Schedule Chaos Communication Camp 2019

Opening Ceremony

A hearty welcome me lasses and lads!

card10 Badge

Introducing you to card10, the 2019 camp badge, bio monitor, wrist worn POV device, and everything else your imagination comes up with.

This year's 0b10nd edition of the camp badge is card10. It comes packed with biosensors and can talk to many devices with BLE (Bluetooth Low Energy). As always with camp badges, it comes with some space to extend it with further electronics and this time a programming interface that is even easier to use, so you can individualize your card10 and pick up some new skills on the way.
In this talk, we will tell you more about the technical details of card10, the considerations behind making the new badge, and what card10 taught us on the way to camp.
You, too, can join us in integrating the badge into 2019 camp life, by creating your own interh4cktions. We will show you how, with some examples of interh4cktions we already know about for inspiration.
Before you leave to forge your own path through camp2019 with card10 by your side, we will share some highlights from the camp events around card10, how you can keep your finger on the pulse of card10 news, release your card10 interh4cktions to camp, and add your own self organised card10 sessions.
other card10 devices, probably also your

find out more: https://card10.badge.events.ccc.de/
FAQ: https://card10.badge.events.ccc.d...

Knoten 101

Die CCC-family geht campen, das heisst der Knoten wird ausnahmsweise vom abstrakten mathematischen Konzept zur ganz realen Anwendung von Seil und Schnur. Was da alles schiefgehen kann, wo Knoten herkommen und wer sie verwendet wird hier kurz und k...

Knoten sind eines dieser Dinge, die man anwendet bevor man sich bewusst ist was man da gerade tut, und gleichzeitig gibt es so viele verschiedene Knoten die in anderen Umfeldern verwendet werden, dass ein ganzheitlicher Überblick über die Materie kaum zu kriegen ist, nicht zuletzt wegen den horrenden Nomenklaturproblemen. In relativ kurzer Zeit werden hier die gefährlichsten, schlechtesten, praktischsten und unbekanntesten Knoten gezeigt, komplett ohne Mathematik und dergleichen.

The Great British Drone Panic

Looking at the sorry saga of drone incident reports and drone-related airport closures in the UK, and shining a light on the woefully poor quality of official investigations, police response, and media reporting.

Over the last few years the UK has seen a public moral panic over reported air proximity incidents between drones and aircraft, including highly-publicised closures of major airports. This has resulted in ever more stringent rules being proposed for drone and multirotor hobbyists. Unfortunately while there have been a lot of reports and a huge amount of hype, in none of the cases has any tangible evidence or proof been produced. Reading official reports raises only questions about their woeful inadequacy, police responses have been ham-fisted and incompetent, and media reporting has been sensationalist and devoid of factual basis or responsible investigation. This talk is built upon several years of reporting on these stories, and aims to throw some light upon the whole sorry saga.

Hacking Containers and Kubernetes

The talks shows the security model of Kubernetes and how to detect and fight security weaknesses with a few lines of scripting.

Hidden under the hood of Kubernetes are a lot of security features. Starting from the Linux namespaces used in containers to the network there are a lot of configurations with many bells and whistles supporting or totally destroying the security of a cluster

The talk gives an overview of the container escape vulnerabilities in the wild, that are documented in the CVE database. Simple scripts are shown to check clusters for vulnerabilities. The scripts are used to analyze Istio, the "trust nothing" distributed firewall solution, and find an exploitable attack immediately. This would be a script kiddie attack, if they already would have started using Kubernetes and Istio.

Finally, it is shown, how Istio has handled the bug report and how future versions from 1.2 will close the exploit using the Container Network Interface (CNI).

Make Your Tech and Wear It Too

In this talk i’d like to give an introduction to the materials, tools, skills and energies involved in making electronic textiles and tailoring wearable technology, which has been my practice for the past 13 years.

In this talk i’d like to give an introduction to the materials, tools, skills and energies involved in making electronic textiles and tailoring wearable technology, which has been my practice for the past 13 years.
I would like to demonstrate examples of textile sensors and actuators and explain the technical details involved in both the engineering and crafting of the open source designs which i publish on my website titled How To Get What You Want.
And i would like to walk through my process of tailoring wearable technology commissions that have been for artistic, prosthetic and research purposes.
I have many photos and videos to show, not only of the finished works but also of the often messy struggle it takes to get things to work. I can also bring live demonstrations of some of the designs.

Reporting from Brussels: The state of Digital Rights

Come and find out how digital rights will be impacted by the new European Parliament, European Commission and Brexit. In the process, get updates about the burning topics we are following in the EU institutions.

New European Parliament (EP), new European Commission(EC), possibly Brexit. Nevertheless, the same digital rights we're fighting for.

In this talk we will give you an update on what the results of the European Parliament look like, what characterises the new EU Commission and how likely it is that Brexit happens in November 2019.

More, we'll update you on the topics we have our eyes on in the EU institutions: the future of content moderation and platform liability in Europe, confidentiality of our communications (ePrivacy), access to data cross-borders by law enforcement, net neutrality, data retention reloaded, algorithms (including upload filters), AI regulation.Finally, we unite the 2 parts: what do the new developments in the EP, EC and Brexity mean for our digital rights fight? How will our rights and freedoms online be impacted by the new environment? Are there new ways and avenues to mobilise and influence policy-making across Europe?

There's only one way to find out. See you at the talk!

Fomu - an FPGA inside your USB port!

DoH or Don't

Seldom have DNS protocol changes sparked such fierce debate as happen in the case of DNS-over-HTTPs (Doh) and it's little cousin, DNS-over-TLS (DoT). While for many people it is a matter of black and white, the reality out there is various shades ...

Since the Snowden revelations, the DPRIVE (DNS Privacy Exchange) working group inside the IETF has been working on ways to make DNS, the Domain Name System, leaking less privacy related information (aka metadata).

Two new protocols from this working group are DNS-over-TLS RFC 7858 (DoT) and DNS-over-HTTPS RFC 8484 (DoH). Both protocols secure DNS queries between client systems and DNS resolver using encryption and authentication. DoT runs on a dedicated port 853, while DoH piggybacks on HTTPS (port 443).

While DoT was initially mostly ignored by OS vendors, ISPs and users alike, DoH was adopted by browser vendors (Mozilla/Firefox and Google/Chrome) and created heated discussions among security and privacy experts. Even to the point that governments discussing way to outlaw DoH.

spispy: SPI flash device emulation

spispy is an open source hardware tool for emulating SPI flash chips that makes firmware development and boot security research easier. In this talk we'll discuss the challenges of interfacing on ...

Introduction to (home) network security.

Typical home networks use a closed-source Internet Service Provider supplied router/firewall and contain no restrictions on communications between clients within the network. The widespread deployment of network-connected appliances, control syste...

An introduction to wired and wireless networking aimed at home users, but equally applicable in a business context. We will examine basic network theory, typical designs, threats to privacy and security, and steps to reduce the risks presented by these threats. If you are a networking guru, then this is probably not the talk for you. This talk is for anyone interested in learning more about how a small network operates and things they should consider with regards to privacy and security. Topics to be covered: What is Ethernet; how network devices communicate; what is a broadcast zone; what is a subnet; network layers; physical and logical segregation of network traffic; basic WiFi theory; basics of firewall and wireless access point security and why running your own is better than letting your ISP do it for you.

Aufstand oder Aussterben? Ein Vortrag über die Klimakrise, ökologischen Kollaps und zivilen Ungehorsam.

EXTINCTION REBELLION (XR) ist eine schnell wachsende globale Graswurzel-Bewegung von Klima-Aktivist*innen, die mit gewaltfreien zivilen Ungehorsam einen radikalen Wandel herbeiführen möchte um die Risiken des ökologischen Kollaps und des Aussterbe...

XR hat drei Forderungen:

1. TELL THE TRUTH - Die Regierung muss die Wahrheit über die ökologische Krise offenlegen und den Klimanotstand ausrufen. Die Dringlichkeit des sofortigen Kurswechsels muss von allen gesellschaftlichen Institutionen kommuniziert werden.

2. ACT NOW - Die Regierung muss jetzt handeln, um das Artensterben zu stoppen und die Treibhausgasemissionen bis zum Jahr 2025 auf Netto-Null zu senken.

3. BEYOND POLITICS - Die Regierung beruft eine Bürger'innenversammlung zu Klima- und ökologischer Gerechtigkeit ein, die die notwendigen Maßnahmen erarbeitet und verpflichtet sich, deren Beschlüsse umzusetzen.

On bendy inflatables and travelling techno

I’ve made several interactive hackercamp installations over the years. I’ll talk about how they work, how they were made (generally very cheaply), about how people found ways to interact with them, and about what I’ve learned about experience desi...

The Limits of General Purpose SDR devices

It's tempting to buy a SDR device like a LimeSDR or USRP family member in the expectation of operating any wireless communications system out there from pure software. In reality, however, the SDR board is really only one building block. Know th...

For many years, there's an expectation that general purpose SDR devices like the Ettus USRP families, HackRF, bladeRF, LimeSDR, etc. can implement virtually any wireless system.

While that is true in principle, it is equally important to understand the limitations and constraints.

People with deep understanding of SDR and/or wireless communications systems will likely know all of those. However, SDRs are increasingly used by software developers and IT security experts. They often acquire an SDR board without understanding that this SDR board is only one building block, but by far not enough to e.g. operate a cellular base station. After investing a lot of time, some discover that they're unable to get it to work at all, or at the very least unable to get it to work reliably. This can easily lead to frustration on both the user side, as well as on the side of the authors of software used with those SDRs.

The talk will particularly focus on using General Purpose SDRs in the context of cellular technologies from GSM to LTE. It will cover aspects such as band filters, channel filters, clock stability, harmonics as well as Rx and Tx power level calibration.

The tal...

Math Protected Social Interactions

We have learned that Math might be our last defence line against
a real existing all-encompassing surveillance. One central challenge
in this conflict is to combine authentication and anonymity.
Number theory provides us many tools to create re...

We have learned that Math might be our last defence line against
a real existing all-encompassing surveillance. One central challenge
in this conflict is to combine authentication and anonymity.
Number theory provides us many tools to create really surprising
technologies for social communication. A lot of these technologies
have not yet been brought to the world of concrete implementations.
This has the implication that some ideas which have been presented
years ago are not covered by patents any more.

20 Jahre Camp

Aus der Gruppe, die 1999 das erste Camp organisiert hat, reden Tim, Andre und Markus über die Verschmelzung von Open-Air- und Hacker-kultur.

Tim hat gemeinsam mit den Pyonen – Andre und Markus – das erste Camp 1999 ins Rollen gebracht. Gemeinsam blicken sie zurück auf die Entstehungsgeschichte des Camps und die besonderen Herausforderungen bei der Planung und Logistik des Events.

Das erste Camp auf einer Pferdewiese in Altlandsberg war für den CCC ein Kraftakt. Aus der Vorlage der niederländischen Camps 1993 (Hacking at the End of the Universe, HEU) und 1997 (Hacking In Progress, HIP) wurde versucht, eine Veranstaltung zu kreieren, die sowohl den Geist des Clubs als auch den schon damals starken Einfluss der damaligen Techno-Open-Air-Szene kombiniert.

Bestärkt durch den erfolgreichen Umzug des Chaos Communication Congress Ende 1998 nach Berlin nahm der Club die Herausforderungen an und entwickelte mit den Pyonen eine fruchtbare Kooperation, bei der jede Gruppe Ihre Stärken ausspielen konnte. Der Club kümmerte sich um Netz und Inhalte, die Pyonen stellten sicher, dass die Produktion der Veranstaltung in sicheren Bahnen verlief.

Am Ende gelang es dem ersten Camp, die Grundlage zu legen für die Veranstaltung, die es heute ist: ein Ort der Freiheit und Kreativität, der dem Spaß am Gerät, der Ästhetik und der Kom...

Privacy leaks in smart devices: Extracting data from used smart home devices

Remember the good old fun sport, where people bought random hard drives from ebay and did forensics on them?
Did you know you can do the same thing with used IoT devices too? Most end-users have no idea what kind of information their devices are ...

Many IoT devices collect a lot of data and log files. Of course, most of this data is sent to the Cloud. However, often this data is also stored locally on the device and never deleted in the lifetime of those devices, not even on a factory reset (in contrast to Smart Phones nowadays). This might surprise many people, and especially
end users might not be aware of that. Due to the design of IoT devices, there is usually no real way, like for notebooks or PCs, for end users to clean the devices before they sell them on eBay or discard them. The devices may hold sensitive information like Wi-Fi credentials, nearby access points, cloud communication log files, maps, or audio samples.

In this talk I will show some examples of interesting IoT devices from various vendors and how to extract the corresponding information.
We will use software methods (rooting) and hardware methods (flash dumping). Using this information, I will show how I am able to find the original owner of the device. Also I discuss various challenges and tricks of the methods, and how to prevent this kind of data leakage for yourself.

Hambacher Forst #hambibleibt

Seit 2012 ist der Hambacher Wald besetzt.

OpenCodes

Computer können Kunst erzeugen. Museen können Kunst ausstellten. Wie kann das zusammen kommen? Und welche Rolle spielen Community- und OpenSource-Gedanken darin? Der Vortrag ist die Geschichte eines Ausstellungs- und Bildungskonzeptes, welches auc...

Die Ausstellung 'Open Codes' wurde zusammen mit Karlsruher Communities, unter anderem dem Entropia, FabLab und Freifunk entworfen und erweitert. Es geht um einen Blick hinter die Kulissen einer Gesellschaft, die immer weiter in das Digitale wandert.

Kostenloser Eintritt, Freifunk-WLAN, Tische, Sofas, Tischtennisplatte, kostenlose Getränke und Snacks, Hackathons, die Gulaschprogrammiernacht, PyCon, Wikimedia usw. lassen einen fast vergessen, dass man in einem Museum steht. Programmieren und hacken im Museum, wie geht das?

Die Ausstellung ist weit mehr als eine kuratierte Sammlung von Medienkunstwerken, die sich mit dem Thema Code befasst. Es werden auch Themen wie OpenSource und die Hackercommunity greifbar gemacht. Die Werke sind Eckpunkte für Diskussionen, die bereits in Hacker-, Mackerspaces und digitalen Communities passiert.

Der Vortrag verfolgt den gesamten Weg der letzten drei Jahre: von der ersten Konzeptskizze und Tschunkparties mit Kuratorinnen und Hackern über die Ausstellungseröffnung mit Feldtelefon, Hackcenter und Häppchen, "Bitte nicht hacken, das ist Kunst"-Schildern bis zu einer Lovestory - Still a Better Love Story than Twilight - zwischen zwei Welten...

Lightning Talks

Beyond the Pile of Knobs

This case study of NoScript’s UX redesign showcases tried and true design principles that make security tools usable to a wider range of audiences.

Open source security tools are often associated with customizability and transparency: users are given many options (configurations, self-hosting), and system states are more often than not visible to users (detailed connection info, logs). Sometimes, that means bulky user interfaces and technical language, making an otherwise useful and recommended tool less usable for non-technical audiences. This presents a distinct design challenge: is it possible to build tools that are more usable without compromising on customizability and transparency?

In this talk, we will present some UX design principles based on our work with NoScript, a browser extension that allows users to fine-tune their script blocking in Firefox and Chrome/Chromium. We will focus on 1) understanding the value you add for your users, 2) choosing sensible default options, and 3) updating interface language for a wider audience.

In the course of that, we will also present our process of human-centered design for improving security tools. (Outlined here: https://simplysecure.org/what-we-do/usable-security-audit/ )

Automated security testing for Software Developers who dont know security!

i'll show how the average developer (like me) can secure their software and systems by automatically checking for known vulnerabilities and security issues as part of their CI-Toolchain.
The Talk will introduce basic security knowhow, then show h...

Fully Open, Fully Sovereign mobile devices

Removing the barriers to making network independent mobile communications.

In this talk I will discuss our thinking and progress towards making personal mobile communications devices, i.e., things that you use like a smart-phone, but that are fully under the control of the owner. While this has been done before, we have been focusing on how to make this much easier to do, so that individuals or small teams can create their own custom devices, with whatever features, inclusions and physical form they like, without huge time or cost requirements. This makes it possible to solve security and privacy problems, and also problems like creating custom devices for people living with disability, so that they can have a device that works for them and with their abilities and needs.

I will discuss our work-in-progress in this area, the MEGAphone, which is not only a mobile phone, but also includes UHF packet radio and a modular expansion scheme, that can allow allow the incorporation of satellite and other communications. It is also backwards compatible with the Commodore 64, so can already play loads of privacy-preserving games, and has its own open-source slide presentation software that we hope to use to deliver the talk.

Private UHF and VHF radio com...

TAPS Transport Services API

In the last year, a group of researchers and some industry people at the IETF decided to join forces and design a replacement of the BSD Socket API. This talk gives an overview about why the BSD Socket API is considered harmful for the Internet's ...

The BSD Socket API was designed more than 30 years ago. No one back than imagined hosts with multiple access networks, concurrent use of multiple communication protocols, e.g., IPv4 vs IPv6 and TCP/TLS vs QUIC, and incorporating quality of service (QoS), security and cost constrains for setting up communications. The result is a complex ecosystem of APIs and techniques that must be manually combined in order to write state of the art network applications.

The talk will give a brief overview on what choices state of the art network applications can make, why the BSD socket API does not support it and how TAPS tries to solve this. I will also talk a little bit about how standardisation at the IETF works, why one may want to get involved and why all this takes so long…

River Crab, Harmony and Euphemism

An informative and lighthearted overview of contemporary Chinese online culture

A river crab (Hé Xiè) is a homophone of “harmony”(Hé Xié) in Mandarin Chinese. The word "harmonious society" was brought up by ex-Chinese leader Hu Jintao's in his speech on signature ideology, which gradually led to the censorship policy that we see nowadays on Chinese internet. The talk will introduce its recent history and status quo of the censorship with actual cases.

I’ll explain, as a native speaker of Chinese language, the subversive humor and ingenious creativity that Chinese netizens employ to get around the infamous online censorship. The censorship scheme is as bad as portrayed in Western media, however you don’t often see people talk about its inefficiency, if not futility. Due to the complicated nature of Chinese language, the collective intelligence can always quickly come up with many ways- homophones being one of them - to circumvent the existing list of censorship.

You won’t become a China expert after the talk but your will definitely know a bit more about the linguistic and cultural aspects of the gigantic country than before.

A mobile phone that respects your freedom

Motivation and challenges building a mobile phone that respects your freedom, privacy and digital rights - and is hackable. This talk will present a summary of a two year journey, which is still ongoing.

Today mobile phones are _the_ computing device of the decade, maybe even of this century. Almost everyone carries one, every day to every place. They are pretty much always connected and we entrust almost our entire digital life to them - any form of communication (voice, text, video), all kinds of entertainment (reading, web surfing, video/movies), personal information (address books, social media), location (navigation, location sharing) etc. Pretty much our entire digital life is mirrored by these devices and to a growing extent happening right on them.
What is often not fully recognized is that this huge ecosystem of mobile hard- and software is controlled by only a very few globe spanning companies. Our digital life is to a large part controlled by these companies and currently there is little way around them.

This talk will present the experiences we had and have in this industry creating a mobile phone that is running 100% free software, respects the user's digital rights and gives back full control over data and communication to the user - by separating radios from the main CPU, by providing hardware kill switches and by using only free software for the full stack. W...

Robotron - a tech opera

In den letzten 2 Jahren habe ich mich in meiner künstlerischen Arbeit mit der Computerherstellung in der DDR beschäftigt. Technikproduktion in der DDR war durch Planwirtschaft und dem COCOM-Hochtechnologieembargo besonderen Bedingungen unterworfen...

Die Web Serie Robotron – a tech opera spielt im VEB Kombinat Robotron, dem größten Computerhersteller der ehemaligen DDR und einer der bedeutendsten Produzenten von Informationstechnologie im sozialistischen Osteuropa. Anhand der eigenen Familiengeschichte zeichne ich eine Technikgeschichte nach die heute niemanden mehr interessiert. Weil sie nicht der Logik einer Erfolgsgeschichte entspricht und es sich bereits um obsolete Technik handelt.

Als zeitgenössisches Netzformat tauchen in den meisten ASMR Videos nur aktuelle High-tech Utensilien auf um Tingles (Kopfkribbeln) hervorzurufen. In Soft Nails ~ ♥ [ASMR] Kleincomputer Robotron KC87 ♥ greife ich bewusst auf High-tech aus der DDR zurück und überführe sie in ein popkulturelles Format. Der Versuch einer gängigen US-amerikanischen Technikerfolgsgeschichte ein alternatives Narrativ entgegensetzen/ hinzufügen.

In der Arbeit The Adventures of WH beschäftige ich mich in Kollaboration mit der Künstlerin Anne Baumann, mit Werner Hartmann (1912 - 1988), mein Stiefopa und der Begründer der Mikroelektronik in Ostdeutschland. Von 1961 – 1974 war er Leiter der AME, auch genannt AMD (Arbeitstelle für Molekularelektronik Dresden). Wern...

Fangespielen mit IMSI-Catchern

Mobiltelefone hinterlassen aufgrund ihrer Funkaktivität in der Umgebung vielfältige Spuren, die von entsprechendem passiven Equipment aufgespürt und verarbeitet werden kann. Doch um tiefer in die Kommunikation zu schauen, braucht es aktive Netzwer...

Der Vortrag gibt einen Überblick wie IMSI Catcher arbeiten, was sie heutzutage leisten und wie sie dabei beobachtet werden können. Hierbei werden Sicherheitsfeatures der unterschiedlichen Netzgenerationen, von 2g bis 4g, betrachtet und was das konkret für den Einsatz von IMSI Catchern bedeutet.

Die 5G-Überwachungsstandards

Europol und die nationalen Polizeibehörden laufen Sturm gegen die neuen Überwachungsstandards, die im „European Telecom Standards Institute“ (ETSI) gerade für die 5G-Netze entwickelt werden. Die Telekom-Industrie hatte die Strafverfolger im ETSI ü...

500.000 Recalled Pacemakers, 2 Billion $ Stock Value Loss

During an independent security assessment of several pacemaker vendors multiple lethal and highly critical vulnerabilities were found. Based on previous experience with one specific vendor a new way of monetising vulnerabilities has been chosen. A...

Caught in the Net

Increasingly, governments are moving to impose regulatory measures that would require the removal of extremist speech or privatize enforcement of existing laws. But all too often, these regulations infringe on human rights. What should societies b...

Social media companies have long struggled with what to do about extremist content on their platforms. While most companies include provisions about “extremist” content in their community standards, such content is often vaguely defined. Governments increasingly rely on platforms to regulate speech for them, relying on the very same rulesets.

These vague policies, coupled with the practice of for-profit commercial content moderation, has led to mistakes at scale that are decimating human rights content on these platforms and threatening our civil liberties. Furthermore, the very idea that censorship can solve the deeply rooted
problems of extremism in modern society is a mistake.

Anykernels meet fuzzing

Battle of making the NetBSD better software by leveraging anykernels

The NetBSD offers RUMP anykernel which lets users to do the magic and execute drivers, network stacks or file systems in userspace. Having kernel parts running in user space is a great opportunity to fuzz them efficiently without fancy kernel approaches. First general information about RUMP will be discussed to get the audience familiar with the subject, then results focused on testing network stack will be presented along with encountered problems and other fuzzing efforts that currently are taking place in the NetBSD project.

Tales from Hardware Security Research

Almost every microcontroller features firmware readout protection. It aims at securing the code, algorithms, and cryptographic keys against unauthorized access. Despite datasheets are promising strong security, our research shows that this is ofte...

Since several years, we, Johannes and Marc, do practical research in the field of embedded system security at a research institute. In this talk, we want to give an insight into the daily work as hardware security researchers. This ranges from giving recommendations on how to secure systems up to verifying microcontroller security in real environments. However, no practical experience and information on the resilience of common microcontrollers is publicly available - a gap we want to close. Especially when trying to make use of the integrated security features, their effectiveness often collapses quickly due to design weaknesses.

Our focus lies on firmware protection mechanisms since they often are the root of security in embedded systems.
During our research we were able to circumvent several mechanisms implemented from different manufacturers.
In most cases, each attack requires only low-priced equipment, thereby increasing the impact of each weakness and resulting in a severe threat altogether.
We will present one of those attacks, which can be performed within minutes, on stage.

Due to the severe impact of these results, we immediately informed the manufacturers in...

Achtung, Datenpannen!

Eine Mischung aus einem Vortrag und einer Spiel- und Lernshow rund um die Datenschutz-Grundverordnung, die spielerisch Wissenswertes rund um Datenschutz und die Datenschutz-Grundverordnung vermittelt – anhand von tatsächlichen Beratungsanfragen...

Bei Diskussionen über Datenschutz kommen technische Maßnahmen aus dem Bereich der IT-Sicherheit bisher oftmals viel zu kurz. Dabei können fehlende oder falsch implementierte Maßnahmen Sanktionen der Aufsichtsbehörden nach sich ziehen.

Die große Datenschutz- und DSGVO-Show vermittelt auf spielerische Weise rechtliche, technische und praktische Hilfe rund um Datenschutz und die EU-Datenschutz-Grundverordnung.

• Welche Verschlüsselungs-Verfahren muss ein Datenverarbeiter verwenden, um kein Bußgeld zu riskieren?


• Erfüllt ein verschlüsselter ZIP-Anhang in einer E-Mail die Anforderungen der DS-GVO auf „Sicherheit der Verarbeitung“?


• Oder die „bisher ungeknackte Vollbitverschlüsselung“?


• Ist ein Messenger-Dienst „sicher“, wenn er Telefonnummern als SHA-256-Hash speichert?


• Muss ein Online-Shop wirklich alle Kunden informieren, wenn „ein Hacker“ erfolgreich „nur die E-Mail-Adressen der Kunden“ kopiert hat?


• Und was ist mit Google Analytics oder Facebook-Plugins auf Websites?


• Welche Rechte hat ein Betroffener gegenüber Datenkraken?

Die Moderatoren sind der Landesbeauftra...

#Fusionbleibt

Polizeiwache mitten auf dem Festival? Wasserwerfer? Räumpanzer? WTF?? dachte sich da auch das Fusion Festival. Der Kampf gegen die absurden Pläne von Polizeipräsident Nils Hoffmann-Ritterbusch konnte zum Glück gewonnen werden. Und ist ein Lehrstüc...

Nachhaltige Blockchains

Erfolg der kryptographischen Währung Bitcoin, zu einer der
meistdiskutierten "neuen" Technologien entwickelt. Der sehr schnelle
Aufstieg von Bitcoin hat viele Problemstellungen zum verteilten
Vertrauensmanagement, dem Energieverbrauch und...

Innerhalb weniger Jahre haben sich Blockchains, insbesondere durch den Erfolg der kryptographischen Währung Bitcoin, zu einer der
meistdiskutierten "neuen" Technologien entwickelt. Der sehr schnelle
Aufstieg von Bitcoin hat viele Problemstellungen zum verteilten
Vertrauensmanagement, dem Energieverbrauch und dem Schutz der
Privatsphäre von interessanten Forschungsfragen zu wichtigen
Herausforderungen für eine nachhaltige wirtschaftliche und
gesellschaftliche Entwicklung werden lassen. Wir diskutieren, wie wir
mit recht überschaubaren mathematischen Verbesserungen für weniger
umweltschädliche, weniger sich zentralisierende und
datenschutzfreundliche Systeme sorgen können.

Zombie Apocalypse vs. International Health Regulations

The little known International Health Regulations are Earth's last defence line against world-wide health risks. I discuss how they would perform during a Zombie Apocalypse.

The International Health Regulations (IHR) are a piece of legally binding, international law that (theoretically) all countries have to adhere to. After the catastrophic 2003 SARS outbreaks, unlikely partners such as the USA and Iran, together with 192 other member states of the World Health Organisation, agreed upon these rules that entered into force in 2007. This set of rules aims to prevent international spread of health risks (usually communicable diseases) while balancing international travel and, of course, trade.
I will use the popular Zombie Apocalypse metaphor to illustrate the various prevention mechanisms of the IHR and how they were (and will be) circumvented by past and future epidemics.

Domain computers have accounts, too!

In Microsoft Active Directory, computers also have their accounts. We used to consider them useless when they turned up during pentests, but recent research showed that successfully relaying a machine account can actually lead to completely owning...

Active Directory is notorious for using long-broken protocols and preserving them for ages because backwards compatibility. In recent years, pentesters are realizing more and more how terrible these protocols can be, and security experts are finding more and more abuse scenarios.

Take for example the NTLMv2 challenge-response protocol: It was first introduced back in Windows NT 4.0 SP4 and is still readily available on modern windows. Apart from not being very resistant to cracking (using just a few MD5s), it turned out it's not resistant to MITM attacks at all. An attacker in a MITM position can relay any authentication attempts to almost any target. There were some mitigitations for this over the years, but we are just now starting to see people actually starting to use them.

So when relaying came to existence, security researches focused on "what can we do with this"? Obviously, if you manage to succesfully relay a Domain Administrator account, you have won; but that's not always possible.

Another protocol used extensively in Active Directory is Kerberos. The Microsoft implementation has several delegation/impersonation techniques available. And now, we know how to ...

Exposing Systems of Power and Injustice

Presenting the Disruption Network Lab programme in Berlin, we will connect the debate on surveillance and whistleblowing to a cultural framework, analysing the influence of whistleblowing in empowering both experts and non-experts. A talk with Tat...

The act of whistleblowing is a concrete process able to reveal hidden facts, misconducts and wrongdoings of institutions and corporations, producing awareness about social, political and technological matters, informing about the reality we live in. Presenting the Disruption Network Lab programme in Berlin, we will connect the debate on surveillance and whistleblowing to a cultural framework, analysing the influence of whistleblowing in empowering both experts and non-experts. The talk will present the mutual interference between whistleblowing, art, hacking, and network development, as well as reflect on the influence of whistleblowing in the art & cultural field. This presentation aims to further question what we can collectively offer to encourage a critical debate on the effects of whistleblowing in society, as well as to generate experimental ways of thinking within the digital scenario.

Updates from the Onion

The Tor Project is building usable free software to fight surveillance and censorship across the globe. In this talk we'll give an update on what we have been up to in the past months, what happened in the wider Tor ecosystem, and what lies ahead ...

In the last year the Tor Project has been working hard on improving the software, building and training communities around the world as well as creating an anti-censorship team and roadmap that can push forward technologies to circumvent censorship. This talk will cover major milestones we achieved and will give an outline about what is lying ahead. In particular, we'll talk about the release of Tor Browser for Android and restructuring our anti-censorship efforts as well as working on next generation pluggable transports. Moreover, we'll explain our defense against website traffic fingerprinting attacks and plans for improving onion services and making them more usable (DDoS resistance, better user interfaces for authentication and dealing with errors). Finally, we'll shed some light on efforts to get Tor support directly embedded into other browsers, like Firefox and Brave, and educating users both by reorganizing the content on our website and extensive trainings throughout the world.

Neue europäische Überwachungslandschaft

Mit neuen Verordnungen und Richtlinien wachsen in der Europäischen Union weitere Datentöpfe heran. Internetanbieter sollen außerdem Inhalte entfernen und Telekommunikationsdaten auf Verlangen herausgeben. Auch der Kreis der Zugriffsberechtigten wi...

Unter dem Stichwort „Interoperabilität“ vernetzt die Europäische Union ihre großen Datenbanken im Bereich Justiz und Inneres. Der Beschluss fiel bereits, nun steht die Umsetzung an. Fingerabdrücke und Gesichtsbilder werden in einem „gemeinsamen Identitätsspeicher“ abgelegt und mit einem „Europäischen Suchportal“ prozessiert. Mit dem Projekt wird der polizeiliche Datenverkehr drastisch steigen, allein Europol rechnet mit 100.000 täglichen Abfragen seiner Dateien.
Im Herbst, wenn sich das neue Parlament konstituiert hat, will die EU außerdem den Zugriff auf elektronische Beweismittel auf drei Wegen vereinfachen. Die „E-Evidence“-Verordnung“ soll die polizeiliche Abfrage von Daten bei Internetfirmen in anderen EU-Staaten unter Androhung hoher Bußgelder drastisch erleichtern. Für Firmen mit Sitz in den USA plant die EU-Kommission ein Durchführungsabkommen im Rahmen des „CLOUD Act“, den die US-Regierung erlassen hat. Dann können auch US-Behörden Daten von Sozialen Netzwerken oder Messengern in Europa abfragen, möglich wäre sogar das Abhören in Echtzeit. Zusätzlich verhandelt auch der Europarat über die schnelle Herausgabe elektronischer Beweismittel. Die „Budapest-Konvention“ zur Ko...

IT-Sicherheit in vernetzten Gebäuden

Ein automatisiertes Gebäude ist schön, komfortabel und praktisch. Doch das wäre nicht Thema für einen Vortrag beim CCCamp, wenn es nicht einige gravierende Schwachstellen in den Bussystemen gäbe. Der Vortrag bietet eine Einführung in die Funktiona...

Feldbusse wie KNX werden in modernen Gebäuden eingesetzt, um typische Vorteile der Gebäudeautomation zu erzielen. Man verspricht sich Komfortgewinn, Kosteneinsparungen und Flexibilität. Klassische Schutzziele wurden beim Design dieser Bussysteme hintenangestellt und IT-Sicherheit so sträflich missachtet. Funktionalitäten wie Verschlüsselung oder Authentifikation der Kommunikationsteilnehmer sucht man bisweilen vergeblich. Sind die Gebäude erst einmal gebaut, wird die installierte Infrastruktur über Jahrzehnte betrieben. Das Licht des Kollegen im Nachbarbüro zu schalten ist ebenso leicht, wie das Steuern einer an den Feldbus angebundenen Heizung. Was im Büro noch verhältnismäßig harmlos erscheint, wird bedrohlich, wenn man bedenkt, dass auch Kraftwerke und andere kritische Infrastrukturen ähnliche Systeme nutzen.

Nach einer Einführung in den KNX Bus geht der Vortrag auf Schwachstellen und deren mögliche Folgen in automatisierten Gebäuden ein. Es wird gezeigt, dass sich aus scheinbar harmlosen Sensoraktivitätsdaten bereits intime, personenbezogene Informationen herausarbeiten lassen.

Um die Sicherheit bereits installierter, langlebiger Gebäudeinfrastrukturen dennoch zu erhöh...

Mapping Doomsday

The world is entering a new era of instability. The climate crisis will put great pressure on the (relatively) peaceful balance of world politics. But the field of open source intelligence (OSINT) provides us with a new and unique way to map, stud...

Intelligence agencies, NGOs, business groups, and insurance companies all agree that the worsening climate crisis will fuel war and global crises. Some go further, saying that societal collapse is all but inevitable. Whatever your view on this is, it is difficult to see our current paradigm of general peace continuing into the next few decades.

But as this crisis worsens, modern technology has also gifted us with new tools to monitor, analyse and predict flashpoints. The emerging field of Open Source Intelligence (OSINT) is one such tool. OSINT uses publically available data (such as social media posts, video footage, satellite imagery, public databases and remote sensing) as the basis for in-depth investigations.

This talk will look at the ways in which these techniques can be usefully applied, both journalistically and analytically, within the context of the aforementioned crisis. Specifically, it will look at two examples of how OSINT can be used to analyse past events over the last year, and one concept for predicting a future event.

Mit dem Getränkeautomaten in die Cloud

Ob an Getränkeautomaten oder in der Kantine: Oft wird in Universitäten oder großen Firmen mit einem internen Ausweis bezahlt.
Wir haben eines dieser internen Bezahlsysteme einmal genauer in Bezug auf seine IT-Sicherheit untersucht und dabei überr...

Interne, bargeldlose Bezahlsysteme können Transaktionen über einen Cloud-Dienst abwickeln.
Die Informationssicherheit ist bei diesen Systemen von großer Bedeutung, um das Geld der Kunden und auch das Geld des Betreibers, der für die Abwicklung der Zahlung an die jeweiligen Abteilungen oder Dienstleistern die Verantwortung trägt, zu schützen.
In diesem Talk soll die Sicherheit eines dieser Cloud-basierten Systeme genauer beleuchtet und dabei ein Großteil seiner Sicherheitsarchitektur auseinandergenommen werden.

MegaPixels: Face Recognition Training Datasets

This talk will present the MegaPixels project, a website and resource for exploring face recognition training datasets. MegaPixels is an art and research project about the growing crisis of authoritarian biometric surveillance technologies and how...

While most face recognition training datasets include images of celebrity faces, many more include everyday images from Flickr, YouTube, or even CCTV footage from cities and campuses. This talk will survey existing face recognition datasets on the megapixels.cc site and present a new investigation revealing the use of CCC videos in a face recognition training dataset created and distributed by a US Government agency. The investigation will show who is using the dataset, where it's being used, and what kind of surveillance technologies these images are unwittingly contributing to.

MegaPixels is developed by:
Adam Harvey / ahprojects.com
Jules LaPlace / asdf.us

50 Jahre Journalismus im Netz

Detlef Borchers und Erich Moechel erzählen, was sie im digitalen Neolithikum gesehen und erlebt, aber nie geschrieben haben. Episoden aus der Frühzeit über Gier & Dummheit & Illusionen bis die Dot.com-Blase brannte & die Datengeilheit in die digit...

Der genauere Inhalt musst erst gemeinsam festgelegt werden, es wird auch Bilder geben. Sicher ist, wir werden Klartext reden, wobei auch ein Outing nicht auszuschließen ist.

Was tun gegen Digitale Gewalt gegen Frauen

Digitale Gewalt ist mehr als Hatespeech: Dazu gehören Doxing, Identitätsdiebstahl, Bildmanipulationen und deren Veröffentlichung, Spy Apps und noch mehr. Das meiste davon ist verboten, gilt aber nicht als 'Cybercrime'. Der Talk beschreibt, was daz...

Auf die Frage, ob Digitale Gewalt gegen Frauen auch ‚Cybercrime‘ sei, antwortete die Bundesregierung Ende November 2018: „Da es sich bei digitaler Gewalt nicht um Straftaten handelt, die sich gegen das Internet, Datennetze, informationstechnische Systeme oder deren Daten richten, sind sie nicht dem Phänomen Cybercrime im engeren Sinne zuzuordnen.“

Wenige Wochen später drehte sich der Wind, als Anfang Januar bekannt wurde, dass 1000 Prominente gedoxt* worden waren, darunter viele Bundestagsabgeordnete. Mit diesem Fall wurde ein Vorgehen zum schwerwiegenden IT-Sicherheitsproblem, von dem vorher schon viele andere Menschen betroffen waren, ohne dass ein Hahn danach krähte.

In diesem Talk wird im ersten Teil der aktuelle Stand der Erkenntnisse zu den verschiedenen Phänomen erläutert, die unter den Sammelbegriff Digitale Gewalt gegen Frauen fallen: Beleidigungen, Bedrohungen, Erpressung mit der Drohung, intime Bilder zu veröffentlichen oder das Veröffentlichen solcher Bilder - auch bekannt als ‚Revenge Porn‘ - , geheime Ton-/Bild-/Videoaufnahmen und die Weitergabe an Dritte, Online-Stalking, das Installieren von Spy-Apps, Identitätsdiebstahl und -missbrauch, Doxing, Manipulatio...

Taking Bluetooth lockpicking to the next level

If hacking chinese padlocks and bike sharing systems isn't enough any more, let's go and open some new doors. Like the ones of some 37th floor Hotel Suites...

We're taking Bluetooth LE hacking from toys and padlocks to the real world. Improving the tools and methods we used in previous research to break the AES cryptography of the NOKE Padlock, we went to do the one thing a mobile hotel key is supposed to prevent: wirelessly sniff someone entering his room - or just unlocking the elevator - and then reconstruct the needed data to open the door with any BTLE enabled PC or even a raspberry pi.

In this talk we will show and explain the tools and methods we used and developed to break the BTLE based mobile phone key system of a large hotel chain. And then come from the academic proof of concept to a reliable setup that can be used in real life scenarios to carry out the attack.

Methods shown will cover the reverse engineering of the wireless protocol based on BTLE captures, analyzing phone apps and intercepting the TLS encrypted traffic to the back end API, which in combination led to the compromise of a system used in quite some big and expensive hotels for their "next level" customer experience: mobile room keys.

Introduction to OpenGLES and GLSL programming

This foundation talk describes the basic concepts of the OpenGLES 2.0 real-time rasterizer. We will explain the different stages of the rendering pipeline, briefly introduce the mathematics involved, show the boilerplate code required to setup an ...

From notebooks and smartphones to embedded systems and game consoles, every modern computing platform contains chips for hardware accelerated 3d rendering. The OpenGL standard and API describes the drawing directives provided by these chips and is used to compose and animate user interfaces and to render interactive virtual scenes. Basically, every pixel that you see has been processed by an OpenGL pipeline.

Engines like Unity3d provide a convenient way to describe and render threedimensional scenes without having to deal with the low level drawing directives. But this convenience makes it difficult to understand the path by which your logic becomes pixels, and coding closee to the hardware can be a lot of fun.

This foundation talk describes the basic concepts of the OpenGLES 2.0 real-time rasterizer. We will explain the different stages of the rendering pipeline, briefly introduce the mathematics involved, show the boilerplate code required to setup an OpenGLES program, and finally look at the real fun stuff, which is the GLSL language used in vertex and fragment shaders.

After watching this talk, you will have a better understanding of the pipelines that are used to c...

Introduction to Mix Networks and Katzenpost

This talk will introduce the fundamental concepts of mix networks as
well as the Katzenpost mix network free software project. We are not
just implementing a new mix network but starting a new anonymity
movement and we welcome others to join us...

Academics have proposed various anonymity technologies with far
stronger threat models than Tor, but by far the most practical and
efficient option remains mix networks, which date to the founding of
anonymity research by David Chaum in 1981. Tor was inspired by mix
networks and shares some superficial similarities, but mix networks'
are vastly stronger if they judiciously add latency and decoy traffic.

There are several historical reasons why mixnets lost popularity and
why Tor's onion routing won. Namely, Tor is low latency and can be
used to browse the web. This is in contrast to mix networks which are
essentially an unreliable packet switching network. Historically mix
networks achieved enough mix entropy by using long delays whereas it
is becoming more widely understood that there exists a trade off
between legit traffic, decoy traffic and latency. After this
introduction to mix networks I'll talk a bit about the Katzenpost mix
network software project which is based off of the recently published
academic paper "The Loopix Anonymity System". These new insights into
mix network designs allow modern mix networks to make the correct
design trade offs so that...

#Defensive statt #Offensive am Beispiel von KRITIS

Es wird in einer aktuellen Übersicht aufgezeigt, dass die Cybersicherheitsstrategie in Deutschland keine Strategie darstellt. Darüber Hinaus wird aufgezeigt, welche Gesetzesvorhaben die Sicherheit schwächen oder bereits geschwächt haben und was da...

Neun Sektoren wurden in den ersten zwei Körben des IT-Sicherheitsgesetz als kritische Infrastrukturen definiert. Darunter fallen Energieversorgung, Finanz- und Versicherungswesen,
Wasser, Ernährung, Gesundheit, IT und TK, Transport und Verkehr. Deren durch IT-Störungen bedingter Versorgungsausfall kann zu einem Großlagebild oder sogar zu einer Krise führen, in der eine Versorgung eines großen Teils der Bevölkerung nicht mehr gewährleistet werden könnte. Wie riskiert der Staat durch eine offensive Cyberwar Vorgehensweise und hybride Kriegsführung dazu, diese Risiken zu erhöhen und warum trifft uns das als Bevölkerung ganz konkret und spielt sich nicht nur im Internet ab? Wie kann es zu physischen IT-Störungen und Ausfällen kommen und was müsste man als Forderungen dagegen vornehmen, um von einer offensiven zu einer defensiven Vorgehensweise zurück zu kommen. Und wieso liegt darin die einzig wahre Lösung für die Bevölkerung?

What you see is not what you get - when homographs attack

This talk offers a brief overview about homograph attacks, describes part of the mechanics behind the registration of homograph domains, highlights their risks and presents a chain of two practical exploits against Signal, Telegram and Tor Browser...

Since the introduction of Unicode in domain names (known as Internationalized Domain Names, or simply IDN) by ICANN
over two decades ago, a series of brand new security implications were also brought into light together with the
possibility of registering domain names using different alphabets and Unicode characters.

This talk offers a brief overview about homograph attacks, describes part of the mechanics behind the registration of homograph domains, highlights their risks and presents a chain of two practical exploits against Signal, Telegram and Tor Browser that could lead to nearly impossible to detect phishing scenarios and also situations where more powerful exploits could be used against an opsec-aware target.

Historical security issues related to Unicode and confusable homographs, as well as other attack vectors not discovered by the author will also be explored in this presentation.

Participatory art event tools, co-creation and silk road networks

The Borderland is a participatory art event in Denmark with 3210 co-creators. Over the last three years, we have created online tools to keep participation and co-creation high as the event has tripled in size in only three years. This seminar is ...

In developing the Borderland community online and offline, we've built tools that help us create denser networks, allowing for share creative processes, distributed art-grant allocation, empowered community members and decentralized decision making.

These tools, called Dreams and Realities are run alongside a customized version of the Loomio platform and our own instance of the Pretix ticketing platform. Dreams is for distributed art-grant distribution and project guidance. Realites is for stakeholder-mapping to understand how the needs, responsibilities, people and dependencies fit together in a decentralized organization.

Solare Brennstoffe - Wasserstoff aus Sonnenlicht

Sonnenenergie deckt heute erst etwas über 2% des weltweiten Energiebedarfs durch Umwandlung von Sonnenlicht in elektrische Energie. Eine der Möglichkeiten, um diese zu speichern, ist die Elektrolyse von Wasser, um Wasserstoff zu erhalten.
Was abe...

Die von uns Menschen verantworteten CO2-Emissionen müssen reduziert werden, aber wie?
Die Erzeugung von elektrischer Energie aus Sonnenlicht wird mit großer Sicherheit einen signifikanten Beitrag zur Deckung des weltweiten Energiebedarfs liefern.
Zuerst sehen wir uns das Spektrum der Sonne an, und wie viel dieser Energie wo auf der Erde ankommt.
Wenn dieses Licht auf Atome trifft, wie die Siliziumatome in einer Solarzelle, kann es diese in einen energiereicheren Zustand anregen, aber nur ein Teil des Sonnenlichts hat genug Energie, um diese Anregung zu erreichen. Was für Konsequenzen hat das für die Effizienz von Photovoltaik-Zellen?
Jeder kennt die blau-schillernde Silizium Photovoltaikzelle, die Größen von wenigen Quadratzentimeter in einem Taschenrechner über Installationen auf Hausdächern mit einigen Kilowatt bis zu Solarparks, die mehrere Megawatt Spitzenleistung abgeben können.
Solarenergie ist vom Tag-Nacht-Zyklus der Erde und von der Jahreszeit abhängig. Um die Energieversorgung auch z.B. im Winter bei geringerer Sonnenintensität decken zu können, muss diese längerfristig gespeichert werden. Verschiedene Strategien sind denkbar, eine davon die Umwandlung in chemis...

LO! An LLVM Obfuscator

In this talk we will present how intermediate code transformations can be used to obfuscate code and the advantadges and limitations they introduce. We will also brielfy discuss some techniques that could help detect and reverse code obfuscated in...

Despite their limitations, intermediate languages like LLVM-IR provide the best way to write code transformations that work well for all the input and output languages supported by the compiler framework.

Usually, this is used to write optimization passes, but nothing prevents you from using them to make the resulting code less inteligible to an external reader.

This talk will focus on how different obfuscation techniques can be implemented and used as such passes and what are the limitations that may make implementing, for example, an unpacker a bit harder.

We will also cover how some of these techniques can be reversed (specially when perfoming comparative analysis).

Keep in mind that although LO started as a way to provide a way to deterministically increase variability in generated code and make finding out the patched flaws harder, many of it's techniques like code flattening or constant expansions are also used by other users of obfuscated code, for example malware.

Love, CyBorgs, Art and Open Source- an artistic approach on how to stay golden

Here we are, a new generation. Actually not only that, we are moving forward in evolution. The Antropocene is screaming for action, but - „Yeah right, I know... we‘re working on it!“ she told me. Does Sophia really know? Do I care? 42?

In some people‘s minds, utopian thoughts are blizzering around in thunderstorms of beautiful insanity, yet unfortunately some others‘ minds seem to be hopeless cases if it comes to the essential understanding of problems. Sure, everyone knows what we‘re talking about. In theory, there is a strong need to change things, not only concerning politics, philosophy, art or physics: almost every academic discipline seems to grow some kind of interdisciplinary necessity into an important status. Sadly, the worlds` leaders suck horribly at reaching any fair and positive social state for all the inhabitants of this beautiful planet. But, since education can be based on solidarity, and swarm intelligence apparently grows into neural networks, there is no better time to sit down and talk about all those moral problems than now. Any change needs to be made by an individual, as far as we know. Let‘s get together, exchange knowledge, fight in peace and use the language of conceptual art as a weapon!

Technopolice: calling out so-called "Safe Cities"

In many French cities (and beyond), mayors are pushing towards "safe Smart Cities", pushing for technology everywhere. Microphones, video-surveillance, automated drones, facial recognition, machine learning is the recipe of their fantasised secure...

All over the French territory, the “Smart City” is slowly revealing its true colours: a complete and constant surveillance of the urban area for police purposes, based on partnerships between industrial companies such as Thalès or Engie and the cities themselves.

Multiple cities are experimenting "smart" videosurveillance based on automated treatment of videos, in order to make face recognition or detecting behaviours deemed to be abnormal. Another city is teaming up with a start-up to deploy microphones and drones in the city. The idea is to detect so-called abnormal sounds to alert the
police, which can then use video-surveillance to check if a patrol is needed or not. The city of Nice wants to have its own custom citizen reporting application. Marseille wants to use AI and Big Data to predict behaviours
and to help in decision making.

This is what they want our future to be: a huge automated surveillance system, with behaviour analysis, emotion recognition, pre-emption of threats, automation of the police, repression of any unwanted behaviour.

This comes at a huge cost: instead of the polis , which means Democratic City, a place to stroll aro...

Ethikrichtlinien für Künstliche Intelligenz? Wie wär's mit Gesetzen?

Bisweilen kann man sich des Eindrucks nicht erwehren, jede zweite Woche würde eine neue, wachsweiche Selbstverpflichtung für den ethischen Einsatz von Algorithmen bekanntgegeben. Privatwirtschaftliche wie öffentliche Organisationen übertrumpfen si...

Bisweilen kann man sich des Eindrucks nicht erwehren, jede zweite Woche würde eine neue, wachsweiche Selbstverpflichtung oder Empfehlung für den ethischen Einsatz von Algorithmen bekanntgegeben. Privatwirtschaftliche wie öffentliche Organisationen übertrumpfen sich geradezu dabei, ein weiteres Mal zu betonen, dass der Mensch bei allen maschinellen Entscheidungen im Mittelpunkt stehen soll, dass sie fair und nachvollziehbar sein müssen und es stets die Möglichkeit zum Widerspruch gegen eine solche Entscheidung geben muss. Transparenz, Transparenz und nochmals Transparenz sei das Maß aller Dinge. Aber was heißt das konkret für diejenigen, die nur noch per Gesichtserkennung in ihr Büro oder Wohnung reinkommen, deren Kredit, Wohnungs- oder Arbeitsgesuch abgelehnt wird oder sie vom Jobcenter keine Förderung bekommen dank einem Algorithmus? Was bringt einem das Wissen um benachteiligende oder falsche Funktionsweise der Algorithmen, wenn man sie dennoch nicht verbieten kann? Welchen Sinn hat das Recht darauf, sich a posteriori wehren zu dürfen, wenn man bereits alles verloren hat? Und: sollten wir die Regeln für den zukünftigen Einsatz von Maschinen wirklich von den Konzernen gestalten...

Cyborg Foundation

Presentation of the Cyborg Foundation, its philosophy, members and developed projects. Based in Barcelona and founded in 2017, CFL is an association that gives voice to non-human identities.

The world around us is full of things that our body is not able to perceive. However, what would happen if we could create new senses that would allow us to decide how we want to perceive our surroundings?
Supported by a multidisciplinary team, we conform a group of engineers, philosophers, designers and artists dedicated to exploring the relationship between species, machines and organs. With an eye on nature and analyzing the different senses found on living beings, our purpose is the creation of new sense organs to expand human capabilities. Our team is focused on translating the suggested idea to a hardware/software device, that will not only process data but also transmit it to the body through the brain.
In the course of becoming cyborg, different phases are found: the creation of the organ, the implantation of it and the acclimatization of the brain and body to the new sense. The brain is a plastic organ that can be moulded. Just like Neil Harbisson says “The brain is like a sculpture to be shaped”.
By now, considerable results have been obtained. We will take a closer look at it by introducing the several members whose organs have been already implanted, how this ...

Privacy: An Unequally Distributed Resource

In this talk, we'll investigate how privacy has become an indicator of privilege in our world. Does everyone have equal access to privacy? How does unequal privacy affect the lives of people? Should we treat privacy like other privileges (i.e. wea...

This is not your average privacy talk. This is, instead, a study of how the word and concept of privacy has changed over time. These changes, which are in part our own creation, have enabled privacy to be both unequally applied and co-opted by a variety of companies and movements. In this lecture, we’ll discuss the following questions:

- What is privacy in our current society?
- How has our understanding of privacy changed over time?
- Does everyone have equal access to privacy? Why or why not?
- Who is most impacted by the rise of technological surveillance?
- How can we use our privilege to help protect others’ privacy?

Who should attend:

- People interested in privacy regardless of "professional" knowledge or level of experience
- Folks doing anti-oppression work
- People who already disagree with me after reading this abstract :-D

While the format is a lecture, I hope we can find an open space afterwards to continue debating and discussing these questions and the theme as a whole. My goal is to help educate and inspire work around privacy that benefits not just those who attend the Camp, but instead reaches beyond our privacy-aware social circles, to help t...

Was ihr schon immer (nicht) über Koffein wissen wolltet

Koffein als Substanz wird Tag für Tag aufgrund seiner anregenden Wirkung von vielen Menschen konsumiert, doch was genau steckt eigentlich hinter dieser Substanz? In diesem Talk blicken wir in die Chemie, Herkunft, Wirkung, Gefahren und weitere Asp...

Koffein, ein Stoff, den viele (hackende) Menschen tagtäglich in unterschiedlichen Formen konsumieren. Was genau ist diese Substanz eigentlich und wo kommt sie überall vor? Was passiert mit Koffein und mit uns, wenn dieses Molekül durch unseren Körper reist? Und kann Koffein ab einer bestimmten Menge gefährlich werden? Diese und weitere Fragen werden zusammen mit vielem, was Wissenswertes zur Chemie von Koffein existiert, hier thematisiert.

Wisdom of OS

Klimakrise, Artensterben, die Grundlagen des Leben – unsere Herausforderungen sind dringend, global und komplex. Seit dem Anthropozän wissen wir, dass der Planet in unserer Hand liegt. Jetzt müssen wir unsere Köpfe zusammenstecken und gemeinsam Lö...

From DC to RF...starting where?

This talk will focus on learning and re-learning RF topics, from the perspective of a semi-experienced engineer. We will review rules of thumb, practical experience and the theory of RF and how it all fits together for your next PCB design. This ...

Starting my engineering career working on low level analog measurement, anything above 1kHz kind of felt like "high frequency". This is very obviously not the case. This talk will go over the journey of discovering and rediscovering higher frequency techniques and squaring them with the low level measurement basics that I learned at the beginning my career. The talk will include a discussion of Maxwell's equations and some of the assumptions that we make when we're working on different types of circuits.

Attendees of this talk will find this information useful in the context of RF calculations around cellular, wifi, bluetooth and other commonly available communication methods. CCCamp attendees will walk away knowing a little bit more about how to interact with the elements that power their everyday projects.

Power-to-X

This talk will give an introduction into the general concepts of power-to-x and then go more into detail on carbon capture and utilization (CCU). CCU is the idea of building up a closed carbon cycle, where CO2 is recycled, towards fuels and base c...

While redesigning our electric supply network towards renewable energies, we face the problem of the fluctuating behavior of the renewables. To solve this, higher nameplate capacities need to be installed, as compared to traditional power plants. This frequently leads to high overcapacities, which we should use, as they would be wasted otherwise. Some of this energy needs to be stored for periods where the energy generation is lower than our consumption. The rest can be used to produce all kinds of things that we need. This would allow a sector coupling of electricity with other fields like transport, heat or chemical industry and lead to more sustainable processes in all those fields.
If we see this on a global scale, we can also think of a redistribution of energy not only in time and sector of application, but as well in space. This can be realized, by producing fuels and other energy intensive products in areas of the world with a high potential in the generation of renewable electricity, and transport them to places where they are needed.
The technologies that would make this possible are often subsumed as power-to-x technologies. The Wikipedia names twelve different x’s:...

Fast Global Internet Scanning - Challenges and new Approaches

Current search engines such as censys or shodan give everyone an insight into the global Internet. Unfortunately, they don't provide a comprehensive view of the Internet because you can't access the raw data. Consequently, you have to scan the Int...

Current search engines such as censys or shodan give everyone an insight into the global Internet. Unfortunately, they don't provide a comprehensive view of the Internet because you can't access the raw data. Consequently, you have to scan the Internet yourself.
Anyone can perform a one-shot scan via Mass-Scan & Co. However, how to build an infrastructure for regular Internet scans that is not blocked after a short time by Intrussion Detection System and Spam/Blacklists is not easy. The following questions must be answered:
Which scanning algorithms are used (centralized, distributed, BGP prefix hit lists)? How could you reduce scan traffic? How do I process the data in the long term (up to 600GB / scan)? With which further data do I enrich the scans for further analyses (BGP prefixes, Inetnum objects) ? How do I build the right server without a bottleneck and how do I connect it to the internet (rent a server or become a RIPE-Member/ your own ISP with a /22 IPv4 /32 IPv6 Block)?

In the first half of the talk we will deal with these questions. In the second half of the lecture we will discuss real scan data. We will concentrate on the analysis of the network topology and ...

schleuderpackung 2.0

Technischer Überblick zum Build-Prozess der Datenschleuder. Vom LaTeX-Backend (schleuderpackung) über Continous Integration (Zentrifuge) zum PDF, Epub und HTML-Auszügen.

Seit der Reanimation der Datenschleuder sind bisher drei Ausgaben erschienen. In dieser Zeit hat sich der technische Prozess deutlich professionalisiert. Der Vortrag gibt einen kurzen Überblick über die Redaktionsarbeit und fokussiert sich anschließend auf die TeXnische Umsetzung inklusive des Buildsystems und der unterschiedlichen Ausgabemodi (PDF/ePUB/HTML).

Die Anwendung auf allgemeinere Zeitschriftenprojekte wird am Beispiel des Forks einer Schülerzeitung gezeigt und mit dem geplanten Release zum Camp bietet sich damit die Möglichkeit der Nutzung für eigene Zeitschriftenprojekte.

Darüber hinaus liefert der Vortrag durch die Struktur der Schleuderpackung einen Einblick in aktuelle Entwicklungen aus dem LaTeX-Umfeld, wie expl3 Programmierung, die Lua Kopplung und die weitere Planung in Richtung Barrierefreiheit.

Deaths per TWh

Climate change and the discussion about reducing CO2 emissions to ensure matching the Paris agreement currently is the most important topic in our political and economic discussions. We all agree reducing emissions is a necessity, but how can we p...

Climate change and the discussion about reducing CO2 emissions to ensure matching the Paris agreement currently is the most important topic in our political and economic discussions. We all agree reducing emissions is a necessity, but how can we possibly achieve this in a world that consumes more energy than ever before? And which price are we willing to pay for it?

[The Paris agreement](https://ec.europa.eu/clima/policies/international/negotiations/paris_en) sets out a global action plan to put the world on track to avoid dangerous climate change by limiting global warming to well below 2°C and pursuing efforts to limit it to 1.5°C. This can only be achieved by reducing emissions - this primarily means CO2 emission.

So far, so good. But let's face the truth: We NEED energy. Our whole world is addicted to it, and cutting the power lines is no option for today's society, economy, and our daily lives.

We need energy, therefor we need power plants. Power plants need energy sources for transforming them into electrical energy. These plants can be fuelled by various sources: Coal, wind, solar, nuclear, natural gas, biomass, and oil, just to name the major ones.

Let's ass...

Little Big Data

Ein Geheimdienst im 21. Jahrhundert, der was auf sich hält, muss Big Data machen: Möglichst alles über alle Bürger sammeln, horten, sortieren, filtern, rastern und ja niemandem was von den Ergebnissen mitteilen. Da haben wir uns gedacht: Das könne...

Praktischerweise stellt die Deutsche Telekom im Halbjahrestakt eine digitale Offlinedatenbank bereit, die schonmal Adressen, Telefonnummern und Geokoordinaten der meisten Einwohner enthält - und das seit 1992. Einzige Nachlässigkeit: Die Informationen sind in binärer Form auf den Datenträgern abgelegt und die Gewissenhaftigkeit der Informanten im Post- und Telekomdienst lässt ausweislich offensichtlicher Fehler in den Datensätzen zu wünschen übrig.

Begleitet uns in einem besinnlichen Diavortrag bei Geschichten einer abenteuerlichen Jagd nach den Datensätzen, von nervenaufreibendem Starren auf Binärmuster, um den Geheimnissen der Encraption auf den Grund zu gehen und dem überwältigenden Gefühl, mal an Datenmengen zu schnuppern, die noch vor ein paar Jahren problemlos als “Big Data” durchgegangen wären.

From the Sputnik 'Beep' to messages from Pluto

To tinker with receivers for space-signals, its good to know the different space communication standards. And to understand space standards, it doesn't hurt to get an overview of how to transmit data in the first place.

Since the first "beep" from Sputnik, there have been many different artificial signals from satellites, capsules and space stations being send back to earth. These multitude of RF (and laser...) signals not only show how different mission requirements dictate the system design for different spacecrafts, but also chronicle advances in communication technology since the advent of the space age.
So get to know how to understand the languages spoken by Voyager, GPS and satellite TV, and learn basics of RF communication in the process!

Architecture of secure IoT devices

This talk will present a secure IoT architecture by design, incorporating secure boot (such as HAB of iMx6), secure update processes, system partitioning and redundancy, system recovery, flash wear-out, and secure remote access,

This talk will present a secure IoT architecture by design, incorporating secure boot (such as HAB of iMx6), secure update processes, system partitioning and redundancy, system recovery, flash wear-out, and secure remote access,

Physical Unclonable Functions: The Future Technology for Physical Security Enclosures?

In this talk, I will give an overview of the past, present, and possible future of physical security enclosures, i.e., the physical boundary that protects Hardware Security Modules (HSMs) and separates the untrusted outside from the secret data in...

Hardware Security modules (HSMs) in servers, such as for VPN or banking applications, are commonly protected via physical security enclosures. This boundary, which consists of a conductive mesh that entirely surrounds the module under protection, is continuously monitored to detect any physical intrusion and subsequently wipe critical data. Since attack tools have improved and some enclosure solutions have been discontinued, a desire for a new technology has emerged.

At first, I present state-of-the-art solutions for HSMs which conform up to the highest security level: FIPS 140-2 level 4. Knowledge about these solutions was gained by accurate disassembly of such modules, obtained via a famous online market place. While some solutions have a very delicate mesh surrounding the entire device, others have additional light and temperature sensors that are countermeasures against common physical attacks.
However, many physical security enclosures have been discontinued, sometimes due to suspected insecurity, thus, there is demand for a successor.

The second part of my presentation focuses on a novel technology for enclosures, based on Physical Unclonable Functions (PUFs). These...

Fighting back against Libra - Decentralizing Facebook Connect

The power of Facebook derives from its control over your digital identity. However, the fundamental technologies behind anonymous (attribute-based) authentication credentials have existed since the mid-90s. This talk will cover new advances in ano...

How do we pratically defeat Facebook and build an anonymous internet? Let's start with the building blocks: Getting rid of Facebook Connect using decentralized and privacy-enhancing technologies, then using that as a lever to build the rest of the system.

Anonymous authentication credentials have existed since early blind signature schemes, but have historically been both inefficient and required centralized (if often blind!) trusted third parties. New advances such as UnlimitID and the Coconut signature scheme have allowed the creation of "Nym credentials" that are both decentralized and privacy-preserving. We'll go into three use-cases:

Making video games in a weekend

Are you curious about making your own video game? Game jams are a brilliant opportunity to try that, and a fun challenge for interdisciplinary teams of all skill levels! They're basically hackathons, but for video games - you're given a certain th...

This talk is split into three parts: First, I'll quickly go over the history of game jams, and introduce you to some of the largest ones, like Ludum Dare and the Global Game Jam.

Second, I'll talk about my personal experience with game jams: I'll explain how I got into it, and showcase some games I worked on! I'll also share the development process behind them, and reflect on what went well and what didn't.

And finally, I want to empower you to try this for yourself. Specifically, I'll explain how the "Ludum Dare" game jam works, and share some tips, tricks, and resources I have assembled over the years, that would have been useful for myself as I just was starting out.

Why Nobody cares, and only You can save the World

This talk aims to provide a possible explanation why most people seem to care very little about the unethicality of much of today’s technologies. It outlines what science and philosophy tell us about the biological and cultural evolutionary origin...

Why is it that in a technological present full of unethical practices – from the “attention economy” to “surveillance capitalism”, “planned obsolescence”, DRM, and so on and so forth – so many appear to care so little?

To attempt to answer this question, the presentation begins its argument with an introduction into our contemporary understanding about the origins of (human) morality / ethics. From computational approaches a la Axelrod’s Tit for Tat, Frans De Waal’s cucumber-throwing monkeys and Steven Pinker’s “Better Angles of our Nature”, to contemporary moral psychology and moral cognition and these fields’ work on moral intuitions.

As research in the last couple of decades in these fields suggest, it appears that much, if not most of (human) moral / ethical decision making is based on moral intuitions rather than careful, rational reasoning. Joshua Greene likens this to the difference between the “point-and-shoot” mode and the manual mode of a digital camera. Jonathan Haidt uses a metaphorical elephant (moral intuition) and his rider (conscious deliberation) to emphasize the difference in weight. These intuitions are the result of both biological and cultural evolu...

Die Zukunft hat zwei Wellen

Freifunk steht vor dem Abgrund, der Flash ist voll, der RAM ist zu klein, so löt doch einfach neuen ein? Wir betrachten hier die aktuellen Probleme die viele Communities mit ihrer Hardwarebasis erleben und betrachten die Vor- und Nachteile der ver...

Freifunk steht vor dem Abgrund, der Flash ist voll, der RAM ist zu klein, so löt doch einfach neuen ein? Wir betrachten hier die aktuellen Probleme die viele Communities mit ihrer Hardwarebasis erleben und betrachten die Vor- und Nachteile der verschiedenen Wege, diese Probleme zu lösen.

Dabei schauen wir uns zurerst die aktuelle Entwicklung auf dem WLAN-Hardwaremarkt an und welche Unterstützung Gluon bereits für Moderne WLAN-Hardware bietet, wie man selber die Unterstützung neuer Hardware verbessern kann und dem angehenden Freifunker erleichtert das richtige Gerät für sich und seinen Anwendungsfall zu finden.

Im Anschluss betrachten wir die aktuellen Herausforderungen die viele Communities gerade mit stark limitierter Hardware trifft und möchten auch einen Blick auf kommende Herausforderungen werfen.

"Service Point" The Display

The walls of CCC Berlin are filled with posters, analog as well as digital art, and also: a large LED display! The display is a proper piece of dual-use technology, serving both as hack material for fun and as a useful tool e.g. for taking notes d...

Come join us on a technology tour through the history of this fun piece of kit, starting with a look at the original hardware and software architecture and moving on through the many following software, hardware and mechanical hack generations in and around the display.

The display has come quite far. Originally one could watch individual characters render on the 71680 LEDs, now 35 fps video playback is effortless, and it functions as a hub for collaborative visual expression using both text and graphics.

Key words: 6502, CSS, Ethernet, ATXMEGA, JavaScript, Cortex-M3, WebSockets, AM335x, BeagleBone Black, PRU, Etherpad, CNC machining, Aluminium Welding

c3Power Monitoring CCCamp 19

Infastructure Review des Camp 2019 Stromnetz aus Sicht des auf der GPN in der Theorie vorgestellten Low Cost Power Monitoring. Aufbau des Monitoring-Netzes, Inbetriebname und Ergebnisse von Tag -1 bis Tag 4

Wie verhält sich das Netz von c3Power auf dem Camp 2019 zu den verschiedene Tageszeiten, wie sieht die Auswertung von z.B. Lastverteilung, Netzoberwellen, Fehlerrate aus. Visualisierung der Daten in Grafana, Server Infrastruktur. Do:s and don't:s vom Aufbau der Hardware, Betrieb bei 50 Grad plus und 10 cm Wasserstand im Freien. Stabiltät des Campnetzes in den ersten 4 Tagen. Integration ins DMR Funknetz über MMDVM Hotspots zum absenden der Fehlermeldungen als DMR SMS. Abhandeln der Störmeldungen. Impressionen vom c3power Team während des Events.

Visualization of networks using physics

The beautifully complex structures often found in Nature arise from the collective interaction of huge numbers of particles moving under very simple forces.
Starting from this fact, I will present how we can encode simple physical properties into...

Large networks (graphs) appear in many types of human activity: computer, social, transportation, biological, and other networks that model the various connections and interactions in a system.
Networks are often depicted visually as sets of points on a plane connected by lines - at large scales however, this image becomes too difficult to interpret due to high density of points and/or too many line crossings. So it is essential to determine an ideal placement of the network's parts in order to reveal its structure in the most clear and informative way.
The laws of physics inherently contain dynamics capable of creating aesthetically appealing arrangements of high complexity, as can be seen in snowflakes, soap bubbles, crystals, or molecules in 3d space. By encoding physical qualities and dynamics in a network, we can leverage the laws of motion and the corresponding forces to let them shape the network. As the network is now acting like a physical system, it evolves towards a configuration of minimum energy and reaches a final state that exposes the symmetries, connected parts, and other features, in analogy to the wonderfully complex structures found in Nature.

Infrastructure Review

Closing ceremony

A farewell.