Who can you trust? Berliner Congress Center (bcc) Berlin 2006-12-27 2006-12-30 4 1.5 06:00 00:15 10:30 01:00 Saal 1 who_can_you_trust Opening Ceremony and Keynote General Vortrag englisch Opening event of the 23rd Chaos Communication Congress. After a welcome talk, the 23C3's keynote will be delivered. Tim Pritlove John Perry Barlow 11:30 01:00 Saal 1 neues_gesetzliches_verbot_des_hackings Praktische Auswirkungen des neuen Strafrechtes, das in wenigen Monaten in Kraft treten wird Society Vortrag deutsch Entwickler, Administratoren und gewisse Internet-Nutzer treffen die Auswirkungen eines aktuellen Gesetzesvorhabens auf dem kaltem Fuß. Eine ganze Klasse von Systemwerkzeugen, die "Hackertools", soll verboten werden. Das Bundeskabinett hat im September 2006 den “Entwurf eines Strafrechtsänderungsgesetzes zur Bekämpfung der Computerkriminalität” beschlossen. Das Gesetz soll bereits Mitte März 2007 in Kraft treten. Das neue Gesetz erweitert die Strafbarkeit dessen, was umgangsprachlich als Hacken bezeichnet wird. Existierende Straftatbestände werden ausgeweitet, neue Straftatbestände geschaffen. Nicht nur das Entwickeln und Verbreiten, sondern auch das bloße Sich-Verschaffen soll unter Strafe gestellt werden. Es werden neue Vorgehensweisen notwendig, um rechtliche Risiken zu begrenzen. Ein ganz neue Qualität kommt durch das Verbot gewisser Vorfeld-Handlungen ins Spiel. Neuerdings wird das Entwickeln, Verbreiten oder auch nur Sich-Verschaffen sog. Hacker-Tools unter Strafe gestellt. Systementwickler, Administratoren und Internet-Nutzer müssen umdenken. Zukünftig wird es zwei Arten von Software geben. Schon der bloße Kontakt mit Hacker-Tools kann künftig strafrechtliche Folgen hervorrufen. Betroffen ist jede Phase aus dem Lebenszyklus solcher Software. Worauf die Beteiligen achten sollten, um strafrechtlichen Risiken ausweichen und Schutzvorkehrungen treffen zu können, schildert der Vortrag. Dabei beschränkt sich der Blick nicht auf das strafrechtliche Risiko, sondern benennt weitere rechtliche Folgen, die leicht übersehen werden. Erste Stellungnahmen der Interessenverbände zur grundsätzlichen Problematik des Gesetzesentwurfes liegen bereits vor. Bis zum Jahresende wird die öffentliche Erörterung voranschreiten. Deshalb streift dieser Vortrag Grundsatzfragen nur am Rande. Der Vortrag knüpft inhaltlich an das an, was auf dem 22C3 über die Cybercrime Convention berichtet wurde. Im Vordergrund dieses Vortrages stehen die Auswirkungen des Gesetzesentwurfes auf die Praxis. Juristische Kenntnisse werden nicht vorausgesetzt. Der Vortrag wendet sich nicht an Juristen, sondern an Entwickler, Administratoren und gewisse Internetnutzer. Peter Voigt Rahmenbeschluss des EU-Rates cybercrime convention 1. Stellungnahme des CCC e.V. Mitteilung im Heise-Ticker vom 20.09.06 Entgegnung Justizministerium 1. Stellungnahme Bitkom Heise zu Stellungnahme Bitkom Gesetzesentwurf der Bundesregierung 12:45 01:00 Saal 1 know_your_citizens State Authorities' Access to Sensitive Information Science Vortrag englisch The balance between effective criminal investigations and the protection of human rights is currently intensively discussed. A number of approaches demonstrate a tendency that state authorities gain for more access to sensitive data. But do these information really help to prevent crimes (e.g. terrorist attacks) and how save are these information in the hands of state authorities'? The current discussion and legislative approaches shall be demonstrated by analysing some topic examples: - Data Retention Directive (Access of investigation authorities to traffic data) - Real Time Collection of Content Data (Access to content data) - Restriction of the use of Encryption Technology - Key Escrow System (Access to encryption key) - Draft Legislation enabling Law Enforcement Agencies to secretly access Computer Systems Marco Gercke 14:00 01:00 Saal 1 the_grim_meathook_future How The Tech Culture Can Maintain Relevance In The 21st Century Culture Vortrag englisch Most modern futurism describes technology-driven futures: the nanotech future, the biotech future, etc. But there's also another future, just as or more possible: the future where technology is marginalized by social and cultural forces (such as the rise of fundamentalism as a political force in the US and Middle East). This lecture talks about how technology and design can help humanity avoid a grim future. Amongst technology pundits and futurists, it seems to be a given that "progress" in the 21st century will be driven by technological advancements -- nanotechnology, biotechnology, networking technology, etc. However, recent global trends and events suggest that the course of human destiny can just as easily be driven by religious fanatics using weapons and tactics which are hardly on the technological cutting edge. Meanwhile, the promise of a global Internet providing equality to all is still a pipe dream; the developing world's primary interface to our networks come in the way of 419 spam and data piracy. Not to mention, of course, the fact that we're rapidly approaching the end of cheap, freely available energy sources and the likely beginning of massive climatic change. As a species, we could be on the verge of the utopian vision of the "Singularity"...but we might just as easily be on the verge of a Spenglerian return to a global Dark Ages; a scenario that resembles less the utopian science fictions of Hugo Gernsback and more a nightmare of feral cities and warlordism...a scenario which I refer to with a certain amount of bleak humor as the "Grim Meathook Future". Such a scenario is not apocalyptic; rather, it's a natural result of what happens when the economic and technological bedrock upon which our current society relies begin to fail and anarchy and irrationalism take their place. Against this unnerving potentiality, such current tech culture obsessions such as the blogosphere and the war against copyright seem downright frivolous. Are we become too self-obsessed, self-referential? Are we making ourselves irrelevant? These are the questions I want to explore in this lecture. I plan to explore ways in which, by looking outward rather than inward, those of us in the technology culture and industry can work to prevent the Grim Meathook Future, and to ensure that our labor works to benefit humanity as a whole. The talk will probably include discussion of many if not all of the following topics: * Spengler's concept of cyclical history and the widely-held idea that our society is in a similar position to societies like the Roman and Mayan empires, just prior to their collapse, and also some discussion of the shift in the 20th century from the idea of social improvement as progress to technological innovation as progress. * Already-extant examples of the Grim Meathook Future, such as the Lord's Resistance Army in Northern Uganda, the Somalian city of Mogadishu (as an example of a "feral city"), the rise in warlordism in both the developing world and the former Soviet bloc, and the increasing rise of ad-hoc infrastructure instead of designed infrastructure (such as the growing number and entrenchment of squatter communities in major world cities, many with their own self-evolved governments and infrastructures). Also, the lessons we can learn from these events and scenarios. * Current technological programs and initiatives which show promise in helping to direct and stabilize the massive changes which are beginning to occur globally, such as MIT's $100 laptop project, the Lifestraw project, and the search for alternative energy sources. * Possible useful future projects and initiatives which can be undertaken by the technology culture/industry as a whole. Joshua Ellis The text of my original "Grim Meathook Future" mini-essay "Feral Cities" : a 2003 essay by Dr. Richard Norton of the US Naval War College "Open Source Democracy" - an essay by Douglas Rushkoff Global Guerillas - a blog dedicated to study of "fourth generational" warfare by John Robb $100 Laptop project at MIT "The Problem Of Civilization" by Oswald Spengler, from *The Decline of the West" The Lifestraw - an inexpensive device for purifying contaminated drinking water 16:00 01:00 Saal 1 privacy_identity_and_anonymity_in_web_20 Society Vortrag englisch The presentation will show the hidden privacy implications of some web2.0 and identity2.0 services, standards and applications and discuss the underlying trend here. Web2.0 has created a new rush towards social networking and collaborative applications. This enables new possibilities, but also is a threat to users' privacy and data. On the surface, many people seem to like giving away their data to others in exchange for building communities or getting their 15 seconds of fame. But below it lie less obvious privacy implications. Some of them are accidential, like publicly marking someone as a "friend" without asking that person before or putting personal data under a creative commons license. But some are more fundamental, as they are based on voluntary surveillance of the users. On the extreme end of the spectrum, the trend towards "identity 2.0" services - from microformats like OpenID and adressing systems like XDI to infrastructures like Cardspace and Higgins - will have far-reaching impacts on the future of privacy and anonymity on the web. The presentation will show the hidden privacy implications of some web2.0 and identity2.0 services, standards and applications and discuss the underlying trend here. Ralf Bendrath Jan Schallaböck Udo Neitzel Identity Gang Future of Identity in the Information Society (FIDIS) Online Identity Bibliography 17:15 01:00 Saal 1 drones Autonomous flying vehicles Science Sonstiges deutsch I am watching you: drones for private use are getting real. A live presentation of actual devices in real action. The main aspect of this talk is the demonstration of an autonomous flying Quadrocopter microdrones md4-200 with 200g payload, which is a small 4-rotors-helicopter with a radio transmitting color-videocamera and a bunch of sensors on board. I will show the very first prototype of the md4-1000 with 1000g payload. We will discuss the technology, the usage scenarios and the social aspects of such devices. Part of the talk will be an introduction to an homebrew approach to drones technology. Last but not least I will show which drones are existing right now, what is planned to do and who is using such devices. Steini 18:30 01:00 Saal 1 hacking_the_electoral_law Culture Vortrag englisch How the Ministry of the Interior turns fundamental election principals into their opposite, without even asking the parliament. Public control and transparency of elections, not trust, are well established principles to prevent electoral fraud in a democracy. With the introduction of voting computers or remote eVoting, this transparency is replaced by procedures which exclude both voters and the public from any control over the election process. Instead, trust in the administration is introduced as a new principle of electoral control. But what might be desirable for an authoritarian regime is inappropriate in a democracy. Using German eVoting regulations as an example, it is discussed how experts in the administration "hack" the electoral system by turning fundamental election principals into their opposite. Ulrich Wiesner CCC Wiki on voting computers (in German) 22C3: e-Voting: The silent decline of public control Europeans For Verifiable Elections: eVoting in Europe (in English) 20:30 02:15 Saal 1 we_dont_trust_voting_computers The story of the dutch campaign against black-box voting to date Society Vortrag englisch This talk covers the dutch campaign against unverifiable voting on computers, which is part of a growing movement world-wide to reject these computers. Successes in Ireland and (surprise) the US seem to indicate that media, law-makers and the general public are beginning to wake up. For far too long The Netherlands have been the European capital of 'black-box style' electronic voting. It was time someone challenged Nedap, the leading manufacturer of unverifiable voting "machines" in Europe, in their own country. The talk very briefly describes the international situation with regard to electronic Voting, with emphasis on European history and events. It then describes the dutch campaign that was set up this year. I will talk about the results of the FOIA (IFG) requests we made, the results of our lobbying as well as highlight some of the media attention we got. We need help: I will also try to motivate you, the listener, to become active against unverifiable e-Voting in/on your own country, bundesland, weblog, city, province, university or wherever else you can. We can win this one. And we must: either democracy destroys black-box voting or it will eventually destroy democracy. Rop Gonggrijp Dutch campaign site (in dutch) 23:00 01:00 Saal 1 revenge_of_the_female_nerds Busting Myths about Why Women Can't Be Technical Culture Vortrag englisch Why do media and industry lag behind reality when it comes to estimating women's technical and scientific abilities? That women have these abilities is obvious. The question is how to change social expectations about them. What are women doing, and what can they do, to combat pervasive myths about their inferiority as engineers and scientists? Why do media and industry lag behind reality when it comes to estimating women's technical and scientific abilities? That women have these abilities is obvious. The question is how to change social expectations about them. What are women doing, and what can they do, to combat pervasive myths about their inferiority as engineers and scientists? I have just completed a book-length project on female geeks, to be published in January, which is a collection of essays by women in a variety of male-dominated "geek" jobs -- everything from computer science and bioinformatics work, to comic book writing and videogame programming. I will present some of the findings from my book, looking at real-life examples of women fighting back against sexism in technical/science jobs. I'll also examine how women can help change the pop culture image of geeks as almost entirely male. Annalee Newitz 00:00 01:00 Saal 1 konrad_zuse_der_rechnende_raum Ein audiovisuelles Live-Feature Culture Sonstiges deutsch Er gilt als der deutsche Pionier der frühen Rechentechnik: Konrad Zuse. Sein Leben, seine Rechenmaschinen und seine Firma Zuse KG werden in diesem live gesprochenen dokumentarischen Feature der Hörspielwerkstatt der Humboldt-Universität zu Berlin porträtiert. Schon als junger Student an der TU Berlin hatte Zuse die Idee, Rechenmaschinen zu konzipieren und zu bauen. Vor Beginn des Zweiten Weltkrieges tüftelte er bereits im Wohnzimmer seiner Eltern in Berlin-Kreuzberg an seiner später berühmt gewordenen mechanischen Z1. Jenseits der US-amerikanischen Militärforschung, zu der er keine Kontakte hatte, verwirklichte Zuse den ersten programmgesteuerten Rechner der Welt. Die Geschichte des Computerpioniers wird in dem Live-Feature in Wort, Bild und mit musikalischer Untermalung erzählt werden. Marcus Richter Constanze Kurz Ina Kwasniewski Jens-Martin Loebel Kai Kittler Texte früherer Features 09:30 00:45 Saal 2 23c3pressekonferenz Society Sonstiges deutsch Pressekonferenz zum 23C3 Teilnahme bitte mit Vorab-Akkreditierung an 23c3-presse@cccv.de Andreas Lehner Constanze Kurz Frank Rosengart 12:45 01:00 Saal 2 go_menschen Auch für Computer? - Nicht beim Go! Culture Vortrag deutsch Primitiv einfache Spielregeln aber komplexeste Zusammenhänge, bei denen Computerprogramme kläglich versagen während Menschen auf wundersame Weise (Denk-)Muster erkennen und diese zu genialen Strategien umzusetzen vermögen - das ist Go. Kann uns umgekehrt Go auch Stärken des menschlichen Intellekts aufzeigen? Es werden Parallelen zur Softwareentwicklung gezogen und den Entscheidungsprozessen, denen sich Entwickler dort ausgesetzt sehen. Der Vortrag wird mit einer sehr knappen Einführung in das Go-Spiel beginnen. Die Zuhörer werden nicht unbedingt in der Lage sein, ohne weitere Anleitung Go zu spielen, aber sie werden verstehen, worum es beim Go geht. Anhand von ausgewählten Beispielen wird die Komplexität des Spiels anschaulich dargestellt. Diese werden auch für Zuhörer verständlich sein, die weder Go noch artverwandte Spiele kennen. Der nächste Teil des Vortrags wird einen Überblick über die Bemühungen geben, Computerprogramme Go spielen zu lassen. Welche Fragestellungen des Spiel können Computerprogramme beantworten, womit haben sie Schwierigkeiten? Der "Brute Force"-Ansatz scheitert unmittelbar an der Größe des Spielbaums auf der Turniergröße 19x19: Es gibt mehr mögliche Spielabläufe als die vermutete Zahl von Atomen im Universum. Von seiner Komplexität ist Go EXPSPACE-hart und somit echt schwieriger als NP-vollständige Probleme. Mit "Rechnen" ist Go nicht zu knacken. Gute Go-Spieler "fühlen" welche Züge gut sind und welche schlecht sind. Dieses Gefühl ist unmittelbar da, ohne jedes Nachdenken! Je besser der Go-Spieler, um so besser sein Gefühl. Oder umgekehrt? Auch aber nicht nur. Ganz ohne Rechenfähigkeit nützt das beste Gefühl nichts. Denn Go hat eine ganz entscheidende Eigenschaft: was "hier" gut ist, ist "da" grottenschlecht. Gewissheit darüber erhalten auch erfahrene Spieler nur durch "Rechnen", d.h. dem Vorausberechnen von Zugfolgen und deren Resultat. Aber ohne Gefühl geht es erst recht nicht: die allermeisten Entscheidungen im Go sind für Rechnen zu komplex. Der Vortragende wird den Versuch wagen, den Charakter des "Fühlens" beim Go darzulegen. In der Softwareentwicklung gibt es ähnliche Denkabläufe wie beim Go. Einerseits gibt es die Logik des Codes: so läuft es ab und das ist das Ergebnis. Aber die meisten Entscheidungen eines Softwareentwicklers und erst recht die wichtigen sind anderer Natur: Ausgehend von einer Problemsituation "fühlt" ein Programmierer den Weg zu seiner Lösung. Gute Softwareentwickler können sofort aus dem Gefühl erkennen, dass eine bestimmte Lösung gut oder schlecht ist. Der Vortragende stellt die These auf, dass die Unfähigkeit von Computern, angesichts einer Problembeschreibung eine gute Implementierung generieren zu können sehr eng verwandt ist mit der Unfähigkeit von Computern, gut Go spielen zu können. Christoph Gerlach Eine einfache interaktive Go-Einführung Go-Einführung des Deutschen Go-Bundes Komplexitätsklassen Homepage des Vortragenden Deutscher Go-Bund als Dachverband aller Go-Spieler in Deutschland Empfehlenswerter Go-Server für Online-Spiele mit anderen Go-Spielern 14:00 01:00 Saal 2 project_sputnik Realtime in-building location tracking at the 23C3 Hacking Vortrag englisch Project Sputnik is the real-time in-building location tracking system present at the 23C3. The Sputnik is a small active 2.4GHz RF Beacon, whose signal is picked up by one or multiple of the 20+ Sputnik base stations installed in the event venue (bcc). Attendees of the 23C3 are able to voluntarily participate in this system by purchasing an inexpensive Sputnik transponder which they can carry with them during the whole event. In order to make this project attractive to hackers, the Sputnik hardware schematics and firmware source code will be published on the first day of the event, enabling hackers to enhance/replace the exiting firmware, and to add new applications such as peer-to-peer communication between multiple Sputniki. The location data (both raw and processed) will be available to the public via the congress network. This means that everyone has access to all data. The intention of the project is mainly to demonstrate what kind of surveillance is possible using off-the-shelf inexpensive technology, and to make hackers interested into exploring potential positive use cases for it. Harald Welte Milosch Meriac The OpenBeacon Project (of which Sputnik is one incarnation) 16:00 01:00 Saal 2 lightning_talks_day_1 Lightning-Talk Definition: Lightning Talks is a daily event. which consists in one hour of several short talks. Each talk is limited to five minutes. Goal: There is one slot for Lightning Talks each day of the congress. The goal is to present 10 talks within each slot. So this might be up to 40 interesting talks in total. See the Wiki page for current info. b9punk Sven Guckes Wiki page 17:15 01:00 Saal 2 not_so_smart_card How bad security decisions can ruin a debit card design Hacking Vortrag englisch This lecture will introduce you to the the Postcard, a widely used debit card issued by FostFinance in Switzerland. As other debit cards like the "EC" card it is used for shopping payments at POS terminals or to draw money from ATMs in Switzerland and many other countries. It's widely used by its 2'000'000 users, producing a total transaction volume of around 8'000'000'000 Swiss Francs a year. All security features of the card are described and their ineffectivness is demonstrated. It is shown how even outsiders can get access to the secret key of the card issuer, allowing them to create new, valid debit cards on their own or to clone existing card without any physical access to the original. If the phrase "Your key is way too short" could embarass IT security officers as much as if we are referring to their private (male) body part - security would be much better off in some cases - at least in this one... Bernd R. Fix Postcard Modulus Factorization 18:30 01:00 Saal 2 hacking_fingerprint_recognition_systems Kann ich dir ein Bier ausgeben? Hacking Vortrag deutsch Der Vortrag stellt Wege und Werkzeuge vor um aus unterschiedlichen Quellen Bilder für die Herstellung von Fingerabdruckattrappen zu gewinnen. Biometrische Systeme setzen sich mehr und mehr im Alltag durch, sei es in Mobiltelefonen, Computern, Geldautomaten oder als Zugangskontrolle. Das weitverbreitetste System ist dabei die Fingerabdruckerkennung. Entgegen der Versprechungen der Hersteller sind viele der Systeme aber immernoch mit einfachsten seit Jahren bekannten Mitteln zu überwinden. Der kapazitive Sensor in den neuen Thinkpads von Lenovo/IBM war der erste, der Gegenmaßnahmen gegen diese Art von Fingerabdruckattrappe beinhaltete. Anhand der Arbeiten zur Überwindung dieses Systems werden Techniken zum Sammeln von Fingerabdrücken und eine Schritt-für-Schritt Anleitung zur Herstellung einer Attrappe vorgestellt. starbug How to fake fingerprints? 20:30 01:00 Saal 2 open_source_machine_translation From tools, to tricks, to projects: build a translation engine from Klingon to Finnish in an hour Science Vortrag englisch Today two revolutions are pushing the machine translation field forward: the open source movement, and the broader application of statistical methods. This talk is at the intersection of the two: centering around the applications and contributions to be made to Moses, a state of the art open source toolkit for statistical machine translation developed by researchers from MIT, Edinburgh, Cornell, and Aachen. Today two revolutions are pushing the machine translation field forward: the open source movement, and the broader application of statistical methods. This talk is at the intersection of the two: centering around the applications and contributions to be made to Moses, a state of the art open source toolkit for statistical machine translation developed by researchers from MIT, Edinburgh, Cornell, and Aachen. In the past, those who wanted quality machine translations were forced to rely on closed source, rule based engines such a SYSTRAN. Even most of Google's translation engine uses SYSTRAN software. But Google and others are moving towards flexible, trainable systems, based on computer generated statistics rather than PhD linguist generated rules. This means a machine translation is accessible to the average user. Next time, instead of getting angry or amused by a poor translation provided by Google Translate or BabelFish, use your own copy of the open source engine and you can hack away, helping to improve translation quality for yourself and users around the globe. Christine Corbett Moran http://sourceforge.net/projects/mosesdecoder/ http://www.iccs.inf.ed.ac.uk/~pkoehn/publications/tutorial2006.pdf http://www.statmt.org/moses/ 21:45 01:00 Saal 2 transparency_and_privacy The 7 Laws of Identity and the Identity Metasystem Society Vortrag englisch Microsoft has proposed architectural principles ("7 Laws of Identity") to support convergence towards an inter-operable, secure, and privacy-enhancing plurality of identity systems - an "Identity Metasystem". This new concept presupposes that a single monolithic identity system for the Internet is neither practicable nor desirable. The ability of Internet users to manage identity relationships with diverse organisations is a prerequisite to further development of e-commerce and efficient delivery of government services online. However a rising tide of information security threats, from “phishing” and “spoofing” attacks on the user, to large scale breaches of centralised repositories of identity information, suggests that new approaches are needed which can empower the individual to take more control of how their personal information is used online. For a number of years there has been growing interest in industry and research communities in the concept of "user-centric" identity management systems. Microsoft has proposed architectural principles ("7 Laws of Identity") to support convergence towards an inter-operable, secure, and privacy-enhancing "Identity Metasystem". This new concept presupposes that a single monolithic identity system for the Internet is neither practicable nor desirable. What are the implications for security and privacy of offering individuals greater transparency over how their data is used, and how can this best be achieved? The 7 Laws of Identity ====================== 1. User Control and Consent - Technical identity systems must only reveal information identifying a user with the user’s consent. 2. Minimal Disclosure for a Constrained Use - The solution that discloses the least amount of identifying information and best limits its use is the most stable long-term solution. 3. Justifiable Parties - Digital identity systems must be designed so the disclosure of identifying information is limited to parties having a necessary and justifiable place in a given identity relationship. 4. Directed Identity - A universal identity system must support both “omni-directional” identifiers for use by public entities and “unidirectional” identifiers for use by private entities, thus facilitating discovery while preventing unnecessary release of correlation handles. 5. Pluralism of Operators and Technologies - A universal identity metasystem system must channel and enable the inter-working of multiple identity technologies run by multiple identity providers. 6. Human Integration - The universal identity metasystem must define the human user to be a component of the distributed system integrated through unambiguous human-machine communication mechanisms offering protection against identity attacks. 7. Consistent Experience Across Contexts - The unifying identity metasystem must guarantee its users a simple, consistent experience while enabling separation of contexts through multiple operators and technologies. Caspar Bowden Kim Cameron's Identity Blog 23:00 01:00 Saal 2 data_retention_update News and Perspectives on Implementation and Opposition Society Vortrag englisch The EU adopted a directive on the retention of data regarding the communications, movements and use of media of all 365 mio. EU citizens. The struggle is now continuing on the national levels, and privacy groups are preparing legal, political and technical challenges to this surveillance scheme. A year ago, the European ministers of justice and home affairs struck a deal with the European parliament and the commission according to which personal data regarding the communications, movements and use of media of all 365 mio. EU citizens is to be collected and stored for up to two years. While the EU directive 2006/24 EG on data retention has entered into force in May 2006, the struggle is continuing. The panel of three key anti-data retention activists will present to you the latest political and legal developments in this field in Europe and overseas. Two antagonistic trends can be observed: On the one hand, some member states such as Denmark have started the implementation process, as expected with a broader scope of data to be stored than is required by the directive. The United States are also moving towards data retention, and hardware vendors are preparing to sell the necessary surveillance equipment to telcos and ISPs. On the other hand, the opposition against this step towards a police state is growing. A number of EU member states have announced that they will postpone the retention of internet traffic data. The Irish government is challenging the entire directive before the European Court of Justice. Privacy groups are preparing legal, political and technical challenges. The panel of three key anti-data retention activists will present to you the latest political and legal developments in this field in Europe and overseas. Rikke Frank Jørgensen Ralf Bendrath Patrick Breyer EDRi Data Retention Wiki German Working Group against Data Retention (AK Vorrat) European Digital Rights 11:30 01:00 Saal 3 dylan_network_security Ethereal^W Wireshark without remote exploits - a proof of concept Hacking Vortrag englisch We present a domain-specific language (DSL) capable to describe ad-hoc defined protocols like TCP/IP. Additionally we developed other libraries, like a flow graph for packet processing and a layering mechanism for protocol stacking, to get a complete TCP/IP stack. The security industry is in a paradox situation: many security appliances and analysis tools, be it IDS systems, virus scanners, firewalls or others, suffer from the same weaknesses as the systems they try to protect. What makes them vulnerable is the vast amount of structured data they need to understand to do their job, and the bugs that invariably manifest in parsers for complex protocols if written in unsafe programming languages. We present the design and implementation of a domain-specific language (DSL) for description of structured byte-oriented protocols that addresses this problem. The DSL is applicable to a wide range of problems, such as network communication or file formats, and allows the programmer to write an abstract definition of some packet format, from which parsers and generators are then created automatically. That mechanism saves the programmer from tedious manual work for supporting new protocols, and at the same time prevents him from introducing vulnerabilities into the parsing process. Our DSL is implemented on top of Dylan, a dynamically typed, object-oriented programming language. It makes heavy use of the Dylan macro facility to extend the language for the domain of packet format description, without sacrificing performance in the process. Beyond the safety gained by automating the parser creation process, Dylan provides additional security by its strong typing, mandatory bounds checking and automated memory management. We also show the implementation of a userland TCP/IP stack, which uses the packetizer DSL for description of network packet formats, as well as a packet flow graph framework for packet processing and a layering mechanism for protocol handling. Andreas Bogk Hannes Mehnert Dylan Proof of concept 12:45 01:00 Saal 3 big_brother_awards Eine Lesung aus dem Buch "Schwarzbuch Datenschutz" Society Vortrag deutsch Vorgestellt wird das "Schwarzbuch Datenschutz", das in diesem Jahr entstanden ist: Sieben Jahre BigBrotherAwards Deutschland sind gelaufen. Was ist passiert und was bleibt übrig? Eine Rückschau auf die interessantesten Gewinner der ersten sechs Jahre, die im Buch "Schwarzbuch Datenschutz" zusammengefasst wurden, und auf die aktuellen Preisträger. Die BigBrotherAwards haben einen neuen Schwung in das Thema Datenschutz gebracht. Und keine andere Veranstaltung rund um das Thema Datenschutz genießt ein solch großes öffentliches Interesse. In Deutschland wurde der Preis mittlerweile sieben mal vergeben. Diese magische Zahl verleitet zu einem Rückblick. Die ersten sechs Jahre wurden in dem Buch "Schwarzbuch Datenschutz" zusammengefasst, aus dem viel zu hören sein wird. Es wird geklärt, wie es mit den Preisträgern weiter ging, und ob sie heute genauso schlimm sind wie damals oder ob sie ihre Politik geändert haben. Denn viele Preisträger bekamen neben dem Award auch eine Extrabehandlung. Zudem gibt es was von den aktuellen Gewinnern zu hören, die es auch faustdick hinter den Ohren haben. Die Veranstaltung ist Lesung und Performance in einem und begibt sich auf eine Zeitreise durch die letzten sieben Jahre. Rena Tangens padeluun BigBrotherAwards FoeBuD e.V. Schwarzbuch Datenschutz BigBrotherAwards Internationale Homepage 14:00 01:00 Saal 3 gaeste_ueberwachung Society Vortrag deutsch - Fragwürdige Methoden der Informationsbeschaffung - Rekonstruktion authentischer Fälle - Schutz von Geschäftsgeheimnnissen und Privatsphäre Internationale Hotels aller Länder dienen schon immer als Drehscheiben legaler und illegaler Aktivitäten. Die Überwachung von Hotelzimmern, Konferenzräumen und Personen gilt daher als Pflichtübung staatlicher Bedarfsträger und privater Informationsbeschaffer. Durch die Naivität der Gäste endet so mancher Fall nicht nur in der Besenkammer, sondern auch mit bitterem Erwachen in den Schlagzeilen. Manfred Fink 16:00 01:00 Saal 3 the_rise_and_fall_of_open_source The Million Eyeball Principle and forkbombs Community Vortrag englisch This lecture outlines a possible future retrospective on OpenSource built from a simple continuation of current trends. It's now been quite a while that OpenSource projects started to die out due to lack of developers, while on the other hand the number of similar projects in the same area is astonishing. 2006 then turned out to be the year when the first major OpenSource projects started to run into a similar crisis. In almost every area of computer science, there is an awful lot of similar projects which basically have the same goal but try to achieve it in only slightly different ways. There are, for example, gazillions of different Wiki projects, web fora, mail readers, editors, Linux distributions or window managers. This diversity does of course have a lot of advantages, but the amount of people working in the area of OpenSource in their free time is limited. Also, the amount of people who work in the area and are able to contribute quality code is quite low. The usual life cycle of an OpenSource project nowadays starts with its creation, of course. Then, it is usually maintained to the point where it is about half finished in terms of features. Then, there is usually a clash over some subject (Specific features that go/don't go in, the use of specific version control systems, the attitude of the maintainer), followed by a fork. Usually, this fork results in 3 or more different projects. The parent project usually dies off due to a lack of resources, which have been drained to the child projects. Normally, most of the child projects also lack a security practitioner, which usually leads to vulnerabilities, and consequently to a high load of security incidents which slow down the progress of the child project even further. Also, a lot of people think that in a fork project, they can now finally get rid of the scourge of good coding habits. This usually leads to the project wasting away due to a load of bugs that nobody can manage. There are various reasons for this. Of course, a prime reason lies in the evangelism that a lot of OpenSource developers just bear inside them. Projects get forked because they don't use the Only Beatific Technology, but some Inferior Technology from The Past. The original maintainer usually refuses to adapt to the new technology because he prefers to have a stable and well-known base to build on. Another big reason for this is the ego of some developers. A lot of people can't stand it if somebody tells them to bugger off with their patch because it doesn't meet the quality standards of the project. They fprk off a new project with the old code plus their patch, and either a number of developers from the original project fork off as well, or the child project quickly falls behind. Of course, there is also a problem on the maintainer side. A lot of maintainers don't like the fact at all that there are people who write better code or adapt new features that really are required for the project. This usually leads to one successful child project forking off while the parent project continues to float into space for a while with barely any maintainers left. This is of course one of the better ways to fork, but it still means a significant resource drain. Also, today's source control systems make it incredibly easy to fork off a project. It usually only requires a fork of the current repository, which is an usually action because today's source control systems just use project forks and push/pull technologies for concurrent development. Also, there are usually tools which convert an entire repository from source control system A to source control system B without even losing the metadata. This means that there is less hassle involved in forking off a project than there used to be, so it's easier to overcome one's inhibitions because the technical bar is lower. Another drain of resources isn't specific to an OpenSource project. An inherent problem of OpenSource resources lies in the fact that nowadays there is a new technology of the day out every other month, which means that most of the developers just try to learn a new Latest Thing (and start off projects with it, trying to solve problems that have been solved years before). This means that a lot of precious time is spent on learning Your Favorite Programming Language on Rails rather than writing code. On the other hand, the new technologies usually introduce new security problems that were previously unheard of, and that have to be taken into account as well. The .NET hype for example totally forgot to address that buffer overflow vulnerabilities aren't the only security problems in the world, and that .NET itself may also be a security problem. Finally, there will also be some positivism and a couple of suggestions (or maybe even guidelines) on how to get along a lot better in our projects than we used to. Tonnerre Lombard 17:15 01:00 Saal 3 information_operations Sector-Oriented Analysis of the Potential Impact and Possible Countermeasures Science Vortrag englisch The use of information technology has brought a lot of new functionality and efficiency with it. But due to the fact that enterprises are totally dependant on IT, they are vulnerable to theft or destruction of information assets, a process described as information operations. This is the presentation of a one-year Postgraduate Infosec Research Project conducted in New Zealand. This presentation gives a sector-oriented overview of what has been done so far to address information operations (IO) and where improvements could and should be made. Main threat sources were identified: malicious insiders, as well as competitive organizations, cyber terrorists, criminal groups, and foreign governments. The research analyzes the potential risks of IO, clarifies how organizations are prepared for IO, and demonstrates how IO threats are addressed. Miscellaneous IO weapons, trends, threats, and possible countermeasures will be discussed. IO involves much more than computers and computer networks. It encompasses information in any form and transmitted over any medium. It covers operations against information content and operations against supporting systems, including hardware, software, and human practices. Numerous definitions of IO and related topics exist. When trying to define IO there is a danger of defining the concept either too narrowly or too broadly. Because they are commonly in use, definitions of the DOD Dictionary of Military and Associated Terms will be used: - Information Operations: Actions taken to affect adversary information and information systems while defending one’s own information and information systems. - Information Warfare: IO conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries. Sebastian Schroeder Cyberspace & Information Operations Study Center Information Warfare Tutorial Journal of Information Warfare Cyber Terrorism and Information Warfare: Academic Perspectives: Cryptography National Academy of Sciences: Trust in Cyberspace Canadian Security Intelligence Service on Information Operations Center for Information Technology Integration: Cyber Security and Information Infrastructure Protection Publications: Cyberterrorism & Computer Technology Wired News: U.S. Military's Elite Hacker Crew 20:30 01:00 Saal 3 foss_in_india An Overview Free and Open Source Software efforts and projects in India Community Podium englisch This talk is about the growth of Free Software in India. It includes an overview of how Free Software has spread not only within the industry but also with in the Government and Education. Includes examples of Indian innovation based on Free Software, including the Simputer. Atul Chitnis has promoted Free and Open Source Software (FOSS) and driven community initiatives in India since the mid 1990s. In this talk, he presents an overview of these activities, from pushing a million Linux CDs into the country via the PCQuest Linux Initiative, engaging the community with industry and government through participation in large scale events, to the founding of Asia's best known and most successful FOSS event series (FOSS.IN, formerly known as "Linux Bangalore"). He also presents samples of his current work, which includes the opening of technologies associated with the Simputer, whose future he now guides as part of his work at Geodesic Information Systems. His talk will include demonstrations of the technologies involved. Finally, he will explain some of the "social hacks" he has resorted to over the years to force the FOSS community, the Indian government and the industry to get talking to each other, and will summarize the direction and future of FOSS not only India but in Asia. Atul Chitnis FOSS.IN 21:45 01:00 Saal 3 kollaboratives_wissenmanagement Die Zitierfähigkeit von Wiki-Wissen Science Vortrag deutsch Im Mittelpunkt des Beitrags steht das wissenschaftliche Zitieren der Wikipedia im Kontext der Diskussion um stabile Versionen, Qualitätssicherung und die Sicherung von Expertenwissen; welcher Zusammenhang besteht zwischen wissenschaftlichem Arbeiten und dem Wissenskonsens der Wikipedia? Erlaubt die Wikipedia die Bereitstellung von wissenschaftlich verwertbaren Zitaten und wie kann sie wissenschaftlich zitiert werden? Im Bildungsbereich werden Wikis immer wichtiger – vor allem die Wikipedia und Wikibooks. Dabei ist klar, dass kollaborativ erworbenem Wissen immer eine gewisse Unsicherheit anhaftet. Der Beitrag gibt einen Überblick über die Probleme und über Maßnahmen, die ergriffen worden sind oder noch ergriffen werden können, um Wikiwissen im Wissenschafts- und Hochschulbereich nutzbar zu machen. Dabei wird deutlich, dass die Probleme keineswegs neu sind und dass mit einfachen Mitteln das Unsichere sicher bzw. sicherer gemacht werden kann. Es geht darum, Argumente zu liefern, warum und wie man Wikiwissen in Schule und Hochschule nutzen kann. Da in Kürze in der deutschen Wikipedia die stabilen (geprüften) Versionen kommen werden, geht die Diskussion über die Zitierbarkeit der Wikipedia in eine neue Runde. Wir gehen davon aus, dass die Wikipedia durchaus zitierbar ist – nicht, um sich weitere Recherchen zu ersparen, sondern als Quelle des Wissenskonsens. Mit der Wiedergabe von Wikipedia-Inhalten ist es in einer wissenschaftlichen Arbeit natürlich nicht getan, denn Erkenntnisgewinn muss immer jenseits des Wissenskonsens' liegen. Das gilt natürlich nicht nur für die Wissenschaft. Auch von einem Journalisten ist zu erwarten, dass er neue Informationen vermittelt. Die Recherche muss also weitergehen, denn was in der Wikipedia steht, ist ohnehin bekannt. Aufgabe der Schule ist es, zu vermitteln, wie Schüler sich den Wissenskonsens erschließen, hinterfragen und erweitern können. Schon deshalb hat die Wikipedia ihren Platz im Schulunterricht. Praktisch zu klären ist vor diesem Hintergrund, wie die Wikipedia sinnvoll zitiert werden kann, denn die traditionelle Zitationsform einer Webseite mit einer URL und der Angabe eines Konsultationsdatums wird der schnellen Veränderbarkeit der Inhalte nicht gerecht. Hier müssen andere Formen der Zitation verwendet werden. Der Gebrauch universeller Identifikatoren (zum Beispiel URNs) ist denkbar. Mithilfe einfacher Skripte lassen sich verschiedene Zitationsformate voneinander ableiten, wenn sie einmal (zum Beispiel über RFCs) standardisiert worden sind. Rüdiger Weis Martin Haase/maha 23:00 01:00 Saal 3 digitale_bildforensik Spuren in Digitalfotos Science Vortrag deutsch Mit der mehr und mehr digitalisierten Fototechnik ist es heute ohne Vorwissen nahezu jedem möglich, Bilder zu manipulieren. Bekanntgewordene Fälle in den Medien haben auch die Öffentlichkeit für dieses Thema sensibilisiert. Verfahren der digitalen Bildforensik bieten die Möglichkeit, die Authentizität eines Bildes auch ohne Zugriff auf das Original zu überprüfen. Heute ist es quasi jedem möglich, digitale Bilder zu manipulieren bzw. deren Aussage zu ändern. Ein Foto kann somit nur noch bedingt als Abbild der Realität gelten. Aktive Ansätze zum Schutz der Authentizität des Bildes (z. B. das Einbetten digitaler Wasserzeichen) sind praktisch nur in wenigen Fällen einsetzbar. In letzter Zeit wurden daher verstärkt Verfahren entwickelt, die auf Basis von statistischen Analysen des Bildes an sich arbeiten, um selbst nicht sichtbare Veränderungen im Bild nachzuweisen oder dessen Ursprung zu identifizieren. Stellvertretend sollen ein Verfahren zur Digitalkamera-Identifikation sowie zur Detektion von Bild-Manipulationen vorgestellt werden. Einerseits soll gezeigt werden, wie anhand von Sensorrauschen von Digitalkameras sehr zuverlässig bestimmt werden kann, mit welcher Kamera das Bild aufgenommen wurde. Weiterhin soll ein Ansatz zur Detektion von Bildmanipulationen, die auf Resampling beruhen (Skalierung, Rotation, Verzerrung), vorgestellt werden. Ein Überblick zu weiteren Verfahren/Möglichkeiten runden den Vortrag ab. Matthias Kirchner Digitalkamera-Identifikation Detektion von Manipulation auf Basis von Resampling 11:30 01:00 Saal 4 probabilistic_trust_model_for_gnupg A new way of evaluating a PGP web of trust by using a probabilistic trust metric Science Vortrag deutsch Ein Vertrauensnetz beschreibt einen typischen dezentralen PKI-Ansatz, welcher in der Verschlüsselungssoftware PGP sowie GnuPG umgesetzt worden ist. Es werden einige Nachteile und Schwächen des aktuellen PGP-Vertrauensmodells erläutert. Gleichermaßen wird ein neuer Ansatz sowohl für den Umgang mit Vertrauen, als auch für die Evaluation der Schlüssel-Authentizität präsentiert. Trust networks are possible solutions for the key authenticity problem in a decentralized public-key infrastructure. A particular trust model, the so-called Web of Trust, has been proposed for and is implemented in the popular e-mail encryption software PGP and its open source derivatives like GnuPG. Some drawbacks and weaknesses of the current PGP and GnuPG trust model are investigated, and a new approach to handle trust and key validity in a more sophisticated is proposed. A prototype of our solution has been implemented and tested with the current GnuPG release. Distributed trust models allow any user in the network to issue certificates for any other user. The issuers of such certificates are called introducers, who can make them publicly available, typically by uploading them to key servers, from which they are accessible to other users. Someone's personal collection of certificates is called key ring. In this way, responsibility for validating public keys is delegated to people you trust. In comparison with a centralized PKI, this scheme is much more flexible and leaves trust decisions in the hands of individual users. These trust decisions are finally decisive for a user to validate public keys (i.e. to accept them as authentic on the basis of the given local key ring. First we will give a short overview of the web of trust and the PGP trust model. The main goal is to point out some of its inherent weaknesses and deficiencies. To overcome these difficulties, we will then propose a more flexible PGP trust model, in which we propose to see the key validation problem as a two-terminal network reliability problem in a corresponding stochastic graph. In a last part, we will describe the prototype implementation of this model in GnuPG. Vertrauensbasierte Netzwerke bieten einen möglichen Lösungsansatz für das Authentizitätsproblem öffentlicher Schlüssel in verteilten Public-Key-Infrastrukturen. Ein besonders prominentes Beispiel eines Vertrauensmodells sind Vertrauensnetze, wie sie in Verschlüsselungssoftware wie PGP und GnuPG zum Einsatz kommen. Es werden einige Nachteile und Schwächen des aktuellen PGP-Vertrauensmodells erläutert. Gleichermaßen wird ein neuer Ansatz sowohl für den Umgang mit Vertrauen, als auch für die Evaluation der Schlüsselgültigkeit präsentiert. Ein Prototyp unseres Lösungsansatzes wurde implementiert und in die aktuelle GnuPG-Version eingebettet. In einem verteilten Vertrauensmodell ist es allen NetzwerkteilnehmerInnen erlaubt, Zertifikate für andere TeilnehmerInnen auszustellen. Ein Zertifikat auszustellen bedeutet im Wesentlichen, einen Schlüssel zu signieren und diese Signatur dann beispielsweise via Key Server öffentlich zugänglich zu machen. Eine Kollektion solcher Zertifikate wird auch als Schlüsselbund bezeichnet. Auf diese Weise wird die Validierung von öffentlichen Schlüsseln vom persönlichen Vertrauen in andere Mitbenutzer des Vertrauensnetzes abhängig gemacht. Dieser Ansatz ist somit um einiges flexibler als eine zentrale PKI insofern, dass Vertauensentscheidungen jedem einzelnen Benutzer überlassen werden. Diese Vertauensentscheidungen sind letztendlich ausschlaggebend für die Validierung öffentlicher Schlüssel aufgrund eines lokalen Schlüsselbunds. Als erstes erfolgt eine kurze Übersicht von Vertrauensnetzen sowie dem PGP-Vertrauensmodell. Eines der Hauptziele besteht darin, gewisse inhärente Nachteile und Schwächen dieses Modells aufzuzeigen. Danach wird ein alternatives Modell vorgestellt, welches das Vertrauensproblem flexibler angeht und manche dieser Probleme dadurch umgehen kann. Schließlich wird noch eine Prototyp-Implementation dieses Modells diskutiert. Markus Wüthrich Jacek Jonczy Probabilistic Key Validation Publication list of the RUN group 12:45 01:00 Saal 4 design_a_decent_user_interface Take a look at software from a user's point of view and improve your applications Hacking Vortrag englisch Prepare to be brainwashed! This talk wants you to switch from the developer's perspective to that of an average user to design better UIs. Let's face it, there's a lot of 'hard to use'-software out there. Worse, we're among those who program it. If we now consider that for average users the UI practically _is_ the application (i.e. as much as we may wish to, they don't care whether it's programmed well, only if they can use it) this is a catastrophe. Instead of empowering users, software often leaves them frustrated. This talk wants nothing less than to change your view on software and the way you develop it. The talk will introduce 'user-centered' design and show you how to: Know the user - Know the task - Act accordingly! Disclaimer: This presentation is neither about whether qt or fltk is better, nor about the fancying-up of GUIs. pallas (Corinna Habets) 14:00 01:00 Saal 4 introduction_to_matrix_programming How to recognize trance coded communication patterns Hacking Vortrag englisch The main communication streams in our realities happen besides the exchange of facts and arguments. "The matrix" is built on emotions! Trance coded communication patterns are a natural thing to exchange emotions between individuals. Using them is as normal, as not to be aware of it. But once you recognize the patterns, it is playtime! Who do you trust putting you in a trance state? Our reality is not built on facts. What really matters, what really steers and guides you, as a human individual, are feelings, values and views. Try that experiment: Remember a very good lecture or talk. A talk you enjoyed, where you really had fun while you listened to it. Take a little time to recall how it looked like, try to remember some sounds. While you remember sitting in the audience, listening and laughing, you can also remember the feelings you had. Where did they come from? When you look carefully at that situation, you will see that your fun comes from the fun of the speaker. It is he, who gives you your share of his own experience. It is amplified by the communication signals of others in the audience. But as you are linked to the speaker, that communication happens without anyone aware of that communication layer. The speaker's brain communicates, in a covert but completely natural way, to your brain. It is bypassing your consciousness. Of course it does, because that transmission would not work otherwise, and what happens is called: Induction. He induces a part of his mindset into your mindset. Trance is just such a mindset. A mix of values, views but most of all: feelings. Since before birth everyone changes from one trance into another. You know how it feels when you have a bad day and do not feel good? And on another day, you can do anything and you have that feeling of a fresh and clear mind? It is natural to go from one trance state into another state. Induction is, simplified, just one mind in trance, communicating his trance state to another in a way so that this person can choose to follow or react. Fun, nervousness, arousal, confidence and all those feelings can travel along aside normal communication. The "mind in trance" embeds the proposals to change to that trance state. Everyone is doing that. We just differ in effectiveness. This talk will raise your awareness for trance commands in human interaction. While you can improve your own effectiveness a little bit, you will learn to look out for trance codes in communication. ulong 16:00 01:00 Saal 4 fudging_with_firmware Firmware reverse-engineering tactics Hacking Vortrag englisch This lecture aims at providing ideas and practical techniques about the reverse-engineering process of equipment firmware images. It touches upon data encoding, compression, bootstraps, deciphering, disassembly, and emulation. This lecture aims at providing ideas and practical techniques about the reverse-engineering process of equipment firmware images. It focuses exclusively on images susceptible to hosting an operating system of some sort. The approach taken here includes first a reminder about various data encodings for binary transfers, such as UUENCODE or Intel's HEX format. The talk goes on to further interpret the available data, would it be a bootloader, compressed or a filesystem. At this stage chunks of meaningful data should be available, in which useful information should be reachable. A more in-depth investigation is then conducted, down to executable file formats or various machine-level assembly bytes. If the operating system used was not determined before this stage, the talk mentions how to extract this information and presents which ones are likely to be found, but not necessarily well-known to the general public. Finally, a few questions about cryptography are raised, and an overview of disassembly and emulation tools is given, as they may well be the easiest ways to defeat it. khorben ÜberWall security team n.runs AG 17:15 01:00 Saal 4 java_wird_groovy Eine Einführung in die neue, dynamische Sprache für das Java-Ökosystem Hacking Vortrag deutsch Groovy ist eine neue, dynamische Sprache für die Java-VM. Sie greift Konzepte von Smalltalk, Python und Ruby auf und integriert Sie nach Java. Die Integration ist leichtgängig, da die Syntax hinreichend ähnlich zu Java ist und reibungslos bestehende Java-Bibliotheken genutzt werden können. Erster Wurf für den Inhalt: - Überblick zu Groovy - Konzepte von Groovy - Integration mit Java - Entstehungsgeschichte von Groovy - Anwendungsbeispiele - Projekte in Groovy tof (Christof Vollrath) Groovy-Homepage Erstes Buch zu Groovy Web-Framework für Groovy 18:30 01:00 Saal 4 the_gift_of_sharing A critical approach to the notion of gift economy within the everyday life-world of free and open source software (FOSS). Society Vortrag englisch This paper will dive into this complex questionmark through a comparison between primitive hunter-gatherer societies and the everyday life-world of FOSS. The discussion will focus on the thesis that FOSS practice is based on social sharing and not on processes of exchange. This will entail a negation of the paradigm of economic logic and instead pull a quest for valuable relationships to the forefront of the FOSS sociality. It seems to be accepted that there exists strong similarities between archaic societies and the present day world of FOSS. At first people might wonder how it is possible to compare the exchange of shell-necklaces with binary code running on a x86 CPU. Then, after explaining the basic principles of gift-giving and reciprocity the same people suddently understand that "we're all" part of a gift economy. When "we all" take part in the use and development of FOSS we're at the same time part in a complex structure of exchange relations. These exchange relations are driven by a coupling of reciprocity with an economic logic which promotes that individual benifit is greater through free giving and subsequent recieving. But, what if this is a wrong and faulty notion? One essential element seems to be missing - when you look closer at the everyday practice - then what is being transacted, were are the transactions, or economical processes of exchange? This paper will dive into this complex questionmark through a comparison between primitive hunter-gatherer societies and the everyday life-world of FOSS. The discussion will focus on the thesis that FOSS practice is based on social sharing and not on processes of exchange. This will entail a negation of the paradigm of economic logic and instead pull a quest for valuable relationships to the forefront of the FOSS sociality. The distinction drawn between the commonly known and widely accepted notion of gift economy and social sharing needs substantiation. The basic principle of the 'gift' is; that the continuing exchange of gifts underlies all our social structures and interactions. Gifts are in this sense likewise tangible and non-tangible artifacts, spanding from food to symbols and metaphysic concepts - and all have in common that they are culturally produced. The principle itself rests on the simple process that the giving of a gift requires the reciever to reciprocate via giving a gift in return and the giver is required to recieve. This exchange of gifts again changes the positions and transforms the singular situation into an ongoing social process of exchange between 'partners', and systems of reciprocity emerge. Hereby establishing lasting and strong social bond, or valuable relationship, between individuals and groups. But, there is one major problem with the domnant interpretations of the principle of the 'gift', then it is quickly combined into the concept of; gift economy. This might not be a problem if the term is placed solitarily within strict ethnographic analysis of "primitive pre-economic societies", though as soon as it enters modern realms it translates 'gifts' into 'commodities'. Commodities are by nature different from gifts, then they are valued in terms of monetary transactions and not as representations of relationships. The world of FOSS is not directed at creation of commodities, and profit maximization, though as I point out, neither is it clearly an expression of 'gift economy' (in the original sense). A few statements might help clarify this complex: • FOSS is not a simple hobby • FOSS is not a commodity • FOSS is not a gift As noted above, a gift is based on a personal relationship, which may exist before and/or after a gift is given. Though for most people involved in FOSS, the code itself is as anonymous as a product can be. The obligation to return the gift (recprocity) is an abstract reality which only emerges when a license is both read and understood in detail. Indicating that the using of FOSS creates no obligations for the individual user - a gift normally creates an obligation to return - then there is seldomly a relationship between the original coder and the present user. Added to this, when asked, the producers of FOSS do not think in terms of 'gifts', if at all then as a highly generalized gift to mankind. This line of thought ends with the conclusion; that calling FOSS a gift is wrong, or faulty - but: What is it then? At this point it becomes inspiring to push ahead into the direct comparison of daily FOSS practice with a model of social organization based on social sharing. Two characteristics of sharing in primitive hunter-gatherer societies (such as amongst Kalahari bushmen etc.) are quickly highligthed. First; this particular form of social organization is based on the demand that you share all resources acquired, fx game-animals killed or crops gathered, to such an extent that there are no personal possessions. Secondly; it is not possible in any way to manifest ownership over one specific resource, then as soon as it is shared (added to the network) the channels of re-distribution are outside of control. Turning the gaze towards basic demands of the GPL license does create a pattern of reflection. GPL requires that all additions or changes in the existing code, in this sense new resources, are shared without demands, and the re-distribution is un-controlled and free. The answer to the above question is slowly emerging, and if the world of FOSS is to be understood in terms of social sharing then the societal critique becomes evident. Then a model of social organization based on mutual aid, voluntary collaboration and egalitarian decision-making challenges the dominant paradigm of economical commodification. In as much as the production of FOSS relies on practical actions (doing) - doing understood as learning and change - it is evident that a confrontation between opposing political cultures is taking place. One part of this conflict requires a continued attention to how the world of FOSS is to be understood, and I believe a critical approach to the notion of gift economy is needed. As Thomas Franks wrote: We might be witnessing the conquest of cool - and as soon as there is money in it we have lost. Gregers Petersen 20:30 01:00 Saal 4 tracking_goods_and_tracing_people Technische Mittel und soziale Aspekte des "Tracking & Tracing" Society Vortrag deutsch Dieser Vortrag gibt einen Überblick und geht auf Details von unterschiedlichen Tracking & Tracing-Technologien ein. Aufbau und Funktionsweise von solchen Verfolgungssystemen werden kategorisiert und aufgezeigt; zudem schafft der Vortrag einen Überblick darüber, wo solche Tracking-Systeme heute verwendet werden. Dabei werden insbesondere diverse Sicherheitsaspekte au detail behandelt. Nachdem aufgezeigt wurde, was alles stattfindet, werden die sozialen Konsequenzen solcher Systeme beleuchtet. Dabei wird sowohl auf kommerzielle Aspekte (Änderungen in der Marktmacht) als auch auf den Aspekt der Konsumentenverfolgung eingegangen, da Konsumenten üblicherweise zwar wissen sollten, was mit ihren Daten geschieht, das aber höchst selten der Fall ist. Der zweite Teil des Vortrags beschäftigt sich dann mit lokalisierenden Überwachungssystemen der Staaten, und welche Gefahren des Missbrauchs hierbei entstehen. Dieser Vortrag zeigt einen Überblick auf sowie Details von unterschiedlichen Techniken von Tracking & Tracing-Systemen, also Systeme, um Güter, Fahrzeuge oder Personen zu lokalisieren. Gezeigt und erklärt werden unter anderem Systeme zum Tracken von Gütern und Behältern in Lagern und Warenhäusern, zum Verfolgen von Gütern, Behältern und Fahrzeugen im Transportmarkt, sowie Systeme zum Verfolgen von Gütern, Fahrzeugen und Personen für Sicherheitssysteme oder zur Straf- verfolgung. Im Vortrag wird aufgezeigt und kategorisiert, wie Tracking-Systeme heute funktionieren, und wo sie überall bereits eingesetzt werden. Dabei wird insbesondere auch auf Sicherheitsaspekte eingegangen. Die gezeigten Lokalisierungstechniken beinhalten unter anderem GPS, Cellinfo, Gatewaying, sowie den Kommunikationsaspekt unter Verwendung von drahtgebundenen und drahtlosen Kommunikationstechniken. Auch das Identifizierungsproblem wird angesprochen. Ein "Big Picture", also eine Übersicht rundet diesen Teil ab, aus der hervorgeht, wie Güter und Personen durch die Welt verfolgt werden können. Anschließend werden soziale Konsequenzen diskutiert. Diese sind sowohl kommerzieller Natur wie beispielsweise das Verschieben von Marktmacht als auch Konsequenzen für Konsumenten, also Jedermann, für Leute wie Dich und mich, die wissen sollten, was mit ihren Daten passiert, das allerdings üblicherweise eben nicht wissen. Ein abschließender Blick wird auf die Tracking-Systeme der Staaten geworfen, mit besonderem Augenmerk auf die Gefahren des Missbrauchs. Automatische Gesichtserkennung wie auch Fahrzeugverfolgung und Systeme, um die Bewegung von Strafgefangenen oder Menschen in Hausarrest zu verfolgen, werden gezeigt sowie ihr Potential und ihre Beschränkungen diskutiert. Die Möglichkeit für automatische Verfolgung mittels des elektronischen Reisepasses und die Möglichkeiten der Verfolgung über das Abhören von Mobilfunknetzen werden dabei ebenfalls betrachtet. Volker Birk 21:45 01:00 Saal 4 openxpki Take a lot of Perl, add some OpenSSL, sprinkle it with a few HSMs, stir, season to taste, enjoy! Hacking Vortrag englisch OpenXPKI is an open source trust center software, written by the OpenXPKI Project, which aims to create an enterprise-scale PKI solution. You can see what OpenXPKI is all about, what you can do with it out-of-the-box and how you can hack it to your liking. In this talk, the open source trust center software OpenXPKI will be presented. OpenXPKI aims at creating an enterprise-scale PKI/trust center software supporting well established infrastructure components like RDBMS and Hardware Security Modules (HSMs). It is the successor of OpenCA, and builds on the experience gained while developing it. Currently still under heavy development, OpenXPKI aims to be used in production by mid-October. Thus, a working release will be present before the congress. Features that are available as of this writing (September 2006): - CA rollover: "Normal" trust center software usually does not account for the installment of a new CA certificate, thus if the CA certificate becomes invalid, a complete re-deployment has to be undertaken. OpenXPKI solves this problem by automatically deciding which CA certificate to use at a certain point in time. - Support for multiple so-called "PKI realms": Different CA instances can be run in a single installation without any interaction between them, so one machine can be used for different CAs. - Private key support both in hardware and software: OpenXPKI has support for professional Hardware Security Modules such as the nCipher nShield or the Chrysalis-ITS Luna CA modules. If such modules are not available, access to a key can be protected by using a threshold secret sharing algorithm. - Professional database support: The user can choose from a range of database backends, including commercial ones such as Oracle or DB2, which are typically used in enterprise scenarios. - Many different interfaces to the server: Currently, one can access the CA server using a web-interface (which also allows for client-side request generation using SPKAC) or using a command line client. Embedded devices such as routers can use the Simple Certificate Enrollment Protocol (SCEP) to talk to the server and apply for certificates. - Workflow Engine: OpenXPKI aims to be extremly customizable by allowing the definition of workflows for any process you can think of in the PKI area. Typical workflows such as editing and approving certificate signing requests, certificate and CRL issuance are already implemented. Implementing your own idea is normally pretty easy by defining a workflow in XML and (maybe) implementing a few lines in Perl. - I18N: Localization of the application and interfaces is easily possible and OpenXPKI can of course deal with the whole range of Unicode characters in certificates. Features that will be done by the time the congress happens: - LDAP publication: It will be possible to publish both certificates as well as Certificate Revocation Lists (CRLs) using LDAP. - Self-Service application for token personalization: A web application will be available that allows a user to easily create and install certificates to a SmartCard. For the future, an integration with management systems such as Tivoli and Nagios, clustering support for issuance of more than 500.000 certificates/day as well as CMC (the Certificate Management protocol using CMS) support are planned. Implementing CMC over COM would be especially useful as it would then be possible to seamlessly replace a Microsoft CA. A large financial corporation plans to use OpenXPKI in production once it is ready for prime-time. Alexander Klink Michael Bell OpenXPKI architecture whitepaper Slides of the OpenXPKI lightning talk at mrmcd101b The OpenXPKI project website 11:30 02:15 Workshop Area wifi_backpack_strap Hacking Workshop englisch This will be a hands-on hardware hacking workshop with all materials to build your own Wifi Backpack Strap. The version built during this workshop will be removable with velcro, not built into the strap. Please contact me at "mail" at "fabienne" dot "us" to sign up for the workshop and note whether you would like me to reserve a kit for you or if you will be bringing your own wifi detector. There will be a fee around thirty-five euros for parts. Fabienne Serriere Wifi Backpack Strap More Details 14:00 01:30 Workshop Area vidvox_vdmx5 Hacking Workshop englisch Rewritten from scratch as a Universal Binary, Vidvox's latest endeavor VDMX5 combines revolutionary interface design with blazing fast performance. Using a GPU based processing pipeline, VDMX can now apply stunning visual FX to any number of layers of video, all at high definition. During his presentation, David will show off some of the new features that Vidvox has been developing for this major new release, including movie warp markers, multi-channel audio analysis, complete Quartz Composer support, and a fully customizable user interface to meet the specific needs of each user. David will demo the latest version of the software in a workshop length to be determined by the festival organizers. Visual Berlin AViTC23 15:30 01:30 Workshop Area dylan_introduction Hacking Workshop englisch What is different in Dylan than in other object-oriented and functional languages? Which development utilities are available? How to use the IDE? Hannes Mehnert 17:15 02:15 Workshop Area machine_learning_in_a_nutshell A hands on workshop Hacking Workshop englisch The intention is to give a brief overview of how to learn from data, which tools to use and which pitfalls to avoid. The goal is not to give a detailed introduction to the theoretical background but to show general application settings. The first half consists of a brief overview of typical machine learning problems, during the second half participants are asked to address a learning problem themselves. Participants are provided with suitable software but are free to use their own favourite applications. Isabel Drost 19:30 02:00 Workshop Area infon_battle_arena An introduction Hacking Workshop englisch This workshop is an introdutcion to the programming game Infon Battle Arena. Infon Battle Arena is a networked multiplayer real-time programming game featuring little creatures fighting for food. You upload your Creature Code (written in Lua) to a game server using a telnet Interface. The game server then runs your code. The graphical client can be used to watch running games or replay recorded games. Florian Wesch Infon Battle Arena Lua Infon Battle Arene in 23C3 Wiki 21:45 02:15 Workshop Area snortattack The IPS CHALLENGE Hacking Workshop englisch Workshop Challenge : Are you ready to hack ? There will be a device with outdated software (simple LAMP) full of security issue, bugs and so on. This device will be protected with another one that implement only snort_inline. After a small briefing we will let anyone try to hack the server with any tool he or she desires, even self-coded exploit... anything... Prepere yourself, warm up your laptop ... We will be there to give hint and discuss about implementation, configuration, optimization of snort and snort_inline. FEEL FREE TO COME!!! SnortAttack Team 00:00 01:00 Workshop Area diac24_net Practical VPN hacking Hacking Workshop englisch This is a hands-on VPN "introduction". We'll be walking through tunnel and routing setup, talk about some odds and ends, do some showing-off ;). And hopefully we'll bootstrap some interested people right into the VPN (that can mean you!). Try bringing a terminal to a box with internet, OpenVPN and quagga, but it'll be interesting without that too. David L. 11:30 01:00 Saal 1 ccc_jahresrueckblick Ein Überblick über die Aktivitäten des Clubs 2006 Community Vortrag deutsch Die Sprecher des CCC stellen die Aktivitäten des und Geschehnisse im Chaos Computer Club im abgelaufenen Jahr vor. Hierunter fallen Berichte und Anekdoten von Veranstaltungen innerhalb des CCC als auch Vorträge und Konferenzen, an denen CCC-Vertreter teilgenommen haben. Constanze Kurz Frank Rosengart Lars Weiler Andreas Lehner Andy Müller-Maguhn http://www.ccc.de/ 12:45 01:00 Saal 1 detecting_temperature_through_clock_skew Hot or Not: Defeating anonymity by monitoring clock skew to remotely detect the temperature of a PC Hacking Vortrag englisch By requesting timestamps from a computer, a remote adversary can find out the precise speed of its system clock. As each clock crystal is slightly different, and varies with temperature, this can act as a fingerprint of the computer and its location. The end of my 22C3 talk showed how a side effect of TCP/IP steganography detection was to precisely measure the error of a computers system clock (skew). This talk will review and expand on that material, showing the various other mechanisms for monitoring clock skew and discussing the tradeoffs involved. Because every computer has a unique clock skew, even ones of the same model, this acts as a fingerprint. Even if that computer moves location and changes ISP, it can be later identified through this clock skew. In addition to varying between computers, clock skew also changes depending on temperature. Thus a remote attacker, monitoring timestamps, can make an estimate of a computers environment, which has wide-scale implications on security and privacy. Through measuring day length and time-zone, the location of a computer could be estimated, which is a particular concern with anonymity networks and VPNs. Local temperature changes caused by air-conditioning or movements of people can identify whether two machines are in the location, or even are virtual machines on one server. The temperature of a computer can also be influenced by CPU load, so opening up a low-bandwidth covert channel. This could be used by processes which are prohibited from communicating for confidentiality reasons and because this is a physical covert channel, it can even cross "air-gap" security boundaries. The talk will demonstrate how to use this channel to attack the hidden service feature offered by the Tor anonymity system. Here, an attacker can repeatedly access a hidden service, increasing CPU load and inducing a temperature change. This will affect clock skew, which the attacker can monitor on all candidate Tor servers. When there is a match between the load pattern and the clock skew, the attacker has linked the real IP address of a hidden server to its pseudonym, violating the anonymity properties Tor is designed to provide. The talk will also present a separate illustration of the temperature covert channel technique, investigating a suspected attack on the Tor network in August 2006, by a well equipped adversary. Steven J. Murdoch Academic paper Summary in blog post 14:00 01:00 Saal 1 tor_and_china Design of a blocking-resistant anonymity system Hacking Vortrag englisch Websites like Wikipedia and Blogspot are increasingly being blocked by government-level firewalls around the world. Although many people use the Tor anonymity network to get around this censorship, the current Tor network is not designed to withstand a government-level censor. In this talk we describe a design for providing access to the Tor network that is harder to block. Roger Dingledine 16:00 01:00 Saal 1 hackers_toolkit_for_rfid_emulation_and_jamming Hacking Vortrag englisch Radio Frequency Identification (RFID) tags are remotely-powered data carriers, that are often touted as a "computer of the future", bringing intelligence to our homes and offices, optimizing our supply chains, and keeping a watchful eye on our pets, livestock, and kids. However, many RFID systems rely upon the integrity of RFID tag data for their correct functioning. It has never been so easy to interfere with RFID systems; we have built a handheld device that performs RFID tag emulation and selective RFID tag jamming (sortof like a personal RFID firewall). Our device is compatible with the ISO 15693/14443A (13.56 MHz) standards, and fits into a shirt pocket. This presentation will explain the "nuts and bolts" of how tag spoofing and selective RFID jamming work, and will conclude by demonstrating this functionality. Detailed Outline: Part I - Introduction to RFID Technology (25 minutes) - What is Radio Frequency Identification? (How it works, types of RFID, read ranges, etc..) - Typical RFID applications (Supply chain management, automated payment, access control, animal tagging, etc..) - RFID security/privacy threats (Unauthorized tag reading, tag spoofing / cloning, denial of Service) Part II - RFID Emulation and Jamming (25 minutes) - Overall architecture - Describe the HW architecture - XScale processor, Melexis RFID reader-on-a-chip, custom "tag" receiver/transmitter - Describe the SW architecture - E-Cos RTOS, ISO 14443/15693 stacks, high-level tasks, application-level code - RFID Tag Emulation - Decoding incoming RFID queries - RFID tag "spoofing" - Describe how we produce the correct sideband frequencies - Selective RFID jamming - Describe the Slotted-Aloha anticollision algorithm - Describe our selective (timeslot-specific) jamming method - Live demonstration of RFID Guardian - RFID tag spoofing demo - Selective RFID jamming demo Melanie Rieback RFID Guardian Project 17:15 01:00 Saal 1 rfid_hacking Hacking Vortrag englisch This talk will elaborate on the security and social aspects of RFID technology. We will talk about our projects of the past year, including the FIFA World Cup tickets. This talk will be about some of the hacking related things (technological and social) that you can do with RFID technology. Topics will include: + electronic passports + Mifare cryptography (maybe even some reverse engineering results) + tickets for the FIFA World Cup (ca. 15 min) In this part of the talk, we will show the first real world mass application of RFID-technology at the 2006 FIFA soccer world cup. Some valid tickets are shown, including their data and a look at the payload. After that, we will report a simple and unsuccessful hacking-attempt, where one valid ticket was copied. The lecture is accompanied by pictures of some stadium-entrances to examine FIFA security and ticket manipulation. Karsten Nohl Henryk Plötz z0ccor 18:30 01:00 Saal 1 stealth_malware Challenges in detecting system compromises and why we’re so far behind the (smart) bad guys Hacking Vortrag englisch The presentation will try to present current challenges in detecting advanced forms of stealth malware and explain why current detection approaches, as used in commercial A/V or IDS products, are insufficient. The author will try to convince the audience that *detection* is no less important then *prevention* and that we need a *systematic* approach to implement a good compromise detector, instead of a bunch of "hacks" as we have today. Joanna Rutkowska http://invisiblethings.org/ 20:30 01:00 Saal 1 console_hacking_2006 Xbox 360, Playstation 3, Wii Hacking Vortrag englisch "Next Generation" gaming consoles should not be limited to games, they have powerful hardware which we want to exploit for our needs. The talk gives a hardware overview of each of the 3 consoles, an overview of their security systems, as well as an update on hacking the Xbox 360, which has been on the market for about a year. The Microsoft Xbox 360, the Sony Playstation 3 and the Nintendo Wii belong to the seventh generation of gaming consoles, having GHz-class CPUs and hundreds of megabytes of RAM. While the Xbox 360 has been released roughly a year ago, and some hacking has already gone on, the Playstation 3 and the Wii will only be released in November 2006, so they will be brand-new at the time of the talk. Usual news sources focus on the features useful for gaming - this talk of course will focus on what we hackers really need. It evaluates possible attack points to execute homebrew code and professional operating systems. For the two systems that have just been released, you certainly cannot expect a working hack, but the basics of the security system will be explained, and it will be compared to existing systems implemented by previous consoles. Felix Domke 21:45 01:00 Saal 1 black_ops_2006 Pixel Fuzzing and the Bioinformatic Bindiff Hacking Vortrag englisch Tools for visualizing the genome can be repurposed to visualize code. Visualized code can be used as a map for fuzzing efforts, change identification, and showing your mom what you do for a living. I'm going to demonstrate a series of tools that brings a new, half-automated, half-visually driven approach to data manipulation and destruction. The human genome is a mess. Whats on your hard drive is significantly less so. So what happens when you take a visual pattern representation method -- Dotplots -- built for ACTG and throw it at 0x42424242? Exceedingly ornate imagery erupts. Now, what happens when you start fuzzing the data you're visualizing? Your image gets fuzzy, based on precisely what faults your injecting into the data. This Black Ops talk is going to bounce repeatedly between the domain of information representation and the domain of information corruption. I'm going to discuss the use of a linear time context free grammar generator to create a higher-order file fuzzer, and we're going to visualize the output of that fuzzer in realtime. I'm also going to show off other patterned signals that can potentially be comprehended better through graphical summarization, like execution flow traces. I'll also show a rather unexpected result -- that comparing two different versions of the same file visually makes for exceedingly rapid change detection. Finally, I'll probably find some way to squeeze in the concept of cryptomnemonics; this is where a bit sequence 0x123AFFE2 gets mapped to a series of names ("John and Leia Lindner") that encapsulates arbitrary entropy in human recognizable values. New tools will absolutely be released at this talk. Dan Kaminsky Black Ops 2006 -- Old Slides From Toorcon 23:00 01:00 Saal 1 you_cant_make_this_stuff_up A Stand-Up Comedy Approach to hacking Hacking Sonstiges englisch Ilja and Felix will attempt a stand-up comedy act about hacking, the security industry, open source projects, big egos in the community, and other related stuff. The hacking world is much too funny to be taken seriously all the time. We will try to cast away the dark shadows of the year by doing some fast paced comedy about what bizarre and absurd things happened to us (and others we know well), so if you like a good belly laugh, please join us! We promise not to bash anyone who does not deserve it! Felix von Leitner Ilja 00:00 01:00 Saal 1 biometrics 2nd Iteration Culture Vortrag englisch It is a buzzword at the moment: biometrics. Everyone is talking about it and consumers are buying laptops with shiny finger print scanners. This talk will take a look at biometrics in science fiction films. In reality, biometric systems often don't work. In the movies, we can see what those recognition systems will look like and how they will work in the future. You can have your eyeball or face scanned and then you can easily walk through high security gates. The biometric system works flawlessly - until your eyeball gets stolen. Thanks to the movies, we also know biometric scanners are easy to defeat. We will witness movies where the nifty biometric security software is tricked. We will show short film scenes of appr. fifty movies and comment them. Roland Kubica Constanze Kurz 11:30 01:00 Saal 2 router_and_infrastructure_hacking "First we take Manhattan, then we take Berlin..." Hacking Vortrag englisch The security of backbone devices has been under increasing focus for the past few years, but infrastructure hacking techniques remain in their infancy and are still not even used in most penetration tests. This talk will discuss how to find and exploit vulnerabilities in infrastructure devices and their service dependencies, including vulnerability development as necessary. While the overall flow of systematically attacking a network's infrastructure is similar to attacking any network -- recon, find vulnerable points, gather data, harvest authentication credentials, attack, recurse -- there are several useful vectors still not common among network engineers or penetration testers. This talk will outline some useful lateral techniques for backbone and infrastructure device hacking, as well as discussing how to assess a network and develop your own attacks if there are no known ones to be found. When in the reconnaissance phase, there are several differences between infrastructure analysis and normal network mapping that are useful to know. Stack fingerprinting is a bit spottier, making OS identification somewhat more difficult. The proliferation of varying code trains on popular network devices makes using traditional scanners a bit more uncertain, though efforts are being made to address this. However, default passwords are much more widely deployed on infrastructure devices, and brute-force tools are starting to become more common. While many of these tools are still young (cisco_torch, for example), they are easily extensible and will often yield good results when properly tweaked. Add to this the network admin's toolkit -- BGP looking glasses, for example -- and old-school techniques such as war-dialing, which has new life in finding the out-of-band access modems so often deployed for high-availability network maintainence. Poor security practices and the reliance on poorly authenticated protocols or their fragile dependencies (services with known DoS conditions, unauthenticated UDP transactions in the clear) allow authentication tokens to be gleaned, sniffed, and in many cases, faked. Wireless sniffing has yielded management and authentication backbone data in 1% of networks sampled, and password reuse makes it easier to put that data to privilege escalation usage. In addition, the ability to knock an authentication server off the wire and replace it with a compromised authentication server of your own has been an effective technique in previous pen-testing engagements. However, the Holy Grail of backbone attack is finding bugs in the devices themselves. While denial of service is relatively easy, and useful if that's your aim (plenty of extortionists are happy with that, and ditto corporate saboteurs), device takeover is still more likely by attacking the authentication credentials. If the devices you're attacking don't have any known bugs, fear not -- a reasonable grasp of protocol analysis can often help, and fuzzing the protocols that are available on the device can often cause DoS bugs at the least to fall out. A still more useful attack vector is to authenticate to, join, and inject routes into the routing protocol in use, and we'll discuss several easy ways to do that, and the results that can be achieved. Finally, this talk will look at common audit and logging behaviours of infrastructure devices, and how that affects the likely long-term success of the attacks described above. Raven 12:45 01:00 Saal 2 json_rpc Cross Site Scripting and Client Side Web Services Science Vortrag englisch JSON RPC is a recently fashionable buzzword in the AJAX context. This lecture explains its principles, specifically the same origin policy for cross site scripting and its relation to JSON RPC, and demonstrates the essential implementation details using the example of the geocoding service in the google maps API. The collection of technologies on which modern web applications are based is nowadays summarily referred to as AJAX, or "Asynchronous JavaScript and XML". Interestingly, the use of XML as the data format for the transfer between client and server is not only unnecessarily complicated, but in its usual incarnation as XMLHttpRequest it is also subject to restrictions that prevent the direct use of web services from the client side of the web application. A natural alternative to the transport of XML data structures though the XMLHttpRequest API is the transport of literal JavaScript expressions (nowadays also called JSON, or "JavaScript Object Notation") through dynamically created SCRIPT elements. We discuss practical aspects of the implementation of this approach and the consequences for architecture and software design of web applications. Because the circumvention of restrictions that were originally meant to maintain security might be frightening at first sight, we recapitulate the principles on which cross site scripting restrictions are based, and we discuss why their circumvention for the purpose of JSON/SCRIPT based data transport doesn't infract the security of a web application. (mesch) Steffen Meschkat 14:00 01:00 Saal 2 bignum_arithmetic A short look at my pet project implementation Hacking Vortrag englisch Assembly language skills are a bonus, but not strictly required. This lecture will explain how software like OpenSSL and GnuPG do their arithmetic on 1024 bit numbers. This is not about how RSA works, or about how AES works. This is just about how to add and multiply big numbers. I will explain the algorithms, show some code, and give some timings. Everyone knows that RSA keys are typically 1024 bits and up, but computers only operate on 32-bit or 64-bit quantities at a time. How does software like OpenSSL or GnuPG then do arithmetic on those long numbers? This talk will show how it's done. Felix von Leitner 16:00 01:00 Saal 2 lightning_talks_day_2 Lightning-Talk englisch Definition: Lightning Talks is a daily event. which consists in one hour of several short talks. Each talk is limited to five minutes. Goal: There is one slot for Lightning Talks each day of the congress. The goal is to present 10 talks within each slot. So this might be up to 40 interesting talks in total. See the Wiki page for current info. Sven Guckes b9punk Wiki page 17:15 01:00 Saal 2 hacker_foundation Challenges of Organizing a Foundation for Hackers in the USA Community Vortrag englisch Talk will focus on the three year history of the Hacker Foundation in the USA including the legal, organizational and motivational hurdles. Ongoing project successes, failures and the reasons behind each will be covered. The Hacker Foundation began in 2003 as an attempt to see if the USA tax laws could be put to the benefit of the Hacker Community. The founders wanted independent hacker researchers to have access to the same tax benefits and funding that academics and corporate-backed research organizations have. The foundation also wanted to assist hackers with marketing, organizing and project management tools. The foundation was recognized as a non-profit foundation by the USA Federal and State of California taxation authorities in 2005. Now, two years later, it seems that the feds were more convinced about the idea than hackers in the USA! With directors, projects and resources spread throughout the USA, Jake Applebaum (member of the HF Board of Directors) and Nick Farr (a/k/a NFF) will lead a four part discussion on the Hacker Foundation in the USA. Part One will focus on the origins of the Hacker Foundation at Defcons 8 and 9 and the original idea of “Hackers Without Borders”, an organization loosely pattered after the international medical relief organization Doctors Without Borders. Part Two will focus on the birth of the Hacker Foundation in the State of California and the fight to achieve recognition from government agencies. We will discuss how our correspondence with the feds and other hackers brought about the evolution of the original idea to the foundation's present form. Part Three will focus on our early projects and what we have learned attempting to organize Hackers and provide services to Hacker projects in the USA. This part will focus on the inherent difficulties in organizing hackers in the USA and some of the ideological differences among hackers in the USA that make organizing difficult. We'll also cover our efforts to provide laptops to Ugandan non-profit organizations which were cut short by the Ugandan government. Our closing will focus on where HF is today and where we plan to go into the future. We will suggest some methods to internationalize the foundation, include a brief discussion on the Metasploit fund, preview the services we currently offer and discuss our fundraising strategies. Nick Farr The Hacker Foundation Home page 18:30 01:00 Saal 2 learn_to_be_honest Ist nicht jedes Passwort eine Manifestation des Mißtrauens? Society Vortrag deutsch As a dealer of illegal substances in the late 60s, early 70s, I learned how to work without written contracts and without advertising. In those seven years I lived on trust and some of my then-customers are my best friends today. When I became a publisher I decided to work the same way: on trust. Why go back if you have the experience, that trust works? When Wau Holland contacted me, if I would be willing to publish the first books by the CCC, the HACKER BIBELN, my 'Yes' was all that was needed. We did three publications, I payed the CCC about 140.000,00 DM as royalties and nobody questioned that deal. Werner Pieper 20:30 01:00 Saal 2 elektronische_reisedokumente Neue Entwicklungen beim ePass Science Vortrag deutsch Auch dieses Jahr gab es wieder eine Menge Wirbel um den ePass. Neue Studien wurden durchgeführt, Entscheidungen wurden getroffen und immer mehr Länder haben begonnen, elektronische Reisedokumente einzusetzen. Der Vortrag wird den neuesten Stand der Diskussion aufzeigen. starbug Constanze Kurz 21:45 01:00 Saal 2 green_phone Encrypting (GSM) mobile phone calls over VPN with an Asterisk PBX Hacking Vortrag englisch To encrypt all your mobile phones to protect it from overzealous eavesdroppers, you are currently limited to using special hardware such as the Cryptophone. The disadvantage of cryptophone is that it only works with other cryptophones. To work around this, we turn mobile phones from "voice" phones into VOIP phones. Using the SIP protocol for VOIP and IPsec/L2TP or Openvpn as our VPN, Leigh Honeywell and Paul Wouters connect their mobile phones fully encrypted to an Asterisk PBX server. The presentation, given by Asterisk expert Leigh Honeywell and VPN expert Paul Wouters will start with a description of the demise of the "old" telecom sector and the end of "voice" conversations. The replacement, Voice Over IP promises a lot of good things, but it comes at a price. Hacking VOIP calls on the internet is much easier. We can no longer trust the security of the telecom infrastructure. Forged caller-ID, charging someone else for your calls, breaking through firewalled networks, or abuse via VOIP services like Google, Jajah, Skype or others. We will demonstrate some of these attacks. To address these problems, we need to be able to both authenticate and encrypt our calls. The solution presented is build with using Freely available (mostly open source) software and we will explain various aspects and ideas behind our setup and why we choose the various protocols and software packages. We are currently working with various phones, such as the Linux based GreenPhone, the XDA's and other phones running either Linux or Microsoft Windows PDA phones. Leigh and Paul will also hold a workshop, where they can go into the deep technical details on how to build your phones and your servers, and where people can try out our phones and secure PBX. Paul Wouters Leigh Honeywell The Green Phone Openswan IPsec The Asterisk PBX 23:00 01:00 Saal 2 faster_pwning_assured Hardware Hacks and Cracks with FPGAs Hacking Vortrag englisch This talk will go in depth into methods for breaking crypto faster using FPGAs. FPGA's are chips that have millions of gates that can be programmed and connected arbitrarily to perform any sort of task. Their inherent structure provides a perfect environment for running a variety of crypto algorithms and do so at speeds much faster than a conventional PC. A hand full of new FPGA crypto projects will be presented and will demonstrate how many algorithms can be broken much faster than people really think, and in most cases extremely inexpensively. Breaking WPA-PSK is possible with coWPAtty, but trying to do so onsite can be time consuming and boring. All that waiting around for things to be computed each and every time we want to check for dumb and default passwords. Well, we're impatient and like to know the password NOW! Josh Wright has recently added support for precomputed tables to coWPAtty -- but how do you create a good set of tables and not have it take 70 billion years? David Hulton has implemented the time consuming PBKDF2 step of WPA-PSK on FPGA hardware and optimized it to run at blazing speeds specifically for cracking WPA-PSK and generating tables with coWPAtty. What about those lusers that still use WEP? Have you only collected a few hundred interesting packets and don't want to wait till the universe implodes to crack your neighbors key? Johnycsh and David Hulton have come up with a method to offload cracking keyspaces to an FPGA and increasing the speed considerably. Lanman hashes have been broken for a long time and everyone knows it's faster to do a rainbowtable lookup than go through the whole keyspace. On many PC's it takes years to go through the entire typeable range, but on a small cluster of FPGAs, you can brute force that range faster than doing a rainbowtable lookup. The code for this will be briefly presented and Chipper v2.0 will be released with many new features. David Hulton will also discuss some of the aspects of algorithms that make them suitable for acceleration on FPGAs and the reasons why they run faster in hardware and touch on some future projects such as optimizations for attacking RSA and other difficult crypto algorithms. David Hulton OpenCiphers FPGA Crypto Research Project Pico Computing - Manufacturer of tiny FPGA products 11:30 01:00 Saal 3 mmorpgs The state and future of the World of Warcraft Society Vortrag englisch This talk will focus on World of Warcraft, the most popular MMORPG. There will be a brief overview of the game, guilds and guild management, tools and social issues. Other technologies and the possible future of MMORPGs and their impact will be discussed. Video, images and examples will be used to describe why World of Warcraft is so compelling. First hand experience and comparisons with experiences and theory from other types of organizations will be used to describe the dynamics of a guild and what we can learn from guild and guild management. Socialization, ranks, personality types, rewards, rules, governance, promotion, recruiting, evolution and out-of-game activities will be discussed among other attributes. The current technology, supporting technology and possible future technologies will be explored to try to map the future of MMORPGs. Joi Ito 12:45 01:00 Saal 3 tracking_von_personen_in_videoszenen Wie trackt man automatisch sich bewegende Objekte? Science Vortrag deutsch Mittels der Computer-Vision-Library OpenCV wird gezeigt, welche Bildverarbeitungsschritte notwendig sind, um bewegte Objekte in Videoszenen zu erkennen und nachzuverfolgen. Die Anzahl von Videokameras in der Öffentlichkeit nimmt rapide zu. Die dadurch entstandenen Mengen an Video-Material müssen natürlich ausgewertet werden. Eine grundlegende Vorverarbeitung ist es, den (interessanten) Vordergrund vom (uninteressanten) Hintergrund zu trennen. Dabei zählen Personen zum Vordergrund, der nun weiter analysiert werden kann. Ziel ist das Tracking der einzelnen Personen und die Extrahierung ihrer Position in der Szene. Anhand dieser Trajektorien können die Bewegungspfade der Personen ausgewertet werden. Anhand der Computer-Vision-Bibliothek OpenCV soll an einem Beispiel gezeigt werden, wie einfach es ist, Personen automatisiert in Videoszenen zu erkennen und ihre Bewegungen nachzuverfolgen. Ein simpler Algorithmus schafft bereits erstaunliche Resultate. Allerdings wird auch schnell klar, wo die Schwachstellen liegen. Inwieweit lassen sich diese ausnutzen? pille OpenCV (Intel) Bildverarbeitung (Wikipedia) The Catalogue (Kurzfilm von Chris Oakley, Großbritannien, 2004) Folien & Listings 14:00 01:00 Saal 3 secure_network_server_programming_on_unix Techniques and best practices to securely code your network server Hacking Vortrag englisch This talk describes a software system to securely execute predefined commands over an untrusted network, analyzes the potential attack vectors against this system and defines countermeasures to make it impossible for an attacker to use these attack vectors. This talk describes a software system to securely execute predefined commands over an untrusted network, using an authentication method and a measure of transport layer security. This software system - called "trapdoor2" - is used as an example to describe a number of ''state of the art'' programming techniques as countermeasures against potential attacks. Techniques that will be described and shown in detail in the presentation will be privilege separation, strict enforcement of the ''principle of least privileges'', preventing attacks against the used SSL/TLS implementation and defeating Denial of Service attacks by employing a simple yet efficient connection limiting algorithm. Andreas Krennmair trapdoor2 trapdoor2 SVN repository 16:00 01:00 Saal 3 hackerspaces How we built ours - How you can build yours Community Podium englisch Hackerspaces are community-run places where you can meet, work on projects, organize events and workshops, or just generally hang out with other hackers. More and more of those open spaces are being created all the time. Some of them are more than a decade old already, some just started out recently, and yet others might become a reality soon. Building and running a Hacker Lab is a tough thing. This is a talk about problems encountered, and lessons learnt. In this talk you'll see pictures and hear stories from Hacklabs around the world. Some of them old, some of them new, some big, some small, some squatted, and some of them even government funded, and what problems they've encountered, and how they've dealt with them. These stories are meant to inspire, and convey the mindset and organizational structure some of those hackerspaces have learned, to build and foster their community. bruder t Jens Ohlig Paul Böhm metalab 17:15 01:00 Saal 3 body_hacking Functional body modification Society Vortrag englisch What happens when we leave behind cosmetics and start to modify our bodies and minds to enhance who we are and what we can do? In this talk, journalist Quinn Norton explores how technology and flesh are coming together. She'll explain what's possible and what people are doing, inside the established medical system and in the growing grey and black markets of body hacking. She'll touch on her own experiences and talk about what's coming next- and the ethical questions we will soon face as people choose to become something post human. In September of 2005 journalist Quinn Norton began to explore the world of functional body modification with an implanted rare earth magnet that gave her a sense for Electro-Magnetic fields- until it began to go wrong. Since then she's research the edges of what's currently possible and what's likely to become possible in the near term. Technology that was the traditional purview of the medical establishment is migrating into the hands of body hackers, and the medical establishment itself is finding ways to enhance humans, not just cure disease, and faces a new dilemma about whether and who should be enhanced. All of these advancements come with health dangers and unanticipated possibilities, as well as an ethical debate about what it means to be human. This talk will touch on the latest medical advances in neurological understanding and interface as well as physical enhancements in sports and prosthetics. But more time will be given to how the body hackers and renegades of the world are likely to go forward with or without societal permission. Quinn will touch on sensory extension, home surgery, medical tourism, nervous system interfaces, and controlling parts of our bodies and minds once thought to be nature's fate for us. How society is likely to react to enhancement technologies or enhanced humans? Early adopters face dangers including pain, disfigurement, and death- how will that shape progress? Technology and flesh are going to come together, but will they come together in you? Bring your own stories of modification, and you own ideas about what constitutes post human- and whether that's a good or bad thing. Quinn Norton 18:30 01:00 Saal 3 in_the_absence_of_trust Culture Vortrag englisch In 1996, The Surveillance Camera Players started manifesting their opposition to the culture of surveillance by performing silent, specially adapted plays directly in front of CCTV cameras. 10 years after, their work is more relevant than ever. This talk will take you through artists' strategies to raise the debate on privacy, the society of the spectacle, the aftermath of September 11th, face recognition software, panopticism, electronic tagging, etc. Régine Débatty 20:30 01:00 Saal 3 homegrown_interactive_tables Any Technology Sufficiently Advanced is Indistinguishable from Magic Culture Vortrag deutsch Technology to build low-cost touch-sensitive tables with high precision is publicly available since the beginning of 2006. The talk will give a practical introduction on building hard- and software of these tables using FTIR sensing pioneered by Jeff Han (see links), based on our experiences in making a table at the c-base. Andre Helwig Christian Bennat Andreas Dietrich Ulrich von Zadow Mirco Fichtner Jeff Hans interactive tables 21:45 01:00 Saal 3 ueberwachen_und_strafen_in_entenhausen Culture Vortrag deutsch Mit Michel Foucault in Entenhausen: Der Vortrag wird einen Blick auf die Überwachungsmethoden und die Strafpraxis in der Gumpenmetropole werfen. In Entenhausen bevorzugt man die klassischen Methoden der Überwachung wie Beobachten und Belauschen; Überwachung von öffentlichen Plätzen vermittels Kameras ist nicht das Mittel der Wahl, was daran liegen könnte, daß die Entenhausener Straßen nur spärlich von Straßenlaternen beleuchtet sind. Bei der Sanktionierung von Straftaten setzt man ebenfalls auf die bewährten Methoden: Schändliche Körper- und Leibstrafen werden präferiert. So zum Beispiel das Einhüllen in Götterspeise oder das Verhauen von ungehorsamen Kindern mit Ruten. Als originär Entenhausener Erfindung sind die Schnellstrafen zu nennen. Eines jedenfalls ist klar: Wäre Michel Foucault Donaldist gewesen, dann hätte er in seinem Buch „Überwachen und Strafen“ vermutlich nicht geschrieben, daß zu Beginn des 19. Jahrhunderts das „... große Schauspiel der peinlichen Strafe zu Ende“ geht. Henriette Fiebig 23:00 01:00 Saal 3 kritik_an_den_illuminaten Der Stand der Auseinandersetzung zwischen Discordiern und Illuminaten Culture Vortrag deutsch Bereits 1787 formulierte der Theologe Benedikt Stattler in seiner Schrift "Das Geheimniß der Bosheit des Stifters des Illuminatismus in Baiern zur Warnung der Unvorsichtigen hell aufgedeckt von einem seiner alten Kenner und Freunde" Kritik an dem von Adam Weishaupt gegründeten Illuminatenorden. Der CCC hat sich in vielen Aspekten in seiner Eigenschaft als discordische Vereinigung ebenfalls in kritischer Art und Weise mit Plänen und Aktionen der Illuminaten im Sinne der "New World Order" und Aktionen wie der "Total Information Awareness" auseinandergesetzt. Spätestens seitdem Karl Koch mit dem Pseudonym "Hagbard Celine" eine nicht nur lustige Assoziation gewählt hat, ist die u. a. von Robert Anton Wilson in "Illuminatus" zur Erleuchtung des Bewusstseins skizzierte Auseinandersetzung zwischen Illuminaten und Discordiern auch mit der Hackerszene verbunden. In Anlehnung an "Illuminatus" und die von R. A. Wilson eingeführten Begriffe zur Komplexitätsreduktion hat u. a. die Nutzung von Fnords in der Kryptodiskussion der späten 90er Jahre eine wichtige Rolle auch in der Arbyte des CCC gespielt. Mit dem 11.09.2001 hat nun nicht nur die Diskussion um verborgene Mächte und ihren Einfluss eine neue Dimension gewonnen, auch ein Vielzahl von Sachzusammenhangstheorien zwischen Vorgängen, Personengruppen und Auseinandersetzungen, die man partiell schon als Komponenten eines nicht-erklärten Dritten Weltkrieges zuordnet, entwickelten sich. Der Einfluss des Discordianismus ist hier auch in empfindlicher Art und Weise zurückgedrängt worden. Angesichts des 23. Chaos Communication Congress möchte ich hier den Stand der Debatte zwischen Discordiern und Illuminaten beleuchten. In dieser Abendveranstaltung möchte ich die Auseinandersetzung zwischen Ordnungs- und Chaoskräften sowohl in einem historischen Überblick beleuchten, als auch die Frage nach den Handlungsoptionen stellen, die sich der discordischen Bewegung erschließen. Andy Müller-Maguhn Bibliographie zum Illuminatenorden Der Wilhelmsbader Freimaurerkonvent im Spiegel der Illuminaten Adam Weishaupt: Grössere Mysterien / Erste Klasse Adam Weishaupt: Höhere Mysterien / 2te Klasse Der Beitrag Johann Adam Weishaupts zur Pädagogik des Illuminatismus Das Geheimniss der Bosheit des Stifters des Illuminatismus.. 11:30 01:00 Saal 4 strong_random_number_generator by anatomizing Linux' CPRNG Hacking Vortrag englisch This paper (and slides) will descibe the inner workings of the the random number generator (/dev/{u}random) of Linux. Additionally some possible security flaws are shown (entropy overestimation, zero'izing the pool, etc.) Almost all cryptographic protocols depend on random (unpredictable) values to create keys, cookies, tokens, initialisation vectors, and so on. The Linux (as well as other Unix flavours) kernel provides a character device as a source for randomness. This device represents the essential part needed by various cryptographic protocol implementations for a secure operation (conditional security), therefore it needs special attention from security experts. This paper will give an extract of results taken from analysing the input sources used by Linux' PRNG implementation. The statistical entropy of each source and of the whole pool is calculated to get a better picture of the entropy quality during the boot--process and to spot entropy overestimation by the kernel. Observation taken by process show a repeating behaviour for different system startups. This can be used by an attacker to create profiles and to simulate a more complex system. Even observations of the events generated by the block-device show timing patterns between different boot--sequences. To dispel doubts of developers to add untrusted sources, two kinds of untrusted sources, low-quality and malicious source, were examined. It will be shown that low--quality sources are not able to reduce the entropy in the pool that already exists but can lead to an overestimation. A more dangerous situation exists with the presence of a malicious source which is theoretically able to led the mixing algorithm produce a stream of zeros. The goal of this work is not to show a practical attack against the random device but to provide more transparency and to ease further analysis. Thomas Biege http://www.suse.de/~thomas 12:45 01:00 Saal 4 dying_giraffe_recordings Using the power of creative commons to create an alternative system which is fair for musicians and their fans Culture Vortrag englisch Todays music industry has created a system that is unfair for both the musicians and the music lover. Combined with an agressive prosecution of downloaders, this causes a very strong polarisation between the industry on one hand and music lovers on the other. Nobody wins. We at dying giraffe recordings are trying to break this impasse and create a system where musicans are rewarded for their work and talent, and where music lovers can enjoy music in a fair way. The key element in this is a breakaway from traditional copyright laws and the use of the creative commons license. This combined with new technologies in the field of internet, audio recording and compression gives us the potency to change te system. Thus building a fighting force of extraordinary magnitude we believe that we can beat the system. Todays music market is a sick place. Consider this: Musicians often do not get paid for cd sales, only for tours and merchandise. They have to pay the labels for promotion and recording, and often go bankrupt in spite of selling millions. Their music is checked by software for their hitpotential, and if it's potential is limited, the will not be signed. Music that is produced, is compressed to death, so dynamics are effectively eliminated. Money that is earned by copy levy only goed to the big labels, if at all. Consumers are getting sued for using p2p, even when they do not own a computer, are dead, or both. IF they buy cd's, the cd's are subject to price fixing, making them ridiculously expensive. Those CD's are protected by DRM or copy protection which makes them unable to be played on a computer, a dvd player, car audio or an mp3 player. So why buy cd's at all? Now we have p2p, with which the music lover can download music for free, but illegally. There are other legal download means, like itunesMS but they have DRM. So what do we do now? We started a label, dying giraffe recordings. Where we try to keep our overhad low, where we do the cherry picking, give tips for homerecording, use the creative commons license, and use pdocasts and streaming for promotion, and have connections to cd distribution companies and concert halls. Of course we encounter a lot of problems, like limited recording facilities, getting money for airplay and form the ocpy levy, cd manufacturing, the traditional industry and organisation fighting us, shady distributors, psychotic musicians and promotion. For some of these problems we do not have a solution yet, for some we do have some suggestions. We would like to invite other people to think with us, and to build with us a network of netlabels to beat the system. Christian Tan Dying Giraffe Recordings Magnatunes, a big inspiration for DGR Courtney Love wrote a great article in Salon about this matter 14:00 01:00 Saal 4 ethernet_mit_mikrocontrollern Wie funktioniert TCP mit 2kb RAM? Hacking Vortrag deutsch Steuer- und Messaufgaben erledigt am besten ein Mikrocontroller. Wenn zeitgemäß auf dieses Device zugegriffen werden soll, kommt man um Ethernet eigentlich nicht herum. Aber ist ein Mikrocontroller mit nur 2-4Kb RAM in der Lage, TCP/IP zu sprechen? Jeder Geek kommt irgendwann einmal in die Lage, Geräte zu steuern (Kaffeemaschine, Licht, …) oder Messdaten erfassen zu müssen (Blumenwasserstand, Raumtemperatur, Fenster offen, …). Prädestiniert dazu sind Mikrocontroller, aber sind diese auch mit sehr beschränkten Möglichkeiten (RAM) in der Lage, ein vollwertiges Netzwerkdevice zu implementieren? Kann man einen Mikrocontroller dazu bringen, bei kritischer Dürre im Blumentopf eine Mail zu schreiben? Bleibt das ganze dann auch noch bezahlbar (teures Entwicklungsboard, teure Mikrocontroller, aufwendige Fertigung, …)? Dieser Vortrag stellt Problematik, Lösungen und Grenzen von TCP/IP auf Atmel Mikrocontrollern (Atmega32, Atmega644) vor und gibt einen Ausblick, was mit solchen Mikrocontrollern machbar ist. Desweiteren wird eine Implementierung, das etherrape-Projekt, vorgestellt. fd0 Atmel Mikrocontroller mit Ethernet: "etherrape" 16:00 01:00 Saal 4 jabber_showcase XMPP ist viel mehr als nur Instant Messaging Hacking Vortrag deutsch Jabber wird von vielen nur als "Open-Source"-ICQ-Ersatz wahrgenommen. Dabei kann Jabber bzw. XMPP noch deutlich mehr, es existieren weit über 100 Protokollerweiterungen, und es werden täglich mehr. Der Vortrag stellt einige interessante Protokoll-Teile sowie Implementationen vor. Ein Rundumblick durch die Welt der XMPP-Enhancement-Proposals (XEPs) und verschiedener Implementierungen. * Pubsub * Atom/RSS over Pubsub * Personal Eventing Protocol ("Now playing", User mood, ..) * Common Altering Protocol - Koordinierungslösung für Feuerwehr, Polizei und Co. * HTTP-Polling/HTTP-Binding - Jabber direkt via HTTP sprechen (Ajax,..) * Virtual Presence (Avatare auf Websiten, siehe z. B. lluna) * Verschiedene Ansätze für VoIP über Jabberinfrastruktur * Onlinespiele über Jabber * Whiteboard * Audio/Videochat mit Jingle * US Army Future Combat System fh 17:15 01:00 Saal 4 barrierefreies_web Hacking Vortrag deutsch In diesem Vortrag geht es um die Problematik des barrierefreien Webs. Der Vortragende ist selber blind und hat somit die notwendige Praxiserfahrung. Es wird nicht auf festgeschriebene Normen und Gesetze eingegangen, vielmehr werden Tips aus der Praxis gegeben und anhand von verschiedenen Internetseiten verdeutlicht. Es wird auf bekannte Internet-Angebote wie Bankingportale usw. zurückgegriffen. Das "Behindertengleichstellungsgesetz" fordert (im Paragraph 11 zu "Barrierefreie Informationstechnik"), dass "behinderte Menschen die Informationen auf allen Web-Seiten des öffentlichen Sektors der Mitgliedstaaten und der europäischen Institutionen erreichen und voll von den Möglichkeiten der 'Regierung am Netz' profitieren können." Das garantiert aber weder Standards noch deren Umsetzung - weder bei Webseiten, Programmen, noch bei Betriebssystemen. Ausserdem gibt es einige mobile Geräte (Handy, Organizer), die zwar Webseiten darstellen können, aber nicht über zusätzliche features wie Javascript verfügen. Die Zugänglichkeit zu Daten ist daher nicht nur für Behinderte ein Problem, sondern für *alle* Menschen. Diese Entwicklungen werfen die Frage auf, wie sinnvoll überhaupt die Vorgaben der Barrierefreiheit sind. In diesem Vortrag geht es um die Praxiserfahrungen eines blinden Nutzers. Sebastian Andres wirft einen Blick auf verschiedene Webportale und gibt Beispiele zu sinnvollen und weniger sinnvollen Regelungen. Dazu gehören Gestaltungshinweise wie z.B. Navigationsleisten, Links, Tabellen und Formulare. aber auch Alternativen wie z.B. Wap-Portale. Sebastian Andres Wikipeadia: Barrierefreies Internet Linux Accessibility (aka LinAccess) http://www.barrierefreiesinternet.de/ 18:30 01:00 Saal 4 warum_wir_uns_so_gerne_ueberwachen_lassen Erhellendes aus Philosophie und Soziologie zur Klärung des Phänomens steigender Kontrolle und Überwachung Society Vortrag deutsch Das Phänomen steigender Überwachung und Kontrolle ist vielfach beschrieben und diskutiert wurden. Klagen werden allerorts laut und verklingen meist genauso schnell wieder. Innerhalb des Vortrags soll das Phänomen - jenseits einer bloßen Zustandsbeschreibung - soziologisch-philosophisch betrachtet und auf aktuelle internationale Forschungsergebnisse eingegangen werden. Das Phänomen steigender Überwachung und Kontrolle ist vielfach beschrieben und diskutiert wurden. Klagen werden allerorts laut und verklingen meist genauso schnell wieder. Innerhalb des Vortrags soll das Phänomen - jenseits einer bloßen Zustandsbeschreibung - soziologisch-philosophisch betrachtet und auf aktuelle internationale Forschungsergebnisse eingegangen werden. Bereits Ende der 70er / Anfang der 80er Jahre wurden Theorien entwickelt, die in aktuellen Betrachtungen des Themas Kontrolle und Überwachung immer wieder aufgegriffen werden. Es handelt sich hierbei z.B. um Michel Foucaults Auseinandersetzung mit Macht und dabei insbesondere um das Konzept der Gouvernementalität, einem Neologismus Foucaults. Auf soziologischer Seite lässt sich Ulrich Becks Risikogesellschaft und dessen Folgetheorien als Basis aktueller wissenschaftlicher Auseinandersetzung mit dem Thema lokalisieren. Ziel des Vortrages ist es, theoretische – aber keinesfalls langweilige – Einblicke in die wissenschaftliche Diskussion zu Kontrolle und Überwachung zu geben und dabei auch auf aktuelle politische Entwicklungen einzugehen. Christine Ketzer 20:30 01:00 Saal 4 vehicular_communication_and_vanets The future and security of communicating vehicles Science Vortrag englisch Vehicle communication is a major research topic, covered by many national and international research projects. Applications promise to make our driving safer, more efficient, and more fun. The talk presents applications, technology, and also addresses security and privacy issues. The talk will first introduce the concept of vehicle communication. Vehicles can communicate with each other to form so called Vehicular Ad-hoc Networks (VANETs) or with road-side units that allow access to backend systems that provide warnings, traffic information, etc. Next, there will be a presentation of potential applications to motivate the need for such communication. This includes warning applications, e.g. cars can send warning messages to other cars including their exact position warning them of the danger ahead. As cars receiving such messages will forward them also to other cars, they form a multi-hop ad-hoc network. Other applications can warn cars about dangerous road conditions, increase traffic efficiency at intersections or on highways or may simply be used to send e.g. text messages between cars (did you ever wanted to tell the driver in front of you your oppinion regarding his driving style?;-) The talk will also cover technical details like position-based routing used in such networks or message dissemination protocols. It is evident that such systems will also introduce new dangers to security and privacy. Sending e.g. faked warning messages may affect traffic and recording the position information of cars severly affects the privacy of drivers. The speaker is member of the pan-european research project SEVECOM that especially addresses the security and privacy needs in car communication. He will present some results from the that project, describing security requirements, potential attackes, and first ideas for security and privacy mechanisms. Frank Kargl 21:45 01:00 Saal 4 tap_the_eff EFF staffers answer your questions! Society Sonstiges englisch EFF staffers answer your questions about American wiretapping, the latest moves of the *AA, the spread of the DMCA through free trade agreements, what's up at WIPO, and other dispatches from the US and elsewhere. This panel will take a loose question and answer format after a brief (and entertaining) summary of EFF's work and investigations this year. They will be representatives of all three aspects of the non-profits work: activism, technological research and US legal actions. The emphasis will be on the international aspects of the EFF's work (including their representation at WIPO, and work on various free trade agreements and European standards bodies), but we can also go into some detail on many of the domestic US work, as well as the ramifications of the recent US elections, and prospects and threats to digital freedom in the future. Peter Eckersley Seth Schoen Danny O'Brien 10:00 01:30 Workshop Area haecksen_plenums_fruehstueck Community Workshop netzwerkeln, projekte planen - WOMAN ONLY ALLE SICH WEIBLICH FÜHLENDEN MENSCHEN SIND HERZLICH EINGELADEN Cyworg Haecksen 11:30 01:00 Workshop Area web_application_security Find the Flaw, or Someone Else Will Hacking Workshop englisch Extensive information on web application security mistakes (and how to avoid them) has been available for quite a while. Yet many web applications still come with flaws that are often easy to find and exploit. The currently hyped AJAX will probably increase the number of buggy applications, since it invites programmers to entrust critical tasks like input validation and access control to the browser - thereby making it easy for malicious users to bypass these checks. This talk will provide a short overview of how web applications work and then discuss the most common security flaws and attacks (e.g. SQL Injection and Cross Site Scripting). It also presents methods and tools that can be used to test for these issues. Viktoria Polzer Haecksen 12:45 01:00 Workshop Area acts_as_cool_ruby_on_rails Ruby on Rails Hacking Workshop deutsch Das Webframework Ruby on Rails steckt - vom Alter und Bekanntheitsgrad her gesehen - noch etwas in den Kinderschuhen. Trotzdem werden bereits jetzt umfangreiche Webprojekte damit realisiert; www.qype.com ist sicher ein gutes Beispiel. Der Vortrag soll potentiellen Umsteigern von PHP oder Java zeigen, wie man mit wenig(er) Code und Zeit wartbare Webanwendungen erstellt - auch ohne bisherige Ruby-Kenntnisse. Beate Paland Haecksen 14:00 01:00 Workshop Area why_opensource_needs_professional_marketing Community Workshop englisch Where is OpenSource-Software today, and where do we want to see it by the end of this decade? Most of us would probably like to see it in the big headlines, see it being used by big companies, by big cities' administrations and by country governments. We would it to be recognized by everyone and make sure that those who are concerned - computer users of this world - at least have an idea, what FOSS is, what free operating systems and free desktops are, and what advantages that kind of software can give them. We want everybody to see what good FOSS can do for them. So far, not very many "normal" people know what we are dealing with. In their minds, FOSS is something used mostly by computer experts - by people who know what they are doing. Those experts scatter their knowledge, but usually, they reach only a small audience. And, very often, for them, it is hard to communicate their enthusiasm in a way that non-tech people understand what they are talking about. This leads to people shying away from this - in their opinion - geek topic "FOSS". And this is where marketing comes in. Marketing needs to set a basis for tech people to communicate with non-tech people. It collects information, packages it in a way that makes it understandable for everyday users. It has an eye on the market - on those people who may be interested to use FOSS professionally - and makes sure that the right information in the right phrasing reaches the right audience at the right time. It sets a platform where those involved in the projects can communicate with those interested in their work. With the users and those who make the decisions to use FOSS for the "big business" being convinced by its qualities, it will thrive and prosper and get the recognition we all want it to have. Valerie Hoh 16:00 02:15 Workshop Area qualitaet_heisst_selber_machen Was kann Medienaktivismus im Netz? Community Workshop deutsch Die eigene Sicht der Dinge - oder konkreter Ereignisse - an ein Massenpublikum bringen: Dieses Ansinnen wird durch die Entwicklung von Blogosphäre und „citizen journalism“ plötzlich für viel mehr Menschen möglich. Was jedoch nutzt die publizierte Information? Was bedeutet Qualität im selbstgemachten Web, welche der aus dem professionellen Journalismus kommenden Kriterien können angewendet werden und wo werden sie überflüssig und müssen durch neue ersetzt werden? Ragni-Serina Zlotos Haecksen 18:30 01:00 Workshop Area the_linguistic_fingerprint Silver bullet or mere myth? Hacking Workshop deutsch In the wake of crime science shows like CSI and high profile criminal cases like the JonBenet Ramsey murder, the field of forensic linguistics has come to the attention of the general public. Today many laypersons know the term "linguistic fingerprint" and they have certain expectations about what it implies. But these expectations are largely unfounded. ... The lack of real knowledge about this technique are largely due to its ill-chosen "nickname". The term "linguistic fingerprint" puts it into the neighborhood of the "actual", i.e. dactyloscopic fingerprint and the "genetic fingerprint". But this is misleading. Both in fingerprinting and in DNA analysis there are procedures for collecting samples, for analysing them, for comparing them to samples taken from the suspect(s) and for interpreting the results. These procedures are known for their reliability today, but it took years of research to get to this point. Still, today we are at a point where a fingerprint left at a crime scene can safely be used to to confirm the guilt of a suspect. The use of the fingerprint metaphor in the context of forensic linguistics and authorship attribution implies that research in this field has reached the same maturity. In reality, some promising results have been found, but so far the linguistic community was not able to prove that a certain set of markers can be reliably used to confirm a person's authorship of a text. Many questions are still left to be answered. [bearbeiten] Overview In this talk I will give definitions of the relevant terms and concepts. Then I will give an overview over the different fields of interest that are subsumed under "forensic linguistics". From these I chose authorship attribution as the target of a state-of-the-art report. I will present several interesting approaches, demonstrate their application with the help of real life examples where possible, and discuss their merits and limitations. The main focus here will be a) on written texts such as blog entries / comments and forum articles and b) on the source code of software such as viruses I will show that forensic linguistics procedures are far from having the same accuracy as fingerprinting procedures, but that - at best - they can be used to prove that the same person did or did not write a set of texts. And if that is not possible they can still be used to gather other, more general clues about the author, perhaps about his gender or his education. For the time being this does not make the linguistic fingerprint the proverbial silver bullet, but rather it makes forensic linguistics one valuable tool in the criminological toolbox. Daniela Berger 19:30 02:00 Workshop Area bauen_einer_wlan_antenne Hacking Workshop deutsch Kleine Einführung in die HF Wellenausbreitung und Funktionsweise verschiedener Antennentypen, dannach Bau von – unterschiedlichen - Antennen für 2.4GHz (z.B WLAN) Evtl. Netzwerkkarte mit Anschlußmöglichkeit für exteren Antennen mittbringen, gut um selbst nen Anschluß zu legen sind auch Netzwerkkarten mit ner angelöteten Antenne (keine PCMCIA, da ist die Antenne meist aus der Platine geätzt). Fredi 21:45 02:15 Workshop Area how_to_extend_netword_night_vision Discussing design of frame-parser Hacking Workshop englisch A general description of Network Night Vision (a network protocol analyzer and modifier) is given; afterwards the domain specific language used for describing protocols will be explained. Also, an example protocol will be implemented to get an idea how to design a protocol specification. Hannes Mehnert 11:30 01:00 Saal 1 unlocking_filevault An analysis of Apple's encrypted disk storage system Hacking Vortrag englisch Analysis of the MacOS X storage encryption technology FileVault. Having fun by reverse-engineering private Frameworks under MacOS X. We present an analysis of Apple's proprietary disk encryption technology, FileVault. Besides the vendor's claim of 128-bit security through the use of AES, not much was previously known about its inner workings. This talk will fill in the many missing details in the puzzle and analyse the design decisions. Besides the cryptographic details, this talk will of show how the relevant parts of the DiskImages framework were reverse-engineered for this project. Ralf-Philipp Weinmann Jacob Appelbaum Apple: MacOS X: FileVault 12:45 01:00 Saal 1 software_protection_and_the_tpm The Mac OS X Story Hacking Vortrag englisch Ever since Apple announced the x86 version of Mac OS X, people have been obsessed with running the operating system on non-Apple hardware. The media has given this topic more than its fair share of coverage, with nary a week going by without some discussion of the tussle between Apple and system attackers attempting to "crack" Mac OS X. Regardless of the periodic outcomes of such tussles (including the so-called hacker victories), widespread myths continue about what happens inside Mac OS X with respect to such protection. Moreover, the presence of trusted platform modules (TPMs) in newer Apple computer models only makes the situation more interesting--trusted hardware is perhaps one of the most untrusted (and misunderstood) entities on earth. In this talk, we will unravel some TPM mysteries and look at the architecture of Mac OS X relevant to software protection. Amit Singh 14:00 01:00 Saal 1 bluetooth_hacking_revisited Hacking Vortrag englisch Hacking Bluetooth revisited - This talks goes into the depth of Bluetooth security, we'll show attacks on every possible bluetooth layer including Application Layer, lower layers. We'll break the drivers, the implementation, the applications and the _protocol itself_. At the end of this talk we hope we have achieved a Prardigm shift with regards on how you perceive Bluetooth Security in General. It's not only for toys. On the Operational side, we'll go into what risks BT poses for your company, why your policies fail and why your current Security Layers aren't enough. Hacking Bluetooth revisited - Kevin Finistere & Thierry Zoller This talk aims at producing a complete paradigm shift on how you perceive Bluetooth security. During the introduction we'll present what Bluetooth is, what has been left out all these years and how to protect yourself. Well digg into Bluetooth Security from Layer 1 up to Layer 7, from the Baseband up to the Application Level. We'll show how to get a Remote Root shell over Bluetooth, during CCC 2006 we'll release BTCrack, Software to crack the Bluetooth Pin/Linkkeys with Man in the Middle attack. We'll show you how to steal link-keys, why the PIN is not that important at all, we'll go into detail how to bypass Bluetooth Security and what the future holds for Bluetooth Security. On the Operational side, we'll go into what risks BT poses for your company, why your policies fail and why your current Security Layers aren't enough. We'll digg into WHY we have arrived there and WHY nobody seemed to care over all these years. Kevin Finistere Thierry Zoller 16:00 01:00 Saal 1 nintendo_ds Introduction and hacking Hacking Vortrag englisch The Nintendo DS is a mobile gaming console. It was first introduced in 2004. Our talk will give a short introduction of the hardware and available games. The main focus however lies on homebrew software, DSLinux, alternative firmware, copy protection, flash cards and online gaming protocols. The Nintendo DS is often seen as a direct competitor to the Sony PSP, but sells at a much lower price. The DS consists of two ARM CPUs, two displays, one of them functions as a touchscreen and a wifi interface. Due to its small amount of RAM, 4MB, the DS provides a real challenge to developers. We will explain different methods used to circumvent the copy protection and replace the existing firmware. Afterwards we will introduce the most common flash cartridges used to run homebrew software and pirated ROMs. While talking about homebrew applications we will focus on wifi applications, like scanners and development environments. At last we will present an analysis of the online gaming protocols. Tobias Gruetzmacher Marcel Klein Mario Manno 17:15 01:00 Saal 1 traffic_analysis Attacks, Defences and Public Policy Issues... Hacking Vortrag englisch This talk will present an overview of traffic analysis techniques, and how they can be used to extract data from 'secure' systems. We will consider both state of the art attacks in the academic literature, but also practical attacks against fielded systems. A lot of traditional computer security has focused on protecting the content of communications by insuring confidentiality, integrity or availability. Yet the meta data associated with it - the sender, the receiver, the time and length of messages - also contains important information in itself. It can also be used to quickly select targets for further surveillance, and extract information about communications content. Such traffic analysis techniques have been used in the closed military communities for a while but their systematic study is an emerging field in the open security community. George Danezis 18:30 01:00 Saal 1 credit_card_security Experiences and lessons learned with the Payment Card Industry Data Security Standard Hacking Vortrag englisch MasterCard and Visa have jointly released the PCI Data Security Standard which defines security requirements for the processing of card data in face-to-face and card-absent transactions. This presentation will deal with the most critical security gaps. SRC is an auditor approved by MasterCard and Visa to carry out PCI Security Scans and PCI Security Audits. Currently, SRC serves about 3000 merchants and 40 payment service providers around Germany, Austria, Switzerland, France, Russia, Slovakia and Israel. The speaker will first briefly introduce the PCI security requirements. Then, he will disclose the company's experiences and lessons learned when conducting PCI Security Scans and PCI Security Audits. Manuel Atug PCI Security Standards Council Website Visa EU AIS Program Website MasterCard SDP Program Website Visa USA CISP Webseite 20:30 01:00 Saal 1 on_free Society Vortrag englisch Lawrence Lessig 21:45 01:00 Saal 1 automated_exploit_detection_in_binaries Finding exploitable vulnerabilities in binaries Hacking Vortrag englisch In this talk, we will introduce the audience to the concepts involved in static analysis, and different implementations of those concepts with advantages and disadvantages of each. We will show how the open source tool bugreport (http://bugreport.sf.net) implements these concepts and will demonstrate the tool finding exploitable bugs in real-world binaries. See attached RT ticket #8514. Luis Miras bugreport project page Some background information on the talk 23:00 02:00 Saal 1 hacker_jeopardy The one and only hacker quizshow Community Sonstiges englisch The well known quizshow format, but of course covering topics not usually seen on television Hacker Jeopardy is a quiz following the well known inverted answer-question scheme. It was once entitled as "number guessing for geeks", which is of course a very unfair abbreviation: it's also guessing of letters and special characters :) The quiz is played in three initial rounds with three candidates each, competing for their seat in the final round, in which last years winner joins in as a fourth candidate. Stefan 'Sec' Zehl Ray 11:30 01:00 Saal 2 how_to_squeeze_more_performance_out_of_your_wifi Cross-layer optimization strategies for long-range IEEE 802.11e based radio (mesh) networks Science Vortrag englisch Most of today's long-range wireless mesh or point-to-point links suffer from a high overhead during channel access, frequent link failtures and the lack of taking a real advantage of the mesh network structure. This leads to a really bad performance for TCP-like traffic compared to UDP traffic over this links. We want to present your two different ideas for optimizing throughput and delay without breaking any wifi-standard (or at least not too much ;). Most of today's wireless mesh networks can be characterised by the use of cheap half-duplex transmission technologies like IEEE 802.11. It suffers from a high overhead during channel access, frequent link failures and the lack of taking a real advantage of the mesh network structure. All this may result in low throughput and high end-to-end delay. To improve both properties, one may use diversity achieved through multiple channels directional high gain antennas, polarization multiplex and frame aggregation techniques. Additionally -- in order to take an advantage of the mesh network structure -- it is possible to divide the up- and downstream of a wifi point-to-point link into two seperate links. This eliminates the concurrency between both directions. Results of calculations, simulations and measurements show an improved distribution of delay and a significant higher throughput especially for TCP-like applications. Both values can furthermore be improved by an optimization of the IEEE 802.11e quality-of-service parameters. Achim Friedland 12:45 01:00 Saal 2 large_scale_internet_content_filtering Investigating large-scale Internet content filtering Society Vortrag englisch This talk analyzes large-scale, countrywide Internet content filtering from a technical point of view and investigates the current situation in the People’s Republic of China. Additionally it discusses techniques to effectively defeat censorship and based on various tests conducted by the author, comments on their applicability in the Chinese part of the Internet. Nowadays the Internet has become an essential element of the world’s media landscape and our everyday lives. Thus for many people sending and receiving emails, chatting with friends, researching information or even purchasing goods online is almost as common as watching TV or listening to the radio. Interestingly without being further challenged it is generally taken for granted in the Western world that based on human rights, constitutions, legal systems and moral values, access to the Internet is provided freely, unlimited and most importantly unfiltered. But in reality the situation for millions of users world-wide is completely different: "Chat rooms monitored. Blogs deleted. Websites blocked. Search engines restricted. People imprisoned for simply posting and sharing information" [1]. In an attempt to create virtual frontiers in cyberspace countries such as China, Vietnam, Tunisia, Iran, Saudi Arabia and Syria [1] have installed a multiplicity of technical and non-technical controls to censor the Internet and prevent their citizens from accessing or publishing information the government regards as illegal. Therewith these countries are denying essential human rights to their citizens and specifically violate article 19 of the Universal Declaration of Human Rights which states that "everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers" [2]. In order to gain a further understanding of the functionality and the extent of such censorship, this talk investigates large-scale, countrywide Internet content filtering from a technical point of view. Therefore at first it discusses various means of filtering a government might enforce to perform censoring. Next it investigates the current situation of Internet filtering in the People's Republic of China and presents the implications for Chinese users by providing concrete examples. Finally this presentation particularly highlights techniques to circumvent Internet censorship focusing on practical and easy to use solutions that are applicable in China. [1] Amnesty International. Irrepressible.info, an amnesty international campaign. Campaign published on website http://irrepressible.info, 2006. [2] United Nations. Universal declaration of human rights. UN Resolution 217 A (III) of 10 December 1948, 1948. Sebastian Wolfgarten Devtarget.org, contains Sebastian's full master thesis 14:00 01:00 Saal 2 trust_your_eyes Grundlagen der Visualisierung und wie man mit Visualisierungen „faken“ kann Science Vortrag deutsch Vorgestellt werden theoretische Grundlagen der Visualisierung und der menschlichen Wahrnehmung sowie einige Visualisierungstechniken. Im Anschluss wird exemplarisch dargestellt, wie leicht man durch geschickt gewählte Visualisierungen verfälschte Eindrücke suggerieren kann. Im Rahmen des Vortrages sollen die wichtigsten Grundlagen und Prinzipien der Visualisierung und der menschlichen Wahrnehmung, wie die Visualisierungspipeline, die Gestaltgesetze und Shneidermans Mantra Of Information Seeking, auszugsweise vorgestellt werden. Nachdem auch einige Visualisierungstechniken, wie Graphen, Treemaps, Cone Trees u. a., kurz aufgezeigt werden, soll im Anschluss anhand einiger Beispiele gezeigt werden, wie leicht es ist, durch die geschickte Wahl visueller Variablen oder Visualisierungstechniken falsche Aussagen auf korrekter Datenbasis zu suggerieren und wie oft im Alltag derartige „Kleinigkeiten“ übersehen werden. Ziel ist es, einen kurzen Einblick in die Welt der Visualisierung zu liefern und die Sensibilität im Umgang mit visuellen Informationen zu erhöhen. Sonja 16:00 01:00 Saal 2 lightning_talks_day_3 Lightning-Talk Definition: Lightning Talks is a daily event. which consists in one hour of several short talks. Each talk is limited to five minutes. Goal: There is one slot for Lightning Talks each day of the congress. The goal is to present 10 talks within each slot. So this might be up to 40 interesting talks in total. See the Wiki page for current info. b9punk Sven Guckes Wiki page 17:15 01:00 Saal 2 void_the_warranty How to start analyzing blackboxes Hacking Vortrag englisch We're surrounded by blackboxes containing digital technology nowadays. There are complex devices like cell phones as well as more simple ones that don't look very digital at all. This lecture shall motivate the listener to take more electronic things apart, examine the mode of operation and modify it. The intention of this lecture is showing the listener that it's possible to analyse and mess around with a wide range of devices at home and how to do this. Thus low-cost and homebrewn hardware tools are used as far as possible. Enabling the listener to design such hardware is also an ambition of this talk. The JTAG-Finder can be given as an example here. The lecture will also point out some of the common problems during the research, and ideas on how to deal with them (e.g. acquiring data in realtime and getting it into a PC for the analysis). Various example projects of different complexities along with the procedure of analysis and modification will be explained throughout the lecture. Recovering a lost PIN-number from a DECT-station or circumventing a printer's anti-refill technology are less complex examples while connecting a (non-DMA) PCMCIA (or CompactFlash) card to a common microcontroller is a more complex one. Hunz AVRolus the JTAG-Finder 18:30 01:00 Saal 2 dvb_t How to build a complete FPGA-based DVB-T transmitter Science Vortrag englisch As DVB-T is the key technology for terrestrial broadcasting for the next decades, this lecture tries to explain how it works: It covers the way of raw pixel data over MPEG2 video and audio encoding and via multiplexing of several streams and programs to the actual generation of the COFDM signal used for transmission. As the team has built a DVB-T transmitter, we will give a in-depth insight in how things are really done - including a demonstration of the transmitter. -> For that we plan to stream the content of the 23C3 lectures locally on Alexanderplatz using TV channel 22. Don't forget to bring your DVB-T stick. For more information look at <a href="http://events.ccc.de/congress/2006/DVB-T">the DVB-T project description.</a> Analog PAL based TV transmission is no more - DVB has taken over in Germany. This should be legitimate reason to take a really deep look into how the new technology works and what needs to be done to get your own transmission into the air. The base for our lecture is a standard FBAS signal coming from a video camera. From there we will go with it through all the necessary stages of encoding, framing, multiplexing and modulating. First step is the A/D conversion of the picture and the sound. The resulting 240MBit/s stream is fed into the MPEG2 encoder where video and audio is encoded using the given parameters resulting in a bitstream of defined datarate. To achieve that, the video is divided into single blocks, movement relative to earlier and later frames is detected, and then the data is transferred into the frequency domain and then encoded. A relatively similar thing is done to audio: It is split into several frequency bands and for every band it is decided if the listener will hear this band or not using a psycho accoustical model. Then the remaining data is encoded into a bitstream as well. After that a program clock reference is generated to enable the receiver to keep video and audio in sync while playing back the stream. During the next stage, all video- and audio-streams are multiplexed into one big transport stream and several data tables are added. These tables define, which programs belong to this transport stream and assign video and audio streams to these programs. Electronic program guide and teletext are added and finally the COFDM modulator has the job to generate a base band signal for transmission. Here data is scrambled and interleaved several times, two types of forward error correction are added and then the bits are distributed to the up to 8000 distinct carriers which compose the final signal. As we have built a complete OFDM modulator we will then demonstrate how all these things work together and finally you will be able to watch our transmission using your own DVB-T stick. Thomas Kleffel Christian Daniel DVB-T im 23C3-Wiki 20:30 01:00 Saal 2 ueberwachungsdruck Wie wirkt Überwachung? Society Vortrag deutsch Wie wirkt Überwachung? Was ändert es am Verhalten von Passanten? Wir haben Experimente im öffentlichen Raum durchgeführt und präsentieren die Ergebnisse. Wie wirkt Überwachung auf normale Menschen - wir machten Experimente im öffentlichen Raum und beobachteten das Verhalten. Entstanden sind zum Teil skurile Bilder: z. B. bei ausgehängten Sonntagszeitungen: Alle Zeitungsständer einer Wiener Kreuzung wurden mit Hinweisschildern ob einer Videoüberwachung zur Steigerung der "Sicherheit" ausgestattet. Ertappte Bürger brachten Ihre Zeitungen zurück, gingen mehrfach vorbei bis sie doch unauffällig eine Zeitung mitnahmen, usw. Gegen Abend war dies eine der wenigen Kreuzungen ohne "ausverkaufte" Zeitungen. Den Effekten des Überwachungsdrucks auf der Spur. Adrian Dabrowski Martin Slunsky 21:45 01:00 Saal 2 pornography_and_technology a love affair Culture Vortrag englisch Pornography is an abstract phenomenon. It cannot exist without a medium to propagate it, and it has very little (if anything at all) to do with sex. The relationship between pornography, which is entirely fictional and sex, which is very real, very sweaty and mostly not a very aesthetic thing is something like the correlation of science-fiction literature and technological innovation: sometimes the ideas are bizarre, completely nuts and would never work without a Heisenberg Compensator - but sometimes some fragment lasts and is taken to the real world. The key to pornography is perception; perception is passive and naturally conceptional, since the eye and the brain have to translate the image (be it letters, a painting or a frame from a movie) into sexual stimulations and 'make something of it'. This is hard cognitive work that requires media competence and a high degree of ability to abstract. Contrary to the strong wish of authenticity and realism that prevails in most of the consumers, the techniques of sexual stimulation by pornography (and its side products like sex toys, for example) have become ever more fictional and not corporeal. We had to learn how to be sexually stimulated by something so far away from sex and all that precedes it that it seems almost impossible we managed it. The relationship between pornography and technology has always been a love story of sorts: new developments in technology were an inviting incentive for the emerging porno industry which in turn, as it became more powerful, was supposed to have had enough weight to influence specific technological innovations. In all this, idealism did not surface; the power of what worked and therefore paid and what did not was entirely in the hands of the (predominantly male) customers, who were assumed to be techno-savvy. The porno industry was very open-minded and experimental, and in the quest of the next hot thing that sells, interesting approaches were made. Typically, it's the porno industry that makes new developments interesting and available for the masses: one of the first fields of application of proprietary streaming solutions for example was the Cam Girls phenomenon: girls at home on their beds, who streamed their stamp-sized webcam pictures to dozens and hundreds of customers at the same time in real time. And just think of the remote-controlled dildo operated via online interface by a customer thousands of miles away at his computer. Although Pornography may not be the number one factor geeks think about when they dream up new products and new standards (they usually dream about porn seperately, if they are not Zwiebeltuete fetishists), it features largely in the consideration if something new is going to be hot or not. Tina Lorenz That ain't straw - blog on pornography 23:00 01:00 Saal 2 powerpoint_karaoke Culture Wettkampf deutsch Dieser Wettbewerb hat ein einfaches Prinzip: der Vortragende sieht die Folien seiner Präsentation bei Beginn seines Vortrages zum ersten Mal. Whitfield Diffie entwickelte einst den Prototypen der Software, deren Siegeszug seit den 90er Jahren seinesgleichen sucht. Optisch nicht immer vollkommene Powerpoint-Präsentationen mit oder ohne Nutzwert sind inzwischen zur allgegenwärtigen Gewohnheit geworden - kein Vortrag, der noch ohne die unvermeidlichen Folien auskäme. Von den vielen Milliarden Präsentationen pro Jahr haben wir einige hundert ausgewählt, denn die zuweilen kulturzersetzende Wirkung von Powerpoint kann auch ihre lustigen Seiten haben. Die Berieselung wird so zur Performance. Verena Hafner Constanze Kurz 11:30 01:00 Saal 3 freie_software Ein Erfahrungsbericht aus Malawi Community Vortrag deutsch In einem Dokumentationsbericht über ein "Free Software Projekt" erzählt Alex Antener von seinen Reisen nach Malawi in Zentralafrika und berichtet über die Erfahrungen des kulturübergreifenden Engagements an der Universität in Malawi. Der Erfahrungsbericht zeigt Möglichkeiten, Einflüsse und mögliche Alternativlösungen zu den neoimperialistischen Machenschaften der Monopolisten in der dritten Welt. Die Zusammenstellung der Inhalte zu diesem Vortrag geschieht erst im Oktober 2006, während des Aufenthaltes für das besagte Projekt. Das Projektpaper wird auf der Webseite online gestellt. Voraussichtliche Themenbereiche: - Dokumentationen und Vorträge an der Universität von Malawi - Technische Umsetzung der GNU/Linux Lösung mit LTSP - Strategien neo-imperialistischer NGO's und Monopolfirmen, Drittweltländer in Ökonomische Abhängikeiten zu manövrieren - Technische und soziale Engpässe - Brain Drain & Digital Divide Alex Antener Malawi Projekt Malawi Bilder Gallerie 12:45 01:00 Saal 3 funkerspuk radio politics in the USA and Germany in the first half of the 20th century Society Vortrag englisch The introduction of radio in the USA and Germany is compared, the role amateurs played and how the respective authorities reacted to them. Questions arise as to how those reactions were models for the treatment of younger communications technologies, and the different approaches to uncontrolled communication will be sketched out. Is "everybody can listen in" a scary thing? The role of radio amateurs in the introduction of radio and the development of radio legislation is sketched out, as well as the ways in which they were treated (by this legislation). The First World War serves as an important point of reference in making clear the differences between the two countries: The American army could already access a significant number of self-educated amateurs, while in Germany many radio operators where educated during the war for the military, and only became effective as independent amateurs after the war, when they seized military radio equipment in great numbers (the phenomen whose name gave this talk its title). While in the USA self-organised amateur organisations where listened to by Congress regarding radio legislation, and their interest actually considered, in Germany the involvement of many amateurs in the November Revolution scared the authorities so much that they became obsessed with the control and taming of radio, censorship and elimination of 'Funkerspuk' - these aims shaped radio legislation in the Weimar Republic. It was noticed how well radio is suited to broadcasting news, but nobody got the idea that freedom of the press might apply to it, too. One of the consequences was that Goebbels did not so much have to build a new control apparatus for radio than seize an existing one. Later the German quest for control boosted the development and spread of magnetic tape, while the economic interests of the commercial radio networks inhibited its use in the USA. More details in the lecture. Oona Leganovic distributing soundwaves - radio 14:00 01:00 Saal 3 10ge_monitoring_system Hacking a 10 Gigabit Intrusion detection and prevention system into a network troubleshooting tool. Hacking Vortrag englisch Capturing network packets is a valuable technique for troubleshooting network problems. Capturing at network speeds less, or up to one gigabit per second is feasible with a fast general purpose computer hardware. But that hardware is to slow for Ten gigabit per second ethernet (10GE). Hence, special hardware is required. This topic describes the modification of a commercially available 10GE networks security system, into a network analyser. Who can you trust? - Nobody, when it come to trouble-shooting network issues at an internet exchange point. An Internet Exchange (IX) operates by definition in-between different network providers. These providers are often competitors, each with their cultural and technical differences. Troubleshooting network issues at an IX involves at least three parties. Namely, the internet exchange operator and two or more ISPs. Each with its own systems, knowhow, procedures and culture. Such an environment is very different from networks were operators have control over the network components. Therefore an internet exchange operator must be able to identify and isolate network problems, without relying too much on the other parties involved, while the exchange stays in full operation. For this, the technique of passive monitoring - watching the traffic as it passes by - has proven to be extremely valuable. Passive monitoring for speeds less than 1 Gbps is possible with a fast general purpose computer and generic NICs. Numerous open source applications have been made for this. Ten gigabit per second ethernet (10GE) is another game. Special hardware is required to achieve that. The Amsterdam Internet Exchange (AMS-IX) modified Force10's P10 system to monitor 10GE connections. This system was originally designed for security applications at 10GE wire speeds. But since it is build around programmable logic, it is possible to adapt it to a useful trouble-shooting tool. Such a tool has the following features: * Ad-hoc filtering on the ethernet layer, IDS applies to the higher network layers. * Programmable counters, it is not always needed to grep the frames. Counting events is often just as useful. * Sampling, the possibility to randeomly grep frames for analysis. Useful when the exact nature of the issue is unknown. * Triggering and filtering on checksums. IDS system only filters on patterns. * Triggering and a history buffer, the possibility to capture frames transmitted before and after a certain condition was met. Not all features have been realized at this moment. But there is enough to compile an interesting presentation on what has been achieved. How that is done and the design for the missing features. Lecture and paper consists of three parts, namely: 1. Introduction to the role of an internet exchange (IX). This will not be marketing for AMS-IX. It is needed to place things into context. 2. The problem to be solved. This can be clarified with some real life examples in the lecture. 3. The chosen solution for that problem. Consisting of the Force10's P10 IDS/IPS card with modified firmware in combination with photonic cross connects (all optical switches). This will be the main part of both lecture and paper. Arien Vijn Force 10 P10 IDS/IPS system AMS-IX 16:00 01:00 Saal 3 sip_security Status Quo and Future Issues Science Vortrag englisch The presentation will give an overview on SIP security issues and show possible weaknesses in current implementations using SIP (Hardphones, Softphones, Gateways). Further, an outlook on the security of future, serverless SIP systems (P2P-SIP) will be given. The presentation will give the audience an overview of VoIP security issues, both current and future, focusing on the session initiation protocol (SIP). Today, SIP is the predominant protocol for VoIP signalling in consumer markets. The talk will present the status quo in SIP security and give an outlook on future security challenges. First, the talk will introduce signalling with SIP. Fundamental differences to the PSTN will be shown and the consequences for security will be discussed. Among these problems are: Spam over Internet (SPIT), Lawful Interception, Security of Terminals & Servers, Anonimity / Privacy, Identity Assertion & Spoofing. These problems will be explained, including the current status quo on how to mitigate these problems. Then, the talk will focus on the security of SIP terminals (softphones and hardphones) and SIP servers. We are currently testing several implementations of the session initiation protocol (SIP) in our security lab. We have designed a test framework using existing tools and developments of our own. During the presentation it will be shown how these devices (Softphones, Hardphones, PSTN-Gateways) are being tested and some results will be given. Finally, the talk will give the audience an outlook on security issues in future VoIP scenarios (e.g. Peer-To-Peer setting). P2P-SIP is currently discussed in the IETF and several internet drafts exist (see www.p2psip.org). This infrastructure change will have some serious implications on security for VoIP communications. The P2P paradigm introduces new security threats to SIP that will be explained. For instance, the lack of a central authority in a serverless setting makes authentication of end-users difficult. Options to mitigate this and other problems for P2P-SIP will (briefly) be outlined. Jan Seedorf VoIP Security @University of Hamburg P2P SIP Projects Overview 17:15 01:00 Saal 3 subverting_ajax Next generation vulnerabilities in 2.0 Web Applications Hacking Vortrag englisch Ajax and the new dynamic extensions leverage new threats that lead to innovative attack scenarios against web applications. In a world where the user learned to behave properly in his interaction with the old web interfaces, many innovative technologies are emerging. Ajax and new dynamic web extensions empower web browsers and client-server communications as well as they leverage new threats and undisclosed attack scenarious. Web 2.0 is going to be the first choice in upcoming web projects and many companies are migrating to new dynamic front-ends to increment value to their institutional sites, intranet corporates and Online Banking portals. After a quick overview of simple Cross Site Scripting attacks, the speech will focus on security aspects of Web 2.0 technologies exploring unconventional and undisclosed attacking techniques. During the presentation we will show the next step in content/request hijacking and the next generation of client-side and server-side injection. Specifically, by applying advanced Javascript techniques like prototyping we'll see how to hijack functions and objects in order to have transparent attacks without breaking javascript code in Ajax web pages. Moreover, will be shown non trivial ways to attack web pages and inject code by taking advantage of other kinds of vulnerabilities in a cross domain environment. Finally, we will see how poor design choices in web browsers would bring to new kind of attacking vectors like UXSS through plugins and sandbox framework flaws. Stefano Di Paola Giorgio Fedon Project Site 18:30 01:00 Saal 3 mining_aol_search_queries How to discover additional knowledge in the AOL query logs Science Vortrag englisch AOL recently published over 34M weakly anonymized search queries from their users by intension. This lecture gives an overview on the results of an extensive statistical analysis and data mining procedure on this dataset. Thereby, a methodology for frequency analysis, search trend mining, topic detection and even user profiling and identification will be presented. The lecture will give an overview on knowledge discovery techniques on a sample dataset of real search queries released by AOL. Although AOL anonymized the records by hiding the user name of the sender, this lecture will show how much knowledge you can already gain out of those web logs. The lecture targets on showing the dangers of progressional data collection and aggregation, particulary of rich user profile mining from search query logs. This talk split into the following paragraphs: Introduction: - Origin of the data - Aftermaths of publication General analysis of dataset: - Structure, Size - Representativeness - Distribution over time - Distribution over user - Clickthrough of ranked sites Topic analysis: - What topics do users search for? - Query distribution follows zipf's law - Statistical analysis of topic categories Search trend mining: - Time slicing the dataset - Difference analysis of search queries in consecutive slices - Do search queries correlate with current events of time? User profiling: - Generating user profiles out of search queries - Categorization of usage frequency, user's interests, competencies - Methods of user identification - Possible identification patterns Summary: - A broad spectrum of additional knowledge can be derived despite anonymization of data - User identification possible - Consequences for your searching behavior Robert data sources manual user profiling short toplist analysis 20:30 01:00 Saal 3 drm_comes_to_european_digital_tv How the DVB project is locking down TV standards and importing U.S. mistakes. Society Vortrag englisch European digital television standards (both free-to-air broadcast and pay TV) developed by the DVB project are exemplary for including no digital rights management. But now DVB is rushing to change that and impose new restrictions on receiving equipment. EFF has participated in DVB meetings on DRM for the past two years. We've learned how the broadcasting and movie industries consider existing standards (including the pro-competitive Common Interface, which can give free/open source software legal access to pay TV programming) obsolete because they were designed in the 1990s before the DRM revolution. Now these standards are being rewritten and retrofitted with DRM. Even unencrypted free-to-air broadcasts may be restricted with the European equivalent of the U.S. broadcast flag policy. And pay TV programming will be restricted by DRM even after you've paid for it and received it in your house, intentionally erasing the distinction between making people pay for TV and controlling what kinds of devices they can receive it on. The industry is explicitly looking to the U.S. models for post-reception DRM and device reguations: the broadcast flag rule for over-the-air broadcasts and the cable plug-and-play regime for pay TV. Both of these schemes require receiving equipment to be licensed, certified, and tamper-resistant, and both of them are a disaster for compatibility with software on the PC. Here, for the first time, we present a detailed account of exactly what DVB is up to in these areas, and how this work is inspired by U.S. industry demands. The plan to embed DRM into European TV standards has a lot of momentum, but maybe we can stop it in its tracks. We need to make clear that DRM-free standards are a feature, not a bug, and that standards should be made more compatible, not less compatible. Seth Schoen http://www.eff.org/IP/DVB/ 21:45 01:00 Saal 3 sie_haben_das_recht_zu_schweigen Durchsuchung, Beschlagnahme, Vernehmung - Strategien für den Umgang mit Polizei und Staatsanwalt Society Vortrag deutsch Wer online lebt und arbeitet, tut dies unter den Augen der Strafverfolger. Der Vortrag schildert, wie Durchsuchungen, Vernehmungen und Ermittlungsverfahren ablaufen. Er erklärt, wie man sich gegenüber Polizei und Staatsanwaltschaft richtig verhält. "Sie haben das Recht zu schweigen" Server beschlagnahmt. Firma durchsucht. Filesharer angeklagt. Meldungen über strafprozessuale Maßnahmen gegen User gehören längst zum Alltag. Internet und EDV sind für die Ermittlungsbehörden kein unbekanntes Terrain mehr. Equipment, Manpower und Knowledge reichen in Deutschland längst aus, um effektiv jedem Tatverdacht nachzugehen. Für Durchsuchungs- und Beschlagnahmebeschlüsse reicht Richtern häufig ein Anfangsverdacht. Das kann auch eine haltlose, anonyme Anzeige sein. Im Computerbereich hat das für den User regelmäßig fatale Folgen. Die Fahnder kassieren seine gesamte Hardware und den greifbaren Datenbestand. Sie bemühen sich nach Kräften, an Passworte für externe Dienste zu kommen. Während der Privatmann sich ins Internetcafé rettet, lösen solche Zugriffe für Firmen oftmals eine existenzielle Krise aus. Mit panischen Reaktionen, psychologisch ungeschicktem Verhalten, gar keinen (oder falschen) juristischen Schritten kann jeder Betroffene die Sache noch viel schlimmer machen. Der Vortrag zeigt, welche Rechte Betroffene haben und wie sie das Beste aus der Situation machen. I. Die Durchsuchung Fahnder kommen immer ungelegen. Umso wichtiger ist, einen kühlen Kopf zu bewahren und seine Rechte zu kennen * Still dulden oder helfen? * Reden oder schweigen? * Was dürfen/müssen Angehörige bzw. Mitarbeiter ( = Zeugen) an Ort und Stelle sagen? * Kontaktaufnahme mit Rechtsbeistand? * Was darf mitgenommen werden? * Drohung mit Untersuchungshaft? II. Das Ermittlungsverfahren Mit dem Abzug der Ermittler eröffnen sich Handlungsspielraum und Handlungsbedarf für den Beschuldigten: * Kontakt mit Polizei/Staatsanwalt; * Akteneinsicht; * Verteidungsschrift; * Drängen auf (teilweise) Herausgabe; * Höchstfristen für Beschlagnahme; * Weitergabe von Informationen/„Verdunkelung“; * Öffentlichkeitsarbeit; * Möglichkeiten für eine frühzeitige Verständigung (Deal). III. Einzelfragen * Untersuchungshaft; * Einziehung/Verfall; III. (K)ein dickes Ende Während Ermittlungsverfahren häufig mit Paukenschlägen beginnen, läutet am Ende meist nur ein Warnglöckchen – wenn überhaupt. Was gibt es wofür? Ein aus Erfahrung gespeister Überblick über Straferwartungen bei Internetdelikten. Udo Vetter 23:00 01:00 Saal 3 schlossoeffnung_staatssicherheit Werkzeuge und Vorgehen der STASI Society Vortrag deutsch Arthur Meister erläutert das operative Vorgehen und die speziellen Werkzeuge zur Schlossöffnung, die von der Staatssicherheit der DDR verwendet wurden. Von der opartiven Vorbereitung, über die Erstöffnung bis zur Herstellung von Nachschlüsslen werden speziell von der STASI entwicklete Werkzeuge und deren Einsatz gezeigt. Arthur Meister Lockpicking.ORG 00:00 04:00 Saal 3 capture_the_flag Capture the Flag Hacking Contest Hacking Wettkampf englisch mc.fly Lexi Pimendis 11:30 01:00 Saal 4 natural_language_database_interface Science Vortrag englisch We give a thorough exposition of our natural language database interface that produces result sets ranked according to the degree to which database records fulfill our intuitions about vague expressions in natural language such as `a small rainy city near San Francisco'. We present our toolset supporting the rapid prototyping of such database interfaces by means of a meta-level description of a data model and a lexicon for a query language. This talk is based on my M.Phil. thesis about Fuzzy Semantics which I submitted to the University of Cambridge Computer Lab. The thesis introduces a model of fuzzy semantics and provides some empirical evidence in support of this model. We also applied this model to produce a working natural language interface to a database which produces a ranking of all records in a database that match our intuition of, for instance, a `small rainy city near San Francisco'. In the proposed talk we will demonstrate the general background of this work, and will go into detail about one particular aspect which might be of broader interest to a hacker community: The linguistic data modelling language that we used to provide a meta-level description of a data model, together with a description of how linguistic expressions are to be interpreted with respect to the defined data model. The attachment of this submission is my thesis plus an "APPENDIX A". This APPENDIX A will constitute the focus of attention for my proposed talk. Richard Bergmair http://www.cl.cam.ac.uk/Research/NL/ http://richard.bergmair.eu/ 12:45 01:00 Saal 4 fuzzing_corporate_world The use of fuzzing in the corporate world over the years and recent implementation of fuzzing tools into the development cycle and as a requirement before purchase Community Vortrag englisch We will discuss fuzzing uses by software vendors and in the corporate world, for security auditing ("fuzzing before release") and third party testing ("fuzzing before purchase"). We will look at what contributed to this change in the use of fuzzing tools from home-grown hacking tools to commercial products, as well as how these organizations implement fuzzing into their development cycle. Fuzzing has been used for a long time in the hacker scene. Mostly, these tools have been home-grown. In the recent year, several commercial fuzzing tools appeared. These in turn are now utilized by organizations in the development cycle under the moto of "fuzzing before release", or "find the vulnerability before hackers do". Another interesting and somewhat unexpected development in the field is that end-clients are the largest consumers of advanced fuzzing technology, performing tests on software before purchase. Further, some large telcos and financial institutions now demand for products to be certified (even if not by an official seal) by fuzzing products which they authorize. Is fuzzing finally a solution to reduce vulnerabilities in products rather than just later discover them? How is it used by these corporations and third-party organizations? Some methodologies as well as examples will be presented, and we will also try to look into what the future holds. Gadi Evron 14:00 01:00 Saal 4 counter_development The Accessibility of Technology as an Addendum to Engineering Ethics in the Knowledgeable Society Society Vortrag englisch Civil disobedience is a fundamental human right in all democracies, and it has to be accessible for everyone. This includes the accessibility of politically laden technologies which have to be understandable and destructible. Many current technologies however refuse accessibility to lay people. Thus it becomes the ethical obligation of the technical expert to provide understanding and accessible means for the destruction of potentially dangerous technologies. Sandro Gaycken http://www.uni-stuttgart.de/philo/index.php?id=641 http://www.uni-bielefeld.de/iwt/gk/personen/mitglieder/ 16:00 02:15 Saal 4 openpcd_openpicc Free RFID reader and emulator Hacking Vortrag englisch This presentation will introduce and demonstrate OpenPCD and OpenPICC. The purpose of those projects is to develop free hardware designs and software for 13.56MHz RFID reader and transponder simulator. OpenPICC can be used to e.g. simulate ISO 14443 or ISO 15693 transponders, such as those being used in biometric passports and FIFA worldcup tickets. The OpenPCD project is a 100% Free Licensed RFID reader hardware and software design. It has first been released on September 13, 2006. Using OpenPCD, interested hackers can directly access the lowest layers of 13.56MHz based RFID protocols. The hardware offers a number of digital and analog interfaces, and the firmware source code is available and can be modified and compiled using arm-gcc. The OpenPICC project is the counterpart to OpenPCD. It is a device that emulates 13.56MHz based RFID transponders / smartcards. Like OpenPCD, the hardware design and software are available under Free Licenses. It has not been released yet, but the first prototypes are working and it is expected to be released before 23C3. The presentation will introduce and explain the OpenPCD and OpenPICC hardware as well as software design. Milosch Meriac Harald Welte OpenPCD homepage OpenPCD wiki 18:30 01:00 Saal 4 geschichte_der_automaten Science Vortrag deutsch Die Schachspieler und Musikautomaten des 18. Jahrhunderts sind bekannt: Weniger bekannt sind die Automaten der Antike und des Mittelalters. Der Vortrag wird einen Blick auf die Geschichte der tönenden und bewegten und meist durch Wasserkraft angetriebenen Automaten und Maschinen der Antike und des Mittelalters werfen. Ein Ausflug in die alchimistische Praxis der Erzeugung von Homunculi darf natürlich nicht fehlen. Henriette Fiebig 20:30 01:00 Saal 4 advanced_attacks_against_pocketpc_phones 0wnd by an MMS Hacking Vortrag englisch Smart phones are the new favorite target of many attackers. Also most current attacks are harmless, since these mostly rely on user mistake or lack of better knowledge. Current attacks are mostly based on logic errors rather then code inject and often are only found by accident. The talk will show some real attacks against smart phones and the kind of vulnerability analysis which lead to their discovery. This talk is about a security analysis of the PocketPC MMS (Multimedia Messaging Service) client. We will start with some background information about some older attacks against mobile phones. In the next step we will introduce to PocketPC-based phones and their security. Further we will introduce to the Multimedia Messaging Service. Here we will show how it works and how MMS messages look like under the microscope. In the main part we analyze the PocketPC MMS client and build a fuzzer for it. Since we want avoid costs by sending real MMS messages we build our own virtual mms system and make PocketPC believe that this is the real thing. In the end we will present the bugs and vulnerabilities we found, including the methods for exploiting them such as how to build your own MMS-client. So far I planned to release all information that I have kept back at defcon (exploit code, mms-client, etc...). Come to this talk if you enjoy any of the following: networking mobile phones security fuzzing hex dumps ping floods standards Collin Mulliner heise security about this talk at defcon pocketpc security 21:45 01:00 Saal 4 rootkits_as_reversing_tools An Anonymous Talk Hacking Vortrag englisch This talk will cover two rootkits used as reverse engineering tools, one rootkit support library, one IDA plugin, and talk setup material. The talk itself will be given over VOIP and VNC running over the Tor network to demonstrate a proof of concept on anonymous public speech. This talk will present Tron, an extension of the Shadow Walker memory cloaker technique. Tron is a kernel driver who can cloak userland memory, and provides an API that allows the user to cloak arbitrary process memory, set permissions, signal changes of trust, conceal DLLs, and read/write hidden memory. An accompanying IDA plugin that uses this API to conceal software breakpoints will be discussed, and Another Debugger Hiding Driver, or ADHD will be presented as well. While these tools have many legitimate uses from malware analysis to legal reverse engineering and program modding, it is possible that Tron in particular can be used as a component of a "copyright circumvention device", which renders it prohibited by the USA DMCA. For this reason, but more so out of a desire to demonstrate a "proof of concept" for how to anonymously speak publicly, the speaker will be giving the talk over VOIP and VNC relayed through the Tor network. In addition to taking questions over VOIP, the speaker will also be briefly available on IRC afterwords for questions + discussion about Tron, reverse engineering, and the speech setup. Alan Bradley How To Speak Anonymously In Public 12:45 02:15 Workshop Area secure_voip using GSM phones, Asterisk and IPsec/openvpn Hacking Workshop englisch Workshop about how to configure all the parts to get the GreenPhone/XDA/Motorola phones working with VPN software and SIP to an Asterisk on VPN. This workshop goes deeply into software/tech bits that cannot be delved into during the presentation on 28.12.2006. The presentation focusses more on VOIP security issues in general and our overal design of the secure phone infrastructure.. This workshop takes place a day after that presentation. Bring your phones and/or laptops and connect to our secure PBX! Paul Wouters Leigh Honeywell 15:00 02:00 Workshop Area opensearch Hacking Workshop englisch Who controls the information? In this modern age, search engines have a distinct influence on the retrieval of information from the internet. Another concern with the concentration of information and information about who requests that information is that non-benign parties might use this information to prosecute people. In order to remedy this situation, we came up with the OpenSearch idea: a search engine that is distributed, not under central control and therefore difficult to manipulate. In the past year, we have savoured the project idea and are now really starting to build, at first, a prototype and, later on, a full-fledged distributed search engine client. Currently, funding is being secured to give the project, which will be completely open and hopefully community driven. As part of the project, workshops and lectures are being organised in conferences and meetings primarily in Holland, Belgium and Germany. This workshop has a twofold purpose: on the one hand we hope to interest people in the project, on the other hand we want to talk about the concept, its implications and possible solutions to problems with our approach. Robin Gareus WebHome Opensearch open-search project pages 17:00 01:15 Workshop Area lobjan_workshop Culture Workshop englisch A short introduction into lojban, the logical language, for beginners who want to learn the language. Alexander Koch Lojban - A Hackers' Spoken Language http://de.wikipedia.org/wiki/Lojban http://en.wikipedia.org/wiki/Lojban 18:30 02:00 Workshop Area erfakreis_meeting Community Workshop deutsch Die Erfakreise des CCC treffen sich. fh Regionale Gruppen des CCC 20:30 01:00 Workshop Area a_not_so_smart_card getting the card issuer's secret key Hacking Workshop englisch Everyone is invited; Swiss may be a special interest group - as it affects them directly. So, if you want to turn up on the Swiss Gettogether (at 21:45) anyway, show up a little bit earlier. Consider it a warm-up! Everyone is invited; Swiss may be a special interest group - as it affects them directly. So, if you want to turn up on the Swiss Gettogether (at 21:45) anyway, show up a little bit earlier. Consider it a warm-up! $speaker https://chaostreff-zh.tuners.ch/Hauptseite 21:45 01:00 Workshop Area swiss_gettogether Community Workshop deutsch Alle willkommen! $speaker 23:00 01:00 Workshop Area nintennde_hacking_teatime Hacking Workshop englisch A nice and cozy get-together for DS homebrew hackers, wannabe DS homebrew hackers, and everyone else interested. There won't be a fixed program, just some chit-chat about the DS, the Wii and everything. If you want to * present a project of yours * know what hardware is required for running DS homebrew such as DSLinux, Moonshell, or Nitrotracker * have FlashMe installed * or just sit and watch you're invited to come over and have a tea or two. (or beer) Tobias Weyand 00:00 01:00 Workshop Area hacking_xmpp_and_jabber Hacking Workshop englisch Doing wonderful stuff in angle brackets. Brainstorming about things to do with Jabber/XMPP beyond chatting. Relaxing and hacking. fh Jens Ohlig 11:30 01:00 Saal 1 unusual_bugs Hacking Vortrag englisch In this presentation I'll present a series of unusual security bugs. Things that I've ran into at some point and went "There's gotta be some security consequence here". None of these are really a secret, and most of them are even documented somewhere. But apparently most people don't seem to know about them. What you'll see in this presentation is a list of bugs and then some explanation of how these could be exploited somehow. Some of the things I'll be talking about are (recursive) stack overflow, NULL pointer dereferences, regular expressions and more. Ilja 12:45 01:00 Saal 1 podjournalism The Role of Podcasting in Critical and Investigative Journalism Society Vortrag englisch Throughout the world, major media companies are cutting their budgets for investigative reporting. Most journalists will soon be freelancers, losing their freedom to investigate the more controversial or difficult topics. Yet at the same time, podcasting as a form of citizen journalism has risen, free of the constraints of organizations and editors. But without the funding that the tradional media enjoyed, how are podcasting journalists carrying out their work, and what does it mean for the media consumer? Pojournalism A talk led by Mark Fonseca Rendeiro aka Bicyclemark I. The media landscape prior to 2004, the desert of information a. Consolidation b. Sensationalism c. Profit Above all d. Top-Down news reporting II. The Emergence of podcasting a. Mp3 player market b. Increasing appetite for media on demand c. Desire to hear unpolished genuine voices d. Broadband, bandwith and all things band. III. Podjournalism Defined a. In relation to radio journalism. b. Regarding objective versus subjective c. As citizen reporting, bottom up IV. Present day podjournalists and the key moments in our short history. a. Josh Wolf against the federal government b. MacDocMan versus the Dutch health system c. Macaca, caught on tape V. Future Prospects and Pitfalls for citizen reporters using podcasting a. Business models and the obsession with business models b. Being acquired by big media c. Drop-out rate, pressures from 9-5 jobs. d. Punditry. VI. Earth Shattering Conclusion Bicyclemark Josh Wolf Mikeypod Bicyclemark's Communique Democracy Now Radio Open Source 14:00 01:00 Saal 1 tv_b_gone Better Living Through Inventing Hacking Vortrag englisch It is possible and desirable and fun to invent and create technologies that help our world. Have you ever wanted to shut off a TV that was annoying you in a public place? My extraordinarily popular invention, TV-B-Gone has made it fun to turn off TVs in restaurants, pubs, airports... Using my invention TV-B-Gone as a demonstration, I'll talk about the following interrelated topics: the inventing process, technical details about how TV-B-Gone works, how to have fun changing the world, using cool inventions as a fabulous way to be an effective media-whore, as well as some possibilities for living a fulfilling existence on our modern world. And I'll have plenty of TV-B-Gone remotes with me. Mitch TV-B-Gone 16:00 01:00 Saal 1 security_nightmares Oder: worüber wir nächstes Jahr lachen werden Hacking Vortrag deutsch Security Nightmares - der jährliche Rückblick auf die IT-Sicherheit und der Security-Glaskugelblick für's nächste Jahr. Security Nightmares betrachtet die Vergangenheit, Gegenwart und Zukunft von Sicherheitsvorfällen in der IT. Wir machen eine Rückschau auf unsere Vorhersagen vom letzten Jahr, unterhalten uns darüber, was sonst noch passiert ist, und wagen dann die Vorschau ins nächste Jahr. Frank Rieger Ron 17:15 01:00 Saal 1 fnord_jahresrueckblick Wir helfen Euch, die Fnords zu sehen Community Vortrag deutsch This talk will be held in German. Der Fnord-Jahresrückblick widmet sich der politischen und sozialen Entwicklung der Welt im letzten Jahr im Zeitraffer. Mainstream-Nachrichten finden dabei nur Beachtung, wenn sie besonders schöne Fnords enthalten. Strukturen, Verschwörungen und lustige neue Trends, die Euch sonst entgangen wären oder schon wieder vergessen sind. This is a news show about events you might have missed in the mainstream news media. Frank Rieger Felix von Leitner Fefe's Blog 18:30 01:00 Saal 1 culture_jamming_discordianism Illegal Art & Religious Bricolage Culture Vortrag englisch Discordianism is somewhere between a joke and a religion, and at the same time manages to be something else entirely: social bricolage. This presentation will cover the roots of culture jamming in early art and theatrical movements, and then move through the history of prankster groups and on to Discordianism where the pranksters are prophets. If you're at the CCC, you probably have some idea of what Discordianism is about. This presentation will show the rich cultural web of influences on Discordianism and show where it seems to be heading in the future. For those not in the know, Discordianism is something between a joke and a religion. Founded by a couple of beatniks about fifty years ago, Discordianism venerates the ancient Greek goddess of chaos, Eris, and her Roman counterpart Discordia. Robert Anton Wilson popularized Discordianism with his Illuminatus! Trilogy and Schroedinger's Cat Trilogy. Culturally, Discordianism often winds up being the religion of the surrealists and reality hackers, poking fun at the solemnity of others as they seek to connect with the divine. Still, many people are devout esoteric Discordians (for all that seems to be a contradiction), and this presentation hopes to show some of Discordianism's influences and history. Before we're done, we'll take a look at where Discordianism is today, and where it seems to be headed in the future. It is important to start at the begining, so we'll look to the Surrealists and Dadaists to get an idea of some of Discordianism's earliest influences. Satire has always been a part of society, but the Surrealists and Dadaists took it to a new level by learning to live in satire and social commentary. Bricolage and pastiche define a sort of social collage-making, where diverse ideas are patched together to form something new and often critical of the original. Discordianism relates to many of the new illegal art movements by doing the same thing with religion. We'll cover billboard liberation, mashups, and other forms of illegal art as related movements. Prankster movements have had a sort of infinite loop of influence on Discordianism. We'll talk about prankster movements from the Situationists to the Cacophony Society and glamourbombing. Discordianism needs all of these influences to remain whole and healthy as our ideological parents die off and we ourselves must replace them. Discordian.com strives to create Discordianism as a rich subcultural untradition where everyone consults their pineal glands. We'll talk about the current state of Discordianism in the world, from events such as KallistiCon and the Free Spirit Gathering to online fora and meeting places for Discordians. These days, Discordianism is taking its influences from both art and the esoteric, moving into a quasi-magical paradigm where reality hacking can happen just as much with a couple of candles and incantations as it can with a computer. Autumn Tyr-Salvia Fox Magrathea Discordian.com WikiPedia on Discordianism 19:30 01:00 Saal 1 closing_ceremony Who did you trust? General Vortrag englisch Tim Pritlove 11:30 01:00 Saal 2 botnet_detection How to find, invade and kill botnets automated and effectively Hacking Vortrag englisch Botnets are one of the most buzzy buzzwords out there today in the computer security world. The presented approach allows us to take reliably care of these, such that managers hopefully will not react on ``botnet'' in 2008 any more. This technology allows for automated catching of malware with the now somewhat known nepenthes daemon, automated analysis with CWSandbox and other sandboxes, automated botnet snooping with the botsnoopd daemon and finally (semi-)automated mitigation using various weapons. Hopefully, our autonomous approach will never turn against the human race and begin the final war... This presentation explains the various components of our approach to botnet detection and mitigation from the beginning to the end in detail. First, we will have a look at nepenthes; see how it has evolved, works and also point out some weaknesses. nepenthes is a versatile tool for malware collection and available under the GPL license at <http://nepenthes.mwcollect.org/>. Although, people have presented on it on various conferences, this tool is still not known by a lot of malware researchers. Additionally, most presentation focus on the results you can achive with nepenthes, whereas this presentation will show you how it really works. The next step in botnet mitigation then is to sandbox the malware to gather information about the botnet itself, e.g. server hostname, channel names or for other types of botnet, the other relevant information for connecting to it. Our current approach is based on the CWSandbox developed by Carsten Willems at the RWTH Aachen, not available to the public. We however also work with the Chinese Honeynet Project's work (MWSniffer), experiment with Norman's work (Norman Sandbox) and plan to include Emsi's work in the future (CodeKnigge). After sandboxing the malware, we automatically connect into the botnet and snoop all relevant commands, traffic and generate statistics (some fancy charts that is). This allows us to generate statistics about DDoS attacks carried out throug monitored botnets, gather intelligences about identity theft and provide LEOs with relevant information (the most reliable way to mitigate botnets). We closely cooperate with the ShadowServer crew for botnet monitoring. Once a botnet has been identified as a severe threat to the Internet, it can be shut down (semi-) automatically. Since we wanted to stay away from a solely automated atomar weapon, which might be fooled to be autonomously fired at Washington, D.C., we still have to confirm the mitigation process. Mitigation involves notification of involved ASNs, botnet sinkholing and DNS poisoning. Additionally, cooperation with some German ISPs will hopefully enable us to cut off infected clients from the Internet in the future. Georg 'oxff' Wicherski Vortrag mit Teilüberschneidung auf der ph-neutral 2006 Ähnlicher Vortrag auf BH Asia 12:45 01:00 Saal 2 virtuelle_sicherheit Mandatory Access Control und TPM in Xen Hacking Vortrag deutsch Xen bietet aufregende neue Sicherheitsfunktionen: Mandatory Access Control und virtuelle TPMs. Der Vortrag stellt diese Funktionen vor, berichtet von ersten Erfahrungen und zeigt ihre Grenzen auf. Der Trend zur Virtualisierung ist ungebrochen. Verschiedenste Hersteller bieten Software- und Hardware-basierte Virtualisierungslösungen an. Mit XEN ist auch eine OpenSource-Lösung verfügbar, die inzwischen auch Einzug in Rechenzentren gefunden hat. Häufig wird jedoch bei diesen Lösungen die Sicherheit vernachlässigt. Xen bietet in zwei vollkommen neue Ansätze, die ich in diesem Vortrag vorstellen möchte. 1. Xen bietet die Möglichkeit den virtuellen Gastsystemen ein virtuelles Trusted Plattform Module zur Verfügung zu stellen. Dabei kann Xen im Hintergrund auf ein physikalisches TPM zurückgreifen. Steht dies nicht zur Verfügung kann Xen jedoch auch das TPM komplett simulieren. Speziell für TPM-Versuche ohne TPM-Hardware ist dies recht interessant. Auch als möglicher Angriffsvektor auf ein Betriebssystem, welches TPM verwendet bietet sich der Simulator an. 2. Xen bietet mit sHype ein Mandatory Access Control Framework. Hiermit kann der Zugriff auf Ressourcen und die Kommunikation der unterschiedlichen Domänen eingeschränkt werden. Mit Hilfe dieses MAC ist es möglich die Domänen untereinander zu schützen. Dies ist insbesondere wichtig, wenn Xen im Rechenzentrum in einem Cluster eingesetzt wird. Im Cluster kann der Xen-Gast auf einem beliebigen physikalischem Host betrieben werden. Häufig dürfen aber aus Sicherheitsgründen nicht zwei bestimmte Gäste gleichzeitig auf demselben physikalischem Host laufen oder auf dieselbe Resource zugreifen. sHype bietet hier die Möglichkeit Einschränkungen zu definieren. sHype befindet sich noch in der Weiterentwicklung. Einschränkungen bei dem Zugriff auf das Netzwerk und Netzwerkspeicher sind im Moment in der Entwicklung. Der Vortrag stellt die neuesten Entwicklungen und die Erfahrungen bei der Anwendung dieser Sicherheitsfunktionen vor. Ralf Spenneberg 14:00 01:00 Saal 2 inside_vmware How VMware, VirtualPC and Parallels actually work Hacking Vortrag englisch Virtualization is rocket science. In cooperation with the host operating system, VMware takes over complete control of the machine hundreds of times a second, handles pagetables completely manually, and may chose to wire (make-non-pageable) as much memory as it chooses. This talk explains why it still works. In 1999, VMware was the first virtualization solution for x86. 7 years later, there are only two competitors: Microsoft with VirtualPC (by dynarec genius Eric Traut of Apple DR fame) and that obscure Russian company that seems to offer the same product unter 3 different names (SVISTA, 2ON2, Parallels). The open source plex86 by Bochs creator Kevin Lawton failed. All this suggests that x86 virtualization is rocket science. This talk first summarizes some basic operating system features, like scheduling, managing page tables, and providing a system call interface, in order to have a common basis that can be talked about. The main part is about the tricks a conventional virtualization solution has to apply to run the guest operating system as a user mode process: The virtual machine monitor (VMM) has to set up address spaces for guest code, handle two-level pagetables, switch between the host and the guest(s), trap I/O accesses, and help cooperate in memory management between the host and the guest(s). The third part of the talk explains why the x86 architecture is not strictly virtualizable, what tricks VMware, VirtualPC and Parallels use to still make it possible, and what in what way Intel VT (Vanderpool) and AMD SVN (Pacifica) help to make x86 virtualization easier or possibly more efficient. Michael Steil A Comparison of Software and Hardware Techniques for x86 17:15 01:00 Saal 2 sflow I can feel your traffic Science Vortrag englisch The explosion of internet traffic is leading to higher bandwidths and an increased need for high speed networks. To analyze and optimize such networks an efficient monitoring system is required. The sFlow standard describes a mechanism to capture traffic data in switched or routed networks. It uses a sampling technology to collect statistics from the device and is for this reason applicable to high speed connections (at gigabit speeds or higher). sFlow is a sampling mechanism suitable for collecting traffic data of high speed networks. A relative small stream of sFlow datagrams provides enough information for statistical analysis of traffic flows. An Internet Exchange (IX) interconnects various network providers, for example ISP's. The Amsterdam Internet Exchange (AMS-IX) is by its amount of traffic the biggest Internet Exchange in the world. To give the AMS-IX members more insight into their peering traffic and provide information to optimize the network structure, AMS-IX is using sFlow for its traffic analysis. A throughput average of more then 100 Gb/s gets analyzed by an open source software developed in perl. Due to sFlow providing a whole captured packet (layer 2 - 7) AMS-IX also provides information for example on the growth (or lack off) of IPv6. Information about the sort of traffic might be misunderstood and politically misused therefore AMS-IX restrains itself to layer 2 and the developed software doesn't decode the provided packets above L2. This topic will contain an introduction to the sFlow sampling mechanism, the information provided by the sFlow datagrams and how they can get analyzed. Besides that, existing tools and the software developed and used at AMS-IX will be presented, and some results of the analysis will be shown. The software will be hopefully also deployed at the 23C3, and finally we will also see statistics about the network traffic of the conference. Elisa Jasinska jasinska.de/sFlow sflow.org ams-ix.net 18:30 01:00 Saal 2 23c3_network_review Community Vortrag englisch An Introduction into the structure and design of the congress network - featuring a description of hardware setup and focusing on the Backbone Network infrastructure and Wireless LAN. Building a high-demand network in less than 72hrs is a job that requires sufficient planning in advance. It starts with organizing hardware that is capable to serve the usage profile of about 2342 power-users and ends in asking providers to contribute in upstream connectivity. This talk will give you an outline of what the NOC people do - beginning month before congress doors open. 23c3 network concept is based on the experiences of the last congresses So this talk will show you, why network is the way it is. Focus of this talk is wired network from access layer to the backbone and our Wireless LAN. It intends to give network administrators a brief overview of our approach to meet all requirements. Stefan Wahl Niels Bakker Maxim Salomon Elisa Jasinska 11:30 01:00 Saal 3 csrf Causes, Attacks and Countermeasures Hacking Vortrag englisch A detailed introduction to Cross Site Request Forgery. This talk presents the fundamental cause of this vulnerability class and examples of potential attack consequences. The second half of the talk is devoted to avoiding and countering CSRF: Implementing CSRF proof session handling, transparent retrofitting of legacy applications and methods for client side protection. Cross Site Request Forgery (CSRF, a.k.a. Session Riding) attacks are public at least since 2001. However this class of web application vulnerabilities is rather obscure compared to attack vectors like Cross Site Scripting or SQL Injection. As the trend towards web applications continues and an increasing number of local programs and appliances like firewalls rely on web based frontends, the attack surface for CSRF grows continuously. While being is some cases as dangerous as e.g. Cross Site Scripting, CSRF vulnerabilities are often regarded as negligible. Moreover, this vulnerability class is often simply unknown to some web application developers. Many misconceptions on countering CSRF exist because of this obscurity. The talk will not only show how to avoid XSRF but also how NOT to do it. Furthermore, most presentations on CSRF only address attacks on cookie based session management. This talk will also cover attacks on http authentication, client side SSL and IP/Mac based access control. CSRF is an attack that targets the user rather than the web application. As long as web applications do not take measures to protect their users against this threat, it is important to investigate possibilities to implement client side mechanisms. This talk will cover a new anti-CSRF Firefox Extension, which is currently under development as well as "RequestRodeo" - a client side proxy, which was, to the best of our knowledge, the first client-side solution for protection against XSRF attacks. Justus Winter Martin Johns Cross Site Reference Forgery - An introduction to a common web application weakness RequestRodeo - Client Side Protection against Session Riding NoForge - Preventing Cross Site Request Forgery Attacks 12:45 01:00 Saal 3 software_reliability An overview on design and generation of safe and reliable Software Hacking Vortrag englisch The challenge of designing reliable is managed different in every industry. This lecture will give an overview how safety critical and reliable software is designed and produced in the area of aerospace industry and why this could also be interesting for other applications (like web-design) "The greatest of faults, I should say, is to be conscious of none. " - Thomas Carlyle It is the humans most valuable gift to be unprescise – as many new things would not be discovered otherwise. But for reliable (software) development this evolutionary gift turns to be a big challenge as the final product shall not contain any faults. This lecture is about preventing development faults on the example of the aerospace and automotive industry. Part one of this lecture is a basic introduction why reliability is an issue at all. It is obvious that a failure in the primary flight control will seriously endanger the live of people. But buried under functionality of a e.g. Web-application the criticality of these application cannot easily recognized. Often these application are not directly live threatening, but the loss of the income source also endangers lives (at least the quality). Part two will introduce the DO-178B standard with which the aerospace industry tries to handle the reliability challenge. The basic idea of this quality standard is very simple: “SW shall contain only functionality it has to”. To achieve this postulate the DO-178B specifies a series of processes and documents (which can be seen as artefacts of these processes). Of course some examples will illustrate this part. The last part will summarize the lecture and gives some ideas on the (re-)usage of the described methods for “classic” (non-safety critical) application. Erwin Erkinger Dell Webshop – PC for 5,33€ Apollo Guidance Computer Sir Peter Ustinov Institut zur Erforschung und Bekämpfung von Vorurteilen Computer-Related Incidents with Commercial Aircraft Les Hatton – Safer C EASA DO-178B FAQ 14:00 01:00 Saal 3 we_are_great_together monochrom Culture Vortrag englisch A talk medley from monochrom, a worldwide operating collective from Vienna dealing with technology, art, context hacking, and philosophy which was founded in 1993. They specialize in an unpeculiar mixture of proto-aesthetic fringe work, pop attitude, subcultural science, and political activism. Their mission is conducted everywhere, but first and foremost "in culture-archaeological digs into the seats (and pockets) of ideology and entertainment". This session will be a little tour-de-farce about their projects and political motivation. A joyful bucket full of good clean fanaticism, crisis, language, culture, self-content, identity, utopia, mania and despair, condensed into the well known cultural technique of a gala show. Among their projects, monochrom has released a leftist retro-gaming project, established a one baud semaphore line through the streets of San Francisco, started an illegal space race through Los Angeles, buried people alive in Vancouver, and cracked the hierarchies of the art system with the Thomann Project. In Austria they ate blood sausages made from their own blood in order to criticize the grotesque neoliberal formation of the world economy. Sometimes they compose melancholic pop songs about dying media and they have hosted the first annual festival concerned with cocktail robotics. At the moment they're planning a conference about pornography as one of the driving forces of technological innovation. They also do international soul trade, propaganda camps, epic puppet theater, aesthetic pregnancy counseling, food catering, and - sorry to mention - modern dance. Johannes Grenzfurthner 16:00 01:00 Saal 3 critical_theory_and_chaos Adorno, Wilson und Diskordianismus Community Vortrag deutsch Kritische Theorie, wie sie sich vor allem an Adorno festmachen lässt, und Diskordianismus, der als Philosophie des Chaos zum Namensgeber des veranstaltenden Vereins wurde, gehören zu den am weistesten verbreiteten Elementen des 'social hacking'. Jedoch ist gerade in den letzten Jahren des Adbusting und des Hacktivism unübersehbar geworden, daß von beiden Denktraditionen in der Hauptsache stark vereinfachte und oft auch ideologisch abgeschlossene Formen Verwendung finden: Kritische Theorie wird zumeist auf ein unbestimmtes Unbehagen an der Kulturindustrie, der Globalisierung und den technologischen Entwickungen reduziert, während Diskordianismus zur Illustration oft bedenklicher Parteinahmen für irrationale politische Auffassungen dient. Im Vortrag wird der Versuch unternommen, die Kritische Theorie dem diskordischen Witz auszusetzen und den Diskordianismus der Ideologiekritik. Während Wilson sich zahllosen Realitätstunneln in Teilnehmender Beobachtung aussetzt, in jeden Abgrund schaut und sich möglicherweise experimentell hineinfallen lässt, denkt die Kritische Theorie vom Wissen um den Holocaust, dem einen großen Abgrund aus, dessen Wiederholung es unbedingt zu vermeiden gilt. Und während vieles ihrem Blick entgeht, kann man Wilsons Neophilie und Optimismus, seinem Vorspielen von Möglichkeiten und nichts zuletzt der teilweise an Selbsthilfe-Handbücher gemahnenden Aufforderung, neue Möglichkeiten des eigenen Nervensystems zu spielen, vorwerfen, den Fokus von den gesellschaftlichen Verhältnissen weg und auf die (Eigen-)Schuld des Einzelnen zu richten. Wobei auch der Kritischen Theorie klar ist, dass die Verhältnisse so sind, wie sie sind, weil sie von jedem einzelnen ständig reproduziert werden. Eine Huhn-oder-Ei-Frage also? Alles bloß eine Frage der Perspektive? Wenn nun der Versuch unternommen wird, die Kritische Theorie dem diskordischen Witz auszusetzen und den Diskordianismus der Ideologiekritik, soll es dabei um zweierlei gehen: Erstens um eine Freilegung des jeweiligen Potentials, um die Frage danach, worin sich die populäre Version von diesem Potential unterscheidet oder ihm gar entgegensteht. Hierzu wird die diskordische Infragestellung des je eigenen Standpunktes der intellektuellen Autoritätsvorstellung der Kritischen Theorie entgegengehalten und andersherum die vermeintliche diskordische Offenheit, etwa im verschwörungstheoretischen Diskurs, ideologiekritisch betrachtet. Es wird diskordische Witze über Adorno geben und in der Gegenrichtung adornitische Humorkritik. Zweitens soll es um die Möglichkeiten der wechselseitigen Anregung gehen, wobei zu diskutieren sein wird, inwiefern diese Wechselwirkung wegen der verschiedenen sozialen und politischen Hintergründe der beiden Denktraditionen nicht zustande kommt. Hier wird das jeweilige Bild vom andern interessieren und die Frage, welche Szenen und Bewegungen sich jeweils aus welchen Motiven für eine der beiden Ideengebäude entschieden haben. Zur Diskussion stellen sich die Möglichkeiten einer kritischen Bewaffnung des Chaos und eine Psychedelisierung der Kritischen Theorie. Daniel Kulla Oona Leganovic Daniel Kulla weblog Oona Leganovic weblog 17:15 01:00 Saal 3 krypta Community Vortrag deutsch Funkfeuer (0xFF), als freie Netzwerkinitiative in Wien eine Schwester von Freifunk, begann vor 2 Jahren damit ein "Community Serverhousing" aufzubauen. Wie beim Aufstellen von WLan Router, stoesst man dabei auf logistische, technische und soziale Aufgaben, die es zu loesen gilt um erfolgreich kostendeckend in Betrieb gehen zu koennen. Dieser Vortrag soll vermitteln wie es moeglich werden kann, mit wenigen Mitteln und viel Lobbying zu einem kuehlen, dunkeln Ort zu kommen in dem Rechner zusammenfinden und sich wohlfuehlen. Das "wenige Mittel" sollte vielleicht ein bisserl relativiert werden - wir haben hier 1 GBit ueber Glas zum VIX (vienna internet exchange). Der Titel sollte moeglicherweise geaendert werden in "DIY lowcost ISPgrade Housing". Wir (ich hoff ich mach das nicht allein) haben da auch ein paar Filmchen vom Wandeinreissen, ner Fuehrung durch die Lokatino, Schotter der ueber die Rutsche runterkommt, usw. usf. Folgende Punkte haetten wir gern erlaeutert .) Uebersicht ueber die Technik wir arbeiten - warum willst du Fiber nicht selbst splicen wenn du es noch nie getan hast (Don'ts) - wie wir BGP fahren und warum da OS-Wars egal werden. (HW Auswahl, Konfig, VLans und der ganze Schmafu) - Staub ist boese, reiss keine Waende ein ohne vorher zu ueberlegen. - Warum du nen Physiker dabei haben willst (Stroemungslehre fuer arme) - Ventilation - Medienkonverter sind gemeine kleine Biester - The Redeemer unser Provisioning - http://sourceforge.net/projects/redeemer/ .) Soziale und Logistische Aufgabenstellungen: - wie wir zur eigenen AS gekommen sind. (RIPE, lobbying bei den ISPs) - was macht RIPE ueberhaupt, wieso IP Adressen nicht unbedingt zuhauf fuer jeden verfuegbar sind und ab wann ihr zahlt - warum kosten 20GB Transfer in .at 39,90 € und was 1 TB internationaler/nationaler Traffic kostet - auswahl der Lokation - Gegengeschaeft rentieren sich - Die natuerliche Grenze unserer Farm - Irgendjemand muss das zahlen - und warum du daraus kein Termingeschaeft mit "Kunden" machen moechtest - Worauf und Mit wem du dich nicht einlassen moechtest - Warum wir das machen - und "Kabelsalat ist gesund" nur eine Motivation ist. .) Zukunft, laufende Projekte - KaOS - KryptaOS Umweltkontrollsystem, LART Tool, Schliess- und Ueberwachungsystem ueber ne Konsole - GBit to every NIC (or at least to our Router) Chris Kummerer Markus Sulzbacher Andreas Marksteiner Teemu Schaabl 18:30 01:00 Saal 3 gesundheitskarte_101 Hacking Vortrag deutsch Haben die Gesundheitskarte-Projektleiter aus den bisherigen Fehlern gelernt oder machen sie alles nur noch schlimmer? Die Projekt-Firma (gematik) hat sich jetzt den Geschäftsführer von FISCUS (dem monströs verkackten Finanzamt-Software-Großprojekt) als Geschäftsführer ins Boot geholt. Es ist nicht auf Anhieb klar, wie man das als gutes Zeichen auslegen kann. ThoMaus 11:30 01:00 Saal 4 ego_striptease Blogs, flickr, etc: warum machen wir es ihnen so einfach? Society Vortrag deutsch Als Orkut aufkam, gab es zwei Sorten Menschen: die einen wetteiferten um die meisten Invitations, die anderen schüttelten den Kopf ob der Bereitwilligkeit, eine Datenkrake zu füttern. Heute manifestiert sich das Phänomen als flickr, del.icio.us, upcoming.org und blog - kurz gesagt "soziale Web 2.0 Anwendungen". Wieso lassen wir uns alle so bereitwillig taggen, kommentieren und outen? In Kreisen, in welchen Datenschutz und Informationsfreiheit am meisten diskutiert werden, finden sich verstärkt jene, die einen wahres Datensammelsurium ihrer selbst hinterlassen - sei es in ihrem Blog, in dem sie ueber ihren Umzug und die neue Wohnung berichten, sei es in kollaborativen Fotogallerien, in denen sie sich mit anderen Hackern beim Grillen ablichten lassen, sei es in Form von Favoritenlisten von Heimvideoseiten oder in kollaborativen Linksammlungen. Dies erscheint wahrscheinlich nicht nur uns paradox. Wie kommt es, dass wir, die es besser wissen muessten, uns so bereitwillig all jenen ausliefern, die mit diesen Daten etwas anzufangen wissen? Ist es wirklich nur Technikverliebtheit, um beim neusten, tollsten, buntesten Tool ganz vorne mit dabei zu sein? Unerkannt und anonym zu bleiben war doch mal wichtig. Hat es $agency wirklich nötig, uns abzuhören, um zu wissen mit wem wir wann wo reden oder wie unsere politische Gesinnung ist? Teemu Schaabl Jule Riede-Buechele 12:45 01:00 Saal 4 juristische_fragen_um_die_mitbenutzung_fremder_wlans Zivilrechtliche und strafrechtliche Haftung Society Vortrag deutsch Der Vortrag gibt einen Überblick über den rechtlichen Rahmen des WLAN-Surfens im Zivil- und Strafrecht mit aktueller Rechtsprechungsübersicht. Der Vortrag beschäftigt sich mit den rechtlichen Problemen im Zivil- und Strafrecht der unerlaubten Mitbenutzung von Funknetzen. Differenziert nach geschützen und ungeschützten Netzen hat der Schwarzsurfer mit Schadens-, Bereicherungs- und Unterlassungsansprüchen zu rechnen, teilweise sogar mit strafrechtlichen Sanktionen. Ein Überblick über die aktuelle Rechtsprechung rundet den Vortrag ab. Die aktuellen Änderungen durch das bevorstehende Computerstrafrechts-Änderungsgesetz werden in einem Ausblick vorgestellt. soeren Die zivilrechtliche Haftung für die unerlaubte Mitbenutzung privater Funknetze Homepage des Referenten 14:00 01:00 Saal 4 nerds_und_geeks Eine kulturanthropologische Untersuchung Culture Vortrag deutsch In dem Vortrag sollen die Ergebnisse einer kulturwissenschaftlichen Forschungsarbeit vorgestellt und diskutiert werden. Dabei wird der Begriff Nerd eher als Konstrukt, und weniger als gegeben betrachtet. Vorgestellt werden vor allem die Ergebnisse aus Interviews, teilnehmender Beobachtung und einer qualitativen Umfrage. „Vor einem Jahr hörte ich erstmals das Wort Nerd. Von einer Amerikanerin erfuhr ich, dass man während ihrer Highschool-Zeit vor zwanzig Jahren zuerst kein passendes für diese, bei den Studentinnen weniger beliebten Kommilitonen gekannt habe, aber plötzlich wäre Nerd aufgetaucht und alle wären für dieses dringend benötigte Word dankbar gewesen wie für einen lang ersehnten Regenschauer.“ Diese Feststellung, die Max Goldt in seinem Aufsatz aus dem Jahre 1998 über das Wesen des Begriffs „Nerd“ macht, charakterisiert im Ansatz die Diffusität der Konnotationen, die im Zusammenhang mit diesem, im deutschen Sprachraum relativ jungen Begriff anklingen. Im englischsprachigen Raum hat er eine längere Geschichte und findet dadurch auch im wissenschaftlichen Diskurs Niederschlag. Eine Definition des Konstruktes ist dort also viel eher möglich. In Deutschland ist der Begriff deutlich jünger und dadurch wesentlich schlechter zu definieren. Und umgekehrt ist das Konstrukt in keiner Weise begrifflich greifbar oder definierbar. Vielmehr existieren mehrere Begriffe nebeneinander. Also stehen wir vor zwei Problemen: Einerseits bestehen für denselben Begriff verschiedene Bedeutungen, die von dem klassischen US-amerikanischen Bild des Strebers bis hin zu dem einsamen, autistischen Computer-Freak reichen. Andererseits existieren unterschiedliche Stereotype, die im Sprachgebrauch oft nur unklar und diffus umrissen sind. Als Folge der immer größer werdenden Bedeutung von Computern und Technik in unserem Leben, hat sich ein neues Stereotypbild herausgebildet, das, obwohl nicht immer namentlich bekannt, doch eine weite Verbreitung gewonnen hat. Das Bild des oft langhaarigen, blassen, bebrillten Einzelgängers, der nur vor dem Computer sitzt, wird meist durch wenige Schlüsselwörter erkannt und eingeordnet und hat somit einen hohen Wiedererkennungswert. Dabei nimmt der Computer mittlerweile eine Schlüsselrolle ein. Ein Nerd wird, dem Stereotyp zufolge, in erster Linie über die intensive Beschäftigung mit seinem Computer definiert, die jeglichen Betätigungen im sozialen Umfeld, beziehungsweise mit der eigenen Körperkultur, unterbindet. Überspitzt formuliert: Für soziale Kontakte oder Körperpflege fehlt dem Nerd die Zeit. Es wäre allerdings falsch, im Rahmen einer möglichst umfassenden Betrachtung nur dem Stereotyp Aufmerksamkeit zu widmen. Vielmehr hat sich in den letzten Jahren auch eine Art Subkultur gebildet, für die der Begriff „Nerd“ nichts Abwertendes mehr darstellt, sondern vielmehr die Gelegenheit gibt, eine eigene Identität zu schaffen und sich dadurch aufzuwerten. In diesem Vortrag soll versucht werden, sich dem Konstrukt und auch dem Phänomen des Nerds auf Basis einer empirischen-kulturwissenschaftlichen Analyse, vorsichtig anzunähern und dem Konstrukt und Phänomen „Nerd“ im deutschsprachigen Raum einen zumindest partiellen volkskundlichen Zugang zu verschaffen. Es sollen die Ergebnisse aus Interviews, Umfragen und teilnehmender Beobachtung erläutert und gerne auch diskutiert werden. Mareike Glöß 16:00 02:00 Saal 4 lightning_talks_day_4 Lightning-Talk Definition: Lightning Talks is a daily event. which consists in one hour of several short talks. Each talk is limited to five minutes. Goal: There is one slot for Lightning Talks each day of the congress. The goal is to present 10 talks within each slot. So this might be up to 40 interesting talks in total. See the Wiki page for current info. Sven Guckes b9punk Wiki page 11:00 01:00 Workshop Area one_laptop_per_chilp project proposals Society Workshop englisch What tools do children need to learn to understand and hack their own environment? Specific proposals of collections of beauty, stories, visualizations, tools, games and more. sj One laptop per child website 12:00 01:45 Workshop Area gephex workshop by sMIG Science Workshop englisch Gephex is a modular video jockey software. The base visuals can be chosen from sources like video files or cameras. Then they can be modified by filters and mixers. Each modifier has several parameters, that can be controlled by signal-generators, input devices like joysticks, sound cards, or midi-devices. Gephex runs on GNU/Linux, Win32, Mac OS X, and FreeBSD. The effect engine is independent from the user interface, which can be de- and attached at runtime. All effects and media streams are extendible by plugins. Gephex is written in C++. Visual Berlin http://svens.ath.cx/darcs/gephex–svens 14:00 01:00 Workshop Area german_lobjan_meeting Community Treffen englisch A chance to meet other European lojbanists and to discuss actions to build up a stronger German lojban community. Alexander Koch Lojban - A Hackers' Spoken Language http://de.wikipedia.org/wiki/Lojban http://en.wikipedia.org/wiki/Lojban 16:00 01:30 Workshop Area 3l Hacking Workshop englisch artificialeyes.tv have been working for over one year on a new software for commercial release, coded in c, java, and utilizing the max/msp/jittter programming environment to create a universal binary release taking advantage of the latest intel processor power advances recently integrated into the apple platform. 3L stands for 3 levels of 3D creation and compositing, with granular control over all aspects of analysis and manipulation of mesh objects mapped with video in real time. The software attempts to bridge the divide between tools such as processing and vvvv with more user friendly live performance toolboxes such as modul8 and grid pro. With it's revolutionary slider design, which allows not only micro-granular control over all data streams but allows the linking of sliders and parameters in a manner similar to audio programs such as ableton live or cubase, 3L puts all controls at the performer's fingertips with a minimum of effort. Standard features include a full featured preset system allowing interpolation between any two presets of multiple parameters. Mesh objects and 3D models can be mapped with any selection of four individual movie players, text and gradient synthesizers, as well as live inputs. A feature rich shader set takes all graphic processing off of the CPU and puts it on the GPU where it belongs for blazing fast fx performance. Scheduled for commercial release in January 2007, this will be the first public presentation of this unique new real-time 3d performance tool for VJ's and generative visual artists. Visual Berlin