PREMIERE: Per Thorsheim and special guest Stu from TMHC

THE TALKS

Per Thorsheim: "How I hacked the largest bank in Norway using a 1-page paper form"

We are so lucky that Per has chosen to premier his latest talk for us here at OWASP Copenhagen. So come join us for this. Per is a fantastic storyteller :-)

Back in 2019-2020 banks were running a campaign saying you should never share your BankID with anyone. Never give your OTP or password to anyone. Use a “power of attorney” (Danish: Fuldmagt) to give another person access to your bank account instead, to act on your behalf if needed. So Per Thorsheim got curious and started to investigate with a few friends.
This is the story on how they found a way to gain access to probably any personal account at the largest bank in Norway, using a 1-page paper form from the bank itself.

This is not a technical talk, but a talk about UX, design & process flaws, and responsible disclosure.

Could this be possible with your bank?

Bio:
Per Thorsheim is the founder of PasswordsCon, the first & only global conference dedicated to passwords and anything digital authentication. By day he works as a security & governance manager for BankID at Vipps.no in Norway. He’s been in infosec for more than 25 years, and claims to know your next password.
Twitter: @thorsheim
LinkedIn: http://linkedin.com/in/thorsheim

Stu: Why You Should Build a Community!
Stu discusses why community is important for fostering collaboration, forming important connections, mentoring, and the great things that can happen from this.

Stu shares his experience of building an infosec community The Many Hats Club, the highs and lows, but ultimately why this is something we should all strive to do. The talk will cover the following:

• Why communities are vital in infosec
• How to start out
• Platforms
• Pitfalls and things to avoid (from my many mistakes)
• Mentoring
• Key achievements - 2 x cons, CTF's, Podcasts, community projects, research, responsible disclosures etc.
• Mods/Admins, COC etc things you cannot live without.
• Why you should all build a community right now!
• Q&A

Bio:

Twitter: @cybersecstu
LinkedIn: https://www.linkedin.com/in/itsecurity/

PRACTICAL:
The event will be a two part-event where Per Thorsheim will premier his
new talk and Stu will talk about the importance of communities.
We will be online from circa 19.45 to do warm-up and chitchat with both speakers. You're very welcome to join us. This part won't be streamed to YouTube.
Both events will be as much a discussion/AMA as a talk so you're very encouraged to pitch in.
After the talks we hang out on Discord and chat for as long as we want to. This won't be streamed either.

To make the event more interactive, we are having the event on Discord. So join the VikingSec Discord via https://discord.gg/XCUja4Q. Make sure to go to the #role-assignment and click the bee to get permissions to talk and write in the OWASP Copenhagen channels.

If you don't want to be on Discord - no problem! Both talks will be streamed to YouTube as usual! The link will be made public soon!

We can't wait to see you!
All the best
The OWASP Copenhagen Team