Stealing Identity Management Systems

Presented at DEF CON 15 (2007), Aug. 4, 2007, 4 p.m. (50 minutes).

Novell's Identity Manager and related components are become fairly common in large networks. Identity management systems in general bring a number of security implications that are often not well understood. Even when best practices are followed, the system often has vulnerabilities that can be exploited. Since there seems to be little research into hacking identity management systems, the goal of this talk is to bring some recognition to security risks these systems bring to an organization. This talk will look at some of the inherent properties of identity management systems which can make them prone to exploitation, and look at some specific techniques for exploiting certain configurations.

Presenters:

• Plet
  Plet is a security researcher who formerly worked for a consulting company, and now works for a non-profit in an attempt to restore the karma lost by being a consultant. He was forced to work with Novell's idm products, and grew to hate Novell as a result. He wrote the first commercially available universal password reader.

Links:

• https://defcon.org/html/defcon-15/dc-15-speakers.html#Plet
• https://infocon.org/cons/DEF CON/DEF CON 15/DEF CON 15 video/DEF CON 15 - Plet - Stealing Identity Management Systems - Video.mp4
• https://www.youtube.com/watch?v=oHxlQ366BJE

Similar Presentations:

• ToorCon: Seattle 2008 / Identity-based ElGamal
• ToorCon: Seattle 2008 / Privacy and Identity Hacking
• ShmooCon IX (2013) / Beyond Nymwars: An Analysis Of The Online Identity Battleground