How much does it take to hack a mobile network?
Is electronic government secure
in the era of WikiLeaks and Anonymous?

Is SCADA hacking a Hollywood fiction
or the nowadays reality?
Internet banking: is there any chance to win
over the fraudsters?

Cyber-crimes, cyber-espionage, cyber-war: where do we draw a borderline?


Thursday, May 31, 2012

Forum Positive Hack Days 2012 Is Over!

Two days, 1500 guests, dozens of reports and hands-on labs, large-scale CTF contest, lots of competitions, – all that was the PHDays 2012 hackers conference held in the Digital October technocentre. Information security experts, hackers from all over the world and Internet users met to discuss and try to solve the key IS issues.

PHDays Competitions Finished

After the major CTF battle was over, other PHDays 2012 competitions were also coming to the end. In the Workshop area, the Hack the RFID competition was in full swing. The target was two stationary boxes under locks controlled by RFID readers. The corresponding RFID tags were attached at a distance from the readers, so that it was impossible to unlock the boxes directly with these tags.

The contestants were required to open the boxes to take the prizes from within.

PHDays CTF - The final!

For two long days and all through the night 12 CTF teams from ten countries were engaged in tense battle. They faced many challenges: diving into garbage container in search for bonus flags, fighting sleep, taking control over a flying droid that was hovering across the lobby of the technocentre Digital October, and eliminating vulnerabilities in the online banking system attacked by the participants of Online HackQuest.

The $natch is Taken!

Specially for this competition the Positive Technologies experts developed their own online banking system containing some typical vulnerabilities.

Forum guests and contestants have a good time in the cozy lobby of the Digital October technocentre, where they can follow the competition thanks to live video streaming.

The goal of the competition was to detect and exploit the online banking system vulnerabilities to transfer money to the team account.

Once Again about Remote Banking Security

There is a specific section in the information security forum Positive Hack Days called Ways to Protect Money taking place in the Digital October Center these days, where leading experts from Russia and other countries speak about the issues of the banking security.

For the $natch competition, we have developed our own remote banking system containing common vulnerabilities detected by the experts of Positive Technologies in the course of such systems analysis.

Participants of the $natch contest were to demonstrate their knowledge and skills in exploiting typical vulnerabilities of the remote banking servers. There was a certain amount of money in our “protected” I-bank (conditions were near to the actual).

CTF - The Challenges Continue


According to the Day Two legend, the teams taking part in the PHDays CTF contest were required to obtain transportation means. Specially for this task we prepared a couple of AR.Drones - flying devices operated through mobile phones using insecure wireless connections. The goal was for the CTF teams to take control over one or both the drones.

At first, we planned to launch the AR.Drones outside the building, but since the weather in Moscow wasn’t navigable, the competition was moved to the lobby of the Digital October technocentre that hosts the PHDays 2012 forum.

Circuli Vitae. The Future

The Future (Summary of the Previous Episode)

By the middle of the XXIII century the once-powerful humankind regressed into a pitiful pinch of exhausted people. Affected by the genetic disaster and devastating war, the Earth was no longer a home but a battle for survival.

Those who were lucky enough to cover under airproof domes were engaged in ongoing battle for survival against the aggressive environment. They lived off “clean” food produced at several automated farms; and all of the people’s last efforts went to protect the farms.

Wednesday, May 30, 2012

Day One of the PHDays Forum is Over

On May, 30th, information security experts, hackers, and Internet community members from all over the world gathered in the technocentre Digital October. Their goal was to fervently discuss and find answers to the most important IS questions and, of course, to have a good time :) Read about the first day of the PHDays 2012 forum under the cut.

Hacked in 137 seconds. Results

As you already know, PHDays is literary everywhere from Tokio to Vladivostok and from India to Tunisia. Dozens of hackspaces with best hackers join our online broadcast. It was specifically for the hackspace members supporting our PHDays Everywhere initiative that the Hacked in 137 Seconds competition was orginized.

Participants had six hours to get unauthorized access to a specified Cisco network device and consecutively increase the privileges up to level 15. With every new level gained, the participant obtained a flag in MD5 format, which was then entered into a special form on the PHDays website.

CTF - New Challenges

CTF contest has started at the Positive Hack Days forum. The teams received envelopes with the CTF legend and entered the fight. The winner will be annonced tomorrow, while today the teams can find bonus flags and raise the score. However, it's not all that simple: the flags are hidden in a specially prepared conainer with garbage, which makes the task pretty challenging.

In the CFT area, the draw was conducted to define in what order the teams will dive into the container.

Circuli Vitae. The Present

The XXI century is the Era of Biotechnologies. Mass production of genetically-modified products was supposed to deal with hunger, diseases and give the humanity the power over the Nature.

However by the middle of the century genetically-modified organisms were everywhere: from tundra to rainforests. In response to the intervention Flora struck back to survive. Gigantic weed-trees and tiny bugs flooded forests and fields of the Earth.

People also suffered from the genetic chaos. Numerous epidemics spread over the planet, some of them were artificially induced.

That was when World War IV broke out to become the fastest and most devastating war of all.

Tuesday, May 29, 2012

Hacker Soccer Moves on!

Tomorrow is going to be a big day – international information security forum Positive Hack Days 2012 opens tomorrow. Most reporters (for example, Bruce Schneier and Nikhil Mittal) and teams participating in CTF (PPP, Shell Storm) are already in Moscow. And it seems a good reason to meet prior to the forum’s start at a football match! Information security experts (both reporters and CTF participants) have taken white hats off for a while and put soccer uniform on to prove they’re the best not only in hacking. Photos of the match are under the cut.

Monday, May 28, 2012

Registration to PHDays 2012 Online Competitions Is Open

The competitions playing invitation cards to Positive Hack Days 2012 are over. The winners have received their tickets, and we will meet them in the Digital October Center in Moscow very soon. If you have failed to participate in these contests or to win, you still have an opportunity to obtain lots of prizes in the course of online battles, registration to which starts on PHDays website simultaneously with the forum. Competitions description and terms of participation are under the cut.

Saturday, May 26, 2012

Hacking Elite Come Together at Positive Hack Days 2012

PHDays 2012 is getting closer. A detailed program has already been published. Registration to the forum opened on May 14, but there were so many people willing to visit the event that all the places were occupied in 8 minutes, and thus we had to stop it. The buzz around the event was so great that we decided to carry out one more round of registration. It had barely begun, when we had to close it for the same reason.

Battle for Invitation Cards is Over

Less than a week is left until the information security forum Positive Hack Days 2012, and until today everybody who wanted to visit this event had a chance to win an invitation card in such contests as Blow Up the Town and Hackers vs. Forensics.

Thursday, May 24, 2012

Maximum of practice, minimum of formality: PHDays 2012 program is published

Positive Hack Days 2012, an international forum, is coming soon in the Digital October center in Moscow. We’ve been preparing this event for the whole year, have gathered the most topical and interesting information security issues taking into account community’s preferences so that anyone from a programmer to a CIO can be involved in the forum.

Today we’re introducing the final program of PHDays 2012. There are two big units combining theory and practices, they are conferences and competitions.

Tuesday, May 22, 2012

PHDays CTF: President’s address to participants of the CTF (Change The Final) Mission

I salute you, soldier!

Dwellers of our City are proud to have the luck to be familiar with you, one of those, who were selected to change the destiny of the entire humanity. Very little time is left before the start of your Mission, so you will have to go to a lot of trouble to prepare well. A lot of obstacles will be lying in wait for you: a sleepless night, endless attacks of enemies, time travelling, aircraftshijacking, and even dumpster diving. But they shouldn’t stop you on your way to your major aim – prevention of the world catastrophe, the price of which you know well. Numerous temptations, which you will be faced with, shouldn’t stop you as well: you will have to get over your desires to sleep, to stare at girls, or to drink all alcohol supplies. Remember, you main goal is to Change The Final!

Hands-On Lab of PHDays 2012: from Wi-Fi Networks Protection to SAP and Web 2.0 Security

Is it possible to hack a computer via a mouse, keypad or printer? How secure is Android? What an ethical hacker should know? Is it difficult to catch a cybercriminal? Is HTML 5 secure? You may keep wondering, but it’s much wiser to partake in Hands-on Lab at Positive Hack Days 2012 and get answers to all these questions.

Monday, May 21, 2012

dvCTF 2012 in Vladivostok as Part of PHDays Everywhere

We have recently reported that  Vladivostok,Yekaterinburg, Kaliningrad, Kiev, Samara, Taganrog, Khabarovsk, as well as Tunis (Tunisia) and Kollam (India) already joined PHDays Everywhere.

The latest big news: as part of PHDays Everywhere, Far Eastern Federal University (Vladivostok) is organizing dvCTF 2012, a student team competition in the CTF task based format. Anybodycan partake in the competition! Build a team, complete the tasks, outpace competitors and obtain valuable prizes!

Rules of the Hack2Own Competition at PHDays 2012

There’s little time left before Positive Hack Days 2012. Online competitions, which raffle off invitations to the forum, are in full swing. Yet, the most interesting events will happen at the forum’s platform in the Digital October Center. A legendary competition Hack2Own will be one of the highlights of the program.

In 2011 the of Hack2Own winners were Nikita Tarakanov and Alexander Bazhanyuk, representatives of the CISSRT team, who demonstrated 0day vulnerability (CVE-2011-0222) in the latest version of Safari (Internet browser) for Windows and took the first prize, namely, a laptop and 50,000 rubles. This year the budget of the competition has been significantly increased up to 20,000 $. The winners will have enough money to fill the new cases with :)

This competition is divided into three categories: exploitation of web browser vulnerabilities, exploitation of kernel vulnerabilities, and exploitation of vulnerabilities in mobile devices. Detailed rules of participation are under the cut.

Friday, May 18, 2012

DIY Hackspace

Interested in information security? Want to know more about cybercrime, protection against DDoS, security of very important applications, SCADA and ERP systems? There are no interesting conferences in your city in the nearest future and you can’t make it to Positive Hack Days 2012 for some reason?

Don’t get frustrated! First of all there must be a place in your city where hackers usually hang about. A videoconference may be organized there so that all willing people can remotely participate in the forum, hang out with so-called colleagues and warm up their brains fighting with other hackers. The list of such spots in different cities is available on the official site of PHDays 2012

Vladivostok, Yekaterinburg, Kaliningrad, Kiev, Samara, Taganrog, Khabarovsk, as well as Tunis (Tunisia) and Kollam (India) have already joined us. For those who will be in Moscow during PHDays, Neuron Hackspace will be open 24 hours a day.

If your city is not the list, welcome under the cut!

Wednesday, May 16, 2012

Hackers vs. Forensics — 1:0 for the Black Hats?

We have already written that two competitions taking place at the moment enable contestants to gain invitations to the Positive Hack Days 2012 forum — Blow up the Town and Hackers vs. Forensics. The winners of the competitions will get tickets to PHDays (1st place — 5 tickets, 2nd place — 3 tickets, 3rd place — 2 tickets).

The forum enjoys great popularity — the registration that took place on May 14 was closed in 8 minutes when the maximum number of participants was achieved. That means that extra invitations will certainly be of use.

Tuesday, May 15, 2012

Online Battling at PHDays 2012

If by any reason you do not get into the participant list of Positive Hack Days 2012 or cannot visit Digital October Center, the forum’s platform, on May 30 and 31, you still have an opportunity to participate in this event. Join the online battle with competitors from all over the world at Positive Hack Days 2012! Description and participation terms are under the cut.

What to Take Along to PHDays? Competitions on the Forum Platform

You will have a possibility to listen to reports of famous information security experts and young researches, participate in workshops and master classes, watch CTF hackers’ epic battle on May 30—31 in Moscow at the Positive Hack Days forum. But that’s not the half of it! You will be able to challenge the heroes of hack battles and prove to be a member of the hacking elite. The list of competitions that will take place in the Digital October Center during Positive Hack Days 2012 is under the cut.

Monday, May 14, 2012

PHDays Registration Starts This Noon

Please note, that the number of participants is strictly limited. The registration will close when the maximum number of participants is reached — presumably, in a couple of minutes after the registration start, so not everyone will be able to gain invitations for PHDays. 

The sooner you register, the more likely you are to get an invitation. You can do it today, on May 14, from 12 a.m. on the forum’s website.

Moscow will host the Positive Hack Days 2012 information security forum on May 30 and 31. The event features reports of international information security superstars (Bruce Schneier alone counts for a lot!), hacking competitions for all comers, and a sea of tequila! Don’t miss it!

Saturday, May 12, 2012

Why it is impossible to comply with Russian private data protection law?

Mikhail Emelyannikov's report announcement

The law of the Russian Federation on personal data has been applied for five years already and it is obvious that the law’s current wording cannot help to gain its primary objective – to protect the rights and freedoms of citizens when their personal data is processed, including the right to privacy, to personal and family secrets.

The law defines formalities for all operators and along with the Administrative Violations Code provides for equal responsibility both for a company disclosed personal data of million people and for a company avoiding such incidents but ignoring any obligatory formality – either of public policy or of the use of certified information security tools. The law is not applicable to digital world or ecommerce, in everyday life or when performing almost any action for the benefit of third parties (for example, when buying an aircraft ticket for family members or friends, or calling a doctor by phone).

The reporter will analyze the law’s system problems and offer ways of its radical change.

Friday, May 11, 2012

Hack for Ticket or How to Get at PHDays

As we reported, registration for the information security forum Positive Hack Days 2012 starts at noon on May 14th. It’s a good piece of news for those who are willing to visit the event, but there is a question: how long will the registration last? We suppose it will be closed in a few minutes after the start when the maximum number of participants is gathered. If you’re sure you’ll be among those lucky persons, then you are welcome. And for those who want to secure themselves, there are two methods to ensure an invitation under the cut.

Thursday, May 10, 2012

Our contribution to the cyber security of Japan

NHK (Japan broadcasting corporation), one of the largest TV companies in the world, has published an explicit article about the Positive Hack Days forum opening on May 30, 2012.

The author of the article points out the lack of information security specialists and necessity of ethical hackers in Japan. Participation of local students in such contests as PHDays 2012 Capture the Flag is specified as a way out of Japanese cyber security crisis.

Saturday, May 5, 2012

The Show Won’t Go On

Among the most amusing competitions of the last year’s Positive Hack Days 2011, there was Safecracker, which offered the participants a course on lock picking and a chance to try their newly acquired skills. The winners got keepsakes and gained universal recognition. As for the tools, we used those from our home collections.

Last year (RUS )the competition had a tremendous success. The prizes went to (RUS) Gleb Shepelov, Vitaliy Glinsky and Kirill Tyurin. Working on the program for Positive Hack Days 2012, we were quite positive about what competition would blow the forum. However, this time everything turned out to be different: the Laws of the Russian Federation made some adjustments to our plans... The details are under the cut.