How much does it take to hack a mobile network?
Is electronic government secure
in the era of WikiLeaks and Anonymous?

Is SCADA hacking a Hollywood fiction
or the nowadays reality?
Internet banking: is there any chance to win
over the fraudsters?

Cyber-crimes, cyber-espionage, cyber-war: where do we draw a borderline?


Thursday, March 20, 2014

How to Hack Gmail and WordPress and Spy through TV

Hacking emails of authoritative users is usually accompanied by debates about the identity of such email correspondence that became available on the Internet. Until now, we thought that a correct DKIM signature indicates at the author of the correspondence containing this signature. But can we trust this authentication mechanism? Vulnerabilities in Google, Yandex and Mail.Ru will be discussed at the international information security forum Positive Hack Days IV, which will be held on May 21 and 22 in Moscow.

Secure protocols are used insecurely
The number of Google, Yandex and Mail.Ru users approaches one billion; hundreds of experts from all over the world are involved in security analysis of these services. However, no one is secured against vulnerabilities. Vladimir Dubrovin (3APA3A), the founder of and developer of the 3proxy server, one of the most outstanding representatives of the Russian old school, will speak on the misuse of both well-known (SSL/TLS and Onion Routing) and recent protocols insuring privacy, integrity and data encryption. Vladimir will also present new attack vectors aimed at accessing data that are processed by various services, including email.

A smart spy in your house
At the beginning TV were just supposed to be TV. They were used to make people's life happier. Nowadays, TV are fully-featured PC, having a proper OS, camera, microphone, web browser, and applications. They still make people happy. Especially the malicious ones.

Donato Ferrante and Luigi Auriemma , the founders of ReVuln, known for discovering vulnerabilities in SCADA and multiplayer games, will speak on the current status of Smart TV, exploring their attack surface, detailing possible areas of interest, and demonstrating some issues the speakers found while assessing the security of Smart TV from different vendors.

ARM exploitation
Participants of Aseem Jakhar's workshop will take their laptops and plunge into security issues of ARM. Aseem Jakhar is a researcher at Payatu Technologies and one of the founders of Nullcon. He will consider low-level programming starting right from the ARM assembly, shellcoding, buffer overflows, reverse engineering to сode injection.

The workshop has a lot of hands-on to get the participants comfortable with ARM assembly and understand the issues involved in exploitation of ARM-based Linux systems. To make the workshop more interesting, it uses Android as the platform for learning ARM exploitation and hence it covers Android OS specific developing and security concepts.

How to bug a conversation held on the other side of the planet
Lately, phone communications records can be found in the Internet and even be heard on TV. It is obvious that such records were obtained without the knowledge of the subscribers. Many of us received weird text messages and, after that, long bills for mobile services.

Sergey Puzankov, an expert at Positive Technologies specializing in mobile networks safety, will consider the possibilities of an intruder who has access to SS7. The author will speak about algorithms of attacks aimed at: disclosure of subscriber’s sensitive data and his or her location, changing dialing numbers of enabled services, call redirection, unauthorized intrusion into communication channel. Attacks are performed using recorded signaling messages. The research also consider proactive protection against such attacks and methods of investigating incidents related to vulnerabilities in a signaling network.

Moloch the investigator 
Thousands of years ago, people made human sacrifice to Moloch, an ancient god. The report about Moloch as a highly scalable and open source full packet capture system does not contain such bloodthirsty elements (intruders might think otherwise). The system can capture from the wire live for use as a network forensics tool to investigate compromises. It also serves as a great way for searching and interacting with large PCAP repositories for research (malware traffic, exploit/scanning traffic) Its web API also makes it extremely easy to integrate with existing SEIM’s or other alerting tools/consoles to help speed up analysis.

Andy Wick and Eoin Miller are members of AOL’s Computer Emergency Response Team. The hands/on lab will be focused on how AOL uses Moloch combined with IDS systems (Suricata/Snort) feeding alerting into consoles/SEIM’s (Sguil/ArcSight) to help defend their employees, users and the Internet at large. The experts will also run Moloch to capture the traffic that is occurring during PHDays CTF and analyze all the incidents.

Industrial cybersecurity and critical infrastructure protection in Europe
The events that have taken place during the last years (from 9/11 attacks to WikiLeaks and the Stuxnet malware) have made the governments to include in their agendas the development of national cybersecurity strategies to protect their critical infrastructures.

Ignacio Paredes, Studies and Research Manager at the Industrial Cybersecurity Center in Spain, says that hundreds of thousands of industrial infrastructures across Europe are at stake. The report will consider the relation between industrial and corporate environments and its impact in key organizations for the survival of a country as well as current trends in the convergence between industrial and corporate systems, threats and countermeasures.

WordPress security 
With approximately 19% of the web running on WordPress, it comes as no surprise that the security of this content management system has an enormous impact on a large number of users. Despite being open source, and reviewed by security researchers, WordPress is—just as any other software—prone to errors and vulnerabilities.

Tom Van Goethem, a PhD student at KU Leuven (Belgium), will tell PHDays IV participants how the unexpected behavior of MySQL led to the discovery of a PHP Object Injection vulnerability in the WordPress core. The author will also demonstrate how this vulnerability can be exploited.

The first group speakers is listed on the official site. If you want to present your report at the international information security forum, you must hurry up, because you can submit your application till March 31. Anyways, there are other ways to join PHDays IV.


  1. interesting..does that actually work??should i be worried about the security of my essay maker website??or is it quite hard to pull off??

    1. In this way is my personal information confidential? Do Oortn Mobdro android portugal TV apps work?

    2. Watch movies and TV shows on Smart TV at Brasil TV home page new:

    3. Presently the TV contains a lot of significant functions. There is a link between a PC and a smart TV. Accordingly applications for smart TVs are increasing. In addition to connecting with an HDMI cable, there is also a connection between the two devices by wifi. Download mobdro PC now.

  2. You should check out this blog article for some information on how to write amazing looking essay. You could even became number one in your class wit this.

  3. This is actually my first time to hire a writing company and I must say that resumeyard service delivers a very impressive result. I'm a bit skeptical with the process particularly in giving them my resume and making a payment online. I love the new look of my resume.


  4. Thankyou for the valuable information.iam very interested with this one.
    looking forward for more like this.
    telugu sex stories
    telugu boothu kathalu
    sex stories

  5. Here is an in-depth Blood Sugar Premier review. Blood sugar is one of the critical problems in today’s world; we can describe it as a deadly disorder in which there is an extreme amount of sugar in human blood.

  6. This is a great article, with lots of information in it, These types of articles interest users in your site. Please continue to share more interesting articles!

  7. Use other objects that are comparable to your subject and utilize them so that readers can further understand its definition.

  8. I am glad that I saw this post. It is informative blog for us and we need this type of blog thanks for share this blog, Keep posting such instructional blogs and I am looking forward for your future posts.
    Cyber Security Projects for Final Year

    JavaScript Training in Chennai

    Project Centers in Chennai

    JavaScript Training in Chennai

  9. quickbooks is an accounting software used to maintain or create accounts records and details for the business and firms and in case you face any issue in the software you can contact quickbooks support and they will provide you quickbooks tech support.
    for mored details visit the website

  10. quickbooks support is a tech assistance provider for the issues in quickbooks and in order to fix them you need to go to quickbooks support and ask for quickbooks tech support.
    for more details visit the website

  11. xlsx file is an extension that is used for Microsoft Excel Open XML spreadsheets(XLSX) file created by Microsoft Excel. You can open this format in other spreadsheets applications as per your choice. For more information, visit open _xlsx file.

  12. I am impressed by the information that you have on this blog. It shows how well you understand this subject. Places you need to visit in 2019. ... Upgrade your travel photos with these lightweight cameras that pack a punch ... Enjoy the world's best places to travel with Things to do .

  13. We provide a range of packages of Google accounts for sale at a reasonable price. Our bundle begins from $30, which is the least fee for getting the full benefit of Google account. All the Google accounts are manually crafted accounts that are entirely worthy of investing your money. We offer the most reasonably priced applications in the market. Buy aged Gmail Accounts

  14. It is important for online biology assignment writing service students to seek Biology Case Study Writing Services from a reputable custom biology research paper service company so as to be assured of good grades in their biology research paper services.

  15. Online political science essay writing help services are very common nowadays since there are very many students seeking Political Science Writing Services and political science research paper writing services.

  16. Experts at Videomization work with the way of thinking of making the most engaging and streamlined enlivened encounters for your business, that assist you with conveying to your crowd in the most imaginative design.

  17. We are one of the most reputed K12 quality check companies, which delivers quality check services to K12 schools in the USA, UK, Australia, UAE, and Singapore.

  18. Site positivo, de onde você tirou as informações desta postagem? Eu li alguns dos artigos em seu site agora e gosto muito do seu estilo. Muito obrigado e por favor, continuem com o trabalho eficaz. bruno espiao

  19. Uma postagem de blog muito incrível. Estamos muito gratos por sua postagem no blog. Você encontrará muitas abordagens depois de visitar seu post. aplicativo espião