How much does it take to hack a mobile network?
Is electronic government secure
in the era of WikiLeaks and Anonymous?

Is SCADA hacking a Hollywood fiction
or the nowadays reality?
Internet banking: is there any chance to win
over the fraudsters?

Cyber-crimes, cyber-espionage, cyber-war: where do we draw a borderline?


Tuesday, February 24, 2015

PHDays V: Encryption Standards, M&A in Yandex and Chemical Attacks

Early December was marked with Call for Papers opened for everyone willing to speak at Positive Hack Days V. Later we announced the first speakers introducing John Matherly, the creator of Shodan, John Bambenek, a cyber detective, and Chris Hadnagy, a professional social engineer.

The first CFP stage was over at the end of January. Today we present a new portion of reports included in the technical, practical and business program of upcoming PHDays. The forum guests will learn how to fortify a corporate IT system digitally, how to bypass Moscow Metro Wi-Fi authorization, and how attackers exploit vulnerabilities in physical processes.

Yandex: Security for Mergers and Acquisitions

When a company buys another company, nobody ever thinks of a security audit. If, by any chance, it comes to the limelight, the current regulatory requirements alone are analyzed.

Yandex is actively purchasing technological projects all over the world now and then detonating the media scene with news about another grand merger. An information security analyst of the search giant, Natalya Kukanova, will throw light on how and why they included the security audit into the merging processes (M&A). The audience will learn what to check in case of M&A deals, how to organize audit, and how to interpret its results. All bullet points will be exemplified by real Yandex' deals.

Encryption Standards of the Future

Markku-Juhani Saarinen will detail into the NIST-sponsored CAESAR project, which is an international crypto competition aimed at the creation of a new AE security standard instead of AES-GCM (this algorithm was certified by the USA and NATO to handle secret information, but was detected to contain various security problems).

The speaker will acquaint his audience with CAESAR cyphers and consider weak and strong points of the current encryption standards and algorithms in Russia (e.g. the GOST R 34.10-2001 signature algorithm).

Markku-Juhani Saarinen has been studying information security and cryptography and developing cryptographic software for more than 15 years already.

Around OSX Sandbox

Alexander Stavonin will analyze how OSX (a sandbox designed with TrustedBSD) security tools work and how widely they are used by third-party applications. He will demonstrate potential problems and exploitation of TrustedBSD by cybercriminals — all exemplified by the source code.

How to Build a Digital Fortress

An information security and forensics expert from Bulgaria, Alexander Sverdlov, will take his floor at PHDays for the third time (his workshops on cyber forensics attracted a full house in 2013 and 2014) and will teach how to build an impregnable digital fortress. The audience will study how to enhance router protection installing alternative operating systems (Qubes OS, BSD Router project, SRG/STIG), to stop exploits, and to analyze application security.

If Hackers Were Chemists

Researchers and cybercriminals repeatedly demonstrate ways to hack SCADA systems that control electricity, transport and critical infrastructure elements such as chemical plants. However, dealing with such facilities, information security specialists often ignore the role of physical processes.

Such processes (e.g. a chemical reaction) can keep on running despite the actions of cybercriminals with full control over an infrastructure or management system. Yet if malicious users learn to exploit physical conditions, they will be able to affect reaction and process flows. The consequences are threatening: it's not that hard to imagine an explosion on a chemical plant provoked by a temperature monitoring sensor driven mad by a hacker in a cistern with a hazardous substance.

Maryna Krotofil, a Doctoral Candidate at Hamburg University of Technology, will put the audience in touch with the main stages of attacks aimed at destroying a specific physical process.

The second wave of Call for Papers is coming soon. Don't waste your chance to speak for 3,000 participants of Positive Hack Days! The exact dates will be announced in the nearest future. Keep track of the news.

To familiarize yourself with issues touched upon at PHDays, follow our post on the last year's best reports.


  1. I stumbled upon this topic via Google. Very interesting view on subject. Thanks for sharing.

  2. Positive Hack Days is better events for me, because I like all innovate computer systems and also technical programming is extremely important for me. Often I use this site - With our service you will be able to find the best quality proofreader.
    , because of diversity of resources. On the contrary, your сase are nice too!

  3. Book flights using online flight booking service called Google Flights. More info on google flights via

  4. You need to examine this blog post if you want to travel cheap. Every good traveler in the world are using it

  5. Thanks for sharing this great content here I love this post very much.clash royale mod apk latest hungry shark evolution mod apk android my talking angela update

  6. Marvelous offer decent to peruse this extremely supportive data for me I am exceptionally cheerful to part of this network continue sharing you may likewise like this
    royal mail courier tracking

  7. My proposal to you is that this: don't put up an undertaking that has 'indifference' written throughout it. your career depends on remarkable grades, and notable grades in flip depend on how nicely best australian assignment help you've got prepared your assignments.

  8. You have access into a lots of music. Create customer playlists. The totally free Spotify users may be downloaded into tablet computer and tablets and cellular users on how to get spotify premium on iphone. Before we get to the part about free premium codes, here is a review of the qualities of all Spotifys different subscription types.

  9. This blog is mention about Chemical Attacks and very informative ForNURS6620 Nursing And Midwifery Therapeutics thanks for sharing.

  10. Take Krogerfeedback Survey & Win 50 Bonus Fuel Points. This Customer Survey is the online Feedback which is initiated by Kroger Store just to improve the standards.

  11. I am glad to see this brilliant post. all the details are very helpful and useful for us, keep up to good work.

  12. Aptoide is the largest independent Android app store and allows one to setup and manage your own Android Store. Upload, test and approve your apps.