacks

Round(0.005, 2)=0.01 USD = 1 cent100 * (105.60 VND -> 0.01 USD) => 10,560.00 VND = 1.00 USD

Rounding attacksEx2: Petrol station

Rounding attacksEx2: Petrol station

22,200.00 VNĐ --> 1 litre200 VNĐ --> 0.009009009...

Round(0.00909, 2)=0.01 litre100 * (200 VND -> 0.01 lire) => 20,000.00 VND = 1 litre

Rounding attacksEx2: Petrol station

22,200.00 VNĐ --> 1 litre50,000.00 VNĐ --> 2.2522522522...

Round(2.252252, 2)=2.25 litre

Rounding attacksEx2: Petrol station

In Viet Nam, Petrol station uses round down/ truncate function. That means you guys always lose :)

Deposit accountEx 3

You have 100$, you deposit 100$ --> 1.2$/monthYou deposit 42 cents --> 0.00504$/monthRound(0.00504,2) = 0.01$ = 1 cent/month

You should share 100$ to 238 accounts (42 cents per account). After one month, You will get 238 x 0.01$ = 2.38$ :)

References

1.Salami attack at Asia Commercial Bank

http://www.vnsecurity.net/2008/05/salami-attack-at-asia-commercial-bank/

2. Adrian Furtuna - Practical exploitation of rounding vulnerabilities in internet banking applications

http://2013.zeronights.org/materials

3. Is Your Online Bank Vulnerable To Currency Rounding Attacks

http://blog.acrossecurity.com/2012/01/is-your-online-bank-vulnerable-to.html

4. http://en.wikipedia.org/wiki/Rounding

http://www.vnsecurity.net/2008/05/salami-attack-at-asia-commercial-bank/
http://2013.zeronights.org/materials
http://blog.acrossecurity.com/2012/01/is-your-online-bank-vulnerable-to.html

Questions?

Top related

Salami-slicing and plagiarism: How should we respond? · Salami-licing and plagiaim: Ho hold e epond? 7 1 3 Table 2 Editors’ratingsofappropriateconsequences.Seriousconsequencesinclude:Blacklistforfuturesubmissions
 Documents
Program Slicing Program Testing and Analysis€¦ · 4. Dynamic Slicing Mostly based on these papers: Program Slicing, Weiser., IEEE TSE, 1984 Thin Slicing, Sridharan et al., PLDI
 Documents
Oshe Salami
 Documents
GOVERNMENTAL FINANCIAL RESILIENCE UNDER AUSTERITY: …irep.ntu.ac.uk/id/eprint/29599/1/PubSub6936_Jones.pdf · • “Salami slicing” budget reductions, i.e. across-the-board proportionate
 Documents
Welcome to GEN-8001: Take control of your PhD journey20192608091931/GEN-8001_Sp… · 12 Salami slicing Questionable research practices Categorized as less severe, but still considered
 Documents
Dependence-Cache Slicing: A Slicing Method Using Lightweight Dynamic Information
 Documents
Introduction to Malicious Code (Malware) - Chalmers · Introduction to Malicious Code (Malware) ... • But what type of content is safe? Targeted attacks ... • Salami attack
 Documents
Structure of a legal analysis - Justice&Environment · 3.4. Measures taken to avoid “salami slicing” and assure assessment of cumulative effects All the countries subject to the
 Documents
elaboracion del salami
 Documents
prezi - TUM · own contribution to publication exaggerating Salami Slicing und duplicate publications unpublished publications cited as citing man arXiv "in press of authorships Order
 Documents
Key changes to the Scottish EIA do they mean for planning? · requirements –should prevent salami slicing •“Main characteristics of the operational phase” –focus on natural
 Documents
1 Program Slicing Purvi Patel. 2 Contents Introduction What is program slicing? Principle of dependences Variants of program slicing Slicing classifications.
 Documents
Brain slicing
 Health & Medicine
Introduction - KDIGO...2017/02/03  · No to “salami slicing” • Example: A drug proposed to be used to treat breast cancer patients refractory to first-line treatment – No,
 Documents
Slicing and Non Slicing Floor Planning
 Documents
Conveniently Smithfield - Foodservice · 90070100025442 John Morrell Cotto Salami Slicing Log, 18-20# ea, Combo 1,550 lbs 90070100024971 John Morrell Ham, Hot Capicolla, WA, 15-17#
 Documents
Efficiencies Plan 2020-23 · cutting targets, top-down salami slicing of departmental budgets, or cuts to frontline services as we have seen previously in Jersey. This programme is
 Documents
CLAUSEWITZ’S CENTER OF GRAVITY: CHANGING OUR … · • Resist “salami-slicing” the adversary into tactical, operational, and strategic CoGs. The bulk of our efforts and intermediate
 Documents
GOVERNMENTAL FINANCIAL RESILIENCE UNDER AUSTERITY: …€¦ · time. Salami slicing was used extensively prior to 2008 as a means of absorbing financial shocks over the whole organisation.
 Documents
€¦  · Web viewSouth China Sea Affirmative NAUDL CORE FILES 2016-17. Salami Slicing Advantage. South China Sea Affirmative . NA. UDL . CORE FILES 2016-17. …
 Documents

Copyright © 2022 FDOCUMENTS