Hacking emails of authoritative users is usually accompanied by debates about the identity of such email correspondence that became available on the Internet. Until now, we thought that a correct DKIM signature indicates at the author of the correspondence containing this signature. But can we trust this authentication mechanism? Vulnerabilities in Google, Yandex and Mail.Ru will be discussed at the international information security forum Positive Hack Days IV, which will be held on May 21 and 22 in Moscow.
Secure protocols are used insecurely
The number of Google, Yandex and Mail.Ru users approaches one billion; hundreds of experts from all over the world are involved in security analysis of these services. However, no one is secured against vulnerabilities. Vladimir Dubrovin (3APA3A), the founder of Securityvulns.com and developer of the 3proxy server, one of the most outstanding representatives of the Russian old school, will speak on the misuse of both well-known (SSL/TLS and Onion Routing) and recent protocols insuring privacy, integrity and data encryption. Vladimir will also present new attack vectors aimed at accessing data that are processed by various services, including email.
A smart spy in your house
At the beginning TV were just supposed to be TV. They were used to make people's life happier. Nowadays, TV are fully-featured PC, having a proper OS, camera, microphone, web browser, and applications. They still make people happy. Especially the malicious ones.
Donato Ferrante and Luigi Auriemma , the founders of ReVuln, known for discovering vulnerabilities in SCADA and multiplayer games, will speak on the current status of Smart TV, exploring their attack surface, detailing possible areas of interest, and demonstrating some issues the speakers found while assessing the security of Smart TV from different vendors.
Participants of Aseem Jakhar's workshop will take their laptops and plunge into security issues of ARM. Aseem Jakhar is a researcher at Payatu Technologies and one of the founders of Nullcon. He will consider low-level programming starting right from the ARM assembly, shellcoding, buffer overflows, reverse engineering to сode injection.
The workshop has a lot of hands-on to get the participants comfortable with ARM assembly and understand the issues involved in exploitation of ARM-based Linux systems. To make the workshop more interesting, it uses Android as the platform for learning ARM exploitation and hence it covers Android OS specific developing and security concepts.
How to bug a conversation held on the other side of the planet
Lately, phone communications records can be found in the Internet and even be heard on TV. It is obvious that such records were obtained without the knowledge of the subscribers. Many of us received weird text messages and, after that, long bills for mobile services.
Sergey Puzankov, an expert at Positive Technologies specializing in mobile networks safety, will consider the possibilities of an intruder who has access to SS7. The author will speak about algorithms of attacks aimed at: disclosure of subscriber’s sensitive data and his or her location, changing dialing numbers of enabled services, call redirection, unauthorized intrusion into communication channel. Attacks are performed using recorded signaling messages. The research also consider proactive protection against such attacks and methods of investigating incidents related to vulnerabilities in a signaling network.
Moloch the investigator
Thousands of years ago, people made human sacrifice to Moloch, an ancient god. The report about Moloch as a highly scalable and open source full packet capture system does not contain such bloodthirsty elements (intruders might think otherwise). The system can capture from the wire live for use as a network forensics tool to investigate compromises. It also serves as a great way for searching and interacting with large PCAP repositories for research (malware traffic, exploit/scanning traffic) Its web API also makes it extremely easy to integrate with existing SEIM’s or other alerting tools/consoles to help speed up analysis.
Andy Wick and Eoin Miller are members of AOL’s Computer Emergency Response Team. The hands/on lab will be focused on how AOL uses Moloch combined with IDS systems (Suricata/Snort) feeding alerting into consoles/SEIM’s (Sguil/ArcSight) to help defend their employees, users and the Internet at large. The experts will also run Moloch to capture the traffic that is occurring during PHDays CTF and analyze all the incidents.
Industrial cybersecurity and critical infrastructure protection in Europe
The events that have taken place during the last years (from 9/11 attacks to WikiLeaks and the Stuxnet malware) have made the governments to include in their agendas the development of national cybersecurity strategies to protect their critical infrastructures.
Ignacio Paredes, Studies and Research Manager at the Industrial Cybersecurity Center in Spain, says that hundreds of thousands of industrial infrastructures across Europe are at stake. The report will consider the relation between industrial and corporate environments and its impact in key organizations for the survival of a country as well as current trends in the convergence between industrial and corporate systems, threats and countermeasures.
With approximately 19% of the web running on WordPress, it comes as no surprise that the security of this content management system has an enormous impact on a large number of users. Despite being open source, and reviewed by security researchers, WordPress is—just as any other software—prone to errors and vulnerabilities.
Tom Van Goethem, a PhD student at KU Leuven (Belgium), will tell PHDays IV participants how the unexpected behavior of MySQL led to the discovery of a PHP Object Injection vulnerability in the WordPress core. The author will also demonstrate how this vulnerability can be exploited.
The first group speakers is listed on the official site. If you want to present your report at the international information security forum, you must hurry up, because you can submit your application till March 31. Anyways, there are other ways to join PHDays IV.