Volldampf voraus! Berliner Congress Center (bcc) Berlin 2007-12-27 2007-12-30 4 1.01 10:00 00:15 11:00 00:30 Saal 1 opening_event Welcome everybody! Community other en Welcome to the Congress! Tim Pritlove 11:30 01:00 Saal 1 steam_powered_telegraphy A League of Telextraordinary Gentlemen present the marvel of Telex on the Net - driven by a steam engine Making lecture en We have built and modified a steam-powered Telex machine and connected it to the new-fangled invention for modern telegraphy known as "the Internet". We will present this steampunkish invention in form of a lecture, thus hoping to enlighten interested ladies and gentlemen on the principles of steam engine physics, 5-bit Baudot encoding, and historic telegraphy in general. "The Magnetic Telegraph annihilates distance. So complete is this annihilation that the newspapers at Baltimore have made arrangements to report the proceedings of congress by telegraph, so as to have the intelligence from the capital (40 miles distant) as soon even as the Washington papers. A like effect will happen when the line is established between New York and Boston. The news from Europe brought by the Boston packet will be known in New York (220 miles distant) as soon as it is in Boston." -- Albany Argus, The Magnetic Telegraph, 1845. Telegraphy truly holds the potential to connect the world, from the icy lands of Russian Alaska to the centres of modern progress in Manchester and London and the farest corners of Her Majesty's Empire in India or former colonies in America. Over the last few months, a League of Telextraordinary Gentlemen at the Chaos Computer Club Cologne, after having acquired a historic Telex machine, have built a steampunkish modification of said machine, making it probably the first steam-powered telegraph connected to the new-fangled invention for modern telegraphy known as "the Internet". Our technical spectacluar will include all our learnings about the basics of our apparatus: * steam engineering * the history of telegraphy and Telex * the Telex standard and its 5-bit Baudot encoding * the embedded list of calculation for machines or "software" we used for making the Telex machine an RSS reader and a Jabber client While we plan to present this lecture in appropriate dressing (frock coats etc.), we do not plan to give the audience a special dress-code. Jens Ohlig Ingo Schwitters Sebastian Velke SkyTee Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 12:45 01:00 Saal 1 der_bundestrojaner Die Wahrheit haben wir auch nicht, aber gute Mythen Society lecture de Der Bundestrojaner wird von politischer, juristischer und technischer Seite beleuchtet. Die sich nun Monate hinziehende Debatte um die heimliche Ausspionierung von Festplatten ist gekennzeichnet von technischen Fehlinterpretationen und politischen Forderungen, die wenig mit der tatsächlichen Leistungsfähigkeit von Spionageprogrammen zu tun haben und zudem grundgesetzliche Anforderungen ignorieren. Der CCC hat vor dem Bundesverfassungsgericht Stellung genommen zu den technischen Fragestellungen hinsichtlich des Schutzes des Kernbereichs privater Lebensgestaltung und trägt die Kernpunkte des Gutachtens als Diskussionsgrundlage vor. Andreas Bogk Constanze Kurz Felix von Leitner Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 14:00 01:00 Saal 1 tor Society lecture de Die Vortragenden berichten über den Betrieb und das Abuse-Handling des Anonymisierers. Weitere Aspekte werden erörtert: Was plant der CCC hinsichtlich Anonymisierungstechniken? Welche Angebote kann der Club Exit-Node-Betreibern machen, wenn sie das Risiko einer Hausdurchsuchung nicht eingehen können? Julius Mittenzwei Erdgeist Andreas Lehner Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 16:00 01:00 Saal 1 it_was_a_bad_idea_anyway The demise of electronic voting in The Netherlands Society lecture en 2007 has been yet another a turbulent year in The Netherlands with regard to electronic voting. If you remember the presentation at 23c3, 2006 saw the emergence of a campaign against the use of non-auditable voting systems. As a result, two government commissions were appointed, the OSCE monitored a national election and one Windows-based touch screen system with a GPRS-wireless card lost its approval. 2007 saw the re-approval and de-approval of this same system, on grounds that have little to do with the main problems of non-auditability and presumed insecurity. We also got the reports from the OSCE as well as from the two government commissions. For a long time, the dutch government tried desperately to keep the Nedap systems around until something new could be built. We fought back, both in the political arena and in court. This past september, government gave up, and announced decertification of the last remaining electonic voting systems made by Nedap. This is true victory worth celebrating. But dutch people abroad can still vote over the Internet and we need to watch the new electronic voting system the dutch government seems to want to develop. And we need to make sure e-voting doesn't return as a pan-European project. Rop Gonggrijp Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 17:15 01:00 Saal 1 nedap_wahlcomputer_in_deutschland Society lecture de Wir bringen Euch auf den neuesten Stand, was den Einsatz der NEDAP-Wahlcomputer in Deutschland betrifft. Frank Rieger Constanze Kurz Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 18:30 01:00 Saal 1 what_is_terrorism And who is terrorising whom? Society lecture en Life as the partner of a terrorism suspect means living with police and secret service surveillance: phone tapping, video cameras pointing at your doors, plain-clothed police following your every step, e-mail and internet access being monitored etc etc. My partner Andrej Holm was arrested July 31 this year because roughly one year before German police found his writings on gentrification, together with him being a political activist and not always taking his mobile phone along, suspicious enough to start a terrorism investigation. It's a bit more complicated than that, but that's basically it. After he was arrested at gunpoint in our apartment at 7 am in the morning I realised that I, too, was the focus of surveillance. As were colleagues, friends and family. It was made quite clear that we were meant to notice. My partner was released from prison after three weeks and by now the terrorism charges were taken back and turned into accusations of having formed a 'criminal organisation'. After the initial shock I started blogging about everyday life with surveillance. Anne Roth Blog: annalist End to the §129a proceedings Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 20:30 01:00 Saal 1 design_noir The seedy underbelly of electronic engineering Culture en Design noir is what happens when engineers, artists and hackers get together to design consumer electronics. I'll present some examples, including my own projects and collaborations Cell phone jammers, TV-B-Gone devices, high-voltage jackets...lots of fun! "In contemporary Western society, electronic devices are becoming so prevalent that many people find themselves surrounded by technologies they find frustrating or annoying. The electronics industry has little incentive to address this complaint; I designed two counter-technologies to help people defend their personal space from unwanted electronic intrusion. Both devices were designed and prototyped with reference to the culture-jamming “Design Noir” philosophy. The first is a pair of glasses that darken whenever a television is in view. The second is low-power RF jammer capable of preventing cell phones or similarly intrusive wireless devices from operating within a user’s personal space. By building functional prototypes that reflect equal consideration of technical and social issues, I identify three attributes of Noir products: Personal empowerment, participation in a critical discourse, and subversion." ladyada http://www.ladyada.net/make/wavebubble/ http://www.ladyada.net/make/tvbgone/ http://www.ladyada.net/pub/research.html Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 21:45 01:00 Saal 1 change_me A 2-bit language for engineering biology Science lecture en Biological engineering does not have to be confined to the laboratories of high-end industry laboratories. Rather, it is desirable to foster a more open culture of biological technology. This talk is an effort to do so; it aims to equip you with basic practical knowledge of biological engineering. Genetic engineering is now a thirty year old technology. For reference, over a similar period of time, modern computing machines went from exclusive objects used to design weapons of mass destruction, to the now ubiquitous panoply of personal computing devices that support mass communication and construction. Inspired by this and many other past examples of the overwhelmingly constructive uses of technology by individuals, we have been working over the past five years to develop new tools that will help to make biology easy to engineer. We have also been working to foster a constructive culture of future biological technologists, who can reliably and responsibly conceive, develop, and deliver biological technologies that solve local problems. This talk will introduce current best practice in biological engineering, including an overview of how to order synthetic DNA and how to use and contribute standard biological parts to an open source collection of genetic functions. The talk will also discuss issues of human practice, including biological safety, biological security, ownership, sharing, and innovation in biotechnology, community organization, and perception across many different publics. My hope is that the conferees of 24C3 will help me to understand how to best enable an overwhelmingly constructive hacker culture for programming DNA. Drew Endy Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 23:00 01:00 Saal 1 dns_rebinding_packet_tricks Hacking lecture en DNS Rebinding has proved itself to be an effective mechanism for turning standard web browsers into proxy servers. This talk will go into further depth regarding mechanisms for hijacking browser connectivity, and will illustrate some new tricks for measuring network neutrality. Having already shown some basic aspects of this attack at previous conferences, we'll be expanding DNS rebinding to show demos not dependent on Flash - specifically, we'll be going after home routers that really, really need to stop having default passwords. Dan Kaminsky Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 00:30 01:00 Saal 1 computer_popsongs The image of computers in popular music Culture lecture en A talk (with examples) by monochrom, presented by Johannes Grenzfurthner Bourgeois culture was paralyzed and finally overrun by modern technologies which broke through the traditional class barriers. It went into a panic and produced these very stupid technophobic manifestos and images e.g. of “the computer”. Pop music discovered and explored the computer not only as a musical instrument but also as something to sing and reflect about in a less aversive way. In doing so it influenced the conception people had of computers. The public image of computers was shaped by groups such as Kraftwerk as well as through obscure Schlager songs such as France Gall's “Computer No. 3”. Not only was that image influenced by high culture computer panic but also by naïve technomania, and so it delivered the very dialectics of the computer as a means of cultural technology in capitalist society. ------------ Speaker: Johannes Grenzfurthner (monochrom) Various music examples. Johannes Grenzfurthner monochrom Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 11:30 01:00 Saal 2 brilliant_deviants How People Like Us Make People Like Them Accept Us Community lecture en I'm planning to look at how hackers and other "folks like us" get the "real world" to let us be crazy deviants, and continue to pay us anyway. Clearly not everyone is able to do this - hence the sort of person who says, "I'd love to [go to Burning Man] [blow things up] [dress eccentrically]" but never does any of it. But some of us *are* able to get the world to play along, and I am looking at that from a sociological point of view. Rose White 12:45 01:00 Saal 2 paparazzi Build your own UAV Making lecture en Autonomous unmanned aerial vehicles are becoming more and more popular as suitable electronics and sensors are available and affordable. This talk will describe Paparazzi, a complete system enabling you to build and control your own UAV. Paparazzi is a free and open-source hardware and software project intended to create an exceptionally powerful and versatile autopilot system by allowing and encouraging input from the community. The project includes not only the airborne hardware and software, from voltage regulators and GPS receivers to Kalman filtering code, but also a powerful and ever-expanding array of ground hardware and software including modems, antennas, and a highly evolved user-friendly ground control software interface. All hardware and software is open-source and freely available to anyone under the GPL. The key feature of the Paparazzi autopilot is its unique combination of infrared thermopiles and inertial measurement for attitude sensing, providing a robust and accurate attitude estimate that requires no ground calibration and can recover from any launch attitude. Martin Müller Antoine Drouin Paparazzi Project Page Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 16:00 01:00 Saal 2 anonymity_for_2015 Why not just use Tor? Hacking lecture en In recent years, an increasing amount of academic research has been focused on secure anonymous communication systems. In this talk, we briefly review the state of the art in theoretical anonymity systems as well as the several deployed and actively used systems such as Tor and Mixmaster, and explain their advantages and limitations. We will then describe the pseudonym system we are developing as an example for a new paradigm for low-latency anonymous communications, based on an information-theoretic secure private information retrieval protocol. This protocol is designed to be secure against an adversary with unbounded computing power as long as (as little as) a single honest server exists in the network of servers operating this system. We will explain the design decisions behind the architecture of the system, intended to be operated by volunteers with a limited resource pool. We will discuss the usability considerations in designing a system intended to be accessible to a more naive user-base than simply "hackers and cypherpunks", and explain why user accessibility is critical to the security of anonymity systems in general. Finally, we will speculate on the potential to utilize these anonymity primitives for low-latency systems, which, if possible, could provide a more reliable and secure alternative to circuit-based or mix-based anonymity network systems. Len Sassaman 17:15 01:00 Saal 2 aes_side_channel_attacks Hacking lecture en AES (Rijndael) has been proven very secure and resistant to cryptanalysis, there are not known weakness on AES yet. But there are practical ways to break weak security systems that rely on AES. In this lecture we will see how easy it could be to retrieve AES keys attacking the implementations. When you have physical access to the box that tries to hide a key you can easily spot it, such kind of security could be just named obfuscation but is widely used in DRM technologies like AACS. This is just a demonstration that using a strong security algorithm like AES is not of much sense when give the key somehow obfuscate to the attacker. Remember that the security chain is as strong as the weakest of their components. Victor Muñoz 18:30 01:00 Saal 2 tracker_fahrn We Track Harder - We Track More! Take the pain out of running a Bittorrent-Tracker! Hacking lecture de Bittorrent aus der Sicht von Bittorrent-Tracker Betreibern. Eine Einführung in die Protokolle und eine lustige Reise durch die Unwägbarkeiten, die sich einem freien und offenen Projekt für die Community so in den Weg stellen. Denis Erdgeist Cristian Yxen Opentracker Projektseite Opentracker Blog Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 20:30 01:00 Saal 2 hidden_trojan An analysis of targeted attacks from 2005 to 2007 Hacking lecture en Targeted trojan attacks first attracted attention in early 2005, when the UK NISCC warned of their wide spread use in attacks on UK national infrastructure. Incidents such as "Titan Rain" and the compromise of US Department of State computer systems have increased their profile in the last two years. This presentation will consist of hard, technical information on attacks in the form of a case study of an actual attack ongoing since 2005. It covers exploitation techniques, draws general conclusions on attack methodologies and focuses on how to defend against the dark arts. June 16th, 2005. The NISCC or National Infrastructure Security Co-ordination Centre in the United Kingdom issued a briefing stating that parts of the UK Critical National Infrastructure were under attack by ongoing email-borne electronic attacks. This warning was echoed shortly after by the Australian Defence Signals Directorate and Canada’s CCIRC. A second warning was released by the US Computer Emergency Readiness Team in July, 2005. They reported ongoing attacks dating back to January 2005. April 2007. E-mail security firm Messagelabs releases a public report on the amount of targeted attacks they had uncovered during the month of March. The report coincides with a US House Committee hearing on a major 2006 e-mail borne information security compromise at the Department of State. September 2007. Chancellor Merkel's visit to China prompts several German news outlets to report on attacks against government information systems originating from China. Simultaneously, reports appear on similar attacks originating from Iran. This presentation does not deal with 98% of keyloggers and trojans out on the internet. To the contrary, it deals with the small percentage of attacks that currently uses advanced techniques to compromise industrial networks with as goal to gather intelligence - information that helps gain competitive advantage. This presentation presents a gradual increase in the complexity of targeted attacks, and includes detail both on the exploitation techniques used as well as the overall attack methodology. Using a real-life case study with samples, it covers the move from relatively simple, screen-saver mimicking executables in 2005 to the use of advanced, sometimes 0-day, file format exploits in 2007, and investigates how an organization can protect itself against the zero day threat. Maarten Van Horenbeeck A brief introduction to targeted attacks Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 21:45 01:00 Saal 2 anonaccess Ein anonymes Zugangskontrollsystem Hacking lecture de AnonAccess ist ein elektronisches System, welches anonymen Zugang nicht nur zu Hackerspaces ermöglicht. Mit Hilfe kryptographischer Verfahren kann das Mikrocontroller-basierende System verblüffend einfach sicheren und anonymen Zugang kontrollieren. Es wird das Zusammenspiel verschiedener Primitiven unter Berücksichtigung der Limitierungen eingebetteter Systeme gezeigt. Angriffsszenarien und Anforderungen an derartige Systeme stellen einen weiteren Beobachtungsgegenstand da. Gezeigt wird das komplette System von der ICC-Speicherkarte über die gesicherte Kommunikation bis zur verschlüsselten Datenbank. Daniel Otte Sören Heisrath AnonAccess im Labor wiki 23:00 01:00 Saal 2 ipv6 Global connectivity even in the places that you are not supposed to have it Hacking lecture en This talk will discuss a new feature in AICCU which allows one to have IPv6 virtually everywhere, including most places where a lot of network operators will not want to have it. AICCU (Automatic IPv6 Connectivity Client Utility) is an award winning tool for setting up IPv6 connectivity on hosts that don't receive IPv6 connectivity from their local network. The connectivity provided by AICCU, using the AYIYA protocol, works in most cases where UDP is not being firewalled. In some cases though, like at airports or other closed networks, UDP is also firewalled and one might want to be able to fully communicate with hosts on the Internet without much ado of how it happens. This new version of AICCU allows this: it gracefully downgrades from a so called proto-41 (IPv6 over IPv4) to AYIYA/UDP, AYIYA/TCP, AYIYA/HTTPS, AYIYA/HTTP and finally AYIYA/DNS, thus picking the fastest possible connectivity option that works and downgrading till it actually gets connectivity, and never really giving up. This feature will be available to all users, thus allowing them to use IPv6 anywhere they want. As one gets a fully working and unfiltered IPv6 address and optionally a /48 routed towards it, this allows one to run a webserver or do VoIP chats while sitting at an airport behind closed infrastructure where one normally would have to pay. Of course one should not use it to bypass local security policies. As such the talk will cover amongst others: - Briefly: SixXS 5th anniversary: little bit of history, what is now, what is coming and a short moment for audience constructive feedback, Q&A etc. - Problems while trying to get IPv6 connectivity and how to get it anywhere. - The new AICCU edition, protocol overview and how it works. Jeroen Massar AICCU - Automatic IPv6 Connectivity Client Utility AYIYA - Anything In Anything SixXS - IPv6 Tunnel Broker and IPv6 Deployment Jeroen Massar's homepage 11:30 01:00 Saal 3 freifunkerei And a Do-It-Yourself society against the state Society lecture en The term Freifunk Firmware has found a place on the shelfs in the life of numerous people. It has become an immense knot of activities, not just sitting silently like a dusty heirloom. “Freifunkerei” has become an example of how DIY-cultures can act and re-create alternatives in a world which seems both confronted and abandoned by the state. This talk/discussion will be about how the Freifunk movement can be an example of a Do-It-Yourself society against the state. The background of Freifunk is Berlin in the 90's, the years after the fall of the wall and unification. Suddenly the city was turned into a vast borderland between what had been and what was to become. People began with a hectic process of exploring this new space, squatting buildings and creating experimenting initiatives. Also commercial and state interests threw themselves at this new frontier. One focal area was the building of a completely new information infrastructure, based on optical fibre. Then the big bubble blew, and a new term was instated: Opal areas. Large parts of Berlin was abandoned by both state and commercial interests without functional broadband infrastructure. The response came as a horizontal movement, influenced by Consume in London, a burst in wireless technology and the day-to-day activities of people meeting and helping each other. The state was passive and people had to do-it-themselves, and the result was a new way of “growing” infrastructure. The manifestation of a mesh without a central-node, and doing away with the normal vertical management. The French anthropologist Pierre Clastres asked in the early 70's the essential question: Is it possible to imagine a society without a state? His answer was based on extensive ethnographic work and stated: It is a reality that other and different regimes have existed. Large scale societies who are not submissive to the state model, but actively avert it and render its conditions impossible, have been there long before the rise of the Western world. This opposes the present dogma that society is un-imaginable without a central power, and a class of powerful leaders. Today Clastres analysis resonates in response to the recent, and accelerating, verticalization of the state and the dominance of the market-economic model. New large scale societies are infecting both cities, landscape and the world with cultural and technological models in a horizontal mode. This presentation will weave the Freifunk reality together with the (re-)asking of Pierre Clastres seminal question and discuss the emergence of a new horizontalism taking the form of DIY societies against the state. The (re)production of “chaotic communication” plays a central role in this discussion. Access to, and free flow of, information becomes the basis of a mash-up where people, technology and ideas converge – resulting in energetic DIY solutions. Hereby solving questions which prior had no answers. Mutual aid is re-emerging as praxis, and it reaches across and beyond boundaries and borders with a tactical stand based on many small steps. The present results show that, when people are able to control major decisions and are free to make their own contribution to the design, construction and management of infrastructure then both the process and the environment produced stimulate individual and social well-being. People are building affirmative alternatives celebrating life while opposing the continuation of despotic power. The example of Freifunk will help with the painting of this new landscape. Gregers Petersen 12:45 01:00 Saal 3 universe_on_supercomputers The evolution of cosmic structure Science lecture en The evolution of structure in the Universe is one of the hottest topics in Cosmology and Astrophysics. In the last years the so-called $\Lambda$-CDM-model could be established also with great help of very large computer simulations. This model describes a Universe that consists mainly of dark components: 96% are made of dark energy and dark matter. Ordinary matter made up of baryons give only 4% to the total content of the Universe. The talk will present recent results with the main focus on computational methods and challenges in that field. A state-of-the-art computer code for running these calculations will be presented in detail. The talk will describe recent progress in the field of cosmic structure formation and will mainly focus on computational problems and methods carrying out such large simulations on the fastest Supercomputers available today. At the end of the talk I will also briefly discuss a new method we developed to access the dark matter structure in the Milky way to a scale that was just impossible some month ago with current Supercomputers. To describe the evolution of the Universe from the Big Bang to what we see today is a quite hard task. It took many years until we reached an understanding and model that fits the observations we get by telescopes and satellites. Great steps in justifying this model were possible because of computer simulations. These simulations calculate the evolution of the universe from a short time after the Big Bang to present time. Comparing the results of these simulations with observations was a major proof for the correctness of the $\Lambda$-CDM model. The simulation itself is highly complicated because the main force driving the evolution of the universe is gravitation in an expanding space. And this force acts over extremely large distances. This makes computations very expensive and large computers and efficient algorithms are needed to handle this problem. The biggest simulation ever done in that field is the Millennium Run, carried out by our institute. It took one month of computation on a 512-CPU-Cluster at the Max Planck Society Computing Center. Even with this computer power it is only possible to simulate the dark part of the universe. So the simulation only includes dark matter and dark energy. There are no galaxies, stars, planets or even smaller objects. The dynamical range that would be needed to simulate all together is just so large, that it is totally impossible to run this on any computer today or in the future. Nevertheless to get real galaxies in the Millennium simulation they are added in a post processing by so called Galaxay-Formation-Algorithms. These take the dark matter distribution given by the simulation and populate it with galaxies based on some astrophysical models. This way one can create a universe with shining galaxies a so called Mock Universe. From the dark matter distribution itself one can also learn a lot, make statistics and compare them to observational data. It is quite impressive that the structures forming in the computer simulation look exactly like the structure galaxies and clusters of galaxies in the real universe. Recently a researcher group simulated a Milky Way like dark matter structure with an extremely high resolution to get more insights into the Dark Matter around us. This so called Via Lactea Simulations used NASA's fastest project Colombia Supercomputer for about one month to finish the calculation. The talk will mainly focus on numerical techniques how to run such a simulation. As an example the state-of-the-art code Gadget (Springel, 2005) will be presented. This code was used to calculate the Millennium Simulation. It is at the moment the leading code for cosmological simulations. At the end of the talk a new method will be presented that increases the resolution of all simulations done so far by an enormous factor. Mark Vogelsberger Millennium Simulation done by the Max Planck Institute for Astrophysics A recent Simulation carried out on one of NASA's Supercomputers Wikipedia entry for the Millennium Simulation Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 14:00 01:00 Saal 3 building_a_hacker_space A Hacker Space Design Pattern Catalogue Community lecture en With the help of Design Patterns we will show you how to set up your own Hacker Space. The Design Patterns are based on more than 10 years of experience with setting up and running a Hacker Space. Before the Chaos Communication Camp 2007 the Chaos Computer Club received a question from the US-based Hacker Foundation that we should help them in setting up Hacker Spaces (or club rooms) in the USA. After the Camp they did a tour through Germany and Austria and visited a couple of Hacker Spaces. Each of them gave a presentation about their history and how they managed to set up the Hacker Space and keep it running. In Cologne we prepared a Design Pattern Catalogue with the usual problem you encounter while finding the perfect location and managing the community. This presentation received a large acknowledgment from the Hacker Foundation. Now we will present the Ultimate Hacker Space Design Pattern Catalogue including comments and enhancements from other local Chaos Computer Clubs. Attend this talk when you are about to start your local Chaos Computer Club or Hacker Space somewhere else on earth and learn from our experience! Lars Weiler Jens Ohlig 16:00 01:00 Saal 3 10ge_monitoring_live How to find that special one out of millions Hacking en There are many open source tools available to do packet capturing and analysis. Virtually all networkers use these tools. However millions of packets per seconds are just too much for general-purpose hardware. This is a problem as 10 Gigabit networks allow for millions of packets per second. The obvious solution for that issue is to lower the data rates by filtering out ’uninteresting’ data out before it gets processed by the general purpose computer hardware. This can be accomplished in a specialised Network Interface Card (NIC). The specialised NIC presented in this talk was originally developed for security purposes, but it allows for modifications since it is built around programmable logic (FPGAs). This was presented as slide-ware during last years congress as most of it was not working back then. This year it is possible to demonstrate results. This presentation will consist of three parts, namely: 1/ Introduction 10 Gigabit Ethernet frame and data rates. Problem description, with some empirical data on the performance of modern generic computer hardware. 2/ Overview of the architecture of the proposed solution, its MISD architecture and the homegrown firm and software. 3/ Technical details and demonstrations on the implemented features. Arien Vijn Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 17:15 01:00 Saal 3 desperate_house_hackers How to Hack the Pfandsystem Hacking lecture de Wie funktionieren eigentlich diese Pfandflaschenrücknahmeautomaten? Wir finden es heraus. Nils Magnus Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 18:30 01:00 Saal 3 make_cool_things_with_microcontrollers Hacking with Microcontrollers Making workshop en Learn how to make cool things with microcontrollers by actually making fun projects at the Congress -- blink lights, hack your brain, move objects, turn off TVs in public places -- microcontrollers can do it all. Ongoing workshops each day of the Congress. Learn to hack with microcontrollers! Starting with an inexpensive kit (MiniPOV, by Limor Fried, aka Ladyada), this hands-on workshop will teach you to do almost anything with microcontrollers. Throughout the days of the Congress, Mitch, the inventor of TV-B-Gone, will be giving ongoing workshops on hacking with microcontrollers. Learn to make cool devices! Projects that you can build include: * Make your own trippy colored-light-blinking thingy * Make your own device to meditate and hallucinate with brainwaves (as seen in MAKE Magazine issue #10) * Make your own simplified TV-B-Gone * Make your own bug robot that sings and dances * Light up and sequence EL-wire * Learn how to solder * Learn how to program with firmware * Learn how to use microcontroller development tools on your laptop * Tips, tricks, and more... All the parts you need, handouts, plus all tools will be available at the workbench at the Congress. Mitch Documentation for Projects Brainwave Machine in MAKE Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 20:30 01:00 Saal 3 cybercrime20 Storm Worm Hacking lecture en Not only the Web has reached level 2.0, also attacks against computer systems have advanced in the last few months: Storm Worm, a peer-to-peer based botnet, is presumably one of the best examples of this development. Instead of a central command & control infrastructure, Storm uses a distributed, peer-to-peer based communication channel on top of Kademlia / Overnet. Furthermore, the botherders use fast-flux service networks (FFSNs) to host some of the content. FFSNs use fast-changing DNS entries to build a reliable hosting infrastructure on top of compromised machines. Besides using the botnet for DDoS attacks, the attackers also send lots of spam - most often stock spam, i.e., spam messages that advertise stocks. This talk presents more information about Storm Worm and other aspects of modern cybercrime. The first part of the talk provides a brief history of Storm Worm (Peacomm, Nuwar, Zhelatin, ...), focusing on the actual propagation phase. Afterwards, we describe the network communication of the bot in detail and show how we can learn more about the botnet. We were able to infiltrate and analyze in-depth the peer-to-peer network used by Storm Worm and present some measurement results. Thorsten Holz Fast-Flux Service Networks My blog Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 21:45 01:00 Saal 3 how_to_reach_digital_sustainability Scarcity is Entering the Net Society lecture en Happy digital world: Everything is information, and it grows by sharing. Scarcity seems to be a problem of the "meatspace". On the internet, there is space for everybody, for every activity and for every opinion. Really? This lectures explores the power of intellectual property rights, the principle of net neutrality and surveillance issues and explains their impact on everyday (digital) life. The net as we know it is in danger. What is needed to make it stay a resource which is valuable, open and free for everybody? How could a concept of digital sustainability look like? What makes life worth living happens more and more online: We communicate with friends, look for entertainment, find information. The net functions as our outsourced brain – everything we need to know we can google. The digital data space is our inexhaustible resource. This is about to change. Politics and entertainment industry do not accept free copying as a main characteristic of the net, but as a threat, because the net destroys business models which are designed for the analogue world. But instead of developing new models, these forces try to control and reshape the net after their private interests – e.g. with the help of intellectual property rights (IPR) like copyright. These laws form the frame of what people are allowed to do on the net: distribute music, give access to teaching materials, express opinions, play around with digital technologies and software. "The intellectual property regime could make - or break - the educational, political, scientific and cultural promise of the net", wrote law-professor James Boyle 10 years ago. He asked for a broad political movement in order to keep the web as we love it. But today still, only a small circle of people discusses these issues. IPR are not the only threat: As the principle of net neutrality is eroding, certain content and applications are discriminated, the flow of information slows down. Excessive surveillance of digital data spaces is responsible for the fact that political engagement freezes. This lectures outlines what's at stake and explores how a concept of digital sustainability could look like. Meike Richter Blog of Meike Richter Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 23:00 01:00 Saal 3 vx The Virus Underground Culture lecture en The listeners will be introduced in the world of virus coding. They will understand how this can be seen as a way of expressing yourself and why it is a way of hacking. Furthermore they will get to know, which important groups, authors and viruses have been there in the last years and which are still active nowadays. Important technical terms will be explained as well as trends of the last years and the future. And more. The aim of the lecture shall be to introduce the listeners to the world of the virus underground. They shall understand how this little community of about fifty people think and act and why they code viruses. The audience may understand coding of viruses as a type of hacking and a way of expressing it as art. Furthermore it is the aim to make them familiar with different words, that are typically used by VXers (Virus Coders), for example Appender, Prepender and Overwriter Virus. Even more different aspects of multiplatform malware and payloads shall be explained. Then the audience shall be introduced to different authors and groups of the scene, that are somehow the idols of many VXers, groups like EOF, DoomRiderz and more. People like Roy G Biv, Virusbuster and Benny and more. Going on, the lecture will describe the relationship between VXers and the AntiVirus companies, even it does not seem so, there is something like a connection between both groups. Then it is planned to show how VXers communicate with each other, typical IRC channels and the so called electronic magazines or short E-Zines. Not to be forgotten also the programming languages of the scene will be described and trends, that can be seen over the last years. In the way, which programming languages are used and in general. Last but not least the problems of the VX Underground will be described. SkyOut Virus database VX File Server Smash-The-Stack Purgatory Virus Team EOF-Project Δ VX Heavens 29A Labs Ready Rangers Liberation Front VX CHAOS File Server Doomriderz VX Team Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 11:30 01:00 Saal 1 elektronische_dokumente Warum es so ewig gedauert hat, bis Bücher auf geeigneten Geräten lesbar wurden, und was uns noch erwartet Making lecture de E-book devices versuchen seit Ewigkeiten, aus dem Sumpf der Bedeutungslosigkeit den Weg in den Massenmarkt zu finden. Bisher ohne Erfolg. Warum das so lange ein so großes Problem war und warum das jetzt anders werden wird, behandelt dieser Vortrag Nachdem schon vor ewigen Zeiten die ersten e-book devices auf den Markt kamen und immer wieder neue Versuche gestartet wurden, digitale Bücher zu etablieren, dies aber immer und immer wieder scheiterte, wollen wir nun analysieren, warum das so grandios schiefgegangen ist (obwohl es ja für Text viel leichter hätte sein müssen als für Filme oder Musik). Es wird außerdem darum gehen, warum und was jetzt anders ist und welche Revolution uns da erwartet, die vermutlich noch umfassender und nachhaltiger sein wird, als die Digitalisierung von Musik und Film. Steini Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 12:45 01:00 Saal 1 data_retention The Brussels Workshop Society lecture en New EU legislation emphasises and in some cases creates new crimes of consumer infringement of intellectual property laws. Consumer Warnings about consumers' requirements to respect copyright could become mandatory; worse, such infringement cases could move from civil cases to criminal ones across the EU. But nowhere is there legislation either clarifying or defending consumers' rights under IP law, in our changing digital environment. Consumer privacy suffers from the same trend. Telecommunications companies now must store private information on consumer phone calls and e-mails for the use of European law enforcement. A recent proposal would also store consumers' air travel data for 13 years, providing access to governments both here and outside the EU. But where are the laws forcing IT companies to respect our privacy? This session will have a closer look at these proposals, and what you can do about them. Ricardo Cristof Remmert-Fontes Erik Josefsson Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 14:00 01:00 Saal 1 quantum_cryptography_and_possible_attacks Science lecture en Quantum cryptography is the oldest and best developed application of the field of quantum information science. Although it is frequently perceived as an encryption method, it is really a scheme to securely distribute correlated random numbers between the communicating parties and thus better described as quantum key distribution (QKD). Any attempt at eavesdropping from a third party is guarantied to be detected by the laws of physics (quantum mechanics) and shows up as an increased error rate in the transmission (the QBER). There are two basic families of quantum cryptography schemes, the *rst is based on preparation of a quantum state by one party (Alice) and its measurement by a second (Bob). The most well known example is the Bennett and Brassard protocol (known as BB84 [1]). Another important version was introduced by Ekert (E91 [2]) and relies on quantum correlations of entangled photons to generate the random numbers and to reveal any eavesdropping attempt. In this talk we will review how a modi*ed version of this protocol works and the type of advantages that it confers over prepare and measure schemes [3]. Additionally, we will demonstrate the hardware of a full working kit [4] developed in the National University of Singapore for entanglement based QKD over a free space channel. Finally we will review some of the vulnerabilities of practical QKD systems as they currently exist. Although on paper these protocols are perfectly secure, they rely on assumptions about the hardware and the implementation. We will explicitly show how seemingly trivial modi*cation can give rise to information leakage which renders the system insecure [5]. [1] C. Bennett and G. Brassard, Proceedings of IEEE International Conference on Computers Systems and Signal Processing pp. 175{179 (1984). [2] A. K. Ekert, Phys. Rev. Lett. 67, 661 (1991). [3] A. Acin, N. Brunner, N. Gisin, S. Massar, S. Pironio, and V. Scarani, Physical Review Letters 98, 230501 (2007), URL http://arXiv.org/abs/0702152. [4] I. Marcikic, A. Lamas-Linares, and C. Kurtsiefer, Applied Physics Letters 89, 101122 (pages 3) (2006), URL http://arxiv.org/abs/quant-ph/0606072. [5] A. Lamas-Linares and C. Kurtsiefer, Optics Express 15, 9388 (2007), URL http://arxiv.org/abs/0704.3297. Alexander Ling Antia Lamas Ilja Gerhardt Christian Kurtsiefer A. Acin, N. Brunner, N. Gisin, S. Massar, S. Pironio, and V. Scarani, Physical Review Letters 98, 230501 (2007) I. Marcikic, A. Lamas-Linares, and C. Kurtsiefer, Applied Physics Letters 89, 101122 (pages 3) (2006) A. Lamas-Linares and C. Kurtsiefer, Optics Express 15, 9388 (2007) Center for Quantum Technologies, National University of Singapore Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 16:00 01:00 Saal 1 deconstructing_xbox_360_security Console Hacking 2007 Hacking lecture en The Xbox 360 probably is the video game console with the most sophisticated security system to date. Nevertheless, is has been hacked, and now Linux can be run on it. This presentation consists of two parts. In the first part, we describe the motivation and the design of the Xbox 360 security system from a very high-legel point of view, present the hack and what is possible with Linux, and discuss how the situation can be improved both for the manufacturer and for hobbyists with future devices. In the second, very technical part, we will discuss the design and implementation details of the Xbox 360 system and security architecture and describe in detail how and why it was hacked, as well as how Linux was ported to this new platform. Michael Steil Felix Domke Free60 Project Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 17:15 02:15 Saal 1 chaos_jahresrueckblick Ein Überblick über die Aktivitäten des Clubs 2007 Community lecture de Wir stellen die Aktivitäten des und Geschehnisse im Chaos Computer Club im abgelaufenen Jahr vor. Hierunter fallen sowohl die Kampagnen des CCC, die Lobbyarbeit sowie Berichte und Anekdoten von Veranstaltungen innerhalb des CCC als auch Vorträge und Konferenzen, an denen CCC-Vertreter teilgenommen haben. Ein zweistündiger Überblick, was den Club bewegt hat. Constanze Kurz Frank Rieger Andy Müller-Maguhn Frank Rosengart Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 20:30 01:00 Saal 1 toying_with_barcodes Jemandem einen Strich auf die Rechnung machen Community lecture en The talk focuses on 1D and 2D barcode applications with interference possibilities for the ordinary citizen. Ever wondered what is in these blocks of squares on postal packages, letters and tickets? Playing with them might have interesting effects, reaching from good old fun to theft and severe impact. Barcodes have been around for ages, but most of the time were used as simple tags with a number. The rise of 2D barcodes started to put them into customer hands as authentication, authorization, payment method and other arbitrary data transport. The implicit trust in them is enormous. The talk gives a very quick intro into barcodes and then proceeds to review the contents of selected samples, including their usage in the real world. This is going to be fun, tool release included. FX of Phenoelit Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 21:45 01:00 Saal 1 port_scanning_improved New ideas for old practices Hacking lecture en Port-Scanning large networks can take ages. Asking yourself how much of this time is really necessary and how much you can blame on the port-scanner, you may find yourself integrating your own scanner into the linux-kernel. Or at least we did. How fast a port-scan can be is largely dependent on the performance of the network in question. Nonetheless, it is clear that choosing the most efficient scanning-speed is only possible based on sufficient information on the network's performance. We have thus designed and implemented a port-scanning method which provokes extra network-activity to increase the amount of information at our disposal in an attempt to gain speed on the long run. Further tweaking the actual implementation by integrating it into the linux-kernel left us with a port-scanner ready to tackle big networks at an impressive speed. The presentation will also include thoughts and motivations why we decided to work on topics that are largely considered "done" by the community and why such considerations may be interesting to other researchers. Fabian Yamaguchi FX of Phenoelit Who we are Recurity Labs PortBunny Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 23:00 01:00 Saal 1 diy_survival How to survive the apocalypse or a robot uprising Making lecture en The apocalypse could happen any day. You're going to need things to survive and your going have to make them yourself. Whether it's a red button, volcano, avian bird flu, meteor, cosmic superhighway or economic collapse, this lecture will give you the information you need to make things that will increase your chances of survival. This lecture will present a broad array of projects that will be both practical and humorous. Some projects are projects that I have made and will have on hand to demonstrate including a diy water purifier and steam-engine powered battery charger. I'll also point the way to over the top projects like making an EMP Generator to deal with the robot uprising. Bre Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 00:00 01:00 Saal 1 rule_34_contest There is porn of it. Culture contest en Rule 34 says: There is porn of it. This contest will challenge the best and brightest to prove the rule under adverse circumstances in a race against the clock. Andreas Bogk nibbler Erdgeist tina 11:30 01:00 Saal 2 lightning_talks_2007_day_2 lightning en Hannes 12:45 01:00 Saal 2 absurde_mathematik Paradoxa wider die mathematische Intuition Science lecture de Ein kleiner Streifzug durch die Abgründe der Mathematik. Eigentlich ist der Mensch mit einer recht gut funktionierenden Intuition ausgerüstet. Dennoch gibt es Paradoxa, welche mathematisch vollkommen korrekt und beweisbar sind, jedoch unserer Intuition widersprechen. Der Vortrag bietet einen Streifzug durch einige dieser Paradoxa, die kurz und anschaulich erklärt werden. Nicht alles, was mathematisch beweisbar ist, ist auch intuitiv und verständlich zu erfassen. Wie kann beispielsweise ein einfacher Körper wie Gabriels Horn ein begrenztes Volumen, aber eine unendlich große Oberfläche haben? Oder warum ist es bei einem Triell, einem Duell mit drei Schützen, als schlechter Schütze für das eigene Überleben von Vorteil, wenn man als letztes schießen darf? Woher kommt das Braess'sche Paradoxon, bei dem die Verbesserung eines Verkehrsstreckenabschnittes zum Zusammenbruch des gesamten Verkehrsflusses führen kann? Wie kann bei Penney-Ante ein unfaires Spiel entstehen, wo doch eine absolut faire Münze geworfen wird? Und wie lief das genau mit dem bekannten Ziegenproblem, soll man sich nach Öffnen der ersten Tür mit der Niete zwischen den anderen beiden Türen umentscheiden? Anoushirvan Dehghani Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 14:00 01:00 Saal 2 d_libd_and_the_slate_project A clean slate for operating systems Community lecture en We present libd, a high-level runtime for the D programming language and the Slate project, an attempt at a high-level OS and environment built upon libd, as the next major step in improving the state of programming environments and operating systems. With high-level abstractions, and sensible design, the state of implementation of open-source OSes can improve. We leverage existing kernels when implementing Slate, and put an extensive (abstraction-oriented) architecture above the kernel to present the user (or programmer) with a system they can use by having to do less to perform a specific function. Our virtual machine approach also allows for security verification on a level not seen in *nix OSes before. libd is a high-level runtime library for the D programming language. It is completely independent from existing C code except the *nix kernels it runs on, and of any compatibility issues with legacy code. This enables libd to establish support for various programming models (such as event-driven programming, traditional semi-OO procedural programming), message-passing, object persistence, task load balancing etc. The library has a very pluggable interface, and is therefore customizable. On the basis of libd, we present the design of the Slate project, an advanced OS and environment. On the most basic level, we have a virtual machine, a vpn and a relational database store (with a unique twist) to enable further system services to build on top... Vladsharp Slides Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 16:00 01:00 Saal 2 linguistic_hacking How to know what a text in an unknown language is about? Science lecture en It is sometimes necessary to know what a text is about, even if it is written in a language you don't know. This can be quite problematic, if you do not even know in what language it is written. This talk will show how it is possible to identify the language of a written text and get at least some information about the contents, in order to decide whether a specialist and which specialist is needed to know more. The talk deals with the following issues: 1 How to identify a language * texts in non-Roman writing systems and how the writing system can show what language we deal with, * how to identify languages with the help of sample texts, * tricks that help to make at least an intelligent guess. 2 How to get an idea about the contents of a text * identifying (important) content words and grammar, * quick and dirty translations, * how to translate a text from a language you hardly know. The talk will introduce a variety of means, ranging from pre-internet (and pre-computational) approaches to contemporary web resources. Martin Haase/maha Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 17:15 01:00 Saal 2 to_be_or_i2p An introduction into anonymous communication with I2P Hacking lecture en I2P is a message-based anonymizing network. It builds a virtual network between the communication endpoints. This talk will introduce the technical details of I2P and show some exemplary applications. I2P has a different approach than most other known anonymous applications. Maybe you know about the anonymisation network Tor. Here you have central directory servers, onion routers (relaying traffic), onion proxies (send and receive data from the user) and other software roles within the network. I2P calls every software a router and it can send and receive data for the user as well as relay traffic for other users. Furthermore I2P uses no central server for distributing information about routers. You'll get the information from I2P's network database. This is a pair of algorithms which share the network metadata. The routers participate in the Kademlia algorithm. It is derived from distributed hash table. My talk will tell you in detail how I2P work, what roles routers, gateways, netDb etc. plays. Furthermore I'll show differences and similarities to other anonymizing networks e. g. Tor and introduce some exemplary applications. Jens Kubieziel I2P website eepsite with informations about I2P and notes for my talk My book: "Anonym im Netz" Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 18:30 01:00 Saal 2 automatic_memory_management Why should I care about something that a computer could handle better, anyway? Science lecture en Since Java is widespread, automatic memory management is a commonly used technology. There are several approaches to memory management, realtime, parallel, probabilistic algorithms. The lecture will give an overview of different algorithms and current research topics. Doing memory management by hand is a hard task, most programmers fail to do it correctly, which leads to memory leaks. There are automated algorithms which collect no longer needed memory. This lecture will give a brief overview of used algorithms in different programming language implementations/virtual machines, their deficiencies as well as current research topics in this field. The history of garbage collection starts in 1960, where McCarthy used mark and sweep garbage collector for Lisp at MIT. Reference counting (Collins, 1960, IBM) has been seen as an alternative to garbage collection. Nowadays, everything which reclaims memory automatically is considered garbage collection. A real-time garbage collector was developed by Baker in 1978 ("List Processing in Real Time on a Serial Computer"). It was a copying collector, doing incremental, but not concurrent collection. It had several deficiencies, required special hardware, didn't consider variable-sized requests for memory... but was extended by several researchers during the years. The Boehm GC is a conservative garbage collector for C and C++. It uses a mark and sweep algorithm. The memory pool system is a garbage collection framework, which integrates different algorithms for different purposes. There is no need to sweep through strings in the hope of finding pointers to somewhere else. This garbage collector is highly optimized and well designed and tested (implemented with Capability Maturity Model level 3), really few defects. Different programming language implementations use a custom garbage collector, an overview of selected language implementations and their garbage collector will be given. Hannes Richard jones GC page Memory Pool System Boehm GC Derivation and Evaluation of Concurrent Collectors Realtime Garbage Collection The Memory Management Reference 20:30 01:00 Saal 2 spiel_freude_eierkuchen Die Gamerszene und ihre Reaktion auf kritische Berichterstattung Society podium de Der Journalist Rainer Fromm berichtet über seine Erfahrungen mit der Gamerszene, mit Filmbeispielen und anschließender Diskussion. Nachdem das ZDF einen Magazinbeitrag über die Auswirkungen von Computerspielen mit überwiegend gewalttätigen Handlungen ausgestrahlt hatte, ging eine Welle der Empörung durch die Gamerszene. Man fühlte sich falsch dargestellt, und die herangezogenen Studien seien einseitig ausgewählt. Wütende Beiträge in den einschlägigen Foren waren die Folge, es gab jedoch auch konkrete Gewaltdrohungen gegen den Autor des Beitrages und seine Familie. Wie friedlich ist der Gamerszene wirklich und gibt es Grenzen bei Spielen, die vielleicht besser nicht überschritten werden sollten - eine kontroverse Diskussion jenseits der üblichen Verbotsdiskussion. Frank Rosengart Rainer Fromm ZDF Frontal21: Gewalt ohne Grenzen Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 21:45 01:00 Saal 2 inside_the_macosx_kernel Debunking Mac OS Myths Hacking lecture en Many buzzwords are associated with Mac OS X: Mach kernel, microkernel, FreeBSD kernel, C++, 64 bit, UNIX... and while all of these apply in some way, "XNU", the Mac OS X kernel is neither Mach, nor FreeBSD-based, it's not a microkernel, it's not written in C++ and it's not 64 bit - but it is UNIX... but just since recently. This talk intends to clear up the confusion by presenting details of the Mac OS X kernel architecture, its components Mach, BSD and I/O-Kit, what's so different and special about this design, and what the special strengths of it are. The talk first illustrates the history behind BSD and Mach, how NEXT combined these technologies in the 1980s, and how Apple extended them in the late 1990 after buying NEXT. It then goes through the parts of the kernel: Mach, which does the typical kernel work like memory management, scheduling and interprocess communication, BSD, which provides the POSIX-style syscall interface, file systems and networking to user mode, and I/O-Kit, the driver infrastructure written in C++. In the end, a short overview on how to extend the kernel with so-called KEXT will be given, as well as an introduction on how to hack the (Open Source) kernel code itself. lucy Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 23:00 02:00 Saal 2 das_panoptische_prinzip Ergebnisse des Minutenfilmwettbewerbs des C4 und des Kölner Filmhauses Society movie de In den letzten Jahren – nicht zuletzt seit dem 11. September – ist es zu einem Abbau von Bürgerrechten und einer immer umfassender werdenden Überwachung seitens des Staates, aber auch der Wirtschaft gekommen. Erkennungsdienstliche Verfahren, wie z. B. die Abnahme von Fingerabdrücken oder andere biometrische Verfahren, treffen zunehmend auch Normalbürger. Das rechtsstaatlich garantierte Paradigma der Unschuldsvermutung wird demontiert: Jeder ist potenziell verdächtig. Mitglieder des Produktionsarbeitskreises (PAK) aus dem Kölner Filmhaus e. V. (KFh) und des Chaos Computer Club Cologne e. V. haben sich im Sommer 2007 zusammengefunden, um zu einer breiteren Diskussion des Themas in der Öffentlichkeit beizutragen. Unsere Idee war es, FilmemacherInnen und AutorInnen zu ermutigen, sich mit dem Thema „Überwachung“ filmisch auseinanderzusetzen. Es sollen Kurzfilme entstehen, die wachrütteln, verstören, zur Diskussion anregen und dem derzeit vorherrschenden Diskurs (um das Begriffspaar Sicherheit – Angst) weitere Perspektiven hinzufügen. Die dabei entstandenen Filme sollen nun auf dem 24C3 in Berlin einer breiten Öffentlichkeit vorgestellt werden. Stefan Sels Ralph Kusserow Yvette Krause Christine Ketzer Das panoptische Prinzip Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 11:30 01:00 Saal 3 hacking_icann tactics to hack the individual into the ICANN system Society podium en The Internet Corporation for Assigned Names and Numbers (ICANN) needs to include users in its policy making: We propose and discuss tactics to hack the individual into the system. Finding unexplored routes to impower the individual internet user. Start setting up an internet users bill of rights: What is missing from ICANNs charta. Join the At-Large - come to Paris! ...and make the first internet user's summit happen in summer 2008. Andy Müller-Maguhn Annette Muehlberg Wendy Seltzer Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 12:45 01:00 Saal 3 erlang Hacking lecture de A jump-start into the world of concurrent programming Originally developed by Ericson, Erlang was eventually released as open source in 1998. Although Erlang has been around for almost ten years now, it became a rather popular programming environment for communication platforms only recently. The talk will equip the open-minded programmer with concepts of concurrent programming in a functional programming environment supported by real-world examples. Despite the fact that actual code fragments will be in display, there is no need for novices and non-programmers to be scared away. Stefan Strigler BeF Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 14:00 01:00 Saal 3 wireless_kernel_tweaking or how B.A.T.M.A.N. learned to fly Hacking lecture en Kernel hacking definitely is the queen of coding but in order to bring mesh routing that one vital step further we had to conquer this, for us, unchartered territory. Working in the kernel itself is a tough and difficult task to manage, but the results and effectivity to be gained justify the long and hard road to success. We took on the mission to go down that road and the result is B.A.T.M.A.N. advanced which is a kernel land implementation of the B.A.T.M.A.N. mesh routing protocol specifically designed to manage Wireless MANs. During the last years the number of deployed mesh networks has increased dramatically and their constant growth drove us around the edge of what we thought was possible. To cope with this rapid development we had to leave the slow and limited track of tweaking existing approaches and take an evolutionary step forward by porting the B.A.T.M.A.N. protocol into the kernel land and going down to layer 2. Using B.A.T.M.A.N. advanced as a showcase we will, in our lecture, deliver a detailed review on how one can go about developing linux kernel modules, give insights in what difficulties to expect and provide practical tips on how to go about this challenge without experiencing a damaging kernel freeze in due process. We will describe what problems we faced migrating down to layer 2 and how we went about solving them for example how we moved away from the kernel routing and handle the actual routing and data transport in B.A.T.M.A.N. itself. Also moving to layer 2 meant to leave IPs behind and solely rely on MAC-routing enabling features like DHCP, IPX, IPv6, etc which up to now was not possible and therefore comes as a big plus. On the other hand there were little if none diagnostic tools at all for routing on that level so we had to go back one step and develop the tools we needed ourselves. These and other things we will cover in our presentation and also give an outlook into the future of mesh-routing, which will bring it even closer to the source of wifi - the wireless stack and its drivers and thereby improving the overall performance even more. Simon Wunderlich Marek www.open-mesh.net Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 16:00 01:00 Saal 3 23_ways_to_fight_for_your_rights Wie man sich selbst mit den eigenen Stärken für unsere Bürgerrechte einsetzen kann Society lecture de Bürgerrechtsabbau steht auf der Tagesordnung. Bei der Vielzahl an Vorhaben und Gesetzesinitiativen haben viele mittlerweile das Gefühl, dass sich politisches Engagieren nicht mehr lohnt. Dabei war es eigentlich noch nie so einfach wie zuvor: wir haben das Netz und können es auch nutzen. Aber nicht alles findet im Netz statt, und nur wenige haben Lust, sich in einer Partei oder Organisation langfristig zu verpflichten. Trotzdem kann man was tun. In diesem Vortrag mit anschließender Diskussion sollen 23 Wege aufgezeigt werden, wie man sich konkret mit den eigenen Fähigkeiten engagieren kann. Nicht jeder Punkt ist was für jeden, aber jeder kann sich mit den eigenen Fähigkeiten einbringen. Markus Beckedahl netzpolitik.org Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 17:15 01:00 Saal 3 breaking_a_vm Practical VM exploiting based on CACAO Hacking lecture en We will present state of the art JIT compiler design based on CACAO, a GPL licensed multiplatform Java VM. After explaining the basics of code generation, we will focus on "problematic" instructions, and point to possible ways to exploit stuff. A short introduction into just-in-time compiler techniques is given: Why JIT, about compiler invocation, runtime code modification using signals, codegeneration. Then theoretical attack vectors are elaborated: language bugs, intermediate representation quirks and assembler instruction inadequacies. With these considerations in mind the results of a CACAO code review are presented. For each vulnerability possible exploits are discussed and two realized exploits are demonstrated. Peter Molnar Roland Lezuo http://cacaojvm.org Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 18:30 01:00 Saal 3 infectious_diseases The "corrupted blood" plague of WoW from an epidemiological perspective Science lecture en World of Warcraft is currently one of the most successful and complex virtual realities. Apart from gaming, it simulates personality types, social structures and a whole range of group dynamics. In 2005, courtesy of its creators at Blizzard Entertainment, the ancient Blood God "Hakkar the Soulflayer" unleashed a devastating plague, "corrupted blood", upon a totally unprepared population of avatars. Unintentionally, the digital "black death" spread to cities and depopulated whole areas. The epidemic could only be controlled by shutting down and restarting the game world, a measure unfortunately not available in the "real" world. However, other measures such as quarantine or improved treatment are available in the real world and can be simulated by disease modelling. Disease modelling is essentially a virtualisation of reality that tries to gain insights into hitherto unknown inderdependencies and to simulate intervention scenarios. I will give a brief overview of the use of infectious disease modelling in a population and explain the disease dynamics of the "corrupted blood" epidemic in WoW. I will focus on cross references to the "real world" and illustrate why Blizzard, in effect, had created sexually transmitted measles for online denizens. floX conference talk Disease Detectives (comic) Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 20:30 01:00 Saal 3 hacking_scada how to own critical infrastructures Hacking lecture en SCADA acronym stand for “Supervisory Control And Data Acquisition”, and it's related to industrial automation inside critical infrastructures. This talk will introduce the audience to SCADA environments and its totally different security approaches, outlining the main key differences with typical IT Security best practices. We will analyze a real world case study related to industry. We will describe the most common security mistakes and some of the direct consequences of such mistakes to a production environment. In addition, attendees will be shown a video of real SCADA machines reacting to these attacks in the most “interesting” of ways! :) mayhem Raoul "Nobody" Chiesa Our slides @hitb07 Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 21:45 01:00 Saal 3 c64_dtv_hacking Revisiting the legendary computer in a joystick Hacking lecture en The C64-DTV is a remake of the classic homecomputer sold as a joystick-contained videogame. The talk gives an overview about the structure of the DTV, and shows different hardware and software modifications that can be done. I'll give an overview of the structure of the DTV: - main structure of the system - what is copied from the C64, and which new features were added - what the memorymap looks like and how the bank-switching works - some of the added special function registers I'll show and explain some hardware-hacks: - how to attach a keyboard - IEC (floppy) interface - video mod for better picture - making the SST-Flash reflashable I'll show some software-tools to modify the flashrom, add new games, upload/download and debug stuff. Peter Fuhrmann Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 23:00 01:00 Saal 3 mifare_security Little Security, Despite Obscurity Hacking lecture en Mifare are the most widely deployed brand of secure RFID chips, but their security relies on proprietary and secret cryptographic primitives. We analyzed the hardware of the Mifare tags and found weaknesses in several parts of the cipher. Karsten Nohl Henryk Plötz Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 11:30 01:00 Saal 1 what_can_we_do_to_counter_the_spies Society lecture en A presentation about the role of intelligence agencies in the current era of the unending “war on terror”, how they monitor us, the implications for our democracies, and what we can do to fight back. In the name of protecting national security, spy agencies are being given sweeping new powers and resources. Their intelligence has been politicised to build a case for the disastrous war in Iraq, they are failing to stop terrorist attacks, and they continue to collude in illegal acts of internment and torture, euphemistically called “extraordinary rendition”. Most western democracies have already given so many new powers to the spies that we are effectively living in police states. As an informed community, what can we do about this? 1. What it was like to be recruited and work for MI5? 2. The crimes of MI5 and MI6. These include: MI5 files held on government ministers, IRA bombs that could and should have been prevented, Illegal MI5 phone taps, Lying to go government, The 1994 bombing of the Israeli embassy in London by Mossad, and the subsequent wrongful imprisonment of two innocent people, The illegal MI6 assassination attempt against Colonel Gaddafi of Libya. 3. How to go “on the run”, what it’s like to cross the secret state, and how to survive. 4. The lack of accountability and oversight. The spies literally get away with murder. 5. The current situation. Despite glaring intelligences failures, both in the run-up to the Iraq war and in a number of recent terrorist attacks on the UK, our government still continues to grant more resources and powers to the spies. Why? 6. The implications of these new laws for our democracy. 7. The interception of our communications – ECHELON and beyond. 8. On a lighter and more hopeful note – examples of the spies’ technological ineptitude. 9. The failure of the mainstream media to effectively hold the spies to account. What can we do? We have a (probably limited) window of opportunity to halt this slide towards totalitarianism. It’s time for our fight back. “All that is necessary for the triumph of evil is for good men to do nothing.” Edmund Burke, MP Annie Machon My book: Spies, Lies and Whistleblowers Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 12:45 01:00 Saal 1 hacking_ideologies_2 Free Software, Free Drugs and an ethics of death Society lecture en The Open Source initiative re-interpreted Free Software to include it into the neo-liberal ideology and the capitalist economy - whose aims are contrary to the FS starting axioms/freedoms. This platform will focus on ideological and political aspects of this. It will also suggest FS recovery strategies. --------------------------------------------------------- Believe. "The World is Yours." (Ian Brown, 2007) --------------------------------------------------------- What is Re-interpretation of FS by Open Source ? In The Revenge of the Hackers, Eric Raymond talks about Open Source goals in clear terms: "In conventional marketing terms, our job was to re-brand the product, and build its reputation into one the corporate world would hasten to buy." ==== The move of the Open Source initiative to bring Free Software closer to capitalism shows that: a) there is a gap between the Free Software movement and capitalism; b) without a significant institutional intervention and re-interpretation that gap can not be overcome; c) it is the founding documents (practice of Open Source doesn't differ), ethics that Richard Stallman stands by so fiercely, that are the bite that capitalism can not subsume, swallow in its original form. ==== Open Source is a neo-liberal, parliamentary capitalist social movement. Neo-liberalism claims they're "just doing it" for the sake of a better economy, without any ideological beliefs. As if any economy, or any act, was possible without decisions determined by a set of ideas and beliefs. This is why Nike's slogan "just do it" is the best summary of the capitalist ideology ever. And this is why "Open source is a development methodology; free software is a social movement" (Stallman), misses the crucial point. Open Source is not just a development methodology, but a social movement too, a social movement of a different kind, with different, parliamentary capitalist, goals. Another problem lies in the claims that Open Source separates ethics from the technical side of Free Software (Stallman, "Why 'Open Source' misses the point about Free Software"), thus making it acceptable to corporations. This implies two wrong statements about Open Source: a) it has no ethics of its own; b) there are purely technical solutions which can be used without any ethical, political, or ideological commitments. The result of these mistakes is widespread comparison of Free Software and Open Source on false, crucially misleading terms: - one (FS) operating under the weight and demand of its ethics; - the other (OS) getting away without being examined at all, basking in the purity of its technical attributes and various business-friendly tags This is how the ethics, the ideology and, indeed, the politics of Open Source slip through unexamined and unchallenged -- like the capitalist ideologies whose key strategy has historically been to accuse any political opponents of ethical commitments, while insisting on their own "pragmatism" and on the purely technical aspect of "just getting things done". Tomislav Medak Toni Prug Marcell Mars Dmytri Kleiner The Mirror's Gonna Steal Your Soul Free Software Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 14:00 01:00 Saal 1 guerilla_knitting Making lecture en "Guerrilla knitting" has a couple of meanings in the knitting community - to some, it merely means knitting in public, while to others, it means creating public art by knitted means. Contemporary knitters feel very clever for coming up with edgy language to describe their knitting, but the truth is that for decades there have been knitters and other textile artists who are at least as punk rock as today's needle-wielders. This talk will cover the vibrant history of contemporary knitting, with a focus on projects that will make you say, "Wow, that's knitted?" Feel free to bring knitting projects to the talk - let's get some public knitting going on at the conference! Rose White Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 16:00 01:00 Saal 1 die_wahrheit_und_was_wirklich_passierte Jede Geschichte hat vier Seiten. Society lecture de Jede Geschichte hat vier Seiten. Deine Seite, Ihre Seite, die Wahrheit und das, was wirklich passiert ist. Die Wahrheit ist am Ende das, was Bruce Sterling als "major consensus narrative" beschrieben hat, die Version, die sich im Bewußtsein der Mehrheit festfrißt. Wir werden anhand von Beispielen aus der jüngeren Vergangenheit betrachten, welche Faktoren und Ereignisse beeinflussen, wie diese Mehrheitserinnerung zustande kommt, wie sie beeinflußt werden kann und was wir daraus für unsere Arbeit lernen können. Ron Frank Rieger Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 17:15 01:00 Saal 1 verschwoerungstheorien Verschwörungstheorien Science lecture de Wolfgang Wippermann hat 2007 unter dem Titel "Agenten des Bösen" ein Buch über "Verschwörungstheorien von Luther bis heute" veröffentlicht. Darin geht es unter anderem auch um Verschwörungstheorie, die in Hackerkreisen auf Interesse stoßen (Illuminanten, 9/11...). Interessant ist seine Einordnung solcher Verschwörungstheorien in größere Zusammenhänge. Aus der Buchbesprechung des Deutschlandradios Kultur: "Wann immer Menschen sich mit außergewöhnlichen Missetaten konfrontiert sehen, mit Katastrophen, Kriegen, Attentaten, glauben sie an das geheimbündlerische Werk unbekannter Dritter, an ein Komplott finsterer Mächte. Solche Phantasien erklären komplexe Abläufe auf schlichte Weise. Der Glaube an Konspiration hebt banale Fakten obendrein in die Sphäre des Geheimnisvollen." Wolfgang Wippermann Buchkritik Agenten des Bösen (dradio) Buchkritik Agenten des Bösen Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 18:30 01:00 Saal 1 card_payment Keeping your enemies close Hacking lecture en Relay attacks allow criminals to use credit or debit cards for fraudulent transactions, completely bypassing protections in today's electronic payment systems. This talk will show how using easily available electronics, it is possible to carry out such attacks. Also, we will describe techniques for improving payment systems, developed by Saar Drimer and me, in order to close this vulnerability. The UK, like many other countries, has moved from comparatively insecure magnetic stripe cards to smartcards, for electronic payment. These smartcards, capable of sophisticated cryptography, provide a high assurance of tamper resistance and while implementation standards varies, have the potential to provide good security. Although extracting secrets out of smartcards requires resources beyond the means of many would-be thieves, the manner in which they are used can still be exploited for fraud. Cardholders authorize financial transactions by presenting the card and disclosing a PIN to a terminal without any assurance as to the amount being charged or who is to be paid, and have no means of discerning whether the terminal is authentic or not. Even the most advanced smartcards cannot protect customers from being defrauded by the simple relaying of data from one location to another. We describe the development of such an attack, and show results from live experiments on the UK's EMV implementation, Chip & PIN. We discuss previously proposed defences, and show that these cannot provide the required security assurances. A new defence based is described and implemented, which requires only modest alterations to current hardware and software. This allows payment terminals to securely establish a maximum distance bound between itself and the legitimate card. As far as we are aware, this is the first complete design and implementation of a secure distance bounding protocol. Future smartcard generations could use this design to provide cost-effective resistance to relay attacks, which are a genuine threat to deployed applications. This work was done with Saar Drimer, University of Cambridge Computer Laboratory. Steven J. Murdoch Academic paper Summary website Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 20:30 01:00 Saal 1 all_tomorrows A steampunk puppet extravaganza by monochrom and friends Culture en A steampunk theatre play extravaganza. With puppets! In 1887 the Indian Empire of the British Nation was formed. How did that happen you ask? A good question, deserving of a good answer and, although the Britons don’t like to talk about it, the incident uprooted some entrenched colonial mindsets. Indeed, Samosas proved to be more tasteful than Fish and Chips, and the importance of the nation states was in decline, anyways. The true masters of the times were the powerful steam barons, men who controlled the planet by controlling the energy. Their boots were placed firmly on the necks of the people they ruled. People who gladly payed for the privilege. Woe be to those foolish enough to tamper with their patents… the results were… well… let us just say that those foolhardy wretches would most certainly NOT be enjoying their final rest under a standard tombstone. Energy was what mankind needed, hungered for, lusted after... energy. For airboats and cellular calculation machines, for geostationary weather factories and the energy to fuel the Infodampfbahn, the transcontinental data-steam network. Societal business as usual. But can there be a better tomorrow? monochrom try to reinterpret the steampunk genre in form of a steamy puppet extravaganza. A journey into the backwaters of imagination! ------------ With Roland Gratzer, Johannes Grenzfurthner, Evelyn Fuerlinger, David Dempsey, Sean Bonner, Dan Kaminsky and Bre Pettis. Puppet and audio team: Clemens Kindermann, Franz Ablinger und Guenther Friesinger Johannes Grenzfurthner monochrom Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 21:45 01:00 Saal 1 sex20 Hacking Heteronormativity Society de Der lange Schwanz der Dating-Communities sowie die De- und Rekonstruktion von Geschlecht und sexueller Orientierung haben ungeahnte Auswirkungen auf unser Sexualleben. Ein Überblick darüber, was Sex ist, wie Dating-Communities funktionieren und wie man zu einem erfüllten Sexualleben kommen kann. * Vergleich von Dating-Communities * Live-Hack: Massive Parallel Dating mit ELIZA * Unterschiede und Gemeinsamkeiten zwischen männlicher/weiblicher Sexualität sowie Hetero- und Homosexualität * Soziale Auswirkungen des Online-Datings Florian Bischof Gender@Wiki Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 23:00 01:00 Saal 1 hacker_jeopardy Die ultimative Hacker-Quizshow Community contest de Das bekannte Quizformat - aber natürlich mit Themen, die man im Fernsehen nie zu sehen bekäme. Simultanübersetzung ins Englische / Immediate english translation available on DECT 8101 Hacker Jeopardy ist ein Quiz nach dem bekannten umgedrehten Antwort-Frage-Schema. Heise hat es mal "Zahlenraten für Geeks" genannt, was natürlich eine unfair vereinfachte Darstellung ist – es müssen auch Buchstaben und Sonderzeichen erraten werden. :) Es werden drei Auswahlrunden gespielt, deren Sieger im Finale gegen den Titelverteidiger des Vorjahres antreten müssen. Wer war das noch? Stefan 'Sec' Zehl Ray Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 11:30 01:00 Saal 2 wahlstift Hacking lecture de Am 24. Februar wollte Hamburg als Pilotprojekt mit dem Digitalen Wahlstift wählen. Wir haben das System durchleuchtet und zeigen den technischen Aufbau sowie Risiken und Nebenwirkungen. Einem Angreifer stehen verschiedene Methoden zur Manipulation offen, die erläutert und hinsichtlich ihres praktischen Wertes für Wahlmanipulierer bewertet werden. Jens Muecke Frank Rieger Sven Übelacker Werbeseite zur Wahl Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 12:45 01:00 Saal 2 distributed_campaigns Sharing experience about campaigning on the political field in France Society lecture en A presentation of a few successful campaigns in France lead by libre software activists for defending freedom in a digital world: bringing awareness of the politicians about the dangers of the EUCD transposition and DRM, and their economical, social and political impact and influencing the candidates at a presidential election to talk about Libre Software, software patents, DRM, etc. How did we do that? What have we learned? Maybe for political action _too_, sharing is a way of just doing it better. Our french libre software association, APRIL, is getting bigger. We just passed the 1700th individual member, and got over the last years corporate members such as SUN Microsystems, Thalès, Neuf/Cegetel, Wengo, Fon, Adacore, Mandriva, etc. We now have three persons working full-time. Our main objectives are to raise awareness about Libre Software and defend it whenever it's in danger. For the last few years, the menaces became more and more threatening for our freedom in the digital world. We had to build campaigns and tools to structure our efforts and cooperation between individuals and organizations. - EUCD.INFO : For 3 years, 1 to 3 persons worked full-time to build solid documentation, contact politics, write amendments, contact journalists, etc. about the French transposition of the EUCD directive (DADVSI law). Over the criminalizing of DRM circumvention, this transposition brought very specific legal weapons supposed to "fight piracy" that were among the most radical, impressive and nefarious ever seen. Some of them were pushed back thanks to our efforts, but many of them may come back again very soon : private police and filtering of the Internet, censorship of authors of software "mainly used for distributing content without their author's consent", etc. Nevertheless, around the legal text in the parliament, our efforts brought many "collateral benefits". - CANDIDATS.FR: This campaign goal was to influence the candidates at elections so they think and work and talk about libre software, interoperability, DRM, software patents, open standards, etc. (Candidats.fr). Thanks to some political acrobatics, 9 out of the 12 candidates, including the 5 first ones, replied to our very precise questionnaire. During the legislative campaign (for electing the deputies), we built a distributed web platform where volunteers took responsibility and reported about contacting their local candidates to make them sign a "Pacte du Logiciel Libre" (pact of free-as-free-speech software). This very short and precise document acknowledges the benefits of our freedom for economics, society and innovation, and their need for protection when they're endangered. Out of the 7600 candidates, more than 500 signed our pact. 66 of the 577 elected signed it, thanks to the help of 600 volunteers. - StopDRM.info is a group of activists born during the storm caused on a french part of internet during the longer-than-expected examining of the DADVSI law. Their aim is to educate regular consumers about DRM. They organised flashmobs in music/video superstores with up to 100 persons and later turned themselves to the police for having circumvented DRM under the new DADVSI law. (They are still waiting for their trial ! ;) -> How did we build these campaigns? -> What have we learned from them? -> What are the common pitfalls to avoid? -> How to reach journalists, politicians, general public? -> How to "spin" a campaign? -> How could we achieve better cooperation between individuals and non-profits to share this knowledge? j. Zimmermann APRIL, french non-profit organization for promoting and defending libre software Campaign for raising awareness about DRM, the criminalization of their circumvention, and their effects on economics, law, innovation Campaigns to make the candidates to elections work on freedom in the digital world campaigns to educate consumers about music and video locked-down with DRM Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 14:00 01:00 Saal 2 wahlchaos Paradoxien des deutschen Wahlsystems Society lecture de Wahlchaos beschäftigt sich mit Wahlverfahren aus mathematischer und politischer Sicht. So wurden die Wahlen von 1998, 2002 und 2005 betrachtet und a-postpriori manipuliert und ihre Auswirkungen diskutiert. Wir haben mit "Stimmstörungstheorie der Bundestagswahl" verschiedene Szenarien betrachtet und einige Paradoxien unter die Lupe genommen. Genauer werden Themen wie Zuteilungsverfahren, Überhangmandate, Erst- und Zweitstimmen, Wahlkreisreorganisation betrachtet. Außerdem wird die Frage analysiert, wo und wie viele Stimmen man ändern muss, um einen Patt bei der Regierungsbildung zu erreichen. Markus Schneider Seite des Seminars aus dem Universitätsinformationssystem Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 16:00 01:00 Saal 2 sputnik_data_analysis Attempts to regenerate lost sequences Science lecture en In December 2006, in BCC 1000 attendees were wearing Sputnik Tags. Data was stored, and then made available for analysis. Unfortunately, all IDs of tags were lost. This lecture presents what was stored, what happened to it, and attempts of reconstructing IDs and sequences of movements. Presentation shows simple statistics of Sputnik data. The main part is description of ways of generating sequences of packets generated by tags. Two methods, local and global are described, with few variants. Problems with using those methods are presented. Tomasz Rybak Main page of Sputnik Project My page with some analysis Page with analysis made by Peter Meerwald Open Beacon Wiki about analysing data Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 17:15 01:00 Saal 2 current_events_in_tor_development Hacking lecture en Come talk with Roger Dingledine, Tor project leader, about some of the challenges in the anonymity world. How do we get enough users? How do we get enough servers? How does public perception impact the level of anonymity a system can provide? How should we be interacting with law enforcement? How can we patch Wikipedia so it no longer needs to fear anonymous users -- or can we do it without changing Wikipedia at all? Can we protect Tor users who want to keep running their active content plugins? When are we going to see well-documented and well-analyzed LiveCD, USB, virtual machine, and wireless router images for easier and safer deployment? Should Tor switch to transporting IP packets, or should it continue to work at the TCP layer? How do we scale the directory system while handling heterogeneous and unreliable nodes, and without sacrificing security? Are three-hop paths really still better than two hops? What are the performance/legal/security tradeoffs of caching content at the exit nodes? Are padding and traffic shaping still bad ideas? Why aren't more people using hidden services and censorship-resistant publishing? Is everybody comfortable with having corporate and government users on the same network? How's it going with China and Saudi Arabia? What development projects does The Tor Project need your help with? Roger will give you his best answers for some of these topics and more, but you are encouraged to bring your own questions too. Roger Dingledine Tor Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 18:30 01:00 Saal 2 hacking_in_the_age_of_declining_everything What can we do when everything we thought turns out to be wrong Society lecture en It is thought by many that the world may be facing Peaks in fossil fuel production and catastrophic climate change. These huge problems put into question the Industrial Civilisation and call for, at the very least, massive changes to society if humanity is to survive. Do hackers have a role to play in a post transition society? What sort of things should hackers know and prepare for in such a future? 1) A Challenge to everything we know: Peak Oil/Gas and Climate Change A quick run down of some of the core ideas and concepts behind these threats to industrial society and the human species as a whole. 2) A Hacker's view of our choices and our role in the process of change If Climate change and Peaking fossil fuel production pose threats to human society, how can hackers help to make the change to a more sustainable way of being less traumatic. Does the future have a place for the technology abusers and tweakers? 3) One Hacker's personal recollection of a trip into one possible future I had the chance to go to Kenya's border with Somalia with the UN aid effort in 2006. In this place many of the catastrophes that are foretold for the rest of the world have already happened, with governmental collapse, lack of resources and war. Rather weirdly, many many people displayed all kinds of traits one would expect to find in Hackers... Emerson Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 20:30 01:00 Saal 2 meine_finger_gehoeren_mir Die nächste Stufe der biometrischen Vollerfassung Society lecture de Zum 1. November 2007 ging der biometrische Reisepass in die nächste Ausbaustufe. Seitdem müssen reisewillige Bürger neben dem frontalen Gesichtsbild auch noch ihre Fingerabdrücke abgeben. Wir wollen in dem Vortrag auf die Probleme eingehen, die es seit der Einführung des ePasses gab. Fingerabdrücke werden nun für Kinderreisepässe bereits ab dem 6. Lebensjahr aufgenommen, obwohl bekanntermaßen die biometrischen Merkmale Heranwachsender für die Erkennungssysteme ungeeignet sind. Auch die Schwierigkeiten älterer Menschen mit den Systemen haben sich im realen Einsatz als noch größer als erwartet erwiesen. Besonderes Augenmerk legen wir auf die praktische Handhabung der Abgabe der Fingerabdrücke sowie Studien und Berichte von Meldeämtern und Grenzübergängen. Constanze Kurz starbug Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 21:45 01:00 Saal 2 open_source_lobbying From one angry e-mail to writing national policy on open source Society lecture en On January 1st, 2002 I tried to use the website of the Dutch national railway (www.ns.nl) using Linux. The site refused me access, it was IE-only. This sparked a conversation with members of parliament about the need for open standards. Over a five year period I progressed from talking to opposition-MP's to meeting the economics minister directly and was able to significantly influence national policy despite total lack of funding or any specific mandate. On December 12th we achieved a stunning victory, the Dutch public sector will move to standardize on Open Documents Format and use opensource where comparable functionality is available in all new procurements as of 2008. Use of ODF as a public sector document standard will be mandatory in 2009. My talk will tell the tale of why we did it but mostly how we did it and how others can do it too in other countries around the world. How to get access to the power-that-be, how to get non-technical people interested in the subject. How to align your policy proposals with existing policies. While I'll do a short lead-in with some of the political reasons for wanting open standards and opensource in government IT I'll focus mainly on how to get results. From having no policy at all in 2002 the Dutch government has recently decided to mandate the use of open standards for all government institutions, health care, education, libraries and any other tax-funded organizations. Opensource software will receive preferential treatment. Details: 1. Why; opensource and open standards in government-IT Why this vital to our democracies, Good for our economy, Ultimately good for the effectiveness and efficiency of government, 2. Small beginnings; the importance of a trigger-events The Dutch situation – laggards in Europe, Access denied; being forced to buy proprietary software by government, Action; don't get mad, get even 3. Moving up; from the digital barricades to playing in parliament, Translating what you know is wrong with the world into viable policy, Cars & TV's; using analogies to explain concepts, Building relationships with key people, Machiavelli; being politically smart without losing your idealism 4. Having an impact; creating actual policy, So you finally got your 45 minute meeting with the minister, now what? Helping the politico's to shine, Building trust with the civil servants 5. Wrap-up Ghandi was right (ignore, laugh, fight, win), The Dutch policy in EU-context, exporting a good idea, Get ready for the counter-attack! The slide presentation and an English translation of the official policy document will be made available under Creative Commons licence. Arjen Kamphuis The Dutch plan in Slashdot Heisse in the Dutch plan (in German) CNN Money report on business impact Even MSNBC reports it! Nice english summary of the parlaiments desicions English translation of the policy document Norway doing the same thing Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 The talk in Google Video 23:00 01:00 Saal 2 space_communism Communism or Space first? Culture other en Following "Chaos und Kritische Theorie" from 23C3, another verbal battle: Oona Leganovic (aka Ijon Tichy) will promote the idea to sublate the capital relation and bring about communism first and only then to go to Space, because otherwise the earthly problems will be spread everywhere. Daniel Kulla (impersonating Captain Kathryn Janeway) will, on the other hand, defend the exploration humanism that once already ended the middle ages and of which can be expected to do the same to the crusted planetary commodity circus. No doubt, Earth is humanity's cradle once to be left behind for outer space. But should we do that as soon as possible hoping it will solve our social problems in the process? Or would it be better to solve them first, could it be these problems that won't allow us to pursue space exploration at all? Ijon Tichy from Stanislaw Lem's "Star Diaries" will exemplify the omnipresence of human error and improvisation. This will make for a strong argument to establish a society shaped by human condition rather than the exchange value, before going anywhere else. Captain Kathryn Janeway from Star Trek Voyager portrays the attempt to keep control over technology and social relations. While aiming at universal emancipation as well, she advocates a "first things first" doctrine and stresses the importance of horizon expansion, both in exploration and the quest for self-awareness. Oona Leganovic Daniel Kulla "Weltraumkommunismus" auf dem Camp '07 Videomitschnitt vom Camp (m4v, 144 MB) Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 11:30 01:00 Saal 3 grundlagen_der_sicheren_programmierung Typische Sicherheitslücken Hacking lecture de Dieser Vortrag bietet eine Übersicht über einige Dinge, welche man im Kopf behalten sollte, wenn man Software schreibt - vorausgesetzt, diese soll nachher nur von der Person benutzt werden, die sie auch betreibt. Die theoretischen Aspekte der Sicherheit werden mit Codebeispielen untermalt. In der Programmierung gilt Sicherheit oft als ein von Schamanen betriebenes und mit Zauberkraft gesichertes Geheimnis. Viele Leute predigen verschiedene Wege, sicheren Code zu schreiben. Die meisten dieser Wege laufen auf die Verwendung bestimmter Programmiersprachen hinaus. Im Laufe des Vortrages wird allerdings gezeigt, dass nur Sachkenntnis über die potentiell auftauchenden Probleme der Schlüssel zu einem sicheren Programm ist. Dabei richtet sich der Vortrag hauptsächlich an Leute, die sich nicht in ihrem alltäglichen Leben mit dem Finden von Sicherheitslücken in Software beschäftigen. Tonnerre Lombard Webseite mit den gezeigten Codefragmenten Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 12:45 01:00 Saal 3 introduction_in_mems Skills for very small ninjas Science lecture en MicroElectroMechanical Systems or MEMS are as part of micro system technology, systems with electrical and mechanical subsystems at the micro scale. It is basically an introduction in the technology and in its potential for hardware hacks and potential ways of homebrew devices. Compared to a micro processor, a small sensor or actuator, which normally consists of just one function a micro system combines the data acquisition, processing, and forwarding in itself. If this micro system now contains mechanical part to interact with its environment it is considered to be a MEMS. With constantly increasing experience in MEMS manufacturing the prices per system dropped and the use of the highly sophisticated devices move from strictly automotive, R&D and military applications into consumer products. The wiimote and the iPhone are just two well known products which improve the user experience by the intelligent use of the smart systems. The delay of invention and market introduction of MEMS is mostly caused by the substantial investments to be done to produce this kind of device. The most technologies commonly used until now are transfered from the microchip manufacturing. The so called silicon micromachining uses silicon single crystal disks (Wafers) in combination with batch lithography and etch processing to form the today available systems. This limitation to very difficult and expensive processes restricts the potential manufacture to companies already in the semiconductor business or companies with huge financial backup. Further more the limitation to a very few materials slows down the whole development in the micro scale because of the laking design freedom for the system developer. This is the reason that researcher all over the world try to move from Si to alternative material and work out processes and combination out of those that allow further miniaturization, bigger material lineup, dramatically decrease in investment costs. This talk is giving you an overview of available MEMS, there processes and restriction as well as future developments and the possibility of start of your own MEMS farm. Jens Kaufmann Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 14:00 01:00 Saal 3 openser_sip_server VoIP-Systeme mit OpenSER Hacking lecture de Der Vortrag stellt OpenSER und das Open Source Projekt dahinter vor. OpenSER ist ein flexiber und leistungsfähiger SIP Server, mit dem alle Arten von Voice over IP Infrastrukturen realisiert werden können. Er ist sowohl im DSL Router als Telefonanlage für die Wohngemeinschaft als auch von Carriern mit mehreren Millionen Kunden einsetzbar. Anhand dieser Beispiele werden einige gebräuchliche Einsatzszenarien aufgezeigt. Dafür ist es notwendig, kurz auf die Konfiguration, die Anbindung an Datenbanken und die wichtigsten Module einzugehen. Abschließend wird anhand des aktuellen Release 1.3 und der Roadmap die weitere Entwicklung des Projektes vorgestellt. Der OpenSER SIP Server ist eine leistungfähige Komponente zur Realisierung von Voice over IP Systemen. Im Gegensatz zu Asterisk ist OpenSER nur in der Lage, SIP Nachrichten zu verarbeiten, dies allerdings mit sehr effektiv. Der Server ist mit Hilfe seines Konfigurationsskripts und durch zahlreiche Module individuell an die verschiedensten Aufgaben anzupassen. Wichtige Bausteine eines VoIP Systems, wie Registrar, Proxy, Balancer, Location lassen sich einfach aufsetzen, es sind aber auch komplexe Applikationsserver mit vergleichsweise wenig Aufwand zu realisieren. Der Kern von OpenSER kümmert sich um grundlegende Aufgaben wie die Initialisierung von Modulen, die Speicherverwaltung und das Parsen von Nachrichten. Komplexere Dienste, wie beispielsweise die Datenbankanbindung oder Benutzerauthentifizierung sind über Module angebunden. Nun wird zunächst ein einfaches VoIP System mit den wichtigsten Bestandteilen vorgestellt, wie es für kleinere Benutzergruppen und geringere Anforderungen an die Verfügbarkeit gut geeignet ist. Beispielhaft werden anschließend weitere Komponenten hinzugefügt, wie ein Gateway zum Festnetz oder XMMP, oder ein Loadbalancer. Auf eine detaillierte Diskussion der Konfiguration oder Einrichtung wird verzichtet, der Fokus liegt mehr auf einer allgemeinen Darstellung der Herangehensweise bei der Implementierung von VoIP Diensten. Nach Darstellung des Servers wird noch kurz auf das dahinter stehende Projekt eingegangen. Am Beispiel des aktuellen Release 1.3 lässt sich gut die Projektphilosophie erkennen. Die Offenheit gegenüber Beteiligungen, sowohl von Einzelpersonen als auch professionellen Entwicklern, und regelmäßige und häufige Releases zeichnen das Projekt aus. Abschließend steht ein kurzer Überblick über die Neuigkeiten im aktuellen Release und ein Ausblick auf interessante anstehende Entwicklungen. Henning Westerholt OpenSER Dokumentation Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 16:00 01:00 Saal 3 getting_things_done Der Antiverpeil-Talk Culture lecture de Eine Einführung ins Antiverpeilen mit Tools und Techniken rund um David Allens "Getting Things Done"-Methodik. Verpeilen heißt etwas nicht auf die Reihe zu bekommen, obwohl man dazu in der Lage gewesen wäre. Die grundlegenden Ursachen des Verpeilens sind ein ständig durch Hintergrundtasks belegter Kopf und die Unentschlossenheit darüber, was man eigentlich machen wollte. Die naheliegende Lösung ist es, sein Gehirn auszulagern. Techniken, um dies zu erreichen, sind David Allens "natürliches Planungsmodell" und die Etablierung eines generischen Workflows. Zur Unterstützung dieser Techniken werden die Tools ThinkingRock, PocketMod und Freemind vorgestellt. ThinkingRock ist eine Art Todo-Liste auf Anabolika, PocketMods stellen sowas wie Papier-PDAs dar und Freemind ist eine Mindmapping-Software. Die vorgestellten Tools sind "plattformunabhänhig", d. h. zumindest für Mac, Linux und Windows verfügbar. Stephan Schmieder Keylearnings mindmap The Manual bei Amazon Slides from the same talk at mrmcd110b ThinkingRock - related tool Freemind - related tool Lifehack - related blog Zen Habits - related blog Life Optimizer - related blog im Griff - related blog das im Vortrag erwähnte Anti-Procrastination Tutorial Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 17:15 01:00 Saal 3 from_ring_zero_to_uid_zero A couple of stories about kernel exploiting Hacking lecture en The process of exploiting kernel based vulnerabilities is one of the topics which have received more attention (and kindled more interest) among security researchers, coders and addicted. Due to the intrinsic complexity of the kernel, each exploit has been mostly a story on itself, and very little work has been done into finding a general modelization and presenting general exploiting approaches for at least some common categories of bugs. Moreover, the main target has usually been the Linux operating system on the x86 architecture. This talk reprises and continues the attempt done in this direction with the Phrack64 paper “Attacking the Core: Kernel Explotation Notes” that we released six months ago. A more in-depth discussion of some Solaris kernel issue (both on x86 and SPARC) and a more detailed analysis of Race Conditions will be presented. sgrakkyu twiz Phrack #64: Attacking the Core : Kernel Exploiting Notes Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 18:30 01:00 Saal 3 haxe hacking a programming language Hacking lecture en haXe is a programming language for developing both server AND client side of a website. haXe can do Javascript/AJAX, Database access and even Flash and video streaming. All with one single programming language. Nicolas will introduce the basic concepts of haXe, show how to use haXe to create the different parts of a website or application and how we can tie them together elegantly. He will also introduce some tools that have been developed in haXe, such as the haxeVideo streaming server, the hxASM library for doing Flash9 assembler, and some games. He will finally talk about the possible futures of web development and how haXe is related to them. Nicolas Cannasse haXe website neko website hxASM website haxeVideo website 20:30 01:00 Saal 3 embedded_devices_reverse_engineering Hacking lecture en The event aims on reverse engineering small boxes you can buy at your local Saturn or Media Market like SOHO Routers. It will be presented what you can do to get access on a box. This lecture includes firmware reversing as well as opening the box, voiding the warranty and see what you can do. dash Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 21:45 01:00 Saal 3 openstreetmap 3 years done - 10 to go? Making lecture en The OpenStreetMap project has achieved remarkable successes in creating a free world map, and is growing fast. This talk gives an overview of what we do, why we do it, and what our data can be used for. The year 2007 has seen a lot of money thrown around for the acquisition of the world's two largest Geodata providers: TeleAtlas have been bought by TomTom for EUR 1.8 billion, and NavTeq by Nokia for EUR 5.7 billion. These transactions have revived the fear that the world may end up with a digital map monopoly, with users migrating to the provider with the most comprehensive data and then further strengthening its position by adding their own information. OpenStreetMap is the free and open alternative to commercial providers - where users collect GPS tracks and additional information and make that into a high-quality map. The Economist concluded an article about the aforementioned geodata big guns saying: "In time, such [OpenStreetMap] contributions could create a detailed, free map of the world. If so, TomTom's and Nokia's acquisitions would look very overpriced." This talk intends to give an overview about the technology, the methods and the community behind OpenStreetMap, explain what we've achieved so far, and of course why OpenStreetMap is twice as cool as anything you can buy for money. In true hacking spirit we will also demonstrate a few rather unconventional uses of our data. Frederik Ramm Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 23:00 01:00 Saal 3 camp_film Community movie en The Chaos Communication Camp 2007 was an international, five-day open-air event for hackers and associated life-forms... let's see what the documentation team made out of it. Kirian Scheuplein fh Julia Lüning CreAtmosFairy 2-4 dimensions design Chaos Communication Camp 2007 Website 11:30 01:00 Saal 1 spotter_guide_to_aacs_keys Hacking lecture en AACS is the DRM system used on HD-DVD and Blu-Ray discs. It is one of the most sophisticated DRM deployments to date. It includes around twelve different kinds of keys (in fact, even counting the different kinds of keys is non-trivial), three optional watermarking schemes, and four revocation mechanisms (for keys, hardware, players, and certain disc images). AACS has been repeatedly cracked. Its revocation mechanisms are intended to ensure that none of these cracks is permanent, but the evidence so far suggests that crackers will continue to win against it. The talk will explain the many types of AACS keys, how the system fits together, why it will keep breaking, and what Hollywood gains by using it anyway. We will also consider whether it is possible for DRM to be any more evil. Is BD+ (an optional, Blu-Ray only DRM system) going to be worse for users? Will future generations of DRM be worse? Or, if the free world can survive AACS, can it survive anything? Peter Eckersley Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 12:45 01:00 Saal 1 the_arctic_cold_war The silent battle for claiming and controlling the Arctic Society lecture en Russia, Canada, the United States and Denmark are each pushing for more control and access to the resources of the Arctic. In the balance hangs the future of an entire ecosystem and our planet. In August of 2007, a Russian submarine planted a flag under water claiming more territory on the sea bed of the arctic for Russia. Back home they were welcomed as heros, like cosmonauts returning from the moon. In the boardrooms of the state owned oil company, executives were already salivating about the alleged oil and gas reserves that lay untapped below their chunk of the arctic. Meanwhile in North America, similar salivating is taking place, as both Canada and the United States send military and civilian ships to claim their piece of the alleged pie. In between there's Greenland, administered by the Danes, who also realize there's money to made and national pride at stake. But what about the people of the earth? The communities, the ecosystem, both in the arctic and throughout the globe... What will happen to them if the Arctic meltrush goes into full throttle? This talk is about the new cold war, where nations and corporations carve up one of the most important regions on earth and fight amongst themselves for control.. for money.. for power. And as the melt-rush goes forward, citizens of the world are left in the dark about just what plans their governments have and what is at stake for every living thing on earth. Bicyclemark Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 14:00 01:00 Saal 1 random_things Look what I found under the carpet Hacking lecture en This talk will be similar to my unusual bugs talk last year. I'll present a couple of completely unrelated somewhat interesting and unusual things. Hence, a random collection of them. Here's a short summary of the things I'll cover: * Using OOB data to bypass IDS OOB data is an obscure feature of TCP. Although there are RFC's describing how this should be handled, the implementations of it vary, and it makes for an excellent candidate to hide data from IDS'. The most common case with OOB data is that applications don't have any measures in place to handle them, and it's up to the OS to decide what to do with it. The RFC says to just queue it up till the next OOB you get and then discard it, but not all operating systems do this. Another case is where an application does handle OOB data, and it's delivered to the application, which'll deal with it in its application specific way, there is _NO_ way an IDS can predict how the application deals with it. * /dev/[k]mem race conditions in suids Reading from /dev/[k]mem is tricky, it always has been. There is absolutely no way you can guarantee what you just read is still valid the nanosecond after you read it. Mostly because you can't lock the kernel from userspace (and rightfully so !). This leads to interesting synchronization issues where suid applications read certain kinds of data from /dev/[k]mem. Most interestingly it can lead to information leaks from the kernel, such as reading parts of the buffer cache, sniffing a person's tty, ... * TCP Fuzzer that goes beyond the 3-way-handshake Ah, fuzzers, my favorite tools for easy bughunting. Somewhere last year it occurred to me that there really aren't any decent fuzzers for fuzzing low level TCP handling. At least nothing that goes beyond the 3-way-handshake (commercial fuzzers that cost a metric asston of money don't count), which is quite a shame since handling all the cases correctly is quite complex and difficult to accomplish, surely some bugs are still leftover in this department. In this part of the talk I'll give a rundown of all the things taken into consideration for TCP fuzzing, and I'll present the preliminary results. This part of my talk is a joint cooperation with Dan Kaminsky. * snprintf() corner cases The safe alternative !!1! or maybe not. snprintf() is kind of an oddball. Certainly it's better than its older brother, but it does have its corner cases. The c99 spec is very clear on some of its properties (for example, guaranteeing 0-byte termination), but then also leaves open a lot (in case of errors occurring). Here I'll present all the corner cases I've ran into, some of them are very os specific, and show a couple of examples. c99 is assumed, any implementation that doesn't comply to it isn't considered (those are usually far more broken). Ilja Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 16:00 01:00 Saal 1 one_token_to_rule_them_all Post-Exploitation Fun in Windows Environments Hacking lecture en The defense techniques employed by large software manufacturers are getting better. This is particularly true of Microsoft who have improved the security of the software they make tremendously since their Trustworthy Computing initiative. Gone are the days of being able to penetrate any Microsoft system by firing off the RPC-DCOM exploit. The consequence of this is that post-exploitation has become increasingly important in order to "squeeze all the juice" out of every compromised system. Windows access tokens are integral to Microsoft's concept of single sign-on in an active directory environment. Compromising a system that has privileged tokens can allow for both local and domain privilege escalation. This talk aims to demonstrate just how devastating attacks of this form can be and introduces a new, open-source tool for penetration testers that provides powerful post-exploitation options for abusing tokens found residing on compromised systems. The functionality of this tool is also provided as a Meterpreter module for the Metasploit Framework to allow its use to be combined with the existing power of Metasploit. In addition, a complete methodology will be given for its use in penetration testing. This will include identifying tokens that can be used to access an otherwise secure target and then locating other systems that may house those tokens. A new vulnerability will also be revealed that appears to have been silently patched by Microsoft. The impact of this vulnerability is that privileged tokens can be found on systems long after the corresponding users have logged off. The talk will focus on introducing the audience to the concept of windows access tokens and how they are utilised within windows with a particular focus on their importance within windows forest/domain environments. The talk will then move on to demonstrate how their functionality can be abused for powerful post-exploitation options, culminating in a live demo of my tool being used to escalate privileges significantly after system compromises both locally and across a domain. Interesting, important and unexpected nuances of how these tokens behave will then be discussed to demonstrate how risk could be unknowingly exposed even by those who think they already have a grasp of these issues. The talk will then move focus towards the advantages of combining these techniques with the existing post-exploitation focussed meterpreter, which comes with the metasploit framework. Another live demo will then be given, showing how these techniques can be utilised from within a meterpreter session after having exploited a system with metasploit. The focus of the talk will then be shifted again to discuss how systems housing tokens with desirable privileges can be located on large networks, such that penetration attempts can be focussed on these. A live demo will be given of how this can achieved with my tool and then it will be discussed how these techniques can be incorporated into standard penetration testing methodologies such that it will often be possible to expose gaping holes in networks that would have otherwise been considered relatively secure. Finally, defence strategies will be dicussed in order for the audience to understand how best to defend themselves against these attacks. Luke Jennings Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 17:15 01:00 Saal 1 playstation_portable_cracking How In The End We Got It All! Hacking lecture en The Sony PSP is over 3 years old yet barely a day has gone by without some part of it getting attacked. This lecture will go through how hacker ingenuity and systematic failures in Sony's hardware, software and business practices ended up completely destroying the hand held's security including some previously unreleased information about how it was achieved. As one of the original authors of the free PSP SDK, various hacking and development tools as well as being a member of the Prometheus project (better known as team C+D) I am in a unique position to discuss many of these aspects of PSP cracking from bitter experience. The Playstation Portable has been the battle ground between Sony and a small group of hackers for close on three years with Sony implementing new security measures and bug fixing firmware updates to keep people out, all the while the hackers have found more unprotected areas to go after. What nobody had realised was Sony had lost from day one. The lecture will go into detail on a number of different topics related to the cracking of the PSP. An overview of how Sony tried to make the system secure will be presented, to give an idea of how it was supposed to work. Then details about the various classes of attacks that were successfully made against the device and how they each related to a failure in Sony's implementation in one way or another. There will also be discussion on how the firmware was so easily taken apart and what mistakes Sony made in making their design "cleaner" while giving the attackers means to extract kernel information. The final part will describe roughly how in the end the security was completely defeated culminating in Pandora's Battery and the customised initial program loader (IPL). A lot of this talk could be taken generally as a lessons learned lecture for Sony's designers, hopefully they don't take much of it on board. TyRaNiD Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 18:30 01:00 Saal 1 latest_trends_in_oracle_security Hacking lecture en Oracle databases are the leading databases in companies and organizations. In the last 3 years Oracle invested a lot of time and engery to make the databases more secure, adding new features ... but even 2007 most databases are easy to hack. This talk will describe the current status, the typical problems in customer installations and the trends for the future for Oracle Security. I will show some scenarios how to attack (and prevent) databases, abuse Oracle security features (like Oracle Transparent Database Encryption (TDE)) and the latest trends in SQL Injection (e.g. why a table "!rm -rF /" sometimes executes code). Alexander Kornbrust Homepage Red-Database-Security GmbH Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 20:30 01:00 Saal 1 security_nightmares Oder: worüber wir nächstes Jahr lachen werden Hacking lecture de Security Nightmares - der jährliche Rückblick auf die IT-Sicherheit und der Security-Glaskugelblick für's nächste Jahr. Security Nightmares betrachtet die Vergangenheit, Gegenwart und Zukunft von Sicherheitsvorfällen in der IT. Wir machen eine Rückschau auf unsere Vorhersagen vom letzten Jahr, unterhalten uns darüber, was sonst noch passiert ist, und wagen dann die Vorschau ins nächste Jahr. Ron Frank Rieger Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 21:45 01:00 Saal 1 closing_event Community lecture en Tim Pritlove Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 11:30 01:00 Saal 2 gplv3_auswirkungen Society lecture de Was der Umstieg auf die GPLv3 an Neuerungen mit sich bringt, welche Fehler beim Wechsel vermieden werden können und an welchen Stellen rechtliche Fragestellungen lauern, für deren Klärung technische Überlegungen nicht ausreichen, schildert dieser Vortrag. Im Sommer 2007 wurde die aktuelle Version 3 der GPL veröffentlicht. Dieser Vortrag wendet sich an Open-Source-Interessierte ohne rechtliche Vorkenntnisse, die vor der Entscheidung stehen, die GPL in der einen oder anderen Version einzusetzen. Bisher haben einige Open-Source-Projekte, darunter Samba, auf die neue Version gewechselt. Weitere wichtige Projekte werden folgen, sodass über kurz oder lang jeder Anwender und Entwickler damit rechnen muss, mit GPLv3-Software in Berührung zu kommen. Das Potential der GPL, rechtliche Auseinandersetzungen zu provozieren, ist deutlich gewachsen. Das liegt an neuen Klauseln, die Umgehungsversuche und Schwächungen der GPL unterbinden sollen. Die Umsetzung dieses Zieles führte zu einer Verrechtlichung von Sprache und Inhalt der GPL. Erstmals ist es möglich, die GPLv3 in manchen Punkten durch eigene Klauseln zu ergänzen, ohne sie zwingend verletzen zu müssen. Was im Einzelnen möglich und was davon ratsam ist, wird anhand einer Checkliste dargestellt. Schon der bloße Umstieg von der GPLv2 zur GPLv3 bietet ein paar Fallstricke, die zu vermeiden sind. Alle angesprochenen Themen werden aus der Sicht des deutschen Zivil- und Lizenzrechtes erläutert, welches nicht in allen Punkten mit dem US-amerikanischen Recht übereinstimmt. Rechtliche Vorkenntnisse werden nicht vorausgesetzt. Empfehlenswert sind allgemeine Vorkenntnisse über die GPL. Peter Voigt Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 12:45 01:00 Saal 2 smartcard_protocol_sniffing Hacking lecture en This talk will introduce you to the theoretical and practical issues involved in cloning/simulating existing smartcards. It is based on the lessons learned from cloning the Postcard (swiss debit card) issued by PostFinance. After a brief introduction into the syntax of smartcard protocols (basically ISO 7816-4), the talk will demonstrate techniques to capture the communication between a smartcard and a terminal with the help of a Javacard-based logger cardlet. The gathered information (the semantics of the protocol) can then be used for cloning the smartcard under investigation. Marc-André Beck Bernd R. Fix postcard-sicherheit.ch Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 14:00 01:00 Saal 2 ruby_on_rails_security Hacking lecture en This talk will focus on the security of the Ruby on Rails Web Framework. Some dos and don’ts will be presented along with security Best Practices for common attacks like session fixation, XSS, SQL injection, and deployment weaknesses. Even though Ruby on Rails introduces a lot of best practices to the developer, it is still quite easy for an imprudent programmer to forget that every web application is a potential target. Web application attacks like Cross Site Scripting or Cross Site Request Forgery are very popular these days and every Rails developer should have an idea about the different possibilities that his application presents to an attacker. This talk will cover most of the common web application vulnerabilities like Cross Site Scripting and Cross Site Request Forgery, SQL and Code injection, and deployment security and how they apply to Rails. Further Ruby on Rails specific issues like Rails plugin security, JavaScript/Ajax security, and Rails configuration will be examined and best practices introduced. Jonathan Weiss Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 16:00 01:00 Saal 2 eu_rfid_policy Developments 2007, Outlook 2008 Society lecture en Following the public consultation on Radio Frequency Identification (RFID) carried out in 2006 the European Commission set up an RFID Expert Group in July 2007, focussing on Privacy and Security. One of the groups tasks is to provide advice to the Commission on the content of a Recommendation to the member states, which shall set out the principles that public authorities and other stakeholders should apply in respect of RFID usage. European Digital Rights (EDRi) participates in this task as a member of the Expert Group. This session will provide an overview of the EU policy activities regarding RFID and Privacy in 2007 and give an outlook to activities planned for 2008. EDRi's positions on RFID and Privacy will be presented and, when published by the Commission before the event, the contents of the Recommendation to the member states will be presented and discussed in detail. Andreas Krisch edri.org Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 17:15 01:00 Saal 2 unusual_web_bugs A Web Hacker's Bag O' Tricks Hacking lecture en While many issues in web apps have been documented, and are fairly well known, I would like to shine some light on mostly unknown issues, and present some new techniques for exploiting previously unexploitable bugs. This lecture will not be an introduction to webappsec as many lectures are, so I will assume that everyone knows about common web vulnerabilities/exploits and why they are bad, and I will present a bunch of esoteric and previously unknown knowledge about how to exploit webapps, primarily those written in PHP, but some techniques are applicable to other languages, etc. kuza55 Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 18:30 01:00 Saal 2 i_know_who_you_clicked_last_summer A swiss army knife for automatic social investigation Hacking lecture en This talk introduces some techniques of social network analysis and graph theory. It aims at using simple approaches for getting interesting facts about networks. I will use the data of a popular community to demonstrate some of the techniques. 'I'm not stalking, I'm just investigating' - Who hasn't ever heard this sentence from one of their friends? Whether it concerns connecting people and interest groups or item recommendations - most of the possibilities of the WWW today are based on the idea of networking. MySpace, Facebook or its German counterpart StudiVZ, just to name a few, are very popular communities these days, which aim at connecting people. All of those communities can be modelled as social networks allowing an automatic analysis to reveal interesting facts. In this talk I would like to introduce some of the technologies one could use to analyze such a network. While the list of algorithms and approaches is long, I want to emphasize on the things one can find out even using simple techniques. In order to do so, I will work on some data collected from a popular community to show some possibilities of analyzing. My procedure will include an introduction to: * basic concepts of graphs and (social) networks * types of networks and possibilities for modelling * one-mode and two-mode networks * modelling possibilities * basic measures of networks and some algorithms of network and graph theory * connectivity * importance * paths and distances * fancy things you can do by enhancing everything with an ontology * example network analysis on the basis of a real community So, if you ever wanted to get an introduction to social network analysis, graph theory and its potentials, attend this talk! Svenja Schröder Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 20:30 01:00 Saal 2 abschlussbericht_fem Abschlussbericht Making lecture de Das Streaming-Team der FeM e.V. möchte zum Abschluss des 24C3 einen Überblick über die Streaming-Aktivitäten geben, ein paar Statistiken jonglieren und sonstige (Un-)Auffälligkeiten und Stories berichten. Außerdem gibt es einen Bericht des Encoding-Teams über die eingesetzten Techniken zur Bereitstellung der 24C3-Videos. Sway Felix von Leitner Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 11:30 01:00 Saal 3 no_ooxml Against Microsoft Office's broken standard Society lecture en Microsoft is currently trying to buy an ISO stamp for their flawed Office OpenXML (OOXML) specification. While there is already another ISO standard for the same purpose (ODF or ISO26300), Microsoft has decided to not implement it, and push for its own standard instead. Doug Mahugh, Microsoft's Open XML campaign leader, clearly explained Microsoft's motivations: "Office is a USD$10 billion revenue generator for the company." When ODF was made an ISO standard, Microsoft had to react quickly as certain governments have procurement policies which prefer ISO standards. Ecma and OASIS are "international standards", but ISO is the international "Gold Standard". Microsoft therefore had to rush this standard through. It's a simple matter of commercial interests! Benjamin Henrion Say NO to Microsoft Office broken standard Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 12:45 01:00 Saal 3 overtaking_proprietary_software "a few rough insights on sharpening free software" Society lecture en Free or "Open-Source" software, and in particular Linux, is doing extremely well technically. However, it fails to secure a significant portion of the protected, lucrative software market, especially for end-users. Can Free Software finally make a full entry into our society? The main obstacles to overcoming the domination of proprietary software, most of them non-technical, require thinking outside of code-writing. "Overtaking Proprietary Software Without Writing Code" will relate experience gained from the activities of the GNU/Linux Matters non-profit, and provide some hands-on advice for community members, taking a handful of relevant examples. Pre-requisites are: A good understanding of the notion of Free/"open-source" Software and some of the main themes that surround it, such as DRM. There is no particular technical knowledge required. Olivier Cleynen GNU/Linux Matters non-profit Speaker personal page Video recording of talk (MKV file) Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 14:00 01:00 Saal 3 dining_cryptographers Even slower than Tor and JAP together! Science lecture en Imi gives an introduction into the idea behind DC networks, how and why they work. With demonstration! Back in 1988, David Chaum proposed a protocol for perfect untracable communication. And it was completly different to the (former invented) Mix Cascades. While the Mixes got all the press (heard of "Tor" and "JAP"? Told you!), the idea of DC networks were silently ignored by the majority of the community. This talk is to show how DC networks work, why they are secure and presents an implementation. Immanuel Scholz DC Network Client (Java WebStart) Source Code to the DC Network Client Slides Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 16:00 01:00 Saal 3 lieber_cyborg_als_goettin Politischer Hacktivismus und Cyborgfeminismus Society lecture de Das Cyborgmanifest verbindet die Analyse der heutigen Gesellschaft als "Informatik der Herrschaft" mit dem Aufruf von politischem, kreativem Umgang mit Technik, der Möglichkeit des Angreifens von Machtstrukturen und mit der Überwindung der starren Grenzen zwischen den Geschlechtern. Donna Haraway ist in Wissenschaftsbereichen wie Biologie und Gender durchaus bekannt. Sie gilt als Naturwissenschaftshistorikerin, Biologin und ist Professorin für feministische Theorien und Technoscience. Doch wenn sie Professorin für Technoscience ist und durchaus in der Wissenschaft keine Unbekannte, warum hat sie noch keinen Eingang bei Technik- und insbesondere Hackerkonferenzen gefunden? Und insbesondere nicht ihr Cyborg-Manifest, wo es doch selbst im Titel schon Anknüpfungspunkte zu Technikfreaks hat? Im Vortrag soll versucht werden, die wichtigsten Thesen Donna Haraways Cyborg-Manifests zu erläutern: * Wir sind alle Cyborgs * Cyborgs und der jetzige Stand der Naturwissenschaften verhelfen zu Grenzüberschreitungen (und damit zum "Postfeminismus") * Wir leben inzwischen in der "Informatik der Herrschaft" * politischer Aktivismus durch Bildung partieller Identitäten Doch was hat das Ganze mit Hackerinnen und Hackern zu tun? Im Cyborg-Manifest scheinen diese direkt angesprochen zu werden: als Hoffnungsträger zur Veränderung der Welt, da Hackerinnen/Hacker, wenn sie nur wollten, zur Veränderung der Welt beitragen könnten. Insofern soll der Vortrag nicht nur einfach auf wissenschaftlicher Ebene das Cyborg-Manifest mit all den Hoffnungen auf eine bessere Welt vorstellen, sondern auch versuchen, diese Theorie auf eine praktische Ebene zu holen und Hacker/Hackerinnen zu politischen Aktivismus aufzufordern. Cyworg Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264 17:15 02:15 Saal 3 lightning_talks_2007_day_4 lightning en Hannes Torrent of the video recording for this event in Matroska / Vorbis / H.264 Torrent of the video recording for this event in MPEG-4 / AAC-LC / H.264