PHDays V: encryption of the future, M & A in Yandex, chemical attack and the father of cyberpunk

In early December, we started accepting applications from those who wish to speak at Positive Hack Days V, later we announced the first group of speakers , including Shodan creator John Matterley, cyberdetective John Bambenek and professional co-engineer Chris Hadnagi.

The first stage of Call for Papers was completed at the end of January, and today we are submitting a new batch of reports that are included in the technical, practical and business program of the upcoming PHDays . Guests of the forum will learn how to turn an ordinary corporate IT system into an impregnable digital fortress, what the future encryption standards will be, how attackers exploit the vulnerabilities of physical processes.
')

Yandex: security in mergers and acquisitions

When one company buys another, it usually does not reach the security audit, and if it does, it basically analyzes only the applicable requirements of the regulators.

Yandex is one of the most active buyers of technology projects in Russia and abroad, periodically exploding information space with yet another news about a loud takeover. Security analyst for search giant Natalya Kukanova will talk about how and why they included security audit in the process of acquiring new companies (M & A). Students learn what to check for M & A transactions, how to organize an audit, and how to interpret the results. All theses will be illustrated using the example of real Yandex transactions.

Future Encryption Standards

Markku-Juhani Saarinen will talk about the NIST initiative called CAESAR: this is an international cryptographic competition, which aims to create a new AE-standard for replacing AES-GCM (this algorithm is certified by the US and NATO to work with secret information, but various security issues).

In the course of his speech, the speaker will acquaint listeners with ciphers - participants of the CAESAR competition (some of which are created by Russian developers), and also consider the strengths and weaknesses of the encryption algorithms used and developed in our country (for example, GOST R 34.10-2001 or promising algorithm "Grasshopper").

Markku-Juhani Saarinen has been conducting research in the field of information security and cryptography for more than 15 years, and participates in the development of cryptographic software.

Around OSX sandbox

Alexander Stavonin will analyze the operating principles of standard OSX self-defense tools (sandboxes implemented using TrustedBSD), talk about the breadth of their use by third-party applications and demonstrate potential problems and possibilities of malicious use of TrustedBSD by cybercriminals using examples of source code.

How to build a digital fortress

Bulgarian expert on information security and the investigation of information security incidents, Alexander Sverdlov, during his third performance at PHDays (in 2013 and 2014 , he gathered sold out at cyber-investigation workshops) about how to create an impregnable digital fortress. Students will learn how to increase the security of routers by installing alternative operating systems (Qubes OS, BSD Router project, SRG / STIG), preventing the launch of exploits, and analyzing application security.

If hackers are chemists

Researchers and cybercriminals have repeatedly demonstrated the possibility of hacking into SCADA systems, managing electrical grids , transport infrastructure, or critical facilities such as chemical plants. However, very often, IB specialists ignore the fact that in the case of such objects, not only technologies but also physical processes play a very important role.

Such processes (for example, a chemical reaction) may not stop due to the fact that the attacker gained control over the infrastructure or was able to penetrate the control system. However, if criminals learn to take into account the physical conditions when designing attacks, they will be able to influence the course of processes and reactions. The consequences can be dangerous: it is not difficult to imagine an explosion at a chemical plant, triggered by a temperature control sensor in a tank with a dangerous substance that was “gone crazy” by the will of the hacker.

Doctoral students at the Technical University of Hamburg Marina Krotofil will acquaint the audience with the planning and implementation stages of such cyber attacks, the purpose of which is to create a destructive impact on a certain physical process.

Bruce Sterling will appreciate the Russian cyberpunk

This year, the program of the forum included a contest of cyberpunk stories “Hacked Future”. Until April 15, anyone can send their story up to 30 thousand characters to the contest. The winners of the competition will be awarded on PHDays V, and the creators of the cult radio program “Model for Assembly” will read their stories on the forum.

More information about the conditions of the competition can be found on the conference website . And here we will add only one new detail. In addition to well-known Russian writers and publishers, one of the fathers of cyberpunk, a visionary and a cult IT publicist Bruce Stirling was invited to the jury of the competition. “It will be very interesting for me to get acquainted with Russian cyberpunk,” Bruce noted in an interview with the PHDays organizers.



The second wave of Call for Papers will start very soon, do not miss your chance to perform in front of 3000 participants of Positive Hack Days! Dates will be announced soon - watch for announcements.

PHDays presentations can be found by reading our post with a list of the best performances of last year’s forum.