PHDays V: encryption of the future, Yandex M&A, chemical attack and father of cyberpunk
In early December, we started accepting applications from people wishing to speak at Positive Hack Days V, later we announced the first group of speakers , including Shodan creator John Materley, cyber-detective John Bambenek and professional social engineer Chris Hadnagi.
The first stage of Call for Papers ended at the end of January, and today we are presenting a new portion of reports that have been included in the technical, practical and business program of the upcoming PHDays . Forum guests will learn how to turn an ordinary corporate IT system into an impregnable digital fortress, what will be the encryption standards of the future, how attackers exploit vulnerabilities in physical processes.
Yandex: security in mergers and acquisitions
When one company buys another, as a rule, the matter does not reach the security audit, and if it does, then only the applicable requirements of the regulators are analyzed.
Yandex is one of the most active buyers of technological projects in Russia and abroad, periodically blowing up information space with the latest news about a loud takeover. Information security analyst at search giant Natalya Kukanova will talk about how and why they included security audits in the process of acquiring new companies (M&A). Students will learn what exactly needs to be checked in the case of M&A transactions, how to organize an audit and how to interpret the results. All theses will be illustrated by the example of real Yandex transactions.
Future Encryption Standards
Markku-Juhani Saarinen will talk about the NIST initiative called CAESAR: this is an international cryptographic competition whose goal is to create a new AE security standard to replace AES-GCM (this algorithm is certified by the US and NATO to work with classified information, but various security issues).
During his presentation, the speaker will introduce listeners to the ciphers - participants of the CAESAR competition (among which are those created by Russian developers), and also will consider the weaknesses and strengths of the encryption standards and algorithms used and developed in our country (for example, GOST R 34.10-2001 or promising Grasshopper algorithm).
Markku-Juhani Saarinen has been conducting research in the field of information security and cryptography for more than 15 years, participating in the development of cryptographic software.
Around the OSX Sandbox
Alexander Stavonin will analyze the operating principles of standard OSX self-defense tools (sandboxes implemented using TrustedBSD), talk about the breadth of their use by third-party applications, and demonstrate the potential problems and possibilities of malicious use of TrustedBSD by cybercriminals - using source code examples.
How to build a digital fortress
Alexander Sverdlov, a Bulgarian expert in information security and information security incident investigation, during his third appearance at PHDays (in 2013 and 2014 he collected full houses at cyber-investigation master classes) will talk about how to create an impregnable digital fortress. Students will learn how to increase the security of routers by installing alternative operating systems (Qubes OS, BSD Router project, SRG / STIG), prevent exploits from running, and analyze application security.
If hackers are chemists
Researchers and cybercriminals have repeatedly demonstrated the possibility of hacking SCADA systems that control power grids , transport infrastructure, or critical facilities like chemical plants. However, very often information security specialists ignore the fact that in the case of such objects, not only technologies, but also physical processes play a very important role.
Such processes (for example, a chemical reaction) may not stop because the attacker gained control over the infrastructure or was able to penetrate the control system. However, if criminals learn to take physical conditions into account when developing attacks, they will be able to influence the course of processes and reactions. The consequences can be dangerous: it is not difficult to imagine an explosion at a chemical plant provoked by a “crazy” probe of the temperature control in a tank with a dangerous substance by the will of a hacker.
Doctoral student at the Technical University of Hamburg, Marina Krotofil, will introduce the audience to the stages of planning and implementing such cyberattacks, the purpose of which is to create a destructive effect on a certain physical process.
Bruce Sterling will appreciate Russian cyberpunk
This year, the forum’s program included a hacked future contest of cyberpunk stories . Until April 15, anyone can send their story up to 30 thousand characters to the contest. The winners of the competition will be awarded at PHDays V, and the creators of the iconic radio program Model for Assembly will read their stories on the forum.
More information about the conditions of the competition can be found on the conference website . And here we add only one new part. In addition to well-known Russian writers and publishers, the jury of the competition invited one of the fathers of cyberpunk, visionary and iconic IT publicist Bruce Sterling . “It will be very interesting for me to get acquainted with Russian cyberpunk,” said Bruce in an interview with the organizers of PHDays.
Soon the second wave startsCall for Papers , do not miss your chance to speak in front of 3000 Positive Hack Days participants! Dates will be announced shortly - stay tuned for announcements.
You can familiarize yourself with the topic of PHDays' performances by reading our post with a list of the best performances of last year's forum.