Obama Boot vs. Trojan printer. Who will win?

A typical businessman, not parting with a smartphone, will increase pressure when he realizes that his “phone” is a computer in the worst sense of the word - a potential dump of viruses and Trojans. A fan of military equipment, examining a photo of a new tank, will turn to Buddhism, having learned that a competent computer attack will slam down on this growling pile of iron, like a fly slipper. Times have changed, and the silent hacker revolution has already taken place. How to survive in a new reality, the speakers at the forum Positive Hack Days 2012.

World team
As you remember, dozens of unique computer security specialists will come to PHDays this year. The best minds from around the world. The forum participants (top managers of major companies, information security directors, specialists, hackers, journalists, young scientists) will have a rare opportunity not only to learn the whole thing about information security, but also to communicate in a relaxed atmosphere with the main figures guarding our fragile world. from cybercrime.


')
Obama's shoe
Are you able to make Barack Obama come up with a boot on his head? This was demanded by the hacker group LulzSec , which consistently hacked the servers of the CIA, Sony, the police of Arizona and the British Organized Crime Control Department - SOCA. After the 50-day experiment, the guys from LulzSec — a few teenagers — declared self-dissolution. They did it for the sake of laughter. Whether it is fashionable for presidents to wear shoes on their heads, if more serious people take up such attacks, Jerry Gamblin will tell in his report “What We Can (and Should) Learn from LulzSec”. Jerry is an information security officer at the Missouri House of Representatives.

"Key" speaker of the forum
We remind you that David Blaine of cryptography and Mick Jagger of information security Bruce Schneier will speak at PHDays-2012 for the first time in Russia. They say that he knows your password before you even invented it, and writes his articles, simply deciphering the data from / dev / random with a suitable key. Legend in our field. Bruce Schneier is the founder of Counterpane Internet Security, the head of the information security service at British Telecom , the author of dozens of ciphers and six books, including the bestseller “Applied Cryptography” translated into Russian.



Not all printers are equally useful.
While blondes drag the printer from corner to corner when their computer "does not see the printer," hackers use printers to see your network from a completely new angle. In recent years, PostScript penetration has become quite a popular way of hacking among Internet cybercriminals. In some cases, the PostScript file injects a Trojan program or a virus into the system, in others, it sends secret data through TCP port 80. Andrei Kostin will tell about these and other non-standard printing device capabilities in the report “PostScript: Danger ahead! / Hacking MFPs, PCs and beyond ... ". Andrew is the owner of many regalia in the field of information security, in particular, he received the Google Security Reward award and entered the Google Security Hall of Fame (December 2011), and also won first place in the competition "Application Security - Hackers are watching you", which was held by Hacktics for Amdocs (2007).



Military-Grade Encryption vs. Dmitry Sklyarov ... Che, seriously?
With the growing popularity of smartphones and tablets, the importance of ensuring the confidentiality of data on such devices has increased. As a result, a lot of programs have appeared, the main function of which is the secure storage of passwords and strong data encryption. But are “secure” applications as reliable as their developers claim? Dmitry Sklyarov , known for his contempt for weak cryptography , in the report “Secure Password Managers” and “Military-Grade Encryption” for smartphones: Che, seriously? ”Will present the results of the analysis of several password and data protection programs for Apple iOS and will show that better not reinvent the wheel. Dmitry is an analyst in the field of information security ElcomSoft Co. Ltd. and associate professor of the department "Information Security" MSTU. Bauman.

Mom, he counted me!
The Russian law “On Personal Data” 152-FZ is criticized by all and sundry. It turns out that the peculiarities of national lawmaking have nothing to do with it. Mikhail Utin, in his report “Analysis of US Laws and Regulations Protecting Personal Information - What is Wrong and How to Fix It”, will tell about how this sphere is regulated in the USA - what absurd demands does business face there and how could these problems would solve. Or get around ... Mikhail is a master in computer science with 20 years of experience in IT and 10 years of experience in the field of information security; the author of articles on IT security management; founder of Rubos, Inc.

How GSM and GRPS were compromised
OsmocomBB project developer Sylvain Munaut will make an interesting report “Abusing Calypso phones”. Research into mobile security and the additional brutal hacks of Sylvain resulted in GSM hacking, GRPS leaving the Rocket Science area. On the other hand, everything that can be cracked needs to be protected, and Sylvain had to take a hand in developing an osmocom-based IDS ( 1 , 2 , 3 ).

Hands off the keyboard!
The famous Indian hacker Nikhil Mittal , the creator of the Kautilya framework, will hold a practical workshop on the topic “Breaking havoc using a Human Interface Device”. The main topic of the speech is how easy it is to hack a computer using devices that impersonate a mouse, keyboard, and other similar devices.

Hands on the keyboard!
The forum will include not only reports, but also practical trainings and master classes.
The program is still being formed, the details - a little later.

And



Micha Borrman of SySS, in the Internet, CVV2 and fraud detection systems, will analyze typical security vulnerabilities of online stores that use MasterCard and VISA to pay.

Marcus Nimitz (Marcus Niemietz) will raise the actual topic of attacks on mobile phones (in particular, popular smartphones running Android), when the device starts sending SMS, making calls and behaving badly in general without the knowledge of the owner. The report is called “Hijacking Attacks on Android Devices”. Marcus will show all this at the conference, promising one or two 0day attacks and many practical experiences. Marcus works in the Network and Data Security Department at the Ruhr University Bochum. The author of the book Clickjacking und UI-Redressing. He has over six years of experience in the field of security QA, ISP and web applications.

Alexander Matrosov , head of the Center for Viral Research and Analytics at ESET, will present a report whose topic is so super-mega-private-0day that it has not yet been announced. But, knowing Alexander, we do not doubt that his performance will be especially remembered by the audience. Mr. Matrosov teaches at the Department of Cryptology and Discrete Mathematics at the National Research Nuclear University MEPhI, co-authored the scientific articles Stuxnet Under the Microscope and TDL3: The Rootkit of All Evil? And the permanent 100% Virus Free Podcast . Currently, Alexander specializes in comprehensive analysis of complex threats and the study of cybercrime activity.

Igor Kotenko , head of the SPIIRAN computer security problems laboratory, will make a presentation on “Cyber ​​warfare software agents”. No, Agent Smith has nothing to do with it. Although who knows ...

Nikita Tarakanov and Alexander Bazhanyuk will present the report "Automatic tool for finding vulnerabilities." Nikita Tarakanov is engaged in researching vulnerabilities in software products, creating effective ways to localize them and developing new methods of protection. Author of several articles in the magazine "Hacker", devoted to the problems of finding vulnerabilities and their exploitation. Found critical vulnerabilities in Microsoft, CA, Trend Micro, VMWare, Kaspersky Lab, Cisco, Oracle, PGP and other companies (Fortune 1000) products. Nikita and Alexander - the founders of the company in the field of information security CISS RT.

We invite to the stage
If you have something to say on the topic of information security, send us the topic of your report.
We are not interested in your age and regalia. Whether you are a pensioner who found a vulnerability when using a social card, or your parents bought you a computer only six months ago, and you already hacked the USE system, in any case, you should go here: http://www.phdays.ru/cfp.asp .

If you are young and learned, welcome to the Young School competition.
The forum appreciates the freshness of view, new ideas, unusual points of view.

More information about the PHDays forum can be found here:
http://phdays.ru
http://phdays.blogspot.com