How much does it take to hack a mobile network?
Is electronic government secure
in the era of WikiLeaks and Anonymous?
Is SCADA hacking a Hollywood fiction
or the nowadays reality?
Internet banking: is there any chance to win
over the fraudsters?
Cyber-crimes, cyber-espionage, cyber-war: where do we draw a borderline?

Pages

Tuesday, February 24, 2015

PHDays V: Encryption Standards, M&A in Yandex and Chemical Attacks


Early December was marked with Call for Papers opened for everyone willing to speak at Positive Hack Days V. Later we announced the first speakers introducing John Matherly, the creator of Shodan, John Bambenek, a cyber detective, and Chris Hadnagy, a professional social engineer.

The first CFP stage was over at the end of January. Today we present a new portion of reports included in the technical, practical and business program of upcoming PHDays. The forum guests will learn how to fortify a corporate IT system digitally, how to bypass Moscow Metro Wi-Fi authorization, and how attackers exploit vulnerabilities in physical processes.

Yandex: Security for Mergers and Acquisitions

When a company buys another company, nobody ever thinks of a security audit. If, by any chance, it comes to the limelight, the current regulatory requirements alone are analyzed.

Yandex is actively purchasing technological projects all over the world now and then detonating the media scene with news about another grand merger. An information security analyst of the search giant, Natalya Kukanova, will throw light on how and why they included the security audit into the merging processes (M&A). The audience will learn what to check in case of M&A deals, how to organize audit, and how to interpret its results. All bullet points will be exemplified by real Yandex' deals.

Encryption Standards of the Future

Markku-Juhani Saarinen will detail into the NIST-sponsored CAESAR project, which is an international crypto competition aimed at the creation of a new AE security standard instead of AES-GCM (this algorithm was certified by the USA and NATO to handle secret information, but was detected to contain various security problems).

The speaker will acquaint his audience with CAESAR cyphers and consider weak and strong points of the current encryption standards and algorithms in Russia (e.g. the GOST R 34.10-2001 signature algorithm).

Markku-Juhani Saarinen has been studying information security and cryptography and developing cryptographic software for more than 15 years already.

Around OSX Sandbox

Alexander Stavonin will analyze how OSX (a sandbox designed with TrustedBSD) security tools work and how widely they are used by third-party applications. He will demonstrate potential problems and exploitation of TrustedBSD by cybercriminals — all exemplified by the source code.

How to Build a Digital Fortress

An information security and forensics expert from Bulgaria, Alexander Sverdlov, will take his floor at PHDays for the third time (his workshops on cyber forensics attracted a full house in 2013 and 2014) and will teach how to build an impregnable digital fortress. The audience will study how to enhance router protection installing alternative operating systems (Qubes OS, BSD Router project, SRG/STIG), to stop exploits, and to analyze application security.

If Hackers Were Chemists

Researchers and cybercriminals repeatedly demonstrate ways to hack SCADA systems that control electricity, transport and critical infrastructure elements such as chemical plants. However, dealing with such facilities, information security specialists often ignore the role of physical processes.

Such processes (e.g. a chemical reaction) can keep on running despite the actions of cybercriminals with full control over an infrastructure or management system. Yet if malicious users learn to exploit physical conditions, they will be able to affect reaction and process flows. The consequences are threatening: it's not that hard to imagine an explosion on a chemical plant provoked by a temperature monitoring sensor driven mad by a hacker in a cistern with a hazardous substance.

Maryna Krotofil, a Doctoral Candidate at Hamburg University of Technology, will put the audience in touch with the main stages of attacks aimed at destroying a specific physical process.


The second wave of Call for Papers is coming soon. Don't waste your chance to speak for 3,000 participants of Positive Hack Days! The exact dates will be announced in the nearest future. Keep track of the news.

To familiarize yourself with issues touched upon at PHDays, follow our post on the last year's best reports.
Posted by Positive Research at 9:44 AM
Labels: , , , , , , ,

14 comments:

  1. e signaturesMay 30, 2015 at 3:53 PM

    I stumbled upon this topic via Google. Very interesting view on subject. Thanks for sharing.

    ReplyDelete
  2. AnonymousJune 11, 2016 at 9:53 PM

    Positive Hack Days is better events for me, because I like all innovate computer systems and also technical programming is extremely important for me. Often I use this site - With our service you will be able to find the best quality proofreader.
    , because of diversity of resources. On the contrary, your сase are nice too!

    ReplyDelete
  3. AnonymousJuly 2, 2018 at 4:44 PM

    good post and you can also read about mexico dream league soccer kits and netherlands dls kits

    ReplyDelete
  4. Anand VihariAugust 14, 2018 at 9:30 AM

    Book flights using online flight booking service called Google Flights. More info on google flights via www-googleflights.com

    ReplyDelete
  5. Oliver MauriceAugust 16, 2018 at 1:49 PM

    You need to examine this blog post if you want to travel cheap. Every good traveler in the world are using it

    ReplyDelete
  6. Phyllis HolladaySeptember 20, 2018 at 9:35 AM

    Thanks for sharing this great content here I love this post very much.clash royale mod apk latest hungry shark evolution mod apk android my talking angela update

    ReplyDelete
  7. AlmasimpsonOctober 18, 2018 at 10:08 AM

    Marvelous offer decent to peruse this extremely supportive data for me I am exceptionally cheerful to part of this network continue sharing you may likewise like this
    royal mail courier tracking

    ReplyDelete
  8. HarryNovember 29, 2018 at 11:16 AM

    My proposal to you is that this: don't put up an undertaking that has 'indifference' written throughout it. your career depends on remarkable grades, and notable grades in flip depend on how nicely best australian assignment help you've got prepared your assignments.

    ReplyDelete
  9. talktowendysJanuary 2, 2019 at 8:44 AM

    You have access into a lots of music. Create customer playlists. The totally free Spotify users may be downloaded into tablet computer and tablets and cellular users on how to get spotify premium on iphone. Before we get to the part about free premium codes, here is a review of the qualities of all Spotifys different subscription types.

    ReplyDelete
  10. Excellent Assignment HelpMarch 1, 2019 at 3:28 PM

    This blog is mention about Chemical Attacks and very informative ForNURS6620 Nursing And Midwifery Therapeutics thanks for sharing.

    ReplyDelete
  11. AnonymousMarch 9, 2019 at 6:28 AM

    mywawavisit
    tellpizzahut
    mycfavisit

    ReplyDelete
  12. SirnocaresMarch 15, 2019 at 1:09 PM

    Take Krogerfeedback Survey & Win 50 Bonus Fuel Points. This Customer Survey is the online Feedback which is initiated by Kroger Store just to improve the standards.

    ReplyDelete
  13. cool math gamesMarch 25, 2019 at 5:09 AM

    I am glad to see this brilliant post. all the details are very helpful and useful for us, keep up to good work.

    ReplyDelete
  14. AptoideMarch 26, 2019 at 9:29 AM

    Aptoide is the largest independent Android app store and allows one to setup and manage your own Android Store. Upload, test and approve your apps.

    ReplyDelete

Subscribe to: Post Comments (Atom)