Your taxes are being leaked

BSidesLV 2018

Presented by: Michael Wylie
Date: Wednesday August 08, 2018
Time: 10:00 - 10:55
Location: Breaking Ground

80% of U.S. small business accounting data is entered and stored on one company’s software. Major professional CPA firms around the world use this company’s tax preparation software and trust the security controls are doing their job. During a Penetration Test, I discovered, and disclosed to the manufacture, a critical unauthenticated information leak/man-in-the-middle vulnerability in the way the tax preparation software transfers customer data between client and server. This vulnerability exposes all customer’s names, addresses, phone numbers, email addresses, social security numbers, job, spouse information, and more.

Michael Wylie


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats