News

12/12/2013

Ticket Sales: Positive Hack Days IV

Tickets for PHDays IV are now available. To buy your ticket and sign up for the forum, visit our Registration page. Until February 28, Early Bird discounts are available, with tickets priced at just 9,770 rubles for two days and 7,470 rubles for one day. After March 1, ticket prices are 13,870 rubles for two days and 9,770 rubles for one day. Don't forget, you have a chance to attend the forum for free. Compose an interesting and relevant report on information security, submit it to the forum by March 31, 2014 and you could become a speaker at PHDays IV, with your plane ticket paid and support for accommodations. Free tickets to the forum will also be awarded during PHDays Everywhere. Check the official website to find a location near you or to organize your own PHDays Everywhere venue.

12/9/2013

PHDays IV Young School Begins

The third PHDays Young School competition of research from emerging scientists in information security will be held at Positive Hack Days IV in 2014. Winners will have the unique opportunity to present their research results in front of a wide audience of leading Russian and world information security experts. In addition, young scientists will be able to participate in hacking and security contests, and they will have the best seats at the CTF contest. And, of course, they will be warmly welcomed as members of the PHDays community. The most outstanding research will be singled out for a special prize. The competition is designed for students, postgraduates, and young scientists who conducted studies based on various topics: Hackers' New Targets: from audio baby monitors and pacemakers to nuclear power plants Privacy and trade secrets protection in the days of PRISM, Snowden and Assange Computer forensics against targeted APT attacks and cyber spying Fresh approach to intrusion detection and prevention Methods of struggle against DDoS attacks ERP systems and business applications security Business data protection (BYOD, MDM, DLP) Countering attacks against web applications Protecting virtual corporate and private clouds Applied cryptography Security of government information systems and E-government Techniques and tools for physical security Protection of ICS/SCADA: securing industrial systems and modern cities For the first time, scientists from outside Russia are invited to participate in PHDays Young School. Finalists of the competition will get an invitation to Positive Hack Days IV and the forum organizers will pay for the flight and offer support with accommodation. PHDays Young School made its debut in 2012. Representatives of universities from Krasnoyarsk, Moscow, Novosibirsk, St. Petersburg and Taganrog became finalists then. Young School was held for the second time during PHDays III in 2013. Among the winners were researchers from Tomsk, St. Petersburg and Taganrog. Twenty reports were examined during the competition last year. The authors of four presented their work at PHDays III: Andrey Iskhakov (Tomsk), Andrey Chechulin (St. Petersburg), Nikolay Tkachenko (Tomsk) and Ksenia Tsyganok (Taganrog). Join the competition! Please read the requirements for the abstracts and send your application to youngschool@phdays.com by February 15, 2014.

11/26/2013

How to Survive in the Cyberspace? Positive Hack Days IV: Searching for a New Formula

The international forum on practical security Positive Hack Days IV will take place on May 21 and 22, 2014 in the Digital October Center. We have already started preparing for the forum that held leading positions in ratings, received rewards and heard many encouraging words from information security professionals. A lot of reports and hands-on labs from leading IS experts, as well as professional discussion, realistic contests are in store for the guests and participants of PHDays. The concept hasn't changed: maximum experience, minimum ceremonies, no advertising materials or promotion. PHDays IV is devoted to new problems that arose before business, government and individuals as a result of the rapid development of science and technology. "For thousands of years people have been creating security mechanisms to counter various threats: they built fences, designed door locks, set up a police system. However, nowadays people resemble an infant that was left in the jungle. Figuratively speaking, there are lions, tigers, even dinosaurs all around. And we are just innocent children walking around without any proper weapon to protect ourselves," says Boris Simis, Deputy CEO at Positive Technologies. Possible plots of civilization development The PHDays organizers are going to discuss problems that lie beyond technological issues. What technologies can be used for surveillance and anonymizing? Where is the line between a citizen’s privacy and a state’s right of self-defense? What is the immediate forecast on discovering new vulnerabilities? What are the trends in ICSes, mobile devices and the Internet? Sergey Gordeychik: "Now we are living in the world of cyberpunk victorious, States, corporations and criminal gangs are waging undeclared war. Computer viruses easily pass the borders of cyberworld and cause real physical damage. Billions of people cannot imagine their lives without Internet connection. The amount of world’s information is doubling every few years. Organizing new Positive Hack Days, we would like the representative of state, business, industry, and hacking society get together in a single venue and try to find new ways of survival in the cyberspace." How to apply as a speaker Specialists in information security who are willing to share the results of your research or to demonstrate your skills in practical information security can apply though PHDays IV Call For Papers, which was started on November 25. Anyone from a novice to a recognized expert in information security can apply for participation. Find the details about the format and participation rules, the list of topics we are mostly interested in as well as application submission instructions on the PHDays website. How it was It's worth reminding that during its existence, the forum has been attended by Bruce Schneier, a well-known cryptography expert, Datuk Mohd Noor Amin (United Nations), Vladimir Zhirinovsky, the leader of the Liberal Democratic Party of Russia and a member of the State Council, Travis Goodspeed, an engineer and radio amateur, Ruslan Gattarov, a representative of the Federation Council, Tao Wan, the founder of China Eagle Union, Georgy Gritsay from the Ministry for Communications, Nick Galbreath, the vice president of Engineering at IPONWEB, Mushtaq Ahmed from Emirates Airline, Vitaly Lyutikov (FSTEC), Marc Heuse, a researcher and developer also known as van Hauser and others. Leading experts in information security, hackers, researchers, bloggers, journalists, students from Germany, India, Spain, Italy, Korea, the Netherlands, UAE, USA, Japan and other countries visited PHDays III last year. Among the participants were representatives of the Ministry of the Interior, FSB, the Investigative Committee, as well as of VimpelCom, Megafon, RusHydro and RSA. PHDays program included more than 50 reports, hands-on labs, sections, and round tables. Tens of thousands people watched the forum online and participated in the contests via PHDays Everywhere. More than 2,000 of visitors from every corner of the world were gathered in the congress center located on Krasnopresnenskaya Naberezhnaya in Moscow to watch hackers breaking ATMs, stealing money from remote banking systems, taking control over ICS of a railroad. PHDays III CTF contests resembled a video game with nonlinear gameplay and real-life vulnerabilities. Moreover, during the process of detecting defects in security systems of the Labyrinth, a participant could feel himself being a part of a spy film while getting over motion detectors and other traps. The forum speakers demonstrated the most dangerous vulnerabilities in ICS components, dashcams security flaws, defects in hundreds of thousands of surveillance cameras all over the word, security problems of ATMs and the Internet access systems used on planes. Specialists paid close attention to Positive Hack Days III. The forum also had broad resonance in IT community. You can take a look at the PHDays III movie we made: http://phdays.com/about/

11/15/2013

Choo Choo Pwn Surprised Koreans and Helped Find a Zero-Day Vulnerability

Experts from among the PHDays organizers brought the railway competition Choo Choo Pwn to Power of Community 2013, a friendly (and the largest in East Asia) information security conference held in Seoul. They spoke about new attacks against SCADA and invited the winners of Power of XX, CTF for women only, to PHDays 2014. It's worth reminding that Choo Choo Pwn had been developed specially for Positive Hack Days III and had been held there for the first time. The Choo Choo Pwn stand created in the Positive Technologies laboratory is an up-to-date railway model, which elements from trains to railroad crossing gates and traffic lights are controlled by an ICS based on three SCADA systems.

6/13/2013

17 Hackspaces From 7 Countries Joined PHDays III

To take part in the PHDays forum, local information security specialists gathered together in Abu Dhabi (United Arab Emirates), Birzeit (Palestine), Cairo (Egypt), Kollam (India), Tunis (Tunisia), Kiev and Lviv (Ukraine), and Vladivostok, Voronezh, Kaliningrad, Novosibirsk, Omsk, St. Petersburg, Saratov and Ufa (Russia).

6/11/2013

A Researcher from Tomsk Wins PHDays III Young School

The results of PHDays III Young School, a national information security competition of young scientists, are known. The program committee considered a great number of applications and selected four best works, the authors of which spoke at PHDays in front of leading IS specialists from all over the world. The ideas of the PHDays Young School participants find practical application very quickly. At the final stage of the competition, Andrey Iskhakov's "Two-Factor Authentication System Based on QR Code" (Tomsk State University of Control Systems and Radioelectronics) was voted the most interesting and promising work. It is already decided that the premises of Tomsk special economic zone will be equipped with Andrey's security system in 2014 — security badges will be substituted by a special identification program for employees' mobile devices. The mobile applications of the PHDays III Young School winner allow fixing security badge and passage ticket flaws, in which static identifiers are used. This software automatically generates one-time passwords valid for a few seconds only. This method decreases the possibility of their copy and exploitation by attackers. Andrey Chechulin (St. Petersburg) with his research "Composition of Attack Charts for Analysis of Security Events" was the second. Nikolay Tkachenko (Tomks) presented his report on "Development and Implementation of the Mandatory Access Control Mechanism in MySQL" and took the third place, and Ksenia Tsyganok (Taganrog) with her report "Statistical Analysis for Malware Classification" came forth. Young School is devoted to students, postgraduates and independent young scientists and is held by the PHDays organizers for the second year in a row. The goal of the competition is to find talented information security specialists and to define whether Russian universities graduates are ready to perform their own researches. In 2012 works of eight finalists of the competition were published in journals that are included in the Higher Attestation Commission list, which is to confirm the high level of the works. The competition of young scientists is held as part of the Positive Education program initiated by Positive Technologies. The initiative is to expand the knowledge that young scientists got at the university and to introduce the experience of practical security gained by the Positive Technologies experts. This time the winners were decided by leading IS experts from Positive Technologies, Microsoft, Advanced Monitoring, Digital Security, ERPScan, Yandex, Hacker Magazine, MSU Faculty of Computational Mathematics and Cybernetics, MEPHI, SPIIRAS, Technical University of Darmstadt, University of Tübingen, Russian Defcon Group. The competition was supported by Asteros, an intellectual sponsor of the forum. "At the risk of sounding like Captain Obvious, I should say that such contests play a great part in creation of the modern IS community and stimulate young scientists to get involved in real research projects. Downloaded term papers will become a rare case once," commented Andrey Petukhov (Faculty of Computing Mathematics and Cybernetics, MSU), one of the organizers of PHDays III Young School. "A stereotype has developed recently — a graduate is a specialist who needs to be trained for several more years. Having thought of Young School, we wanted to show that the situation is different — students and postgraduates can perform researches independently and provide innovative and requested technical solutions. We were so pleased to know we were right. It would be amazing if students could be engaged not only in "paper security" but in practical tasks, with which specialists have to deal every day. I hope that such contests as Young School will ignite universities competitiveness, which will only do good to all of us," noted Dmitry Kuznetsov, Deputy CTO at Positive Technologies.

6/6/2013

PHDays III CTF: Levart D’Errorim

The Positive Hack Days forum, which was held on May 23 and 24, traditionally hosted a CTF contest. During two days, ten teams from six countries beat back attacks and hacked rivals' networks. Plot To add a special appeal to the contest, the PHDays CTF organizers created a legend according to which the plot line and game infrastructure were prepared. The PHDays III CTF legend ran as follows: the teams were to save the poor people of D’Errorim from horrid monsters that would knock down every living thing. Visualization The audience often notes that CTF contests are not entertaining. In order to turn the PHDays CTF into the most spectacular hacking contest, many efforts has been taken by the organizers for creating visualization. Due to their efforts iPhone and Android apps were developed. By installing the application, anyone could watch the battle on his or her phone display. In addition, a web visualization was available on the PHDays site. Tasks The conditions of the CTF contest are as close to real life as possible, although it has a tinge of magic. During the tasks creating, the Positive Technologies experts’ practical experience in detecting security issues was used, that's why many vulnerabilities of the game infrastructure can occur in real life as well. Anyways, the participants were to show not only their hacking skills to win the contest. On of the PHDays III CTF tasks was the Labyrinth: the participants needed to get over the laser field and motion detectors, open secret doors, clear the room of bugs, combat with artificial intelligence and render a bomb harmless. Another test for the partakers was to solve the Competitive Intelligence task. Winners The contest was really fierce. During two days of the forum, different teams enjoyed the leading place at various times, among them were ufologists, PPP, RAON_ASRT, Eindbazen and More Smoked Leet Chicken. Eindbazen became the winner. PPP, a US team that won PHDays CTF 2011, took second place, and More Smoked Leet Chicken, the last year's champion, a Russian team, came third. The winners were awarded with cases with money inside as a prize. 2drunk2hack After the CTF contest, the teams could finally relax and take part in 2drunk2hack. Vladimir Vorontsov (ONSec), a repeated champion of the contest, conceded the championship to geohot, a well-known hacker from the PPP team. The winner celebrated the victory performing a freestyle song in a Moscow bar. That's all for today! We're going to make the next year's PHDays CTF more fascinating and it will left no indifferent.

5/30/2013

Positive Hack Days III is Over

The information security forum PHDays III attracted more than 2,000 participants from Germany, India, Spain, Italy, Korea, Netherlands, United Arab Emirates, USA, Japan, and other countries. They are leading information security experts, hackers, bloggers, pressmen, politicians, and government representatives. The forum, which took place on May 23 and 24, embraced discussions of security and attack technologies, of regulations and law initiatives, competitions in detection of ATM, remote banking system and SCADA vulnerabilities, hands-on labs and hacking battles. Jackets and t-shirts Both the government and business need information security experts. This is the main idea of the round table initiated for the sake of young specialists' problems. Georgy Gritsay, Deputy Head of the Radio Frequency and Telecom Networks Department of the Ministry for Communications, underlined that, according to the situation in 2012, Russia needs information security specialists badly. Ruslan Gattarov, a representative of the Federation Council, noted that the President of Russia pays close attention to the industry — decree of the President No. 31c, which makes information security a state concern issue, was issued in January. Vladimir Zhirinovsky advised young information security specialists to work positively and not to mess with crime, and Oksana Dokuchaeva, who represented the Information Security Center of the Federal Security Service, addressed the Russian regions to pay more attention to CTF games in Russia. The forum saw more than ten business sections related to cyberwar and cybercrime, SCADA security, regulators audit, bank application security, and other topics. Much interest was aroused by an open discussion with the representatives of FSTEC, Rostelecom, Cisco, Positive Technologies, where the drawbacks of the modern security certification system were talked over. Vitaly Lyutikov, Head of the Administration of the Federal Service for Technical and Export Control (FSTEC of Russia), stated that the regulating authority was developing a whole series of up-to-date standards: guidelines on security assessment, trust download and some security tools, as well as Federal Standard (GOST) related to the organization of the lifecycle of secured information system development. So long-awaited recommendations on updating of certified security tools (installation of patches decertifies a system) are being prepared now. According to Lyutikov, FSTEC welcomes experts to take part in regulations development and keeps on public discussion of document drafts. The say, "I don't believe!" and keep on hacking Dozens of reports were delivered and a lot of topics were brought up at PHDays III — from bypassing modern WAF by Vladimir Vorontsov to detecting attack sources by Alexander Gostev. Numerous SCADA vulnerabilities detected by the expert group of Positive Research Center were also talked over. Marc Heuse, a researcher and developer from Germany also known as van Hauser, pointed out the importance of coordination of all parties interested in information security development. "We make a whole. Don't be afraid of hackers, but take into account their specific work. Good hackers are rebels by nature, they hardly blend with common corporate or government structures, where it is supposed that their products are the best, their systems are 100% protected, their customers are secured. They say, "I don't believe", and detect so annoying flaws and vulnerabilities. We need to work together, to understand and teach each other. There is no other way." Hack an ATM with a clip The reporters of PHDays III managed to surprise the world once again — they showed the most perilous vulnerabilities detected in hundreds of thousands of surveillance cameras all over the word, dashcams security flaws, security problems with the Internet access systems used by the planes of American Airlines. Experts demonstrated new ATM attack vectors including access to an ATM service zone using materials at hand. They also switched an ATM to a service mode by a common clip. Though hackers from all over the world participated in the forum, students from Russia did better than the others. For instance, Anatoly Katyushin, a fifth-year student, was the best in exploitation of a remote banking system vulnerability, and Mikhail Elizarov, a first-year student, conquered not only a railroad controlled by SCADA, but an ATM constructed specifically for the contest as well. New ideas A special exhibition, where the largest IT companies (ELVIS-PLUS, Stonesoft Corporation, Kaspersky Lab, EMC, Asteros, Cisco, and ICL) showed their newest solutions, was initiated. Positive Technologies, the forum organizer, presented two products: PT Application Inspector, a security control system, which combines static, dynamic and interactive source code analysis, as well as PT Application Firewall, which combines common white and black lists and new self-training possibilities. It's just the beginning PHDays III threw it doors open to young researchers and start-up companies (ONsec, Esage Lab, Fairwaves, SolidLab) as well. They managed to tell the expert audience about their business and to receive valuable comments. According to the forum organizers, the industry can develop only if innovative and promising ideas are implemented in real life helping to ensure security.

5/30/2013

ATM Hacked at PHDays III

Foreign experts in physical information security discovered and demonstrated vulnerabilities in bank equipment at the Positive Hack Days III forum, which was held on May 23 and 24 in Moscow. The contest's ATM contained vulnerabilities, one of which gave access to servicing area without a key. The other vulnerability allowed switching the machine into service mode using a common paper clip. Later on, a related contest was held at the venue. During a limited period of time the participants were to exploit detected vulnerabilities and reproduce the steps that allowed switching the ATM into service mode. Mikhail Elizarov, a first-year student from the North Caucasian Federal University (Nevinnomyssk, Stavropol Krai, Russia) was the first to solve the tasks and so he won the contest. The Positive Hack Days participants traditionally pay attention to bank security issues. Besides the contest related to physical security analysis, the $natch competition was hosted during the forum. The partakers needed to find security errors in a remote banking system. The section "Banking Applications and Cybercrimes: Which will Win?" was also held on the second day of the forum. The moderator was Artyom Sychev, Head of Security Service at Russian Agricultural Bank.

5/28/2013

Students Found SCADA Vulnerabilities at PHDays

Mikhail Elizarov, a first year student of the North-Caucasus Federal University (Nevinnomyssk, Stavropol Territory), and Arseny Levshin, a student from Minsk, won the contest related to SCADA security assessment, which took place as part of the international forum Positive Hack Days III. SCADA is used to control important objects in such sectors as energy, transportation, etc. For instance, such systems are employed in nuclear power plants and electric trains. Any SCADA failure can lead to a disaster and extensive damage, however, the developers of such systems still pay little attention to their software security. This was proved by the contest results. The Choo Choo Pwn participants needed to detect and exploit the vulnerabilities of industrial equipment used to control and automate technological processes. The contest was aimed at accessing the control system of a railroad and cargo re-loading model and at bringing down a video surveillance system as part of an extra task. Alexander Timorin, Ilya Karpov, Gleb Gritsay, and Dmitry Efanov, the information security experts at Positive Technologies, were engaged in development of the railroad model and SCADA. Mikhail Elizarov told us about the competition, "At first, we tried to obtain control over the re-loading system, which was running on Modbus. We managed to detect a system, which emulated this protocol. It allowed us to find out control bits and render them to the system gaining control over the crane. We could hardly detect all the vulnerabilities of the provided protocols — we were short of time." According to Mikhail, SCADA contains a lot of vulnerabilities because developers expect these systems to have no direct connection to the Internet, and thus do not pay due attention to security. "Franky speaking, I've just cut my teeth on industrial protocols. The contest provided quite a serious emulation of SCADA, so it was very interesting to participate in the security assessment competition", said Arseny Levshin. "When Stuxnet and direct ICS attacks appeared, the security of industrial systems became a top issue in publications, conferences, and researches. On the other hand, this area is Terra Incognita, which requires significant investments. Such contests allow demonstrating how low the current security level of critical infrastructure components is", resumed Sergey Gordeychik, the CTO at Positive Technologies. It is worth noting that Mikhail Elizarov also won the contest, which was held as part of the forum. The winners received gifts from Positive Technologies, the PHDays organizer, and from the event sponsors.