Hack in Paris 2014. European adventures of hackers in Disneyland
I read the Dor1s article about DEF CON CTF 22 and wanted to talk about my summer adventures at Hack in Paris. I think habrazhiteli it will be interesting to read a report about this event, especially some of us even spoke on it. Hired me to HIP2014 quite by accident. Returning through Paris from a business trip, I had some kind of strange gap before the holidays. He began to google, that a serious one is passing nearby, and suddenly stumbled upon this conference. I saw in the list of participants guys like Winn Schwarth (Winn Schwartau) and decided to dash on this European DEFCON. Tickets were quite expensive, but not fatal. Approximately 700 €.
Of course, I expected Disneyland to be very close, but in fact from Hotel New York, where the event took place, it was only 4 minutes walk from the whole world to the entrance to this vacuum cleaner for pockets of parents from around the world.
It's funny to eat steaks with blood with serious specialists and watch, at this time, on the contrary, another charming girl finishes an already surrendered mother to buy Mickey Mouse, more than her (mother) growth.
')
1. The level of protection of networks and controllers in the manufacturing sector is zero (ICS / SCADA). That is, the systems at the most serious enterprises are protected so that they cannot be a challenge even for 12 year old children with a normally working head.
2. Soon even irons and coffee makers will have broadband Internet access. It is then that the real chaos begins. After that, ordinary users will have much more trouble. “Your fridge is locked. If you want a morning pickle - send an SMS to a short number. ”
3. Want a safer connection - get Nokia's grandmother in the dawn of the 90s.
4. In China, on the black market, you can buy anything. Drawings and technologies of any technology produced on the planet.
5. Cryptography is evolving, and strong algorithms of a new type are replacing encryption.
The event itself consisted of 3 parts. A week of training seminars, two days of performances and a day of competition. Day and night competitions are called Nuit du Hack. The rest is Hack in Paris.
Everything looked quite solid. Directors from huge companies such as Baidu acted.
There was a sea of cult characters with whom you could easily communicate and drink beer. There were interesting workshops with demonstration stands, which were taught to hack everything from Android phones to UAVs and factories.
1. Here begins the interesting. Speech by dear Alvaro Alejandro Soto (Alvaro Alexander Soto), in which he talks about the most advanced data recovery technologies, the largest hardware vulnerability of our days, as well as the construction of his laboratory for the examination. Frequency analysis? Yeah, and you do not want the Faraday cage and the clearance of microbombs embedded in the server?
I think that for security specialists there will be only a couple of new moments, but for the CEO and technical directors the performance will be enlightening. And they immediately want to invest something else in the security of the company. For this video and should be used.
2. And then the brilliant Thomas Wang from Baidu. A Chinese company with more users than Google. Right from the very hell of modern mobile malware building. I thought his speech was important because he gives an interesting vision of one of the new threats in the field of user security. Tells how they stop huge epidemics and in every possible way pours examples from rough private life. In general, it is necessary to look.
By the way, during a private conversation with him, at a private cocktail party, they came to the conclusion that the lion's share of problems can be solved by covering the companies that provide payment processing services to fraudsters. I will not poke a finger. We already know them all.
However, in China, everything is much more cunning. His lecture makes you feel the taste of lawlessness happening there.
3. And finally, Paul Koggin about ICS / SCADA. There is about how vulnerable modern systems operating in industry. The general feeling is that the level of security in this area is tantamount to protecting gullible dodos, which they ate in the 18th century.
There was an interesting story with the Swiss company Equivalence AG. They challenged the hackers participating in the conference and handed out flyers in the form of € 500, with a proposal to open their archive.
At some point, the event de facto stopped. The huge hall, along with the speakers buried in their laptops, trying to unravel the secret. But nobody ever hacked them.
Technology, they say, is based on a new principle that has not been used before. And they do not use encryption.
I know the guys at Nui du Hack found and patented Equivalence AG patents, but this did not produce any results.
I am sure that the event does not reach the scale of DEFCON and DERBYCON, but it was great. I also liked the fact that everyone was conducting a small fragile mm ... afro-Frenchwoman named Lyle. Despite the fact that the event was organized by the guys from Sysdreams, she was the real leader of the event. She just ran around the huge hotel from end to end, on the run kissing someone or giving instructions.
Jess on the left. (Jayson E. Street). Right Lila.
In the end, I spent a cool 4 days. Learned to open the door locks for speed. And piloted quadracopter to the nearest wall. French cuisine and great local air contributed to this.
By the way, what do you think about the situation with SCADA?
Of course, I expected Disneyland to be very close, but in fact from Hotel New York, where the event took place, it was only 4 minutes walk from the whole world to the entrance to this vacuum cleaner for pockets of parents from around the world.
It's funny to eat steaks with blood with serious specialists and watch, at this time, on the contrary, another charming girl finishes an already surrendered mother to buy Mickey Mouse, more than her (mother) growth.
Key ideas from the reports ...
')
1. The level of protection of networks and controllers in the manufacturing sector is zero (ICS / SCADA). That is, the systems at the most serious enterprises are protected so that they cannot be a challenge even for 12 year old children with a normally working head.
2. Soon even irons and coffee makers will have broadband Internet access. It is then that the real chaos begins. After that, ordinary users will have much more trouble. “Your fridge is locked. If you want a morning pickle - send an SMS to a short number. ”
3. Want a safer connection - get Nokia's grandmother in the dawn of the 90s.
4. In China, on the black market, you can buy anything. Drawings and technologies of any technology produced on the planet.
5. Cryptography is evolving, and strong algorithms of a new type are replacing encryption.
Below about all this is detailed and detailed.
The event itself consisted of 3 parts. A week of training seminars, two days of performances and a day of competition. Day and night competitions are called Nuit du Hack. The rest is Hack in Paris.
Everything looked quite solid. Directors from huge companies such as Baidu acted.
There was a sea of cult characters with whom you could easily communicate and drink beer. There were interesting workshops with demonstration stands, which were taught to hack everything from Android phones to UAVs and factories.
The brightest performances for my taste
1. Here begins the interesting. Speech by dear Alvaro Alejandro Soto (Alvaro Alexander Soto), in which he talks about the most advanced data recovery technologies, the largest hardware vulnerability of our days, as well as the construction of his laboratory for the examination. Frequency analysis? Yeah, and you do not want the Faraday cage and the clearance of microbombs embedded in the server?
I think that for security specialists there will be only a couple of new moments, but for the CEO and technical directors the performance will be enlightening. And they immediately want to invest something else in the security of the company. For this video and should be used.
2. And then the brilliant Thomas Wang from Baidu. A Chinese company with more users than Google. Right from the very hell of modern mobile malware building. I thought his speech was important because he gives an interesting vision of one of the new threats in the field of user security. Tells how they stop huge epidemics and in every possible way pours examples from rough private life. In general, it is necessary to look.
By the way, during a private conversation with him, at a private cocktail party, they came to the conclusion that the lion's share of problems can be solved by covering the companies that provide payment processing services to fraudsters. I will not poke a finger. We already know them all.
However, in China, everything is much more cunning. His lecture makes you feel the taste of lawlessness happening there.
3. And finally, Paul Koggin about ICS / SCADA. There is about how vulnerable modern systems operating in industry. The general feeling is that the level of security in this area is tantamount to protecting gullible dodos, which they ate in the 18th century.
And what else?
There was an interesting story with the Swiss company Equivalence AG. They challenged the hackers participating in the conference and handed out flyers in the form of € 500, with a proposal to open their archive.
At some point, the event de facto stopped. The huge hall, along with the speakers buried in their laptops, trying to unravel the secret. But nobody ever hacked them.
Technology, they say, is based on a new principle that has not been used before. And they do not use encryption.
I know the guys at Nui du Hack found and patented Equivalence AG patents, but this did not produce any results.
I am sure that the event does not reach the scale of DEFCON and DERBYCON, but it was great. I also liked the fact that everyone was conducting a small fragile mm ... afro-Frenchwoman named Lyle. Despite the fact that the event was organized by the guys from Sysdreams, she was the real leader of the event. She just ran around the huge hotel from end to end, on the run kissing someone or giving instructions.
Jess on the left. (Jayson E. Street). Right Lila.
In the end, I spent a cool 4 days. Learned to open the door locks for speed. And piloted quadracopter to the nearest wall. French cuisine and great local air contributed to this.
By the way, what do you think about the situation with SCADA?
Source: https://habr.com/ru/post/234299/
All Articles