Obama's Boot vs. Trojan printer. Who will win?

    image

    A typical businessman who does not part with a smartphone will increase pressure when he realizes that his “phone” is a computer in the worst sense of the word - a potential dump of viruses and trojans. A fan of military equipment, looking at a photo of a new tank, will turn to Buddhism, having learned that a competent computer attack will slam this growling pile of iron, like a slipper fly. Times have changed, and a quiet hacker revolution has already taken place. How to survive in a new reality, speakers at the Positive Hack Days 2012 forum will tell.

    World Team
    As you recall, dozens of unique computer security experts will come to PHDays this year. The best minds from around the world. The forum participants (top officials of the largest companies, information security directors, specialists, hackers, journalists, young scientists) will have a rare opportunity not only to learn the very best in the field of information protection, but also to communicate in a relaxed atmosphere with the main figures guarding our fragile world from cybercrime.

    image

    Obama's boot
    Are you able to get Barack Obama to perform with the boot on his head? This was required by the hacker group LulzSec, sequentially hacking the servers of the CIA, Sony, Arizona police and the British Organized Crime Control Department - SOCA. After a 50-day experiment, the guys from LulzSec - several teenagers - announced self-dissolution. They did it “for fun.” Will presidents wear shoes on their heads if more serious people engage in such attacks, says Jerry Gamblin in his report “What We Can (and Should) Learn from LulzSec”. Jerry is an Information Security Specialist at the Missouri House of Representatives.

    Forum Key Speaker
    Recall that at PHDays 2012, for the first time in Russia, David Blaine cryptography and Mick Jagger of information security will speak Bruce Schneier(Bruce Schneier). They say that he knows your password even before you invent it, and writes his articles, simply decrypting the data from / dev / random with a suitable key. Legend in our field. Bruce Schneier is the founder of Counterpane Internet Security, the head of information security at British Telecom , the author of dozens of ciphers and six books, including the best-selling book Applied Cryptography translated into Russian.

    image

    Not all printers are equally useful.
    While blondes drag a printer from corner to corner when their computer “doesn't see the printer,” hackers use printers to see your network from a whole new angle. In recent years, penetration using the PostScript language has become a fairly popular way of hacking among Internet attackers. In some cases, the PostScript file injects a trojan or virus into the system, in others it transmits secret data via TCP port 80. Andrei Kostin will talk about these and other non-standard features of printing devices in his report “PostScript: Danger ahead! / Hacking MFPs, PCs and beyond ... ". Andrey is the owner of many regalia in the field of information security, in particular, he received the Google Security Reward award and entered the Google Security Hall of Fame(December 2011), and also won first place in the competition "Application Security - Hackers are watching you", which was held by Hacktics for Amdocs (2007).

    image

    Military-Grade Encryption vs. Dmitry Sklyarov ... Che, seriously?
    With the growing popularity of smartphones and tablets, the importance of the task of ensuring data privacy on such devices has also increased. As a result, many programs have appeared, the main function of which is reliable password storage and strong data encryption. But are “secure” applications so reliable as their developers claim? Dmitry Sklyarov , known for his contempt for weak cryptography, in the report “Secure Password Managers” and “Military-Grade Encryption for smartphones: Che, seriously?” will present the results of an analysis of several password and data protection programs for Apple iOS and show that sometimes it’s better not to reinvent the wheel. Dmitry is an information security analyst at ElcomSoft Co. Ltd. and associate professor of the Department of "Information Security" MSTU. Bauman.

    Mom, he counted me!
    The Russian Law "On Personal Data" 152-ФЗ is criticized by everyone who is not lazy. It turns out that the features of national lawmaking have nothing to do with it. Mikhail Utinin his report “Analysis of US Laws and Regulations Protecting Personal Information - What Is Wrong and How to Fix It”, he will talk about how to regulate this sphere in the USA - what absurd requirements the business faces there, and how these problems could be solved . Or get around ... Michael is a master in computer science with 20 years of experience in IT and 10 years of experience in the field of information security; author of IT security management articles; founder of Rubos, Inc.

    How GSM and GRPS were compromised An
    interesting report by “Abusing Calypso phones” will be made by OsmocomBB project developer Sylvain Muno(Sylvain Munaut). Research in the field of mobile communications security and additional brutal hacks by Sylvain have led to the hacking of GSM, GRPS out of the field of Rocket Science. On the other hand, everything that can be hacked needs to be protected, and Sylvain had to take a hand in the development of IDS based on osmocom ( 1 , 2 , 3 ).

    Hands off the keyboard!
    Famous Indian hacker Nikhil Mittal , creator of the Kautilya framework, will give a hands-on workshop on “Breaking havoc using a Human Interface Device”. The main topic of the presentation is how easy it is to hack into a computer using devices that impersonate a mouse, keyboard, and other similar devices.

    Hands on the keyboard!
    The forum will include not only reports, but also practical trainings and master classes.
    The program is still being formed, details later.

    And

    image

    Micah Borrman of SySS, in his work on Internet, CVV2 and fraud detection systems, will analyze typical security vulnerabilities of online stores that use MasterCard and VISA cards to pay.

    Marcus Nimitz(Marcus Niemietz) will raise the urgent topic of attacks on mobile phones (in particular, popular smartphones running Android), when the device starts sending SMS, making calls and generally behaving badly without the owner’s knowledge. The report is called "Hijacking Attacks on Android Devices." Marcus will show all this at the conference, promising one or two 0day attacks and many practical experiments. Marcus works at the Department of Network and Data Security at the Ruhr University in Bochum. Author of Clickjacking und UI-Redressing. He has over six years of experience in the field of security QA, ISP and web applications.

    Alexander Matrosov, head of the Center for Viral Research and Analytics at ESET, will present a report whose theme is so super-mega-private-0day that it has not yet been announced. But, knowing Alexander, we have no doubt that his performance will be especially remembered by the audience. Mr. Matrosov teaches at the Department of Cryptology and Discrete Mathematics of the National Research Nuclear University MEPhI, is a co-author of the scientific articles Stuxnet Under the Microscope and TDL3: The Rootkit of All Evil? and the leadless 100% Virus Free Podcast . Currently, Alexander specializes in a comprehensive analysis of complex threats and the study of cybercrime activity.

    Igor Kotenko, Head of the Laboratory of Computer Security Problems at SPIIRAN, will make a presentation on “Cyberwar Software Agents”. No, Agent Smith has nothing to do with it. Although you know ...

    Nikita Tarakanov and Alexander Bazhanyuk will present the report “Automatic vulnerability search tool”. Nikita Tarakanov is researching vulnerabilities in software products, creating effective ways to localize them, and developing new methods of protection. He is the author of several articles in the Hacker magazine devoted to the problems of vulnerability search and exploitation. Found critical vulnerabilities in Microsoft, CA, Trend Micro, VMWare, Kaspersky Lab, Cisco, Oracle, PGP and other companies (Fortune 1000) products. Nikita and Alexander are the founders of the information security company CISS RT.

    Welcome to the stage
    If you have something to say on the topic of information security, send us the topic of your report.
    We are not interested in your age and regalia. Whether you are a pensioner who found a vulnerability when using a social card, or your parents bought you a computer only six months ago, and you already hacked the exam system, in any case, you can go here: http://www.phdays.ru/cfp.asp .

    If you are young and learned, then welcome to the Young School contest.
    The forum values ​​freshness of the look, new ideas, unusual points of view.

    More information about the PHDays forum can be found here:
    http://phdays.ru
    http://phdays.blogspot.com

    Also popular now: