If you have some interesting news or want to throw up a link to discuss it, heres the place. Anything is okay, even shameless vendor launches (since that is often applicable to what we work on). http://sla.ckers.org/forum/list.php?13 Thu, 23 May 2013 10:51:46 -0500 Phorum 5.2.15a http://sla.ckers.org/forum/read.php?13,51748,51748#msg-51748 http://sla.ckers.org/forum/read.php?13,51748,51748#msg-51748
I don't know how much cross-over there is for the sla.ckers and gaming, but I thought this was really cool.

Any of you consultants lurking?]]> Kyran News and Links Tue, 21 May 2013 11:50:36 -0500 http://sla.ckers.org/forum/read.php?13,51743,51743#msg-51743 http://sla.ckers.org/forum/read.php?13,51743,51743#msg-51743
August, 22th–23th , 2013, Beijing, China (http://xcon.xfocus.net)

Upholding rigorous work style, XCon sincerely welcomes contributions from information security technique enthusiasts and expects your participation and sharing.

Attenders:
Anyone who loves information security, including information security experts and fans,network administrators, network security consultants, CIO, hacker technique fans.

Location : Beijing Jin Tai Hotel ( http://www.bjjintaihotel.com )


Topics Range (but unlimited):
--- Windows 8 defensive technologies
- New Bugs digging
- New offensive technologies
- SNS Application
- Mobile Handset (IPhone / Android)
- Web 2.0 security technologies

---Special Network and Devices Security
- RFID
- Transportation Control and Management Networks

--- Application security
- Routing device
- Encryption & decryption technique
- Protocol security & exploitation
- Web application vulnerability research
- Application reverse engineering and related automated tools
- Database security & attacks
- Advanced Trojans, worms and backdoor technique

--- Intrusion detection/forensics analysis
- Traffic analysis
- Real-time data structure recovery
- File system analysis & recovery
- Intrusion detection and anti-detection technique
- Reverse engineering (malicious code analysis technique,vulnerability research)


--- Wireless & VoIP security
- Wireless gateway
- PDA & mobile protocol analysis
- WLANs hardening & vulnerability analysis
- VoIP security & vulnerability analysis
- 802.11x, CDPD, Bluetooth, WAP/TD-SCDMA, GSM, SMS

--- P2P technique
- Instant messenger (QQ,MSN, Skype, ICQ, etc.)
- P2P application (BT, Emule, Thunder, etc.)

--- Any topics that will catch the attention of the CFP committee and/or the world.

Paper Submission:
The papers need include information as follow:
1) Brief introduction to the topic and whether the topic had been publicized, and if so, the publicized range.
2) Introduction to yourself.
3) Contact information: full name, alias, nationality, network nickname, e-mail,tel,fax,current working place and company, IM (QQ,MSN, ICQ,YM, AIM or others).
4) Presentation details:
- How long is the presentation
- If any new tool/vulnerability/Exploit code will be released
5) The paper need include both PPT (for presentation) and WORD (for detailed description) in MS Office or OpenOffice format.

All the papers will be submitted to xcon@huayongxingan.com for preliminary selection.
The deadline for submission is on July,20th,2013, and the deadline for confirmation is on August,1st,2013.
No matter if the paper is accepted, we will officially inform you within 7 work days.

Important dates:
* Deadline for submission: July,20th, 2013
* Deadline for confirmation: August,1st,2013

Speakers' privilege:
If your paper is accepted by XCon, you will be invited to give an individual lecture in XCon.
The speakers will be provided with:
- Round-trip plane ticket (Economy class, one person only, Foreign speakers up to$1,400.)
- Two days' food and accommodation
- Invitation to celebration party
- Sightseeing some famous places of interests in Beijing, tasting Chinese flavored food
- Luck draw

PS:
- Speakers must provide corresponding invoice or credential.
- XCon owns the right of final explanation about the conference.

For more information about the conference, please contact xcon@xfocus.org,xcon@huayongxingan.com or professional XCon2012 organizer. MSN: xcon@xfocus.org; tel: 086-010-62029792

Application for Attending:
In order to attend the conference, please register at XCon website (http://xcon.xfocus.org) or directly contact the organizer mentioned above.
We will offer different discounts according to the time of application.
Attenders' food and accommodation will be covered by themselves, and XCon will provide restaurant reservation and other service.

Other information :
All the information about XCon will be released on XCon and Xfocus website.
Please visit http://xcon.xfocus.org/ for more information about speakers, agenda and previous XCon documents.

Thank you for your support to XCon.]]> xcon2009 News and Links Sun, 05 May 2013 22:19:13 -0500 http://sla.ckers.org/forum/read.php?13,51703,51703#msg-51703 http://sla.ckers.org/forum/read.php?13,51703,51703#msg-51703
http://xc0re.net/web/social-network-information-harvesting-snih/]]> xc0r3 News and Links Thu, 21 Mar 2013 04:12:22 -0500 http://sla.ckers.org/forum/read.php?13,51701,51701#msg-51701 http://sla.ckers.org/forum/read.php?13,51701,51701#msg-51701 http://news.php.net/php.internals/53799

So if you are like me and have created hundreds of thousands of lines of code in the 'ol mysql_ extention, you might want to rewrite all that stuff before PHP6 comes out. Clever move, PHP. The object orientated folks know it all!

They think that using mysqli or pdo will solve everything. No more hacking, right? Now the scripter can sit back and relax... or can they? lol.

Nice PDO exploit: http://www.securityfocus.com/bid/54777/info


-]]> SAS News and Links Sat, 09 Mar 2013 06:21:34 -0600 http://sla.ckers.org/forum/read.php?13,51692,51692#msg-51692 http://sla.ckers.org/forum/read.php?13,51692,51692#msg-51692
this is a simple game of logic, encryption and hacking, which will be used to measure
your skills in this specific fields. On the homepage you can get your own encrypted code.
Your task is to decrypt this code, overcoming the difficulties you will find in your path.
When you will find the solution, just click on the brain and use the form to send us the
random number that you'll get.
We will contact you to be sure that you won our game. The Winner will be rewarded.
The entire project has been conceived, designed, programmed and developed in one night,
between London, Milan and Rome.

Blow your brain.

http://blowbrain.clicklife.it]]> Nerder News and Links Mon, 11 Feb 2013 19:11:59 -0600 http://sla.ckers.org/forum/read.php?13,51662,51662#msg-51662 http://sla.ckers.org/forum/read.php?13,51662,51662#msg-51662 qreck News and Links Mon, 07 Jan 2013 11:27:58 -0600 http://sla.ckers.org/forum/read.php?13,51659,51659#msg-51659 http://sla.ckers.org/forum/read.php?13,51659,51659#msg-51659 id News and Links Tue, 01 Jan 2013 03:04:27 -0600 http://sla.ckers.org/forum/read.php?13,51638,51638#msg-51638 http://sla.ckers.org/forum/read.php?13,51638,51638#msg-51638
This year there is an advent calendar aimed at security -
http://secadvent.com
Every day for the period Dec 1 -25 a security related article will be
published on the website.

Today's article is a crypto type puzzle.

Best of luck from the Security Advent Calendar]]> wireghoul News and Links Sun, 09 Dec 2012 18:21:19 -0600 http://sla.ckers.org/forum/read.php?13,51545,51545#msg-51545 http://sla.ckers.org/forum/read.php?13,51545,51545#msg-51545 +
Detailed process for webpage rendering for begineers who want to go for XSS.

here is the link
http://adf.ly/E81iz]]> Vaibs News and Links Mon, 29 Oct 2012 08:02:37 -0500 http://sla.ckers.org/forum/read.php?13,51349,51349#msg-51349 http://sla.ckers.org/forum/read.php?13,51349,51349#msg-51349
To try to repeat the feats of the CTF battle participants and fight for the prizes provided by Positive Technologies, please register at the official web site http://www.phdays.com/ctf/king/

During the Capture The Flag hacking contest at PHDays 2012 twelve teams from ten countries have been attacking the networks of other teams and protecting their own networks for two days and one night non-stop. The conditions were as close to real life as possible – no invented vulnerabilities, only those that occur in real contemporary information systems.

The infrastructure for the hacking battle was organized according to the principle of the King of the Hill game: the points were given not only for successful attacks against the systems, but also for keeping control over the systems, which made the contest more intriguing.

The contest became the highlight of the forum program, that is why an idea came to our minds... Why not to repeat the "royal battle" separately for the Internet community, let us say, in the second half of August?

What is King of the Hill?

Following the principle maximum authenticity, the contest infrastructure imitates typical infrastructure of enterprise networks: its external perimeter includes web applications, DBMS servers and various directories (LDAP), taking control of which allows reaching the internal perimeter – Microsoft Active Directory. Everything is like in real life.

The task of the participants of King of the Hill is to detect vulnerabilities of the systems, exploit them and, the most important of all, keep control over the systems as long as it is possible. The trick is in regeneration of the sets of vulnerabilities in the systems. The participants face a dilemma — whether to try to attack the neighboring systems or to proceed with vulnerability detection on the systems which are under control already
As in real life, the largest number of points is given for keeping control over Active Directory, since attacking AD requires keeping control over first level systems.

The King of the Hill contest was developed by the Positive Technologies experts and was presented for the first time at PHDays CTF 2012 as part of the hacking contest.]]> s4avrd0w News and Links Mon, 20 Aug 2012 08:36:40 -0500 http://sla.ckers.org/forum/read.php?13,51094,51094#msg-51094 http://sla.ckers.org/forum/read.php?13,51094,51094#msg-51094
[blog.unmaskparasites.com]

Plesk stores passwords in... you got that right: PLAINTEXT.

Plesk boats 250 million installations. Gotta love that.

/facepalm.]]> Skyphire News and Links Wed, 08 Aug 2012 04:34:01 -0500 http://sla.ckers.org/forum/read.php?13,51082,51082#msg-51082 http://sla.ckers.org/forum/read.php?13,51082,51082#msg-51082 id News and Links Sun, 29 Jul 2012 05:43:48 -0500 http://sla.ckers.org/forum/read.php?13,50612,50612#msg-50612 http://sla.ckers.org/forum/read.php?13,50612,50612#msg-50612
You can find it at: SQL Injection KB

Any feedback is always appreciated. Thanks!]]> lightos News and Links Thu, 12 Jul 2012 12:21:17 -0500 http://sla.ckers.org/forum/read.php?13,50106,50106#msg-50106 http://sla.ckers.org/forum/read.php?13,50106,50106#msg-50106 https://www.zdnet.com/blog/btl/646-million-linkedin-passwords-leaked-online/79290]]> idisappear News and Links Wed, 06 Jun 2012 22:38:07 -0500 http://sla.ckers.org/forum/read.php?13,49856,49856#msg-49856 http://sla.ckers.org/forum/read.php?13,49856,49856#msg-49856
CliqueSafe is a client/server solution, which uses a "rewiter" script to password protect access to DOM methods that can modify a page, send or retrieve data directly (i.e. XMLHttpRequest) or indirectly (i.e. HTMLImageElement.src).

The rewriter deadlocks the protection using the latest ECMAScript standards for property setters/getters and maintains the anonymity of the password.

Deploying CliqueSafe is relatively straight forward, though certainly not a case of "drop it in and you're done".

Web pages employing CliqueSafe have to be modified so that any JavaScript containing calls to rewritten methods is served up by the CliqueSafe script server. Calls to rewritten methods are replaced with a CliqueSafe equivilent, which usually just means adding a placeholder for the password as an extra parameter. e.g. n.appendChild(node) becomed n.appendChild(node,"/*!param:hash*/"). /*!param:hash*/ is replaced by a session-linked password by the script server.

I have managed (after loosing much hair) to get the thing to deadlock on IE9, Firefox 6.0+, Chrome 18+ and Safari 5.1+. Nobody should ever knock IE9 again, of all the browsers it's the only one that full and properly supports the ECMAScript standards for property setters/getters!

CliqueSafe is, I think, the first of its kind. In my research I have found similar concepts to CliqueSafe that have come and gone and failed. These mechanism have all worked by creating a script loader, that sanitisies or rewrites the script as it is loaded by the webpage. These rather heavy weight mechanims offer no protection against Self-XSS and are vulnerable to many different kinds of reflected XSS. The difference with CliqueSafe is that it rewrites the language itself and does not need a loader. This makes it very lean and it protects against Self-XSS.]]> W177.1.am News and Links Mon, 11 Jun 2012 04:46:59 -0500 http://sla.ckers.org/forum/read.php?13,49851,49851#msg-49851 http://sla.ckers.org/forum/read.php?13,49851,49851#msg-49851
Hash runner (http://phdays.com/program/contests/#6332)

The competitors will be provided with a list of hash functions generated according to various algorithms (MD5, SHA-1, BlowFish, GOST3411, etc.). Points for each decrypted password are scored according to the algorithm’s level of difficulty. To become a winner, a competitor should gain the most points in a limited period of time, leaving the rivals behind.

Any Internet user can participate in the competition. Competitors can register during PHDays on the forum's website. The competition will be held as part of PHDays 2012 and will last through the forum days.

WAF Bypass (http://phdays.com/program/contests/#6321)

This competition is for enthusiasts and experts engaged in web application security. The competitors are to attack vulnerable web applications protected by Web Application Firewall using SQL Injection technique. The applications function in connection with DBMSes of various vendors.

Participants will be offered to attack (or demonstrate the attack possibility) for the purpose of gaining data from a DBMS. There are four vulnerable web applications employed in the contest, each of them uses its own DBMS type. All attacks exploiting any SQL injection vector, inclusive of gaining file system access, OS commanding, brute force and binary search attacks are counted.

The winner is the first who implements an SQL injection exploitation technique in one of the web applications.
The winner will be awarded Apple iPad 3. The best ten competitors will receive prizes and gifts from Positive Technologies (the PHDays organizers) and from the forum sponsors.

WikiLeaks (http://phdays.com/program/contests/#6325)

The competition will enable participants of the forum to find out how quickly and accurately they can find hidden information on the Internet.

The competition web page will contain questions about certain organization, information about which can be found online. The task of the competition participants is to find as many correct answers to the questions as possible in the shortest time. Results will be announced at the end of the second day of the PHDays 2012 forum.

Best Reverser (http://phdays.com/program/contests/#6323)

This competition enables the participants to try their skills in reverse engineering of executable files for MS Windows platform. Every participant gets a program specially crafted for analysis. There are no limitations on techniques or software used for capturing the flags (except for the applicable laws of the Russian Federation). The winner is the first who gets all three flags and shortly describes the ways to get them.

The participants who deal with the competition tasks later than the winner or get less than three flags take the second and third places by the jury’s decision.

PHDays Online HackQuest 2012 (http://phdays.com/program/contests/#6330)

The PHDays 2012 program will include Online HackQuest, a competition for the Internet users that offers participants to try their hands at solving various information security tasks. On the forum’s second day, Online HackQuest participants will have a chance to influence the results of PHDays CTF 2012, the on-site contest.

For the competition, participants are provided with access to a VPN gateway. After connecting to it, the participants are to identify target systems and detect their vulnerabilities. If exploitation of a vulnerability is successful, the participant gains access to a key (a flag), which should be submitted to the jury via the form on the participant’s personal page. If the flag is valid, the participant gains the corresponding number of points.

PHDays Online HackQuest 2012 (http://phdays.com/program/contests/#6330): recon, networking, crypto, web, reversing, forensics, exploiting and much more!

Online HackQuest will also be available for out-of-competition participation during 14 days after PHDays 2012.

Registration is now open: http://phdays.com/personal/?register=yes]]> s4avrd0w News and Links Sun, 27 May 2012 06:53:03 -0500 http://sla.ckers.org/forum/read.php?13,49839,49839#msg-49839 http://sla.ckers.org/forum/read.php?13,49839,49839#msg-49839
http://xc0re.wordpress.com/2012/05/23/psychological-warfare/]]> xc0r3 News and Links Fri, 25 May 2012 04:20:07 -0500 http://sla.ckers.org/forum/read.php?13,49120,49120#msg-49120 http://sla.ckers.org/forum/read.php?13,49120,49120#msg-49120
Rules
For the competition, participants are provided with access to a VPN gateway. After connecting to it, the participants are to identify target systems and detect their vulnerabilities. If exploitation of a vulnerability is successful, the participant gains access to a key (a flag), which should be submitted to the jury via the form on the participant’s personal page. If the flag is valid, the participant gains the corresponding number of points.

All flags are in the MD5 format. The winner is the first participant to gain 100 points (which is the maximum possible amount). Participants who manage to gain more than 100 points are traditionally awarded with individual prizes :)

Participation Terms
Any Internet user is welcome to participate in the competition. The registration will open on the PHDays 2012 web site after the forum begins. Moreover, the Online HackQuest will also be available for out-of-competition participation during 14 days after PHDays 2012.

Prizes
Positive Technologies (the PHDays organizers) and the sponsors of the forum provide prizes and gifts for the competition.

Technical Details
The participation requires Internet connection and a possibility to establish connection to a VPN gateway via PPTP or IPSec.]]> s4avrd0w News and Links Wed, 16 May 2012 01:13:14 -0500 http://sla.ckers.org/forum/read.php?13,47893,47893#msg-47893 http://sla.ckers.org/forum/read.php?13,47893,47893#msg-47893
sucks, but o well]]> id News and Links Thu, 28 Feb 2013 08:58:13 -0600 http://sla.ckers.org/forum/read.php?13,47457,47457#msg-47457 http://sla.ckers.org/forum/read.php?13,47457,47457#msg-47457 idisappear News and Links Sat, 21 Apr 2012 18:35:34 -0500 http://sla.ckers.org/forum/read.php?13,46066,46066#msg-46066 http://sla.ckers.org/forum/read.php?13,46066,46066#msg-46066
Electronic Frontier Foundation on CISPA:
"a company like Google, Facebook or Twitter could intercept your emails and text messages, send copies to one another and to the government, and modify those communications or prevent them from reaching their destination if it fits into their plan to stop cybersecurity threats"

https://action.eff.org/o/9042/p/dia/action/public/?action_KEY=8444


Russia Today news "CISPA: Nightmare Security Bill":
https://www.youtube.com/watch?v=vjZ8-xO2pMM

Russia Today news "CISPA 101":
https://www.youtube.com/watch?v=vt3FTz9E-RQ

Wikipedia Entry:
https://en.wikipedia.org/wiki/Cyber_Intelligence_Sharing_and_Protection_Act

Let's write congress and hope this gets overturned like SOPA. Most of the politician only care about being re-elected, so tell the politicians they won't get your vote if they support it.]]> idisappear News and Links Wed, 11 Apr 2012 11:38:50 -0500 http://sla.ckers.org/forum/read.php?13,43576,43576#msg-43576 http://sla.ckers.org/forum/read.php?13,43576,43576#msg-43576
August, 15th–16th , 2012, Beijing, China (http://xcon.xfocus.net)

Upholding rigorous work style, XCon sincerely welcomes contributions from information security technique enthusiasts and expects your participation and sharing.

Attenders:
Anyone who loves information security, including information security experts and fans,network administrators, network security consultants, CIO, hacker technique fans.

Location : Beijing Jin Tai Hotel ( http://www.bjjintaihotel.com )


Topics Range (but unlimited):
--- Security in new fields
- New Bugs digging
- New offensive technologies
- Cloud Security
- 3G/4G/WINMAX,TD-SCDMA
- Web2.0
- SNS Application
- Virtualization
- Mobile Handset (IPhone / Android / Windows Mobile 7 )

---Special Network and Devices Security
- RFID
- Emergency Services
- Telecommunication Networks
- Transportation Control and Management Networks
- Supervisory Control and Data Acquisition system (SCADA)

--- Application security
- Routing device
- Encryption & decryption technique
- Protocol security & exploitation
- Web application vulnerability research
- Application reverse engineering and related automated tools
- Database security & attacks
- Advanced Trojans, worms and backdoor technique

--- Intrusion detection/forensics analysis
- Traffic analysis
- Real-time data structure recovery
- File system analysis & recovery
- Intrusion detection and anti-detection technique
- Reverse engineering (malicious code analysis technique, vulnerability research)


--- Wireless & VoIP security
- Wireless gateway
- PDA & mobile protocol analysis
- WLANs hardening & vulnerability analysis
- VoIP security & vulnerability analysis
- 802.11x, CDPD, Bluetooth, WAP/TD-SCDMA, GSM, SMS

--- P2P technique
- Instant messenger (QQ,MSN, Skype, ICQ, etc.)
- P2P application (BT, Emule, Thunder, etc.)

--- Any topics that will catch the attention of the CFP committee and/or the world.

Paper Submission:
The papers need include information as follow:
1) Brief introduction to the topic and whether the topic had been publicized, and if so, the publicized range.
2) Introduction to yourself.
3) Contact information: full name, alias, nationality, network nickname, e-mail,tel,fax,current working place and company, IM (QQ,MSN, ICQ,YM, AIM or others).
4) Presentation details:
- How long is the presentation
- If any new tool/vulnerability/Exploit code will be released
5) The paper need include both PPT (for presentation) and WORD (for detailed description) in MS Office or OpenOffice format.

All the papers will be submitted to cfp@huayongxingan.com for preliminary selection.
The deadline for submission is on July,1st,2012, and the deadline for confirmation is on July,15th,2012.
No matter if the paper is accepted, we will officially inform you within 5 work days.

Important dates:
* Deadline for submission: July,1st, 2012
* Deadline for confirmation: July,15th,2012

Speakers' privilege:
If your paper is accepted by XCon, you will be invited to give an individual lecture in XCon.
The speakers will be provided with:
- Round-trip plane ticket (Economy class, one person only, Foreign speakers up to$1,400.)
- Two days' food and accommodation
- Invitation to celebration party
- Sightseeing some famous places of interests in Beijing, tasting Chinese flavored food
- Luck draw

PS:
- Speakers must provide corresponding invoice or credential.
- XCon owns the right of final explanation about the conference.

For more information about the conference, please contact xcon@xfocus.org,xcon@huayongxingan.com or professional XCon2012 organizer. MSN: xfocusxcon@hotmail.com; tel: 086-010-62029792

Application for Attending:
In order to attend the conference, please register at XCon website (http://xcon.xfocus.net) or directly contact the organizer mentioned above.
We will offer different discounts according to the time of application.
Attenders' food and accommodation will be covered by themselves, and XCon will provide restaurant reservation and other service.

Other information :
All the information about XCon will be released on XCon and Xfocus website.
Please visit http://xcon.xfocus.org/ for more information about speakers, agenda and previous XCon documents.

Thank you for your support to XCon.]]> xcon2009 News and Links Sun, 11 Mar 2012 22:24:31 -0500 http://sla.ckers.org/forum/read.php?13,43006,43006#msg-43006 http://sla.ckers.org/forum/read.php?13,43006,43006#msg-43006
http://www.dontoutsource.com/


http://digg.com/newsbar/topnews/february_13th_2012_we_re_back_again_don_t_outsource]]> roberttt67 News and Links Fri, 09 Mar 2012 11:24:34 -0600 http://sla.ckers.org/forum/read.php?13,42516,42516#msg-42516 http://sla.ckers.org/forum/read.php?13,42516,42516#msg-42516 http://www.pcmag.com/article2/0,2817,2399698,00.asp]]> PaPPy News and Links Mon, 08 Oct 2012 14:40:23 -0500 http://sla.ckers.org/forum/read.php?13,42504,42504#msg-42504 http://sla.ckers.org/forum/read.php?13,42504,42504#msg-42504
well i decided to go to a forum: foro, re vo lu cion al dia.org, checked myself in and uploaded the picture, the site had no problems uploading the picture to my surpise i got an error:


HERE ARE THE PICS, HALO, INJECTED IMAGE WITH HXD EDITOR AND THE ERROR ON FORUM:






RESULTS AFTER UPLOADING PICTURE IN THE FORUM, THIS IS AFTER UPLOADP:

]]> johndoe News and Links Mon, 18 Jun 2012 17:54:11 -0500 http://sla.ckers.org/forum/read.php?13,42147,42147#msg-42147 http://sla.ckers.org/forum/read.php?13,42147,42147#msg-42147
Positive Russian hackers, organizers of the Positive Hack Days 2012 forum on practical information security invite you to participate in the forum as a speaker.

Positive Hack Days is a unique event, where the elite of the hacker world, leaders in the information security industry and the Internet community meet face to face to join their efforts to cooperate in addressing the most topical issues of the IT world.

PHDays 2012 means theory hand in hand with practice, professional discussion intertwined with hardcore contests, maximum experience and minimum ceremonies.

On May 30 and 31, 2012, we will be waiting for you in one of the most beautiful cities in the world – Moscow!

CONTACTS
Web site: www.phdays.com
Twitter: https://twitter.com/#!/search/phdays (@phdays)
Blog: http://phdays.blogspot.com/
LinkedIn: http://www.linkedin.com/groups/phdays-3850821?mostPopular=&gid=3850821

Submit your presentation and materials by sending a mail at: cfp@phdays.com.

PARTICIPATION

The program of Positive Hack Days includes:
- round tables and discussions for business audience
- seminars and workshops for experts and hackers
- security challenges for all comers
- CTF and HackQuest contests

PHDays offers several participation formats:
- report (1 hour)
- brief report (30 minutes)
- lightning talk (15 minutes)
- hands-on lab/workshop (up to 4 hours)

SELECTION PRINCIPLES
There are no strict restrictions for participants: anyone from a novice to a recognized expert in information security can be a speaker. Our goal is to facilitate animated, informal communication between all representatives of the information security industry.

The main requirements are an interesting topic concerning information security, novelty and urgency of the issues under consideration, professionalism and competence.

The organizers will consider every single application and select the best ones.

TOPICS
Themes of the reports should be relevant to information security. We are mostly interested in the following topics:
- security of critical information systems
- fraud management
- cybercrimes and investigation of incidents
- national and corporate security in the WikiLeaks epoch
- cyberwar and cyber spying
- protection of cloud computing and virtual infrastructure
- prevention of 0-day attacks
- forensics
- protection against DDoS
- applied cryptography
- security of industrial control systems (SCADA)
- security of business applications and ERP
- communication network security
- application security
If your report does not concern any of the above topics but covers some other aspect of information security, and you believe it will be interesting for the community, please, feel free to apply.

Note: We will not accept reports aimed at promoting certain products, services, or companies. We appreciate your understanding.

APPLICATION
Participation application should contain the following information:
- Information about the speaker
- first and last name
- CV (educational and professional background, titles, main professional achievements)
- residence (country, city)
- contact information (telephone number, email)
- Information about the report
- title
- brief summary (500 characters)
- detailed outline
- report status (whether it was published previously, where)
We highly encourage and will favor submissions contains any of the following information: tool, slides, whitepaper
It is desirable that the reports be in Russian or English.

HOW TO APPLY
Email us your application with all the required information.
The applications for participation as a speaker will be accepted in two stages:
• the first stage from December 15, 2011 to January 30, 2012;
• the second stage from February 20, 2012 to April 16, 2012.

Send your applications to cfp@phdays.com.

For any additional information, contact us at cfp@phdays.com.

After all applications are considered, the potential participants will receive letters with the results.

TRANSPORT AND ACCOMMODATION
The organizers will partially or fully pay for the transportation and accommodation of the speakers. The organizers' share is considered individually for each participant.

On our part, we guarantee all the participants 2 days of positive emotions, a good mood, interesting people, and new experience.

P.S. We are open to all positive people and ideas. Just do not suggest hard disk throwing, please.

We are waiting for your papers!

Bolshoyeh spasebaw, tovarishch!]]> s4avrd0w News and Links Tue, 10 Jan 2012 05:52:52 -0600 http://sla.ckers.org/forum/read.php?13,41218,41218#msg-41218 http://sla.ckers.org/forum/read.php?13,41218,41218#msg-41218
Congress is about to pass internet censorship, even though the vast majority of Americans are opposed. We need to kill the bill to protect our rights to free speech, privacy, and prosperity.

Go To a Town Hall

The Senate is scheduled to vote on the internet censorship bill on Tuesday, January 24th, and unless we can find 41 senators to block the vote, it is going to pass. Will you meet with your senators during the January recess and ask them to vote it down?

http://americancensorship.org/]]> Skyphire News and Links Thu, 19 Jan 2012 14:47:07 -0600 http://sla.ckers.org/forum/read.php?13,40472,40472#msg-40472 http://sla.ckers.org/forum/read.php?13,40472,40472#msg-40472
https://xc0re.wordpress.com/2011/12/25/bypass-online-filter-restriction/

Peace !]]> xc0r3 News and Links Sun, 25 Dec 2011 07:12:21 -0600 http://sla.ckers.org/forum/read.php?13,40242,40242#msg-40242 http://sla.ckers.org/forum/read.php?13,40242,40242#msg-40242
Godaddy are of course huge dicks about it and drop DNS the second the registration changes. So some data is still cached with servers that recently did lookups for the domain, and it's been over an hour, but they seem to not be respecting the TTL.

Oh well, fuck godaddy, can't wait to get the rest of our domains off there.]]> id News and Links Thu, 22 Dec 2011 14:47:22 -0600 http://sla.ckers.org/forum/read.php?13,38753,38753#msg-38753 http://sla.ckers.org/forum/read.php?13,38753,38753#msg-38753
I did make one change that hopefully will stop the current bot though.]]> id News and Links Tue, 20 Dec 2011 04:05:21 -0600