SlideShare a Scribd company logo

Interview with Yury Chemerkin

Yury Chemerkin
Yury Chemerkin

http://hakin9.org/hakin9-32012-dns-cache-poisoning/

TechnologyBusiness
1 of 6
Download to read offline
INTERVIEW Interview With Yury Chemerkin Graduated at Russian State University for the Humanities (http://rggu.com/) in 2010. At present postgraduate at RSUH. Information Security Analyst since 2009 and currently working as mobile info security researcher in Moscow. I have scientific and applied interests in the sphere of forensics, cyber security, AR, perceptive reality, semantic networks, mobile security and cloud computing. I’m researching BlackBerry Infrastructure and the effects of the trust bot-net & forensic techniques on human privacy. E-mail: yury.chemerkin@gmail.com, yury.chemerkin@facebook.com Facebook: www.facebook.com/yury.chemerkin LinkedIn: http://ru.linkedin.com/pub/yury-chemerkin/2a/434/549 Please tell us how you got involved in different areas: security email infrastructure and RFID information security. systems. First of all, my experience grew around mobile It was ever so many years ago… around 10 years and developing on .NET, and refactoring the existence I didn’t exactly how it was happen. Once I come upon systems and programming. Second, I developed some on a lot of materials discussing reverse engineering, improvements around drivers having access to hybrid- operation systems hack, phreaking and etc. Most of them hardware RFID (mix Wi-Fi and serial kinds of port COM weren’t up-to-date even 10 years ago. In that case, I had & USB) to release final product. It was commercial and to start some practice around reverse engineering using scientific product at the same time of our Technical old Microsoft version, such as Win95SE2 or Win98. It and Engineering Security sub-department in RSUH. was a strong requirement of Soft-Ice until I found a good A lyrical digression, The Russian State University for manual how to use this software on Windows XP SP1. A the Humanities (RSUH) is an educational institution bit later I found way to use virtualization like Virtual Box. which trains specialists in all areas of knowledge in First tutorials cover idea how to bypass implemented the humanities and not only humanities. RSUH has registration methods in any kind of software. It’s an Institute for Information Sciences and Security funny and a bit strange however, it was easy to crack Technologies (IISST). The first faculty in InfoSecurity „real program” like “TheBat!” rather than one of a lot sphere was founded in Moscow State Institute of History of so-called crackmes. Now you will never see or and Archive Materials in 1985. As it wasn’t related to any hear it except special web-sites such a WASM.RU, military training colleges; it was considered to be the CRACKL@B.RU or etc. While I involved in learning how faculty of specialized documents up to 1990. Nowadays to found serial numbers or to make a patch to bypass it’s an integrated part of the Institute of Information security I had to learn what (dis-)assembler looks like. I Sciences and Security Technologies within the RSUH. studied several programming language known as C++ The last 1.5 years towards to bringing of Uni diploma Builder, Pascal/Delphi because they have been having I worked at several companies and I had experience the most suitable GUI for easy-developing and ability in scumware, documentation and presentation. to implement assembler instructions. Also, I studied Most known is Kaspersky Lab that’s a dynamically cryptography (RSA, and other asymmetric scheme). In growing company that offers its employees a broad this way passed first three year. In institute I continued range of options for career development. I can’t say to improve my experience by involving in developing in this company where people come first, because any 46 03/2012
Interview With Yury Chemerkin much-heralded policy gives chance to everything to be make video tutors. Sometimes I want to disable this known by everyone. Anyway, I gained wide experience feature for specific window of specific application at in scumware researching during several months in specific time or for all windows of specific application. Kaspersky Lab only. I got missing valuables to develop I think it‘s the perfect solution, so I’m waiting several my vision about low-level security world. Second lyrical improvements in RIM’s new service named Business digression, I want to change my mobile device and try Cloud Services. It was an idea to present exploitation to find some kind of flip device a few months before. on InfoSecurityRussia 2011 conference in Moscow Then I find BlackBerry 8220 Pearl Flip. Now their new where I made a report as Hakin9 representative. Totally, flip device is known as BlackBerry Style is still keeping nothing has changed since then I attend our conference a wonderful way of stylish, even in Security. Afterwards seven years ago. They are still only exhibition to buy I came into another company that developed defence and sell. solutions. BlackBerry as known still has problems on Another critical issue is Cloud Security especially Russian market. RIM has to disable Pin-to-Pin, WiFi, under Russia’s Law. They said no one able to use it and BlackBerry Messenger for Russian law reasons. to process personal data via any service or product Another cornerstone of their problem in my country is that handling with data bypass any storage that’s not extremely awful management on my opinion. There located in Russia. Faults are in any Law; until it comes are only several companies that have a strong policies into way of life like in Russia. There’s a Convention for and procedures to implement such kind of systems the Protection of Individuals with regard to Automatic while they prefer to use iOS or Android. Even Windows Processing of Personal Data that clearly define what Mobile/Phone has ability to be implemented in MDM and how you’re able to process and handling personal (Mobile Device Management). data. Somebody says about inability use because you’ll BlackBerry is very interesting as a platform and it isn’t never receive a FSB certificate for it, despite of that each talked of placing security at the head of a table. It’s one country ratified this treaty disallowed impose constraints of the best data aggregator. Seriously, you’ll find out this on any information except state secret. Second point is idea in Android, Windows or Apple (stylish-Android). about technical or non-technical solutions sufficient Each device gives ability to setup email, weather, and condition on the orders of the government of each more but it isn’t handy. Just example, I tried to use iPad country listed in ratified list, like Ireland or Russia. 2 and I can’t to delete existing contact in address book. Now I’m involved more in researching a field of legal Do you know about right solution case? Sync it with defence (EU & RU) in case of Cloud Security and cleaned Outlook or wipe personal data from iPad while BlackBerry rather than technical field of then. Several BlackBerry can easy be found even in Porsche Cars. years ago, I think that there’s no new in this field (and Of course, BlackBerry OS isn’t capable of eating 3 GB in management field too) while technical part was a traffic per day because it continues to work a bit slower more real definition until BlackBerry and Cloud has rather clean device?. BlackBerry Playbook offers you appeared. Final example in this question section, it’s to launch Java-based Android application too. Who “fun” but I can’t buy in Russia any Cloud Solution for comes near him in the same features? I think no one non-commercial purposes and use it. I haven’t an idea except Windows Phone 8 because it hasn’t tested yet. how explain it to Russian resellers. That’s why I prefer However, there won’t be completed environment at first to buy it directly. time and I’m not sure about traffic optimization about any notRIM-device. You are currently working on a PhD in Security of BlackBerry OS… as I said BlackBerry Information Security at the Russian State is wide unique device, although you haven’t enough University for the Humanities, can you tell control to build right security policy even you’re going us little bit about your research and doctoral to implement BES. Once again, who comes near him work. in the same features? Windows has their own solution My first research in IS field was about BlackBerry MDM… its better rather than *NIX, APPLE while (it was my diploma thesis). How funny, I convinced BlackBerry is better than Windows. AWS (Amazon Web departmental officer of the truth of my words about Service) is the best among of them because of you can BlackBerry implementation but no Institute’s Director. build your custom policy where each API-method meets First my PhD idea was to continue BlackBerry policy restriction. For example, BlackBerry blocks any researching until they announced BlackBerry Cloud attempt to extract sensitive data from buffer while linked with Office 365; it’s a Cloud Solution too. Then BlackBerry Wallet or Password Keeper is running, I change my mind to field Cloud Security in Law and you may just minimize this applications and data technical area in whole. As I said in previous question has extracted successfully! Or else, you’ve installed there’s a vital issue of using cloud solutions. Another screenshot application. It’s a useful application e.g. to problem covers management men who have been www.hakin9.org/en 47
INTERVIEW talking about impossibility of such idea four years. my exploitation I try to make more stable and wide- Some of their ideas are lame arguments. That looks like covered shows ability to mislead with information and they have to start to thinking about only now if they had uncover passwords. Example, BlackBerry has a so- started at all. called developers API. It’s some kind of library to easy One month ago I try to contribute with Europe programming or implementing you environment vision organization in field of Cloud documentation toolkit… of services. Such APIs gave to me ability to intercept Let’s wait to check what comes out of it. I hope I’ll make Pin-To-Pin messages and emails, and create your own it. message based on original. There’s two ways to do it. Information security is a fairly new program • Extract data from message and replace all when it comes to various universities in desirable fields, phrases and words. Then make US, what is it like in Russia and how is the new message-object with fake data, place in any program structured there (tell us a little bit folder you want and delete original. ( I think it’s about your Masters in Information Security a forensics nightmare to recall truth from false program)? multidimensional graph) First of all, I amend that In Russia it’s a specialist • Redraw you own screen/window. User chooses degree. Our IS Institute has four departments: message and opens it. Then you can intercept it and replace text object. It’s clear that you have to • Methodology of Information Security do it regularly. • Managerial and Juridical Aspects of Information Security Some bugs or features: it’s applicable only to native • Engineering Support of Information Security applications, all application programmed by RIM! • Computer Security Others applications is applicable too but it’s very unstable than native apps, like Kaspersky Mobile The last of them (Computer Security) is my Security for BlackBerry. department. In case of diploma thesis I’ve already I started my reverse engineering with Windows answered. Our information security specialist can work OS, that’s why it looks like WinAPI issues when you in various spheres of science and technology and is can steal password from masked password field. But aimed at providing data security of all structures, either in case of Windows you have to unmask, steal and state or commercial, against modern threats in IT. It mask by asterisks it again via using exploitation. On includes: the contrary in case of BlackBerry you should only find properly field and copy data from it. You don’t even • setting up security password systems (secret codes need in unmasking. used to control access to a network system); • installing firewalls (a combination of hardware and You have several Information Security software used to control the data going into and out publications under your belt, how do you go of a network); about selecting a topic for publication and • keeping out hackers (skilled programmers who investigating that topic (what is your writing attempt to gain unauthorized access to network process)? systems);dealing with viruses (special program Sound very interesting. It seems I don’t know how I do it. written with the purpose of causing damage). All my published articles were about BlackBerry. Before I start writing I have examined BlackBerry over one year How did you get involved in reverse and following flash across my mind. I start to recombine engineering and what kind of experience do all my knowledge’s about BlackBerry to some way of you possess in that area? graceful intercepting into flows and results (under word Well, I started IS field learning from reverser result I mean action’s result that shows any requested engineering. I’ve replied first question in details about data to the user). I can remind it briefly. My first articles it. Talking about experience is very specific. When you showed ability to screen-capturing and key-stroking don’t use any your skill you are seemed to lose it. It’s emulation of inputting actions. Nothing interesting at quite right, because it very difficult to recall experience first glance as it provides by API. BES-linked device of debuggers or disassemblers in practical, except one provides once interesting control. You’re limit in thing. Once you’ve involved you start to think in right password attempts (from 3 up to 10). It you’re incorrect way to investigate the most likely outcome fault. Talking in password typing you should limit half attempts, and about BlackBerry it’s not only about different way to enter word blackberry. Afterwards, BlackBerry device control versus Amazon (AWS) solutions. The last of help you to type password using unmasked style 48 03/2012
Interview With Yury Chemerkin without any asterisks or circle. It’s default behavior got a lot of them and didn’t find anything. A reason of any BlackBerry device (BIS or BES). Let’s screen- is simple: most of HR has to find administrators of captured it! I use input simulation to add noise symbol to somewhat that’s in their software list. Several vacancies get notification about wrong password step-by-step and look like 10-in-1 employee (jack of all trades). It’s very then I screen it as clear text. If you’re a BES user say difficult to find programmer vacancy in field of security to admin to block this else you’ll be hacked. Don’t say to exclude IT programming field in common. In other else you’ll get a totally wiped device after 10 attempts words, the largest complication is how to separate are up. I didn’t develop it as full-stable exploit however it Security IT field from IT field. It’s very closed limits to defines my way of researching. In each article I tried to involve in security field while someone want you only combine such theme hacks about password, messages a nomenclatural work processes or administration. or something else. Sometimes most of companies sensify that they are still start-up with retraining of specialists even 20-25 years I noticed that you have a certification in are gone. Quantum Information, Computing and Cryptography issued by Swedish Higher Russia, amongst many other nations, has a Education, tell us more about it. bad reputation for housing Internet spam Well, roughly speaking a quantum computer is a industry, what are your thoughts on that? device for computation via utilization state based It’s a very strange, even our bureaucrats use Gmail on binary powered by some number while digital which has a powerful spam filter *sarcastic*. Anyway, it’s computers require data to be encoded into binary true, they use it. I often hear statements like this. When digits (bits). In this case, we have 2^N dimensional I try to get something information about it via Google or space as a single whole. It’s some kind of optimization Bing, I find nothing except Kaspersky statements about of amount resources requirement and way to exclude it. Of course, they may be repeated by any Mass Media miscalculation because you’ve ability to perform 2^N especially Russian Mass Media. It is well known that operations in one time unit. There are around 5-6 statistical methods are some kind of lie; they can’t be the best currently known algorithms now. To pass obvious and show all matters from one point of view. semiannual essay I choose one of them, a so-called Spam reports the most known by Kasperskywhile DrWeb Shor’s algorithm. I programmed this on PC. Shor’s has a little quantity or none, BitDefender or McAfee has algorithm deals with factorization to crack asymmetric reports based on another manner of narration. There’s cipher scheme like RSA. All these schemes based on only difference between Russian and non-Russian number theory which deals with finite set of numbers. reports: when you’re reading first type you tend to buy It’s obvious that such sets are periodic. One example, security solution (or download it via torrents, filesharing if our set counts 23 numbers that means we have 0, storages) and such reports sensify of advertising price- 1, 2, …, 22 as last number. Numbers like 34 or 57 are lists and advertising pamphlets while others (non-Russia possible but you should to extract remainder via dividing reports) are publish any documents on the merits. To your number e.g. 57 by 23. Integer part equals 2 that understand you need attend any Russian so-called mean our remainder is 57 – 23 * 2 = 57 – 46 = 11 that conferences. A good question why does it look like is placed inside this set again. You’re able also to use exhibition or why speaking time limit estimates in 15 negative number. In that case you’ve got instead “-5” 23 minutes? It’s sparkling speech, while there are 30, 45 and + (-5) = 18. That’s why idea of this algorithm was based hour speaking time limit. Russia keeps bad reputation on trying to find out solution between 0 and 22 but as because I can name it as country of fear & PR and awful well as between 0 and infinity as scaled-up probability Law. What do I see when I visit foreign web-site? It’s solution. Via digit computers such operations take too our product #, here photos, here price list. His features many resources and too much time while quantum are following; click here to choose summary or click on computer perform it in any one time as I said before. another button to see full-detailed information. What do about Russian web-site? “The malware infection carried What is the state of Information Security away an infinite number of PCs, mobile devices … Our professionals in Russia (are there enough solution is only way to keep your life and safety surfing” professionals, are there enough jobs, is Features list divide into two categories: information for employment in the field of information specialist (!), sometimes such type doesn’t exist, and security difficult)? information for others. Sometimes such web-site, which The main problem is lying not so much in field of what holding too many affected pathos without technical you say as vision of leaders/heads/managers who want details as fact, sensify to be soap bubble. Maybe their to hire someone to involve him with manufacturing solutions are really doing something; I don’t want to know processes. While you find IS specialist vacancy you’ve it, because introducing obliged to keep balance between www.hakin9.org/en 49
INTERVIEW any kinds of type information. If you decentre of gravity chosen Facebook-events, tweets, and blogs estimated too frequently it would be mean your ideas are lying in around 50k-60k per day. Too many duplication news or another field of interests. In point of defence solutions it repost and retweets, of cours I think everybody have means to me that solution covers by inactive tools. By the heard about Six degrees of separation at least once. way, half year ago was present report on BlackHat about I can’t say that my graph based on that. No, I use it groundlessness between marketing description and real intentionally to find out anything. One more example, technical ground that share these ideas I mentioned. I open any web-site in browser and I get RSS, Twitter Such statement really means that AV industry discovers (it can easy be converted to RSS flows), SlideShare, spam on devices belonged to Russian location. It’s like a Facebook, LinkedIn, several blogs (that I also convert DDoS; you can’t say that England attack Italy, for example. to RSS flow), YouTube (RSS, too, if I’m a user of this Devices (servers, home PC and etc) located in England service) and etc. Each of them shows me followers and attack devices or web-sites that located in Italy by-turn. following. Then I examine each of this flow until I am If you have ever heard about spyware you understand it. bored with this?. I repeat it for any site or external links Ok, I’m mistaken then any spam report should explain from social networks and blogs. All my notification based correlation between quantity and quality else I’m right. on RSS and Email that I can easy to read while I’m The most of them can’t bring into proper correlation offline. For example, it’s difficult to read more than 20K or methodology how it was calculates. It they can do tweets after only one day I missed. It’ awful GUI when it, you can discover too many so-called assumptions I need click button more until my browser is crashed, of certainty. In that case, you need to know final goal exceed memory limit or I forget what the last in list I like comScore does it when you buy they reports. It’s had to read was. However, Outlook file that stores RSS marketing research while others statistical pictures only tends to grow per 3GB from day to day. It’s only clean like iconographic. That’s why any statements as well as RSS-news traffic per day. Quantity of RSS channel is this are often just a figure of speech. around 800. I usually add around 20 new channels per two weeks. When such file exceeds 50GB (often per You seem to possess some experience in the a quarter of year) limit I have to export to AWS, wipe it field of Scumware, what is Scumware and from my HDD and make new by RSS-list. how were you associated with it? All my notifications include mass media news, music, Scumware as it was announced in Kaspesky Lab lifestyle, video, security, social networks and others as general definition of malicious software I worked kind of news. I think it takes new article about what of at Heuristic division Kaspersky Lab. I got a lot of resources the most useful like Make Use Of articles. By experience how AV industry deals with Trojan, viruses, the way, Make Use Of articles are best to find useful spyware and etc. what problems are in this field and information about IT, social, cloud solution to make how AV solves it. I collect missed parts that globalize technical life easier. vision about low-level part of security world there and recognized what kind of soft can be passed or caught What do you do when you are not involved by their algorithms. in information security work (your hobbies, interests, favorite music etc)? Mobile Security is a hot topic, what books or I involved in intake of knowledge. It doesn’t matter what reading material would you recommend in types of them. Several years ago my English lecturer that domain? named me as a walking encyclopedia. I’m interesting Well it’s a bit difficult because it depend everyone. I can in Mass Media, Politics, EU Law, Psychology, Billiard, recommend Syngress books and O’Reilly books. It’s a Languages. I like music especially NeoClassic, best guide about security and forensics or cloud and Symphonic Metal, Heavy Metal (KAMELOT, Edenbridge, mobile or programming. I’m likely to recommend relay Tarja Turunen, Nightwish, Ancient Bards, Visions of on whitepapers (for example, Symantec whitepapers) Atlantis…). Also, I’m pianist. I like movies released by around security field too. screenwriter and film maker Guy Stuart Ritchie (Lock, Stock and Two Smoking Barrels, Snatch, Revolver, What are some of you information sources, RocknRolla), Gore Verbinski, with actor Christian Bale do you subscribe to any magazines, blogs, and Final Destination movie. Among games I prefer twitter feed in particular? Hitman, Portal and other Valve Games, The Elder Well, I think I keep a lot of them and I don’t count Scrolls. I like fantasy and science fiction. them by now. For example, I received around 350-500 Well, I think I prefer to choose the hardest way, subscriptions emails per day, 10k-15k tweets per day (it because I’ll not meet the competition at all. was one year ago), a bit less on Facebook, around 350 notifications from LinkedIn and RSS subscription on ABY RAO 50 03/2012

Recommended

Social network privacy guide
Social network privacy guideSocial network privacy guide
Social network privacy guideYury Chemerkin
 
When developers api simplify user mode rootkits development – part ii
When developers api simplify user mode rootkits development – part iiWhen developers api simplify user mode rootkits development – part ii
When developers api simplify user mode rootkits development – part iiYury Chemerkin
 
Is Data Secure On The Password Protected Blackberry Device
Is Data Secure On The Password Protected Blackberry DeviceIs Data Secure On The Password Protected Blackberry Device
Is Data Secure On The Password Protected Blackberry DeviceYury Chemerkin
 
Social network privacy.
Social network privacy.Social network privacy.
Social network privacy.Yury Chemerkin
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewYury Chemerkin
 
Does your black berry smartphone have ears
Does your black berry smartphone have earsDoes your black berry smartphone have ears
Does your black berry smartphone have earsYury Chemerkin
 
Social Network Privacy II
Social Network Privacy IISocial Network Privacy II
Social Network Privacy IIYury Chemerkin
 
Comparison of android and black berry forensic techniques
Comparison of android and black berry forensic techniquesComparison of android and black berry forensic techniques
Comparison of android and black berry forensic techniquesYury Chemerkin
 

Recommended

Social network privacy guide
Social network privacy guideSocial network privacy guide
Social network privacy guideYury Chemerkin
 
When developers api simplify user mode rootkits development – part ii
When developers api simplify user mode rootkits development – part iiWhen developers api simplify user mode rootkits development – part ii
When developers api simplify user mode rootkits development – part iiYury Chemerkin
 
Is Data Secure On The Password Protected Blackberry Device
Is Data Secure On The Password Protected Blackberry DeviceIs Data Secure On The Password Protected Blackberry Device
Is Data Secure On The Password Protected Blackberry DeviceYury Chemerkin
 
Social network privacy.
Social network privacy.Social network privacy.
Social network privacy.Yury Chemerkin
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewYury Chemerkin
 
Does your black berry smartphone have ears
Does your black berry smartphone have earsDoes your black berry smartphone have ears
Does your black berry smartphone have earsYury Chemerkin
 
Social Network Privacy II
Social Network Privacy IISocial Network Privacy II
Social Network Privacy IIYury Chemerkin
 
Comparison of android and black berry forensic techniques
Comparison of android and black berry forensic techniquesComparison of android and black berry forensic techniques
Comparison of android and black berry forensic techniquesYury Chemerkin
 
Interview with yury chemerkin
Interview with yury chemerkinInterview with yury chemerkin
Interview with yury chemerkinSTO STRATEGY
 
Webinar Security: Apps of Steel transcription
Webinar Security: Apps of Steel transcriptionWebinar Security: Apps of Steel transcription
Webinar Security: Apps of Steel transcriptionService2Media
 
My dotJS Talk
My dotJS TalkMy dotJS Talk
My dotJS TalkBrendan Eich
 
Selje_Fox on the Run.pdf
Selje_Fox on the Run.pdfSelje_Fox on the Run.pdf
Selje_Fox on the Run.pdfEric Selje
 
The Security Of Cloud Computing
The Security Of Cloud ComputingThe Security Of Cloud Computing
The Security Of Cloud ComputingJulie May
 
Db2z bp security_transcript
Db2z bp security_transcriptDb2z bp security_transcript
Db2z bp security_transcriptCésar Medina Corona
 
Online productivity tools - SILS20090
Online productivity tools - SILS20090Online productivity tools - SILS20090
Online productivity tools - SILS20090is20090
 
Be Prepared For Byod
Be Prepared For ByodBe Prepared For Byod
Be Prepared For ByodNováccent
 
Biggest info security mistakes security innovation inc.
Biggest info security mistakes security innovation inc.Biggest info security mistakes security innovation inc.
Biggest info security mistakes security innovation inc.uNIX Jim
 
How My Website Learned to Stop Worrying and Love the Cloud
How My Website Learned to Stop Worrying and Love the CloudHow My Website Learned to Stop Worrying and Love the Cloud
How My Website Learned to Stop Worrying and Love the CloudMike Richwalsky
 
State of art of mobile forensics
State of art of mobile forensicsState of art of mobile forensics
State of art of mobile forensicsSTO STRATEGY
 
Cloud computing security - Insights
Cloud computing security - InsightsCloud computing security - Insights
Cloud computing security - Insightsgiorgiacaleffi
 
Infoworld deep dive - Mobile Security2015 updated
Infoworld deep dive - Mobile Security2015 updatedInfoworld deep dive - Mobile Security2015 updated
Infoworld deep dive - Mobile Security2015 updatedKim Jensen
 
New text document
New text documentNew text document
New text documentsleucwnq
 
New text document
New text documentNew text document
New text documentsleucwnq
 
Advantages Of Online Edu Moodle
Advantages Of Online Edu MoodleAdvantages Of Online Edu Moodle
Advantages Of Online Edu MoodleJulie Kwhl
 
Personal Cloud Application Architectures
Personal Cloud Application ArchitecturesPersonal Cloud Application Architectures
Personal Cloud Application ArchitecturesPhil Windley
 
BsidesMCR_2016-what-can-infosec-learn-from-devops
BsidesMCR_2016-what-can-infosec-learn-from-devopsBsidesMCR_2016-what-can-infosec-learn-from-devops
BsidesMCR_2016-what-can-infosec-learn-from-devopsJames '​-- Mckinlay
 
Chapter 5Overview of SecurityTechnologiesWe can’t h
Chapter 5Overview of SecurityTechnologiesWe can’t hChapter 5Overview of SecurityTechnologiesWe can’t h
Chapter 5Overview of SecurityTechnologiesWe can’t hWilheminaRossi174
 
How Global Data Availability Accelerates Collaboration And Delivers Business ...
How Global Data Availability Accelerates Collaboration And Delivers Business ...How Global Data Availability Accelerates Collaboration And Delivers Business ...
How Global Data Availability Accelerates Collaboration And Delivers Business ...Dana Gardner
 
Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...
Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...
Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...Yury Chemerkin
 
Red october. detailed malware description
Red october. detailed malware descriptionRed october. detailed malware description
Red october. detailed malware descriptionYury Chemerkin
 

More Related Content

Similar to Interview with Yury Chemerkin

Interview with yury chemerkin
Interview with yury chemerkinInterview with yury chemerkin
Interview with yury chemerkinSTO STRATEGY
 
Webinar Security: Apps of Steel transcription
Webinar Security: Apps of Steel transcriptionWebinar Security: Apps of Steel transcription
Webinar Security: Apps of Steel transcriptionService2Media
 
Selje_Fox on the Run.pdf
Selje_Fox on the Run.pdfSelje_Fox on the Run.pdf
Selje_Fox on the Run.pdfEric Selje
 
The Security Of Cloud Computing
The Security Of Cloud ComputingThe Security Of Cloud Computing
The Security Of Cloud ComputingJulie May
 
Online productivity tools - SILS20090
Online productivity tools - SILS20090Online productivity tools - SILS20090
Online productivity tools - SILS20090is20090
 
Be Prepared For Byod
Be Prepared For ByodBe Prepared For Byod
Be Prepared For ByodNováccent
 
Biggest info security mistakes security innovation inc.
Biggest info security mistakes security innovation inc.Biggest info security mistakes security innovation inc.
Biggest info security mistakes security innovation inc.uNIX Jim
 
How My Website Learned to Stop Worrying and Love the Cloud
How My Website Learned to Stop Worrying and Love the CloudHow My Website Learned to Stop Worrying and Love the Cloud
How My Website Learned to Stop Worrying and Love the CloudMike Richwalsky
 
State of art of mobile forensics
State of art of mobile forensicsState of art of mobile forensics
State of art of mobile forensicsSTO STRATEGY
 
Cloud computing security - Insights
Cloud computing security - InsightsCloud computing security - Insights
Cloud computing security - Insightsgiorgiacaleffi
 
Infoworld deep dive - Mobile Security2015 updated
Infoworld deep dive - Mobile Security2015 updatedInfoworld deep dive - Mobile Security2015 updated
Infoworld deep dive - Mobile Security2015 updatedKim Jensen
 
New text document
New text documentNew text document
New text documentsleucwnq
 
New text document
New text documentNew text document
New text documentsleucwnq
 
Advantages Of Online Edu Moodle
Advantages Of Online Edu MoodleAdvantages Of Online Edu Moodle
Advantages Of Online Edu MoodleJulie Kwhl
 
Personal Cloud Application Architectures
Personal Cloud Application ArchitecturesPersonal Cloud Application Architectures
Personal Cloud Application ArchitecturesPhil Windley
 
BsidesMCR_2016-what-can-infosec-learn-from-devops
BsidesMCR_2016-what-can-infosec-learn-from-devopsBsidesMCR_2016-what-can-infosec-learn-from-devops
BsidesMCR_2016-what-can-infosec-learn-from-devopsJames '​-- Mckinlay
 
Chapter 5Overview of SecurityTechnologiesWe can’t h
Chapter 5Overview of SecurityTechnologiesWe can’t hChapter 5Overview of SecurityTechnologiesWe can’t h
Chapter 5Overview of SecurityTechnologiesWe can’t hWilheminaRossi174
 
How Global Data Availability Accelerates Collaboration And Delivers Business ...
How Global Data Availability Accelerates Collaboration And Delivers Business ...How Global Data Availability Accelerates Collaboration And Delivers Business ...
How Global Data Availability Accelerates Collaboration And Delivers Business ...Dana Gardner
 

Similar to Interview with Yury Chemerkin (20)

Interview with yury chemerkin
Interview with yury chemerkinInterview with yury chemerkin
Interview with yury chemerkin
 
Webinar Security: Apps of Steel transcription
Webinar Security: Apps of Steel transcriptionWebinar Security: Apps of Steel transcription
Webinar Security: Apps of Steel transcription
 
My dotJS Talk
My dotJS TalkMy dotJS Talk
My dotJS Talk
 
Selje_Fox on the Run.pdf
Selje_Fox on the Run.pdfSelje_Fox on the Run.pdf
Selje_Fox on the Run.pdf
 
The Security Of Cloud Computing
The Security Of Cloud ComputingThe Security Of Cloud Computing
The Security Of Cloud Computing
 
Db2z bp security_transcript
Db2z bp security_transcriptDb2z bp security_transcript
Db2z bp security_transcript
 
Online productivity tools - SILS20090
Online productivity tools - SILS20090Online productivity tools - SILS20090
Online productivity tools - SILS20090
 
Be Prepared For Byod
Be Prepared For ByodBe Prepared For Byod
Be Prepared For Byod
 
Biggest info security mistakes security innovation inc.
Biggest info security mistakes security innovation inc.Biggest info security mistakes security innovation inc.
Biggest info security mistakes security innovation inc.
 
How My Website Learned to Stop Worrying and Love the Cloud
How My Website Learned to Stop Worrying and Love the CloudHow My Website Learned to Stop Worrying and Love the Cloud
How My Website Learned to Stop Worrying and Love the Cloud
 
State of art of mobile forensics
State of art of mobile forensicsState of art of mobile forensics
State of art of mobile forensics
 
Cloud computing security - Insights
Cloud computing security - InsightsCloud computing security - Insights
Cloud computing security - Insights
 
Infoworld deep dive - Mobile Security2015 updated
Infoworld deep dive - Mobile Security2015 updatedInfoworld deep dive - Mobile Security2015 updated
Infoworld deep dive - Mobile Security2015 updated
 
New text document
New text documentNew text document
New text document
 
New text document
New text documentNew text document
New text document
 
Advantages Of Online Edu Moodle
Advantages Of Online Edu MoodleAdvantages Of Online Edu Moodle
Advantages Of Online Edu Moodle
 
Personal Cloud Application Architectures
Personal Cloud Application ArchitecturesPersonal Cloud Application Architectures
Personal Cloud Application Architectures
 
BsidesMCR_2016-what-can-infosec-learn-from-devops
BsidesMCR_2016-what-can-infosec-learn-from-devopsBsidesMCR_2016-what-can-infosec-learn-from-devops
BsidesMCR_2016-what-can-infosec-learn-from-devops
 
Chapter 5Overview of SecurityTechnologiesWe can’t h
Chapter 5Overview of SecurityTechnologiesWe can’t hChapter 5Overview of SecurityTechnologiesWe can’t h
Chapter 5Overview of SecurityTechnologiesWe can’t h
 
How Global Data Availability Accelerates Collaboration And Delivers Business ...
How Global Data Availability Accelerates Collaboration And Delivers Business ...How Global Data Availability Accelerates Collaboration And Delivers Business ...
How Global Data Availability Accelerates Collaboration And Delivers Business ...
 

More from Yury Chemerkin

Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...
Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...
Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...Yury Chemerkin
 
Red october. detailed malware description
Red october. detailed malware descriptionRed october. detailed malware description
Red october. detailed malware descriptionYury Chemerkin
 
Comment crew indicators of compromise
Comment crew indicators of compromiseComment crew indicators of compromise
Comment crew indicators of compromiseYury Chemerkin
 
Appendix g iocs readme
Appendix g iocs readmeAppendix g iocs readme
Appendix g iocs readmeYury Chemerkin
 
Appendix f (digital) ssl certificates
Appendix f (digital) ssl certificatesAppendix f (digital) ssl certificates
Appendix f (digital) ssl certificatesYury Chemerkin
 
Appendix e (digital) md5s
Appendix e (digital) md5sAppendix e (digital) md5s
Appendix e (digital) md5sYury Chemerkin
 
Appendix d (digital) fqd ns
Appendix d (digital) fqd nsAppendix d (digital) fqd ns
Appendix d (digital) fqd nsYury Chemerkin
 
6071f3f4 40e6-4c7b-8868-3b0b21a9f601
6071f3f4 40e6-4c7b-8868-3b0b21a9f6016071f3f4 40e6-4c7b-8868-3b0b21a9f601
6071f3f4 40e6-4c7b-8868-3b0b21a9f601Yury Chemerkin
 
Zane lackey. security at scale. web application security in a continuous depl...
Zane lackey. security at scale. web application security in a continuous depl...Zane lackey. security at scale. web application security in a continuous depl...
Zane lackey. security at scale. web application security in a continuous depl...Yury Chemerkin
 
Windows 8. important considerations for computer forensics and electronic dis...
Windows 8. important considerations for computer forensics and electronic dis...Windows 8. important considerations for computer forensics and electronic dis...
Windows 8. important considerations for computer forensics and electronic dis...Yury Chemerkin
 
The stuxnet computer worm. harbinger of an emerging warfare capability
The stuxnet computer worm. harbinger of an emerging warfare capabilityThe stuxnet computer worm. harbinger of an emerging warfare capability
The stuxnet computer worm. harbinger of an emerging warfare capabilityYury Chemerkin
 
Stuxnet. analysis, myths, realities
Stuxnet. analysis, myths, realitiesStuxnet. analysis, myths, realities
Stuxnet. analysis, myths, realitiesYury Chemerkin
 
Stuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learnedStuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learnedYury Chemerkin
 
Sophos ransom ware fake antivirus
Sophos ransom ware fake antivirusSophos ransom ware fake antivirus
Sophos ransom ware fake antivirusYury Chemerkin
 
Six months later – a report card on google’s demotion of pirate sites
Six months later – a report card on google’s demotion of pirate sitesSix months later – a report card on google’s demotion of pirate sites
Six months later – a report card on google’s demotion of pirate sitesYury Chemerkin
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guideYury Chemerkin
 
Security configuration recommendations for apple i os 5 devices
Security configuration recommendations for apple i os 5 devicesSecurity configuration recommendations for apple i os 5 devices
Security configuration recommendations for apple i os 5 devicesYury Chemerkin
 
Render man. hacker + airplanes = no good can come of this
Render man. hacker + airplanes = no good can come of thisRender man. hacker + airplanes = no good can come of this
Render man. hacker + airplanes = no good can come of thisYury Chemerkin
 

More from Yury Chemerkin (20)

Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...
Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...
Security Vulnerability Notice SE-2012-01-PUBLIC [Security vulnerabilities in ...
 
Red october. detailed malware description
Red october. detailed malware descriptionRed october. detailed malware description
Red october. detailed malware description
 
Comment crew indicators of compromise
Comment crew indicators of compromiseComment crew indicators of compromise
Comment crew indicators of compromise
 
Appendix g iocs readme
Appendix g iocs readmeAppendix g iocs readme
Appendix g iocs readme
 
Appendix f (digital) ssl certificates
Appendix f (digital) ssl certificatesAppendix f (digital) ssl certificates
Appendix f (digital) ssl certificates
 
Appendix e (digital) md5s
Appendix e (digital) md5sAppendix e (digital) md5s
Appendix e (digital) md5s
 
Appendix d (digital) fqd ns
Appendix d (digital) fqd nsAppendix d (digital) fqd ns
Appendix d (digital) fqd ns
 
6071f3f4 40e6-4c7b-8868-3b0b21a9f601
6071f3f4 40e6-4c7b-8868-3b0b21a9f6016071f3f4 40e6-4c7b-8868-3b0b21a9f601
6071f3f4 40e6-4c7b-8868-3b0b21a9f601
 
Jp3 13
Jp3 13Jp3 13
Jp3 13
 
Zane lackey. security at scale. web application security in a continuous depl...
Zane lackey. security at scale. web application security in a continuous depl...Zane lackey. security at scale. web application security in a continuous depl...
Zane lackey. security at scale. web application security in a continuous depl...
 
Windows 8. important considerations for computer forensics and electronic dis...
Windows 8. important considerations for computer forensics and electronic dis...Windows 8. important considerations for computer forensics and electronic dis...
Windows 8. important considerations for computer forensics and electronic dis...
 
The stuxnet computer worm. harbinger of an emerging warfare capability
The stuxnet computer worm. harbinger of an emerging warfare capabilityThe stuxnet computer worm. harbinger of an emerging warfare capability
The stuxnet computer worm. harbinger of an emerging warfare capability
 
Stuxnet. analysis, myths, realities
Stuxnet. analysis, myths, realitiesStuxnet. analysis, myths, realities
Stuxnet. analysis, myths, realities
 
Stuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learnedStuxnet redux. malware attribution & lessons learned
Stuxnet redux. malware attribution & lessons learned
 
Sophos ransom ware fake antivirus
Sophos ransom ware fake antivirusSophos ransom ware fake antivirus
Sophos ransom ware fake antivirus
 
Six months later – a report card on google’s demotion of pirate sites
Six months later – a report card on google’s demotion of pirate sitesSix months later – a report card on google’s demotion of pirate sites
Six months later – a report card on google’s demotion of pirate sites
 
Security in the cloud planning guide
Security in the cloud planning guideSecurity in the cloud planning guide
Security in the cloud planning guide
 
Security configuration recommendations for apple i os 5 devices
Security configuration recommendations for apple i os 5 devicesSecurity configuration recommendations for apple i os 5 devices
Security configuration recommendations for apple i os 5 devices
 
Render man. hacker + airplanes = no good can come of this
Render man. hacker + airplanes = no good can come of thisRender man. hacker + airplanes = no good can come of this
Render man. hacker + airplanes = no good can come of this
 
Msft oracle brief
Msft oracle briefMsft oracle brief
Msft oracle brief
 

Recently uploaded

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 

Recently uploaded (20)

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 

Interview with Yury Chemerkin

  • 1.
  • 2. INTERVIEW Interview With Yury Chemerkin Graduated at Russian State University for the Humanities (http://rggu.com/) in 2010. At present postgraduate at RSUH. Information Security Analyst since 2009 and currently working as mobile info security researcher in Moscow. I have scientific and applied interests in the sphere of forensics, cyber security, AR, perceptive reality, semantic networks, mobile security and cloud computing. I’m researching BlackBerry Infrastructure and the effects of the trust bot-net & forensic techniques on human privacy. E-mail: yury.chemerkin@gmail.com, yury.chemerkin@facebook.com Facebook: www.facebook.com/yury.chemerkin LinkedIn: http://ru.linkedin.com/pub/yury-chemerkin/2a/434/549 Please tell us how you got involved in different areas: security email infrastructure and RFID information security. systems. First of all, my experience grew around mobile It was ever so many years ago… around 10 years and developing on .NET, and refactoring the existence I didn’t exactly how it was happen. Once I come upon systems and programming. Second, I developed some on a lot of materials discussing reverse engineering, improvements around drivers having access to hybrid- operation systems hack, phreaking and etc. Most of them hardware RFID (mix Wi-Fi and serial kinds of port COM weren’t up-to-date even 10 years ago. In that case, I had & USB) to release final product. It was commercial and to start some practice around reverse engineering using scientific product at the same time of our Technical old Microsoft version, such as Win95SE2 or Win98. It and Engineering Security sub-department in RSUH. was a strong requirement of Soft-Ice until I found a good A lyrical digression, The Russian State University for manual how to use this software on Windows XP SP1. A the Humanities (RSUH) is an educational institution bit later I found way to use virtualization like Virtual Box. which trains specialists in all areas of knowledge in First tutorials cover idea how to bypass implemented the humanities and not only humanities. RSUH has registration methods in any kind of software. It’s an Institute for Information Sciences and Security funny and a bit strange however, it was easy to crack Technologies (IISST). The first faculty in InfoSecurity „real program” like “TheBat!” rather than one of a lot sphere was founded in Moscow State Institute of History of so-called crackmes. Now you will never see or and Archive Materials in 1985. As it wasn’t related to any hear it except special web-sites such a WASM.RU, military training colleges; it was considered to be the CRACKL@B.RU or etc. While I involved in learning how faculty of specialized documents up to 1990. Nowadays to found serial numbers or to make a patch to bypass it’s an integrated part of the Institute of Information security I had to learn what (dis-)assembler looks like. I Sciences and Security Technologies within the RSUH. studied several programming language known as C++ The last 1.5 years towards to bringing of Uni diploma Builder, Pascal/Delphi because they have been having I worked at several companies and I had experience the most suitable GUI for easy-developing and ability in scumware, documentation and presentation. to implement assembler instructions. Also, I studied Most known is Kaspersky Lab that’s a dynamically cryptography (RSA, and other asymmetric scheme). In growing company that offers its employees a broad this way passed first three year. In institute I continued range of options for career development. I can’t say to improve my experience by involving in developing in this company where people come first, because any 46 03/2012
  • 3. Interview With Yury Chemerkin much-heralded policy gives chance to everything to be make video tutors. Sometimes I want to disable this known by everyone. Anyway, I gained wide experience feature for specific window of specific application at in scumware researching during several months in specific time or for all windows of specific application. Kaspersky Lab only. I got missing valuables to develop I think it‘s the perfect solution, so I’m waiting several my vision about low-level security world. Second lyrical improvements in RIM’s new service named Business digression, I want to change my mobile device and try Cloud Services. It was an idea to present exploitation to find some kind of flip device a few months before. on InfoSecurityRussia 2011 conference in Moscow Then I find BlackBerry 8220 Pearl Flip. Now their new where I made a report as Hakin9 representative. Totally, flip device is known as BlackBerry Style is still keeping nothing has changed since then I attend our conference a wonderful way of stylish, even in Security. Afterwards seven years ago. They are still only exhibition to buy I came into another company that developed defence and sell. solutions. BlackBerry as known still has problems on Another critical issue is Cloud Security especially Russian market. RIM has to disable Pin-to-Pin, WiFi, under Russia’s Law. They said no one able to use it and BlackBerry Messenger for Russian law reasons. to process personal data via any service or product Another cornerstone of their problem in my country is that handling with data bypass any storage that’s not extremely awful management on my opinion. There located in Russia. Faults are in any Law; until it comes are only several companies that have a strong policies into way of life like in Russia. There’s a Convention for and procedures to implement such kind of systems the Protection of Individuals with regard to Automatic while they prefer to use iOS or Android. Even Windows Processing of Personal Data that clearly define what Mobile/Phone has ability to be implemented in MDM and how you’re able to process and handling personal (Mobile Device Management). data. Somebody says about inability use because you’ll BlackBerry is very interesting as a platform and it isn’t never receive a FSB certificate for it, despite of that each talked of placing security at the head of a table. It’s one country ratified this treaty disallowed impose constraints of the best data aggregator. Seriously, you’ll find out this on any information except state secret. Second point is idea in Android, Windows or Apple (stylish-Android). about technical or non-technical solutions sufficient Each device gives ability to setup email, weather, and condition on the orders of the government of each more but it isn’t handy. Just example, I tried to use iPad country listed in ratified list, like Ireland or Russia. 2 and I can’t to delete existing contact in address book. Now I’m involved more in researching a field of legal Do you know about right solution case? Sync it with defence (EU & RU) in case of Cloud Security and cleaned Outlook or wipe personal data from iPad while BlackBerry rather than technical field of then. Several BlackBerry can easy be found even in Porsche Cars. years ago, I think that there’s no new in this field (and Of course, BlackBerry OS isn’t capable of eating 3 GB in management field too) while technical part was a traffic per day because it continues to work a bit slower more real definition until BlackBerry and Cloud has rather clean device?. BlackBerry Playbook offers you appeared. Final example in this question section, it’s to launch Java-based Android application too. Who “fun” but I can’t buy in Russia any Cloud Solution for comes near him in the same features? I think no one non-commercial purposes and use it. I haven’t an idea except Windows Phone 8 because it hasn’t tested yet. how explain it to Russian resellers. That’s why I prefer However, there won’t be completed environment at first to buy it directly. time and I’m not sure about traffic optimization about any notRIM-device. You are currently working on a PhD in Security of BlackBerry OS… as I said BlackBerry Information Security at the Russian State is wide unique device, although you haven’t enough University for the Humanities, can you tell control to build right security policy even you’re going us little bit about your research and doctoral to implement BES. Once again, who comes near him work. in the same features? Windows has their own solution My first research in IS field was about BlackBerry MDM… its better rather than *NIX, APPLE while (it was my diploma thesis). How funny, I convinced BlackBerry is better than Windows. AWS (Amazon Web departmental officer of the truth of my words about Service) is the best among of them because of you can BlackBerry implementation but no Institute’s Director. build your custom policy where each API-method meets First my PhD idea was to continue BlackBerry policy restriction. For example, BlackBerry blocks any researching until they announced BlackBerry Cloud attempt to extract sensitive data from buffer while linked with Office 365; it’s a Cloud Solution too. Then BlackBerry Wallet or Password Keeper is running, I change my mind to field Cloud Security in Law and you may just minimize this applications and data technical area in whole. As I said in previous question has extracted successfully! Or else, you’ve installed there’s a vital issue of using cloud solutions. Another screenshot application. It’s a useful application e.g. to problem covers management men who have been www.hakin9.org/en 47
  • 4. INTERVIEW talking about impossibility of such idea four years. my exploitation I try to make more stable and wide- Some of their ideas are lame arguments. That looks like covered shows ability to mislead with information and they have to start to thinking about only now if they had uncover passwords. Example, BlackBerry has a so- started at all. called developers API. It’s some kind of library to easy One month ago I try to contribute with Europe programming or implementing you environment vision organization in field of Cloud documentation toolkit… of services. Such APIs gave to me ability to intercept Let’s wait to check what comes out of it. I hope I’ll make Pin-To-Pin messages and emails, and create your own it. message based on original. There’s two ways to do it. Information security is a fairly new program • Extract data from message and replace all when it comes to various universities in desirable fields, phrases and words. Then make US, what is it like in Russia and how is the new message-object with fake data, place in any program structured there (tell us a little bit folder you want and delete original. ( I think it’s about your Masters in Information Security a forensics nightmare to recall truth from false program)? multidimensional graph) First of all, I amend that In Russia it’s a specialist • Redraw you own screen/window. User chooses degree. Our IS Institute has four departments: message and opens it. Then you can intercept it and replace text object. It’s clear that you have to • Methodology of Information Security do it regularly. • Managerial and Juridical Aspects of Information Security Some bugs or features: it’s applicable only to native • Engineering Support of Information Security applications, all application programmed by RIM! • Computer Security Others applications is applicable too but it’s very unstable than native apps, like Kaspersky Mobile The last of them (Computer Security) is my Security for BlackBerry. department. In case of diploma thesis I’ve already I started my reverse engineering with Windows answered. Our information security specialist can work OS, that’s why it looks like WinAPI issues when you in various spheres of science and technology and is can steal password from masked password field. But aimed at providing data security of all structures, either in case of Windows you have to unmask, steal and state or commercial, against modern threats in IT. It mask by asterisks it again via using exploitation. On includes: the contrary in case of BlackBerry you should only find properly field and copy data from it. You don’t even • setting up security password systems (secret codes need in unmasking. used to control access to a network system); • installing firewalls (a combination of hardware and You have several Information Security software used to control the data going into and out publications under your belt, how do you go of a network); about selecting a topic for publication and • keeping out hackers (skilled programmers who investigating that topic (what is your writing attempt to gain unauthorized access to network process)? systems);dealing with viruses (special program Sound very interesting. It seems I don’t know how I do it. written with the purpose of causing damage). All my published articles were about BlackBerry. Before I start writing I have examined BlackBerry over one year How did you get involved in reverse and following flash across my mind. I start to recombine engineering and what kind of experience do all my knowledge’s about BlackBerry to some way of you possess in that area? graceful intercepting into flows and results (under word Well, I started IS field learning from reverser result I mean action’s result that shows any requested engineering. I’ve replied first question in details about data to the user). I can remind it briefly. My first articles it. Talking about experience is very specific. When you showed ability to screen-capturing and key-stroking don’t use any your skill you are seemed to lose it. It’s emulation of inputting actions. Nothing interesting at quite right, because it very difficult to recall experience first glance as it provides by API. BES-linked device of debuggers or disassemblers in practical, except one provides once interesting control. You’re limit in thing. Once you’ve involved you start to think in right password attempts (from 3 up to 10). It you’re incorrect way to investigate the most likely outcome fault. Talking in password typing you should limit half attempts, and about BlackBerry it’s not only about different way to enter word blackberry. Afterwards, BlackBerry device control versus Amazon (AWS) solutions. The last of help you to type password using unmasked style 48 03/2012
  • 5. Interview With Yury Chemerkin without any asterisks or circle. It’s default behavior got a lot of them and didn’t find anything. A reason of any BlackBerry device (BIS or BES). Let’s screen- is simple: most of HR has to find administrators of captured it! I use input simulation to add noise symbol to somewhat that’s in their software list. Several vacancies get notification about wrong password step-by-step and look like 10-in-1 employee (jack of all trades). It’s very then I screen it as clear text. If you’re a BES user say difficult to find programmer vacancy in field of security to admin to block this else you’ll be hacked. Don’t say to exclude IT programming field in common. In other else you’ll get a totally wiped device after 10 attempts words, the largest complication is how to separate are up. I didn’t develop it as full-stable exploit however it Security IT field from IT field. It’s very closed limits to defines my way of researching. In each article I tried to involve in security field while someone want you only combine such theme hacks about password, messages a nomenclatural work processes or administration. or something else. Sometimes most of companies sensify that they are still start-up with retraining of specialists even 20-25 years I noticed that you have a certification in are gone. Quantum Information, Computing and Cryptography issued by Swedish Higher Russia, amongst many other nations, has a Education, tell us more about it. bad reputation for housing Internet spam Well, roughly speaking a quantum computer is a industry, what are your thoughts on that? device for computation via utilization state based It’s a very strange, even our bureaucrats use Gmail on binary powered by some number while digital which has a powerful spam filter *sarcastic*. Anyway, it’s computers require data to be encoded into binary true, they use it. I often hear statements like this. When digits (bits). In this case, we have 2^N dimensional I try to get something information about it via Google or space as a single whole. It’s some kind of optimization Bing, I find nothing except Kaspersky statements about of amount resources requirement and way to exclude it. Of course, they may be repeated by any Mass Media miscalculation because you’ve ability to perform 2^N especially Russian Mass Media. It is well known that operations in one time unit. There are around 5-6 statistical methods are some kind of lie; they can’t be the best currently known algorithms now. To pass obvious and show all matters from one point of view. semiannual essay I choose one of them, a so-called Spam reports the most known by Kasperskywhile DrWeb Shor’s algorithm. I programmed this on PC. Shor’s has a little quantity or none, BitDefender or McAfee has algorithm deals with factorization to crack asymmetric reports based on another manner of narration. There’s cipher scheme like RSA. All these schemes based on only difference between Russian and non-Russian number theory which deals with finite set of numbers. reports: when you’re reading first type you tend to buy It’s obvious that such sets are periodic. One example, security solution (or download it via torrents, filesharing if our set counts 23 numbers that means we have 0, storages) and such reports sensify of advertising price- 1, 2, …, 22 as last number. Numbers like 34 or 57 are lists and advertising pamphlets while others (non-Russia possible but you should to extract remainder via dividing reports) are publish any documents on the merits. To your number e.g. 57 by 23. Integer part equals 2 that understand you need attend any Russian so-called mean our remainder is 57 – 23 * 2 = 57 – 46 = 11 that conferences. A good question why does it look like is placed inside this set again. You’re able also to use exhibition or why speaking time limit estimates in 15 negative number. In that case you’ve got instead “-5” 23 minutes? It’s sparkling speech, while there are 30, 45 and + (-5) = 18. That’s why idea of this algorithm was based hour speaking time limit. Russia keeps bad reputation on trying to find out solution between 0 and 22 but as because I can name it as country of fear & PR and awful well as between 0 and infinity as scaled-up probability Law. What do I see when I visit foreign web-site? It’s solution. Via digit computers such operations take too our product #, here photos, here price list. His features many resources and too much time while quantum are following; click here to choose summary or click on computer perform it in any one time as I said before. another button to see full-detailed information. What do about Russian web-site? “The malware infection carried What is the state of Information Security away an infinite number of PCs, mobile devices … Our professionals in Russia (are there enough solution is only way to keep your life and safety surfing” professionals, are there enough jobs, is Features list divide into two categories: information for employment in the field of information specialist (!), sometimes such type doesn’t exist, and security difficult)? information for others. Sometimes such web-site, which The main problem is lying not so much in field of what holding too many affected pathos without technical you say as vision of leaders/heads/managers who want details as fact, sensify to be soap bubble. Maybe their to hire someone to involve him with manufacturing solutions are really doing something; I don’t want to know processes. While you find IS specialist vacancy you’ve it, because introducing obliged to keep balance between www.hakin9.org/en 49
  • 6. INTERVIEW any kinds of type information. If you decentre of gravity chosen Facebook-events, tweets, and blogs estimated too frequently it would be mean your ideas are lying in around 50k-60k per day. Too many duplication news or another field of interests. In point of defence solutions it repost and retweets, of cours I think everybody have means to me that solution covers by inactive tools. By the heard about Six degrees of separation at least once. way, half year ago was present report on BlackHat about I can’t say that my graph based on that. No, I use it groundlessness between marketing description and real intentionally to find out anything. One more example, technical ground that share these ideas I mentioned. I open any web-site in browser and I get RSS, Twitter Such statement really means that AV industry discovers (it can easy be converted to RSS flows), SlideShare, spam on devices belonged to Russian location. It’s like a Facebook, LinkedIn, several blogs (that I also convert DDoS; you can’t say that England attack Italy, for example. to RSS flow), YouTube (RSS, too, if I’m a user of this Devices (servers, home PC and etc) located in England service) and etc. Each of them shows me followers and attack devices or web-sites that located in Italy by-turn. following. Then I examine each of this flow until I am If you have ever heard about spyware you understand it. bored with this?. I repeat it for any site or external links Ok, I’m mistaken then any spam report should explain from social networks and blogs. All my notification based correlation between quantity and quality else I’m right. on RSS and Email that I can easy to read while I’m The most of them can’t bring into proper correlation offline. For example, it’s difficult to read more than 20K or methodology how it was calculates. It they can do tweets after only one day I missed. It’ awful GUI when it, you can discover too many so-called assumptions I need click button more until my browser is crashed, of certainty. In that case, you need to know final goal exceed memory limit or I forget what the last in list I like comScore does it when you buy they reports. It’s had to read was. However, Outlook file that stores RSS marketing research while others statistical pictures only tends to grow per 3GB from day to day. It’s only clean like iconographic. That’s why any statements as well as RSS-news traffic per day. Quantity of RSS channel is this are often just a figure of speech. around 800. I usually add around 20 new channels per two weeks. When such file exceeds 50GB (often per You seem to possess some experience in the a quarter of year) limit I have to export to AWS, wipe it field of Scumware, what is Scumware and from my HDD and make new by RSS-list. how were you associated with it? All my notifications include mass media news, music, Scumware as it was announced in Kaspesky Lab lifestyle, video, security, social networks and others as general definition of malicious software I worked kind of news. I think it takes new article about what of at Heuristic division Kaspersky Lab. I got a lot of resources the most useful like Make Use Of articles. By experience how AV industry deals with Trojan, viruses, the way, Make Use Of articles are best to find useful spyware and etc. what problems are in this field and information about IT, social, cloud solution to make how AV solves it. I collect missed parts that globalize technical life easier. vision about low-level part of security world there and recognized what kind of soft can be passed or caught What do you do when you are not involved by their algorithms. in information security work (your hobbies, interests, favorite music etc)? Mobile Security is a hot topic, what books or I involved in intake of knowledge. It doesn’t matter what reading material would you recommend in types of them. Several years ago my English lecturer that domain? named me as a walking encyclopedia. I’m interesting Well it’s a bit difficult because it depend everyone. I can in Mass Media, Politics, EU Law, Psychology, Billiard, recommend Syngress books and O’Reilly books. It’s a Languages. I like music especially NeoClassic, best guide about security and forensics or cloud and Symphonic Metal, Heavy Metal (KAMELOT, Edenbridge, mobile or programming. I’m likely to recommend relay Tarja Turunen, Nightwish, Ancient Bards, Visions of on whitepapers (for example, Symantec whitepapers) Atlantis…). Also, I’m pianist. I like movies released by around security field too. screenwriter and film maker Guy Stuart Ritchie (Lock, Stock and Two Smoking Barrels, Snatch, Revolver, What are some of you information sources, RocknRolla), Gore Verbinski, with actor Christian Bale do you subscribe to any magazines, blogs, and Final Destination movie. Among games I prefer twitter feed in particular? Hitman, Portal and other Valve Games, The Elder Well, I think I keep a lot of them and I don’t count Scrolls. I like fantasy and science fiction. them by now. For example, I received around 350-500 Well, I think I prefer to choose the hardest way, subscriptions emails per day, 10k-15k tweets per day (it because I’ll not meet the competition at all. was one year ago), a bit less on Facebook, around 350 notifications from LinkedIn and RSS subscription on ABY RAO 50 03/2012