25th Chaos Communication CongressNothing to hidebcc - Berliner Congress CenterBerlin2008-12-272008-12-3041.4.2.304:0000:1510:0001:00Saal 1keynote_nothing_to_hideOpening and Keynote "Nothing to hide"lectureenSandro GayckenJohn Gilmore11:3001:00Saal 1datenpannenDatenpannenForderungen nach dem Jahr der DatenverbrechenlecturedeWer nichts zu verbergen hat, hat nichts zu befürchten? Die zuständigen Mitarbeiter halten sich strikt an das Gesetz? Überwachung hat für die Betroffenen keine negativen Folgen? Im Jahr 2008 sind diese Irrtümer so häufig widerlegt worden wie noch nie: Datenskandale bei LIDL, Telekom und dutzenden anderen, per Internet zugängliche Meldedaten, Massenverkauf von Bank- und Telefondaten – eine Liste ohne Ende im Datenskandaljahr 2008.Wir nehmen die wichtigsten deutschen Datenskandale des Jahres unter die Lupe. Was war die Ursache? Welche Rechte habe ich als (möglicherweise) Betroffener? Und wie kann man das in Zukunft verhindern?
Damit ist es aber nicht getan, wir wollen gleichzeitig die Forderungen formulieren und diskutieren, die aus diesen Vorfällen folgen. Mit Schäubles neuem kleinen Datenschutzgesetz-Update wird sich jedenfalls nichts grundlegend ändern, daher ist es Zeit, unsere Vorstellungen für die Zukunft des Datenschutzes zu artikulieren.Constanze KurzPatrick Breyer12:4501:00Saal 1the_trust_situationThe Trust SituationWhy the idea of data protection slowly turns out to be defectivelectureenIn many social situations, people start to adjust their behaviour due to surveillance. Inspired by more and more cases of breaches of data protection regulations, an erosion of trust into these regulations and those who forfeit them can be seen. The consequences of this are grim. Either we abolish surveillance technologies or the idea of "informational self-determination". Surveillance is beginning to show us some first substantial side effects. As its mere technological existence is sufficient to evoke the impression of potential identification in any situation, many people in special situations who fear repercussions emerging from such identification are beginning to be substantially manipulated by surveillance. People in need of aid such as troubled families or drug addicts stop seeking aid as they fear that they will be identified and observed closely henceforth. Informants of the press cannot rely on their anonymity anymore as they know that this can just not be guaranteed anymore. The same applies to witnesses and defendants. They fear telling details of their cases to their own lawyers as they know for a fact that those can be wiretapped too.
Thus what we see is that many social arrangements needed in a just and democratic society or arranged in solidarity actually start to crumble. A decisive thing to note about this now is that data protection regulations do not prevent these people from alterting their behaviour anymore. As data protection needs a situation of trust into many things - the law, science, technology, companies - and as this trust is betrayed more and more often, the mere technological possibility of surveillance becomes more and more sufficient to produce these effects. Thus the idea of data protection to ex post facto regulate the use of surveillance technologies and data is now at its limits. Admitting this, the consequences are grim. Either the technologies themselves have to be abolished again - and that's not going to happen - or the idea of "informational self-determination" has to be given up. And that's "Goodbye freedom".Sandro Gaycken14:0001:00Saal 1hackerparagraph_202cDer Hackerparagraph 202c StGBBestandsaufnahme und AuswirkungenlecturedeEs wird Zeit, dass wir mal über die Dinge sprechen, die wir seit dem Inkrafttreten des Hackerparagraphen nicht mehr machen können.
Und die Dinge, bei denen wir uns nicht sicher sind, ob wir sie machen können, und daher lieber sein lassen.Wir haben als Auswirkungen des Hackertoolverbots diverse üble Dinge vorhergesagt. Jetzt ist Zeit, mal zu gucken, was daraus geworden ist. Sind die Vorhersagen eingetroffen? Beschneiden wir Hacker uns in unserer Arbeit? Finden coole Projekte noch statt oder sind sie abgewandert?Felix von LeitnerJürgen SchmidtJan Müntherlexi16:0001:00Saal 1building_hackerspacesBuilding an international movement: hackerspaces.orgWhat we did so far. What will happen in the future.podiumenWe live in interesting times to build hacker spaces: physical spaces where hackers make things, inspired by European models, pop up everywhere. Whether you need inspiration to build your own hacker space or want an update on what happened in places like New York City, Washington D.C., San Francisco, or Vienna since last year: This international panel will provide you with insight.We have come a long way since 2007. Looking at how things are done in Europe has inspired several new spaces in interesting corners of the world. What started as research at last year's Chaos Communication Camp and a talk on design principles for hacker spaces at 24C3 didn't stop there. Turning the theory of places for people, tools, and Club-Mate into an international movement, we have recently launched hackerspaces.org as a central hub for information exchange world wide. So far, the results are amazing: Spaces from almost all continents have joined us, and stories of success and inspiration can be told.
It doesn't take you very much to join: Four people can start a sustainable hacker space. There are few excuses left for not joining the global hacker space movement with a place of your own. This panel will cover building a hacker space, fab labs, co-working spaces, and other tech-oriented "third spaces".BreNick FarrJens OhligJacob AppelbaumPhilippe LangloisEnki17:1501:00Saal 1terrorist_all_starsTerrorist All-StarsSome cases of terrorism around the world that are not terrorist at alllectureenAfter more than a year of mostly dealing with the terrorism investigation against my partner Andrej Holm, and the resulting total surveillance directed at him and our family, it has become more quiet lately for us. The investigation is *still* going on though.
In the course of my new preoccupation 'terrorism' I keep hearing about similarly absurd cases of such investigations. All different, but all with analogies. All hard to bear for those who are subjected tot them. The talk will introduce some cases and search for patterns in cases against 'terrorists' who are clearly not terrorists.Some of the cases I'd like to present some details about:
Two researchers from Nottingham, UK, were arrested after one of them had downloaded (quite legally) an Al-Qaeda handbook and the other had helped him print it. The latter barely avoided being deported to Marocco as a result. -> freehicham.co.uk
Portugal has passed a new law against terrorism after 9/11. Next to several cases against right-wingers there is one investigation going on against anti-authoritarian political activists, who destroyed a genetically modified corn field, in broad daylight and with media accompanying them. There is video coverage of this. They are now awaiting trial. -> solimove.liveinfo.nl
Ten animal rights activists from Austria will face trial eventually after having spent more than three months in pre-trial detention. They are accused of forming a criminal organisation, based mainly on the assumption of 'conspiratorial behaviour' (they used encryption) and the fact that they active in the field of animal rights or animal protection -> antirep2008.lnxnt.org.
New Zealand also has a new 'Terrorism Suppression Act', and the first case was opened againt 17 people, partly Maori, partly white, who are accused of having violated the Arms Act. The terrorism charge has in the meantime been dropped, but pre trial hearings started were in September and opened in October -> october15thsolidarity.info
Along with these cases I will mention several German cases of so-called terrorism that were dropped by the prosecutor this year. They include one against alleged members of the 'militant group' (same charge as Andrej, but different people), one against the alleged members of the 'militant campaig against the G8 summit' (as was invented by the prosecutor) and a third against approx. ten young antifascist activists in a small town in northern Germany. Anne Roth18:3001:00Saal 1das_grundrecht_auf_digitale_intimsphaereDas Grundrecht auf digitale IntimsphäreFestplattenbeschlagnahme in neuem LichtlecturedeDas Bundesverfassungsgericht hat uns anläßlich der Verfassungsbeschwerde gegen das nordrhein-westfälische Verfassungsschutzgesetz ein neues Grundrecht auf Gewährleistung der Vertraulichkeit und Integrität von informationstechnischen Systemen geschenkt. Damit wurden für den Einsatz des geplanten Bundestrojaners zwar genaue Regelungen getroffen, aber was ist eigentlich mit den tausenden Festplatten, die jedes Jahr in Deutschland beschlagnahmt werden?Wir wollen den Wortlaut und den Sinngehalt des neuen Grundrechts und die Folgen daraus hinsichtlich der Auswertung von beschlagnahmten Festplatten analysieren. Müßte nicht der vielzitierte "absolut geschützte Kernbereich der privaten Lebensgestaltung" auch beachtet werden, wenn digitale Speicher nach einer Beschlagnahme ausgewertet werden? Was steht dazu im Urteil zur Online-Durchsuchung und welche Änderungen sollten daraus in der Praxis folgen?
Um diese Fragen zu beantworten, werden wir zunächst den heutigen Alltag der Festplattenbeschlagnahme und -auswertung beschreiben. Wie eine grundrechtskonforme zukünftige Praxis aussehen kann, wollen wir dann skizzieren.Constanze KurzUlf Buermeyer20:3001:00Saal 1hacking_the_iphoneHacking the iPhonePwning Apple's Mobile Internet DevicelectureenApple's iPhone has made a tremendous impact on the smartphone market and the public consciousness, but it has also highlighted their desire to carefully control the device with draconian restrictions. These restrictions prevent users from choosing to run third-party applications unauthorized by Apple and using the devices on carriers not approved by Apple.Since its release, a tremendous amount of effort has been made to remove these restrictions for the benefit of the community. A year later, we have now learned much about its inner workings and have methods to circumvent these restrictions. This talk will summarize what we have learned about the internal architecture of the iPhone platform, its security, and the ways we have found to defeat these security measures.MuscleNerdpyteyplanetbeing
Our website/wiki
Our blog
21:4501:00Saal 1cold_boot_attacksAdvanced memory forensics: The Cold Boot AttacksRecovering keys and other secrets after power offlectureenContrary to popular assumption, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at operating temperatures and even if removed from a motherboard. Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images.We show that this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access. We use cold reboots to mount attacks on popular disk encryption systems — BitLocker, FileVault, dm-crypt, and TrueCrypt — using no special devices or materials. We experimentally characterize the extent and predictability of memory remanence and report that remanence times can be increased dramatically with simple techniques. We offer new algorithms for finding cryptographic keys in memory images and for correcting errors caused by bit decay. Though we discuss several strategies for partially mitigating these risks, we know of no simple remedy that would eliminate them.Jacob Appelbaum
http://citp.princeton.edu/memory/
http://citp.princeton.edu/memory/code/
http://www.appelbaum.net
23:0001:00Saal 1why_were_we_so_vulnerable_to_the_dns_vulnerabilityWhy were we so vulnerable to the DNS vulnerability?lectureenSSL wasn't enough. Encryption is nonexistent. Autoupdaters are horribly broken. Why is all this the case?Dan Kaminsky00:0001:00Saal 1kurt_goedelKurt Gödel – I do not fit into this centuryEin audiovisuelles Live-FeaturelecturedeManche bezeichnen ihn als größten Logiker seit Aristoteles: Der 1906 geborene Wiener Mathematiker Kurt Gödel rührte ab 1930 mit seinen Unvollständigkeitssätzen an den Grundfesten der Mathematik. Er wies nach, daß es in jedem formalen logischen System Fragen gibt, die unentscheidbar sind. Sein Arbeitsleben verbrachte der Wissenschaftler, der wie viele Kollegen aus Europa fliehen mußte, am berühmten Institute for Advanced Study in Princeton – dem Mekka der modernen Mathematik. Der introvertierte Mensch Kurt Gödel schwankte dabei Zeit seines Lebens zwischen Genie und Wahnsinn, hatte zahlreiche Neurosen und eine ausgeprägte Paranoia.Das live gesprochene audiovisuelle Feature der Hörspielwerkstatt der Humboldt-Universität zu Berlin dokumentiert Leben und Werk des Mathematikers in Wort und Bild mit Musik.Ina KwasniewskiMarcus RichterConstanze KurzKai Kittler
Texte früherer Features
12:4501:00Saal 2u23_the_hackerspaces_junior_academyU23The Hackerspace's Junior AcademylecturedeOrganize and operate a workshop for young people. Show them how your hackerspace works. Gain their attraction in having fun with hardware, electronics, microprocessors, software or hacking. Become known to new persons. Create networks of brains for new, cool projects. Let them experience the amazing power of teamwork!In 2002, some people at the Chaos Computer Club Cologne discussed, how they could attract young people, especially students and pupils, to the ideas and lifestyle of a hacker, and gain new members. The result of this discussion was the concept for a project directed at young nerds and geeks, featuring a challenge which is only solvable as a group. This idea turned out to be so successful, that up to now there have been six recurrences.
The talk will explain the main design patterns which evolved in this six year period. We will introduce our motivation and goals for this project, and present the patterns for preparation, implementation and review.
We will save some time at the end for a short Q&A session, and fd0 is available in the hardware hacking room (in the basement) for a chat.fd0Lars Weiler
U23 at CCC Cologne
AVR development board used in U23 2008
14:0001:00Saal 2solar_powering_your_geek_gearSolar-powering your Geek GearAlternative and mobile power for all your little toyslectureenThis talk will show you how to solar-power your laptop, PDA, cell phone, portable fridge or almost any other small device. Topics discussed include choosing the right solar panel, using (or not using) a voltage regulator, buffering the energy, some real applications as well as instructions on how to build a small and simple device to measure your power and energy savings.Do you want to use your laptop in the garden or in the park without needing to pull long cords? Need to recharge your cell phone, PDA or camera in the wilderness? Are you just curious about solar energy or just want to keep your drinks cool on a hot summer day? Well, then you should attend this lecture!
Contents of the lecture:
* Motivation
* Decide what you want to have powered
* Choosing the appropriate solar panel
* Connectors, adapters, plugs
* The universal Buck/Boost voltage regulator
* Building your own device to measure voltage, current, power and energy
* Applicationsscript
Power and Energy-meter
Solar-powering your geek gear
16:0001:00Saal 2cyborgs_and_gargoylesAbout Cyborgs and GargoylesState of the Art in Wearable ComputinglectureenIn this talk I present the current state of wearable computing, computing as common and useful as clothes, focusing on activity recognition (the inference of the users current actions) using on-body sensors (accelerometers, gyroscopes and other modalities), explaining possibilities, dealing with challenges and limitations and presenting some perils.
Introduction
The visions of ubiquitous / pervasive computing more and more becomereality. Everyday, we are surrounded by a multitude of computing devices. However, as of today, they fulfill very limited functionality and often are more distractive than useful. In my talk I will present research efforts to eliminate this gap and to enable everyday technology to support us during real life without hinderance or annoyances focusing on wearable technology. Using portable devices that accompany us like clothes, we are supported by computing not relying on any kind of infrastructure and augmented spaces. I focus in my talk specifically on the state of the art in activity and context recognition.
Application scenarios
First, I will give some application scenarios from European Union Projects, we at the Embedded Systems Lab at the university of Passau are currently involved in. This includes WearIT@Work, a 30 Million Euro integrated project with over fifty partners. I will show short movies about some work we did at Skoda to support assembly line work and work involving maintenance work support for Zeiss technicians using Heads-up displays.
The next application scenario to tackle is Healthcare. Here we work closely with the Hospital in Steyr, Austria, supporting doctors doing their rounds using RFID technology and capacitve sensing. Another aspect is also health and lifestyle, an interesting personal hobby project involves trying to recongize Kung-Fu and Tai Chi gestures.
Enabling technologies
In this seciton of the talk, I will go into more details about what sensors and modalities can be used to detect which activities/ user states etc. From the pervasive accelerometers and gyroscopes integrated in a lot of gadgets (from mobile phones to entertainment consoles) over using a in-ear microphone to get chewing sounds and detect some kinds of food to a mobile phone that can detect the types of surfaces using simply vibration and audio fingerprinting. Other enabling technologies developed at ESL Passau include magnetic coils for distance measurements and fabric stretch sensors for muscle activity.
Most state of the art context and activity recognition techniques rely on a fixed number of sensors with known position and orientation. As part of an effort to facilitate wearable activity recognition using dynamically changing sets of sensors integrated in everyday appliances such as phones, PDAs, watches, headsets we try to tackle some key issues of such systems as detecting automatically on-body device position and developing displacement indifferent classification algorithms. I will also mention a context logger application developed by Tobias Franke, a student writing his diploma thesis at our institute. The application enables to save data from the iPhone "sensors": audio, acceleration etc. to file and label it with some acitivity/ state label for later analysis.
Opportunistic Sensing
In this section, I will present some problems with current activity/context recognition technologies and our efforts to overcome them.
Finally, we will assess how useful these technologies and what possible privacy issues are.
Kai Kunze
ESL Uni Passau website
Effort to simplify activity recognition
ESL wiki (with Tutorials etc.)
Context Logger Blog
Context Recognition Network Toolbox
18:3001:00Saal 2chip_reverse_engineeringChip Reverse EngineeringlectureenCryptographic algorithms are often kept secret in the false belief that this provides security. To find and analyze these algorithms, we reverse-engineering the silicon chips that implement them.With simple tools, we open the chips, take pictures, and analyze their internal structures. The talk provides all the details you need to start reversing chips yourself. Happy hacking!Karsten Nohlstarbug20:3001:00Saal 2beyong_asimovBeyond Asimov - Laws for RobotsDeveloping rules for autonomous systemslectureenRobotic systems become more and more autonomous, and telepresence develops very rapidly. But what happens if things go wrong? Who is responsible for that autonomous cleaning car murdering tourists? How can you identify the owner of that spy-drone filming you naked at the pool? This talk outlines some ideas to trigger a debate on how to deal with these problems, without stifling innovation and fun.Asimovs three laws of robotics are the first thing that comes to mind when the "how should robots be regulated" question comes up. However, with the current level of technology these "laws" are irrelevant and can not be implemented. But we need other rules and laws to govern the use of autonomous and telepresence systems. Clear responsibilities need to be defined and enforced, without stifling innovation, development and fun.
The talk will suggest the development of a "P2P TÜV" system for people and groups who build autonomous and telepresence systems before there are relevant official laws and regulations. The core idea is to think out and test practical ways to cope with the risks and uncertainties, so that there is a relevant body of experiences when the debates about official laws and rules begin. Building on the experience of the experimental aircraft movement, a P2P sanity and safety check system seems to be the right way to do this.
The second part of the talk will discuss possible regulation areas like laws, insurance rules, type approvals and number plates where experiences can be drawn from existing fields of technology regulation like steam engines and cars. Developing a position of the hobbyist and hacker community on robotic law may seem a bit early. But experience shows that technology development is fast and we need to come up with suggestions and ideas before a mad luddite mob does, or hordes of armed robocops roam the streets and skies.Frank Rieger21:4501:00Saal 2locating_almost_any_mobile_phone_using_ss7Locating Mobile Phones using SS7lectureenYou are used to your mobile phone number following you around the globe. But the same functionality that makes you reachable worldwide can also be used to track your whereabouts down to city-level – without you ever knowing about it.This talk will explain what SS7 features are exploited for locating mobile phones, how the returned information has to be interpreted and what you can (and can't) do against being located that way without having to turn off your phone altogether.Tobias Engel23:0001:00Saal 2corebootcoreboot: Beyond The Final FrontierOpen source BIOS replacement with a radical approach to boot.lectureenThe BIOS and it's successor EFI are considered by many to be the final frontier for open source software in commodity PCs. This talk describes the BIOS replacement coreboot (formerly LinuxBIOS) and the projects surrounding it.The closed nature of traditional firmware is starting to cause concern even on the government level, as awareness for BIOS malware risks is increasing.
The presentation describes coreboot, supplementary tools such as buildrom, flashrom, superiotool and nvramtool, and some popular payloads that combine with coreboot to make up the firmware: FILO, EtherBoot, SeaBIOS, Memtest86, tint, Linux, coreinfo, bayou and libpayload featuring tinycurses, which turns simple applications into instant-on appliances. Finally there will be a demonstration of coreboot running on hardware.Peter Stuge
coreboot
12:4501:00Saal 3faifa_oensource_plc_toolFAIFA: A first open source PLC toolPowerLineCommunications has now their open source toollectureenPLC (PowerLineCommunications) had been widely used currently for the in-home LANs and for Internet access over PowerLineCommunications based on the market standard called HomePlug. Electricity is a great medium to transport data over existing cables in-home and outdoor but gives the network an old-school flavor of the behaviour of the hub where all stations share the medium. In this lecture, we present the freshly released FAIFA open source software that can be used to audit the security of PLC networks and script some flawnesses of the PLC devices.PLC will definitely be one of the main LANs technology for in-buildings, in-home and collectivities IP connectivities in developed and undeveloped countries. PLC describes the technology used to developp MAC layer networks over existing power cables (110/220V - 50/60Hz) and TV cables in-building, in-homes and over public electrical networks.
This talk will describe the FAIFA tool and the technical overview of the current PowerLineCommunications technologies by outlining the following content:
* Overview of the PLC Networks
- Introduction to the PLC, brief history of the technology
- Technologies underlying the PLC (PHY and MAC layer)
- Current status of the technology and security issues
* Description of the HomePlug AV standard
- Different generations of chips and vendors
- Possible Hacking targets (chip's architecture, on-chip system, managment of the chip)
- PLC flooding, managment ARP spoofing, RAM dumping
* Description and demo of the FAIFA tool
- Full description of the FAIFA features
- Hacking audit using FAIFA
- Call for contributions and developersFlorianXavier Carcelle
http://open-plc.org
14:0001:00Saal 3security_failures_in_smart_card_payment_systemsSecurity Failures in Smart Card Payment SystemsTampering the Tamper-ProoflectureenPIN entry devices (PED) are used in the Chip & PIN (EMV) system to process customers' card details and PINs in stores world-wide. Because of the highly sensitive information they handle, PEDs are subject to an extensive security evaluation procedure. We have demonstrated that the tamper protection of two popular PEDs can be easily circumvented with a paperclip, some basic technical skills, and off-the-shelf electronics.PIN entry devices (PEDs) are critical security components in Chip & PIN (EMV) smartcard payment systems as they receive a customer's card and PIN. Their approval is subject to an extensive suite of evaluation and certification procedures. We have demonstrated that the tamper proofing of PEDs is unsatisfactory, as is the certification process.
This talk will discuss practical low-cost attacks on two certified, widely-deployed PEDs – the Ingenico i3300 and the Dione Xtreme. By tapping inadequately protected smartcard communications, an attacker with basic technical skills can expose card details and PINs, leaving cardholders open to fraud. The talk will describe the anti-tampering mechanisms of the two PEDs and show that, while the specific protection measures mostly work as intended, critical vulnerabilities arise because of the poor integration of cryptographic, physical and procedural protection.
These failures are important not only because they allow fraud to be committed, but also because of their affect on customer liability. As Chip & PIN was claimed to be foolproof, victims of fraud often find themselves accused of being negligent, or even complicit in the crime. The results of this work will help customers in this position argue that their losses should be refunded.Steven J. Murdoch
Further information
16:0001:00Saal 3hacking_and_fingerprinting_rfidRF fingerprinting of RFIDlectureenIn the lecture portion of this workshop we will present an overview of existing and our own novel methods for hacking electronic passports and driver's licenses including novel radio frequency fingerprinting techniques.
In the the hands-on section we will show participants entering with basic radio experience how to conduct experiments with RFID and reverse engineer proprietary protocols.High frequency proximity transponders (RFID tags) are already present in most new passports, and will soon be in new generations of driver's licenses. In general the data on these tags is "protected by cryptography". In part 1 of this presentation (lecture) we will explore the wealth of information obtainable from electronic passports and driver's licenses without attacking the cryptography itself. We will ignore the application layer where this crypto resides, and focus on protocol and physical layer weaknesses. We will present related work by a variety of authors, as well as novel as-yet unpublished work of our own which promises to provide better fingerprinting of passports and driver's licenses than any previously demonstrated techniques.
In part 2 (workshop) we will examine in depth different options for RFID hacking and reverse engineering, both on the reader side and the card side, from the physical layer up to the application layer. We will show hands-on the process of data acquisition for RF fingerprinting. Participants in the workshop will come away with knowledge sufficient to begin their own RFID experiments including reverse engineering of proprietary protocols.cryptocratBoris Danev17:1501:00Saal 3global_scale_incident_response_and_respondersJust Estonia and Georgia?Global-scale Incident Response and ResponderslectureenEstonia and Georgia are just two examples of where global scale cooperation is required for handling security incidents on the Internet.
DDoS, fast spreading worm and "CYBER WARFARE" are miniature examples of what the Internet faces every day. In this talk we will discuss how incidents are handled and specific case studies to illustrate it.
How is such large scale incident response handled? Who handles it?
Is that how it should be working?
What do YOU do if you need to initiate it, and should you just pray instead? :o)
Gadi Evron18:3001:00Saal 3erich_muehsamErich Mühsams Tagebücher in der FestungshaftEin Idylle aus der Analogsteinzeit der ÜberwachunglecturedeWährend seiner Festungshaft (1920-1924) wurden dem Dichter und Anarchisten Erich Mühsam mehrfach die Tagebücher konfisziert, ausgewertet und (teils öffentlich) gegen ihn verwendet. Der Vortrag schildert, welche absurden Bumerangwirkungen sich aus diesem Übergriff ergeben haben. Er fragt, inwieweit das, was im Rückblick als Entgleisung präfaschistischen Klassenjustizvollzugs erscheint, heute allgemeiner Standard zu werden droht und welche Abwehrstrategien sich aus der analogen Urgeschichte fruchtbar machen lassen.Johannes Ullmaier20:3001:00Saal 3cracking_msp430_blCracking the MSP430 BSLPart TwolectureenThe Texas Instruments MSP430 low-power microcontroller is used in many medical, industrial, and consumer devices. When its JTAG fuse is blown, the device's firmware is kept private only a serial bootstrap loader (BSL), certain revisions of which are vulnerable to a side-channel timing analysis attack. This talk continues that from Black Hat USA by describing the speaker's adventures in creating a hardware device for exploiting this vulnerability.While the previous part focused on the discovery of the timing vulnerability and its origin, this lecture will focus on the exploitation. Topics include a brief review of the vulnerability itself, PCB design and fabrication, the malicious stretching of timing in a bit-banged serial port, observation of timing differences on the order of a microsecond, and the hell of debugging such a device.Travis Goodspeed
Slides
21:4501:00Saal 3greater_security_critical_behavior_in_europeCollapsing the European security architectureMore security-critical behaviour in Europe!lectureenAt the latest since 9/11, the EU took severe changes in their home affairs policy. New agreements and institutions were created to facilitate police networking (Europol, Frontex, CEPOL, new databases and their shared access). The european "cross border crime fighting" has become an EU framework. Providing that this should help to win a "war on terrorism", lots of the changes follow the US model of "Homeland Security". Risks" should be minimized by taking more and more "proactive" measures and foresee possible "threats". This includes the development of an "Homeland Security Industrial Complex", whose budget is growing rapidly since 2001. The EU set up the research program "FP7", that should help to find technical solutions for the discrete, but efficient surveillance and control. Both the research and the implementation of these new technologies are common projects of the security industry, military and police. This includes the usage of satellite pictures (whose resolution is now down to 50cm), drones (that are used in the EU already for catching migrants), geo-data/ mapping and several technics for border control. Satellites help to detect for example automatically deviant behaviour of vehicles (like migrants vessels).
Large changes are on their way to master the "data tsunami" (as the EU ministers of interior call it). The problem for authorities is not anymore the gathering of data, but the processing. Streams are getting broader by transmitting real time data such as digital surveillance cameras (replacing the analog systems), biometrics, interception of communication data, command control units etc. The industry offers a variety of software to support the police to navigate within the immense flood of data. This software is sometimes pure investigative, used for datamining, but might be used also on risk profiling and foreseeing crimes (which is the "evolution of crime fighting", as the developper proudly states). Police laws are to be changed for allowing the usage of software.
In the lecture we try to show the changes inside the EU towards a common politics of home affairs. Our examples will be their usage at large events like the FIFA 2006, G8 2007, Euro08. We follow the thesis, that the EU militarizes social conflicts in awaiting large changes in the "global security architecture. Migration and climate change are seen as heavy "security risks" for the EU.
Resistance against the described paradigm changes must leave the national levels. Like the campaigns against data retention, their implementation is decided by EU bodies - which are directed by the national ministers of interior. We would like to invite people around CCC to participate at a campaign focussing on EU ministers of interior, that will decide their next 5 years plan on european inner security in November 2009 in Stockholm, trying to intensificate the european panopticon (see link to first call below). To know what you can expect from the lecture, see one of our earlier presentations (see below).
Collapsing the European security architecture: For greater security-critical behaviour in Europe
Each protest enables us to draw conclusions of how to do things better next time. In the same way, we can draw conclusions from the mobilisation against the G8 summit 2007 in Heiligendamm on how to achieve successful and broad resistance. Apart from three large self-organised protest camps and an international infotour in the months leading up to the summit, there were attempts to have international exchanges and establish networks beyond Germany. The decision was made not to respond to the G8 climate debate but to frame the protests in terms of other self-determined topics the movement was focussing on: migration, antimilitarism and global agriculture.
Looking ahead to the 60th NATO anniversary in Strasbourg and Kehl and the G8 2009 in Italy, but also to the swedish EU Presidency 2009, this text takes up these points to propose a campaign against the new "European Security Architecture". We outline some developments in police cooperation on a European level and call for a kind of antirepression work that goes beyond a simple critique and a scandalising police violence, and that is coordinated on a European level. Such political antirepression work would have to take new forms of social control seriously as an integral reference point for radical movements.
No future for freedom
At the latest since September 11th 2001, not only the foreign policy coordinates of the European Union (EU) have changed. Under the motto "Terror Comes Home", far-reaching changes in European Home Affairs, along with police operations towards a "preventive security state" have been implemented. Whilst control of the external EU border has been stepped up with new technologies and cross-border cooperation, surveillance and control within the EU is also steadily increasing. Additionally, there are foreign military and police operations on behalf of the EU in so-called "third countries". The EU intends to be a model for a security complex that can be exported to other countries in the EU’s capacity as a "service provider". These developments are not only directed at migrants and "security-critical" behavior. They also offer a welcome opportunity to control the re-emerging alterglobalisation movement.
Since 1999, the EU has defined Europe as a "space of freedom, security and law". In future there will be more juridical and police cooperation in criminal and civil affairs. Home Affairs ministers dream of an EU ministry for Home Affairs. On the police level, EU bodies have received more competences, and new institutions and programmes have come into existence. In 2007, the so-called "Future Group" met for the first time. This group is made up of the ministers of Home Affairs of the countries due to hold the EU presidency in the next four years. The EU commissioner for "freedom, security and law" is also part of this group, along with the director of the "Border Protection Agency" Frontex. The Future Group calls itself "informal", but it has considerable influence on Home Affairs with respect to the EU Treaty as well the 2007 Lissabon negotiations. The foundation of the Future Group coincided with the EU presidency of Germany in 2007. Under the motto "Living a secure Europe", the German Home Affairs Minister successfully pushed through a tightening of European internal policies[1].
Cross-border cooperation
Until now, cross-border police cooperation has only existed between some countries under the Pruem Treaty. This found its expression, for example, during the G8 summit 2003 when German police participated in an operation against demonstrators in Geneva with 500 police officers and five water canons. The Pruem Treaty was a test case and has subsequently been integrated in the "legal framework of the EU". Thus it now applies to all EU countries. All police departments will now have access to DNA and fingerprint databases as well as vehicle registration data. Access to information on "terrorism suspects and travelling violent criminals" will be made easier in order to prevent travel or to "quickly recognise and detain rioters". For the European Football Championship in 2008, 2 000 German police officers have been ordered from Austria and Switzerland.
As an intersection for police cooperation, the competencies of Europol in The Hague are not restricted to gathering data and advising police forces of EU member states. An EU parliamentary decision in January 2008 meant that the "European Police Office" became an EU agency for the "coordination, organisation and implementation of investigative and operational measures". The realms of responsibility have been extended to "organised crime" and "other forms of serious crime". In future, access to the "Europol Information System" will not require a "liaison officer" anymore.
These "liaison officers" are sent by the police forces of all member states to European control and decision-making bodies and are key figures in the policing of major events. Officially they have an "advisory function". In practice, they function as important nodes in informal police cooperation. They have access to all the databases of their home countries and can, for example during summit protests, provide information about different political groups. Liaison officers coordinate entry restrictions which led to 600 people being denied entry into Germany during the G8 2007, because they had been "conspicuous during previous G8 summits".
Europe – a space of surveillance and control
The cooperation between police and intelligence services is being expanded. In Germany, the Federal Criminal Investigation Office and the "Verfassungsschutz" (Office for the Protection of the Constitution) recently moved to a "Joint Terrorism Defence Centre", where they have separate offices but meet daily for joint briefings and share the canteen space. This cooperation led to the surveillance of the anti-g8-movement and the start of investigative operations under the premise of terrorism suspicions. German terrorism legislation allows for far-reaching interferences in people’s privacy and allowed a record to be taken of all mobile phone numbers present at a meeting of the radical left dissent!-network against the G8. As people affected by these operations have been able to access their files, it has come to light that these investigations were carried out by the police but initiated by the intelligence services.
Internet surveillance has increased across Europe. The German Ministry for Home Affairs has started a European-wide initiative to fight "international terrorism", entitled "check the web". On March 8th 2007, Europol’s "information portal" went live. German police and secret services intend to cooperate with a joint "internet monitoring and analysis project" in the future. Such "internet surveillance centres" are planned across Europe. The intention is to partially automatise the monitoring of websites and subsequent archiving in police databases. New software scans the databases to find "entities", which are conceptual analogies or connections between persons and objects ("semantic technologies"). The security industry is developing programmes that are able to search in different file formats. This way, text, audio, video and gps data can be analysed together. Prosecution agencies of various countries already use software that enables the "prediction of crimes" as a result of data analysis. One company describes this process as an "evolution in fighting crime".
More police repression and law enforcement can also be observed in other countries of Europe. In Italy, several trials in relation to the G8 2001, as well as demonstrations against militarism and fascism concluded with sentences between 6 and 12 years for the accused. In other countries, police laws are being changed in order to give police more powers against "security-critical behaviour".
Radical changes have been made in Europe under Sarkozy and Berlusconi. In France, passengers who are the first to stand up to protest against a deportation on their flight risk being charged with ringleadership. New legislation in Italy has allocated 2,500 military troops for assistance in police operations to "maintain public order". The police intend to fingerprint any children of Roma origin found unaccompanied in the streets.
The new Austrian legislation on security police makes the racist control of migrants easier. The German Federal Police now have more competencies both for missions abroad and for domestic affairs, for example against political protests. EU member states implement European directives and "harmonise" their national legislations, for example with respect to data retention. Telecommunication and internet providers now have to store data and hand it over to the police on request. This enables the police to reconstruct communications and create "relational diagrams". Protection from surveillance is increasingly restricted. The users of encryption software in Austria and the UK should be obliged to give the police their passwords. Home affairs ministers are currently conducting a centralisation of all European police databases.
Institutions and research programs of the European security architecture
In order to have more control over mass protest, for example during G8 summits, new institutions and research programmes have been developed. European police forces conduct joint trainings and maneuvers to control demonstrations. In European police academies operational tactics for "crowd management" are designed. The European Police Academy (CEPOL), based in Hampshire, UK plays a crucial role: "CEPOL’s mission is to bring together senior police officers from police forces across Europe – essentially to support the development of a network – and encourage cross-border cooperation in the fight against crime, public security and law and order, by organising training activities and research findings".
Following the summit protests in Genoa and Gothenburg in 2001, in 2004 the EU initiated the research programme, "Coordinating National Research Programmes on Security during Major Events in Europe" (EU-SEC). EU-SEC coordinates police departments of EU member states and Europol and publishes a handbook for summit protests. Police are advised to observe protest movements, to exchange data, to enforce travel bans, and to undertake aggressive media strategies in order to delegitimise resistance. In the form of questionnaires, information is gathered about European groups and individuals, their action forms, websites, mail addresses, international contacts, preferred travel routes, means of transport and accommodation.
EU-SEC is coordinated by the UN working group "International Permanent Observatory on Security during Major Events" (IPO), based in the Italian city Turin. IPO advises governments on the appropriate security architecture for major events. IPO services are free. At the moment, IPO is putting together a "Handbook for G8 states". Official operational areas since its foundation in 2006 have so far been the G8 summits in St Petersburg and Heiligendamm, the World Bank/IMF summit in Singapore, and the Asia-pacific Economic Cooperation (APEC) meeting in Vietnam. Also, the Olympic Games 2008 in Beijing and the G8 summit 2008 in Japan were coached by IPO.
Border control: the militarisation of migration control
With the extension of the EU member states and the abolition of border controls, the new external EU borders are being technically upgraded. They include nightview technology, automatic analysis of video surveillance and high frequency cables that can measure and communicate the water concentration of nearby bodies. New joint headquarters have come into existence. Through the extension of the Schengen Information System II (SIS II), more data is available to police forces. Fingerprints and biometrical data of migrants are to be stored in the Visa Information System (VIS). Home affairs ministers complain about the insufficient police control of migrants and have demanded the use of RFID chips (chips with radio waves) in passports. These chips could, for example, acoustically identify the bearers of an expired visa, without this person actually having to show his/her passport.
With the creation of the "Border Control Agency Frontex" in Warsaw, EU-wide "migration control" now has another pillar.The General Director, Ilkha Laitinen, a Finnish border officer, summarises the "Integrated Border Management" of Frontex in the following way, "All those who don’t deserve to be and whom one does not want to have on one’s territory, have to be stopped." In a "risk analysis center" prognoses of waves of migration are undertaken, information is passed to the relevant border police departments and concrete measures are "recommended". Frontex has a "central technical toolbox" for member states’ control and surveillance of external borders. Frontex conducts operations together with national police forces ("Frontex Joint Support Teams"). Although Frontex has no forces of its own to fight migration, there has been an extensive increase in the arsenal of border forces of member states. The Italian Carabinieri for instance have new boats, helicopters and surveillance technology. According to its own publications, 115 boats, 27 helicopters, and 21 aeroplanes are documented in the central register of Frontex. Besides trainings, Frontex also undertakes research programs. For example, they research and recommend the use of "micro-helicopters" for border observation. Director Laitinen has expressed his wish for Frontex to have more of its own resources and operative forces in the future.
Police and combatting counter-insurgency abroad
The Lissabon Treaty also addresses "reforms" in the field of military affairs. The "European Security and Defense Policy" asks for a "gradual improvement of military capacities". The Lissabon Treaty also plans "reforms" within the field of military politics. The aim os for the EU to have armed units at its disposal by 2010. In January 2007 the first EU Battlegroup was declared fully operational; in 2006 such a unit was already considerably involved in the EU military deployment in Congo. There are also means for intervention in "third states" that are much less visible: The "European Gendarmerie Forces" (EGF). The EGF is a paramilitary police unit founded and developed at the G8 summits in 2002 and 2004. It should be able to mobilise 3 000 police officers within 4 weeks. Forces are so far provided by the Netherlands, France, Spain, Italy and Portugal. The EGF is supposed to take over police control after military deployments in crisis areas, as well as ensure "public order" during the "occurrence of public unrests". The non-domestic deployment of police forces is considered a "civilian instrument". So far, maintaining "public order" in "third states" has been the task of the military, although it always has cooperated with police units. For example in Bosnia, members of the German Army were trained by Italian Carabinieri. The official tasks of the EGF include "the entire spectrum of police deployments, civilian authority and military command, control of local police authorities, criminal investigation activities, activities for the provision of secret intelligence, property protection" etc. The statute of the EGF does not exclude a deployment within the EU. The headquarters of the EGF are located in the Italian city of Vicenza at a Carabinieri base. Likewise, in Vicenza the EGF have their own academy (COESPU) where their own forces as well as units of other countries are trained. The academy is financed by the G8 states. Also, senior police officers of Pakistan and Kenya have undergone COEPSU training in "riot control".
The significance for radical movements
"The distinction between international law in times of peace and in times of war is no longer appropriate in the face of new threats", Schäuble, the German Minister of Home Affairs has stated. The German chancellor and the head of the Federal Criminal Investigation police have further conceded that, "the separation between internal and external security is obsolete". What do these developments mean for the political practice of radical movements in general and for the alterglobalisation movement specifically, except "even more repression"? A debate about repression should be an integral part of the practice of radical movements. It is clear that the margins for left interventions have not increased in light of and after 9/11. Nonetheless, we think that it is not only the speed and the degree of repressive measures that has changed. The entire social matrix within which radical left politics is situated is shifting. The quality of surveillance and social control has taken on another form. Apart from technological developments, above all this has to do with the transnational coordination of control agencies and the "interdependency of internal and external security".
But we see an opportunity in using this continued narrowing of the freedom of movement as a chance to build new alliances that will bring about broad social debates and unexpected interventions. A conjunction of classical antimilitarism, antirepression, and migration politics is a clear option. The degree to which these new measures and institutions touch upon the daily life of every European should offer sufficient starting points for a practice of proactive disobedience against this evolving European Security Architecture.
Against the European Security Architecture
The decision to mark the 60th anniversary of NATO with jointly hosted celebrations in Strasbourg (France) and Kehl (Germany) has already caused a great deal of activity amongst the antimilitarist left in a number of countries in Europe. The established peace movements in France and Germany plan to focus their protests on the Afghanistan war. However, the NATO summit would also be an excellent opportunity to draw attention to the complex structure of the "global security architecture" with its participating institutions. Military and police forces currently maintain a repertoire of repressive instruments based on new technological developments. Computer-supported commandos, investigative software, warmth and body fluid detectors at national borders, tasers etc. Military and police remits are being ever more synchronised, both on a legislative basis and through joint operations, but also with the creation of common organisations such as the "European Gendarmerie Force" based in Vicenza. "Eurocorps, the French Foreign Legion and the central Schengen Information System are all located in Strasbourg, where next year's NATO conference is to be held. These facts provide ample reasons for an anti-NATO mobilisation to focus on developing a radical critique of the militarisation of social conflict within the EU and beyond.
The G8 in Italy provides an opportunity to raise public awareness about and criticise the international police coordination against summit protests. Some of the measures and institutions have been installed under the direction of Frattini, the former EU Commissioner for Justice, Freedom and Security, now foreign minister under Berlusconi. The EU-SEC programme against mass political protests was initiated after the G8 in Genoa. The UN initiative "International Permanent Observatory on Security during Major Events" is being coordinated from Turin. We can assume that after the experiences of the G8 2001, the G8 2009 will be a matter of prestige for all of these agencies. Their preparations for the G8 2009 have probably already begun.
A decision by Italian social movements to focus on militarism as a prominent mobilisation issue against the G8 2009 could combine the critique of militarised foreign politics with resistance to the new coordinates of European domestic politics. Resistance against the "policialisation of internal and external security" could connect with the movement against the NATO basement Dal Molin in the Italian city Vicenza. A protest movement that has mobilised for several major demonstrations against the extension of the basement has been active there for several years. As the seat of the European Gendarmery Forces, Vicenza could become the symbol of resistance to the paramilitary organisation of European police forces. Moreover, after the Kosovan declaration of independence, "Eulex", the biggest EU police mission with 2 000 officers, mainly from Germany and Italy, was established. 700 of them are designated for deployment during demonstrations. On the Italian side, this task will probably be taken over by the Carabinieri units of the EGF. "Eulex" supports the NATO KFOPR troops in Kosovo in maintaining "public order", which thus combines a military with a "civil" intervention.
In 2009, the EU Commission's "Tampere Programme for Freedom, Security and Justice" will draw to a close. Changes and targets for a "European Security Architecture" will be codified in a new 5 year programme under the Swedish EU presidency. European police cooperation, Europol, Eurojust and Frontex will be optimised and made more efficient. "COSI", a "Standing Committee on Internal Security" within the European Council will pave the way for interior ministers to create an overarching EU Interior Ministry.
We propose to use the European Social Forums (ESF) and other summit mobilizations as one of the moments for the European coordination between groups working on police issues, antirepression initiatives, and supportive lawyers/legal activists. Internal policy developments concerning surveillance and control in Europe could be brought together there. We would be interested in finding out where resistance to the "European Security Architecture" already exists. How are demands formulated and publicly articulated in other countries? How do activists relate to discourses on fundamental rights and civil liberties? Connecting to these practices we could start looking for common perspectives and, sooner or later, collapse the "European security architecture".
This text should be understood as a first outline of a contribution to the international "Summer of Resistance" 2009. We look forward to more English reports, position papers and discussions. We can be reached under euro-police [at] so36.net.
Activists from Gipfelsoli | Prozessbeobachtungsgruppe Rostock | MediaG8way
1 "Europa sicher leben | Living Europe Safely | L’Europe, bien sûr(e)": http://euro-police.noblogs.org/gallery/3874/Europa_sicher_leben.pdfGipfelsoli
german
italian
english
23:0001:00Saal 3remote_keyless_entry_systemMessing Around with Garage DoorsBreaking Remote Keyless Entry Systems with Power AnalysislectureenWe demonstrate a complete break of the KeeLoq crypto-system. Thanks to Power Analysis, even non-specialists can gain access to objects secured by a KeeLoq access control system.KeeLoq remote keyless entry (RKE) systems are widely used for access control purposes such as garage openers or car door systems. The talk will present the first successful differential power analysis (DPA) attacks on numerous commercially available products employing KeeLoq code hopping. They allow for efficiently revealing both the secret key of a remote transmitter and the manufacturer key stored in a receiver. As a result, a remote control can be cloned from only ten power traces, allowing for a practical key recovery in few minutes.
After extracting the manufacturer key once, with similar techniques, it is possible to recover the secret key of a remote control and replicate it from a distance, just by eavesdropping on at most two messages. This key-cloning without physical access to the device has serious real-world security implications, as the technically challenging part can be outsourced to specialists. During the talk, the attack will be practically performed. Finally, it will be shown how to take over control of a KeeLoq access control system, i. e., lock out a legitimate user while the attacker may still open the door.Timo KasperThomas Eisenbarth11:3002:15Saal 1jahresrueckblick_2008JahresrückblickDie Themen des CCC im Jahr 2008lecturedeEs war mal wieder ein bewegtes Jahr für den CCC. Was alles passiert ist, werden wir in der gebotenen Kürze berichten.Der CCC konnte im Geschäftsjahr 2008 in allen Sparten positive Ergebnisse ausweisen. Neben den gesetzlichen Zumutungen konnten die Entwicklungen moderner Technik weiter verstärkt durchdrungen und kommentiert werden. Damit ist sichergestellt, dass der CCC für seine Mitglieder und die interessierte Öffentlichkeit auch in Zukunft ein solider und verläßlicher Partner bleibt.
Der Bekanntheitsgrad stieg um 21% auf nunmehr 81%, während der Beliebtheitsgrad des CCC bei den politischen Entscheidungsträgern um 18% auf nun 29% sank. Dies entspricht in etwa den prozentualen Ergebnissen der Oppositionsparteien bei Wahlen. Die Rückstellungen noch nicht veröffentlichter Hacks wurden dabei weiter erhöht.
Durch unsere seit Jahren auf Stabilität und Unabhängigkeit ausgelegte Außenkommunikation war es dem CCC möglich, die durchschnittliche Schlagkraft betriebener Kampagnen von 6% über den Branchenschnitt von ca. 5% zu steigern. Der Verpeilfaktor konnte von 79,8% auf 79,7% gesenkt werden – ein weiterer Zehntelprozent-Schritt in Richtung einer strahlenden Zukunft!
Hervorragender Service – zufriedene Mitglieder
In von unabhängigen Instituten durchgeführten Umfragen hat der CCC auch 2008 vor allem in den Bereichen Beratung und Service für Politiker wieder Bestnoten erhalten. Diese Fachberatung sowie die Kundennähe der Außenstellen des CCC haben ihre Wirkung gezeigt: Gegenüber dem Vorjahr konnten rund 22% mehr Politiker bespaßt und informiert werden. Da gemessen am Vorjahr ebenfalls wieder mehr Veranstaltungen für die Mitglieder angeboten werden konnten, betrug der Unzufriedenheitsgrad der Mitglieder lediglich 0,9%. Über alle Sparten hinweg konnte der Mitgliederbestand weiter erhöht werden.
Der CCC konzentrierte sich weiterhin darauf, tatsächliche Informationen an die interessierte Öffentlichkeit weiterzugeben, anstatt die Entsolidarisierung und weitere Überwachung zu fördern, wie das bei der Lancierung vieler neuer Gesetze ursprünglich der Fall gewesen wäre.
Laut einer Umfrage vom Sommer 2008 schätzten die Befragten die Durchschlagskraft von Argumenten auf horrende 22%, eine Zahl, die weitaus höher als der Schnitt bei Politikerreden von 5,4% liegt. In dieser Hinsicht ist dennoch noch viel Aufklärungsarbeit nötig.Frank RosengartFrank RiegerConstanze KurzAndy Müller-MaguhnErdgeist14:0001:00Saal 1attacking_rich_internet_applicationsAttacking Rich Internet ApplicationsNot your mother's XSS bugslectureenThis presentation will examine the largely underresearched topic of rich internet applications (RIAs) security in the hopes of illustrating how the complex interactions with their executing environment, and general bad security practices, can lead to exploitable applications.In recent years rich internet applications (RIAs) have become the mainstay of large internet applications and are becoming increasingly attractive to the industry due to their similarity to desktop applications. Furthermore their user of exsting web technologies such as HTTP, HTML/XML and Javascript/Actionscript make them attractive options to companies with existing web developers.
Unfortunately the use of existing technologies brings with it the burden of existing ways to write vulnerable code, but adds yet more ways. This presentation will examine the largely underresearched topic of RIA security in the hopes of illustrating how the complex interactions with their executing environment, and general bad security practices, can lead to exploitable applications.Stefano Di Paolakuza5516:0001:00Saal 1vulnerability_discovery_in_encrypted_closed_source_php_applicationsVulnerability discovery in encrypted closed source PHP applicationslectureenSecurity audits of PHP applications are usually performed on a source code basis. However sometimes vendors protect their source code by encrypting their applications with runtime (bytecode-)encryptors. When these tools are used source code analysis is no longer possible and because these tools change how PHP works internally, several greybox security scanning/fuzzing techniques relying on hooks fail, too.This talk will show how different PHP (bytecode-)encryptions work, how the original bytecode can be recovered, how vulnerability discovery can still be performed with only the bytecode available and how feasible PHP bytecode decompilation is.Stefan Esser17:1501:00Saal 1anatomy_of_smartphone_hardwareAnatomy of smartphone hardwareDissecting contemporary cellphone hardwarelectureenDo you know the architecture of contemporary mobile phone hardware? This presentation will explain about the individual major building blocks and overall architecture of contemporary GSM and UMTS smartphones.We will start from a general block diagram level and then look at actual chipsets used in mobile devices, ranging from SoC to RAM and flash memory technologies, Bluetooth, Mobile WiFi chipsets, busses/protocols as well as the GSM baseband side.
The main focus will be about the OpenMoko Freerunner (GTA02) hardware, since the schematics are open and can be used for reference during the lecture. However, we will also look into tighter integrated components of various vendors like Qualcomms MSM7xxx, Samsung S3C64xx, TI OMAP35xx and others.Harald Welte18:3001:00Saal 1short_attention_span_securityShort Attention Span SecurityA little of everythinglectureenWorking as a security consultant means that you get to see everyone's dirty laundry. However, it also means a hectic schedule and restrictive confidentiality agreements. Without violating my NDA, here's a set of turbo-talks looking at some new tricks for some new technologies and a look at some lucrative new attack surfaces that will become much more prevalent in the coming year. Topics will include: Script Injection in Flex, EFI Rootkits, static analysis with Dehydra, and pattern-matching hex editors.Things I want to talk about (details below):
* EFI Rootkits
* Bypassing MS anti-XSS libraries
* Script injection in Flex
* Pattern-matching hex editors
* Static analysis with Dehydra
* Auto-WEP key cracking with ITX
* Porting Network Security Tools to the iPhone
Along with this, I can make some code available for the hex editor, a bunch of iPhone security apps as an Installer repository, some Dehydra stuff and the source for my little WEP-cracking ITX box.
I want to strip out all the usual introduction and fluff and do 5-7 turbo talks (with two of them being extremely short). Or one of these could be done as a separate turbo talk.
EFI Rootkits
In the next year, every major chip manufacturer will ship boards that use EFI. This brings new life to the old idea of PCI Option ROM rootkits, which can now easily access libraries that provide filesystem access as well as a full network stack. What features of EFI make this easy? What are the constraints on an EFI rootkit? How could this be mitigated as an attack vector?
Bypassing MS anti-XSS libraries
This is a quick one. There is a bug in the Microsoft implementation of libxml, such that the attributes of start and end tags are merged. This means that Internet Explorer respects XML attributes on end tags. There is a particular Microsoft anti-XSS library which looks for an "<" followed by any letter. It allows a "<" followed by a "/" however. To bypass this library, simply put your script in an end tag attribute, like so:
</a style="background:expression(alert(document.cookie))">
Script injection in Flex
Since the provided user controls handle input encoding, injections are scarcer, but still available. One less conventional method I found relies on a bug in Internet Explorer. On a web application that allows file uploads, perhaps attachments, you can upload an HTML file containing the injection script.
When this attachment is viewed in Firefox, it will behave correctly and download the file first and then view it in a local file script context. In IE however, the downloaded HTML file is viewed with the script context of the site from which it was downloaded!
So once you have a script injection, Flex can make life difficult with URL scrambling - kind of like ASLR for web apps. Your injected script has to make several requests via AJAX to retrieve and parse the URL mapping for the current session. I have an example script.
Static analysis with Dehydra
A new patch for GCC from Mozilla, Dehydra, allows the scripting of custom static analysis rules using Javascript via the SpiderMonkey engine. How does this make your life easier on the first two days of a code audit? Interesting semantic searches to perform on C++ code bases, advantages and limitations of this approach.
Pattern-matching hex editors
Introducing my toy pattern-matching hex editor, haxedit, which can visually demonstrate the effectiveness of various pattern-matching algorithms on arbitrary binaries.
Auto-WEP key cracking with ITX
This has become so trivial, people are playing for time with average scores under 3 minutes. Tips and tricks for working around the idiosyncrasies of airtools in an embedded environment.
Porting Network Security Tools to the iPhone
Probably drop this, since it's all on the App Store now ...Ben Kurtz
All content and code from this talk
http://
20:3001:00Saal 1rapid_prototype_your_lifeRapid Prototype Your LifeThe time is now to make anything you can imaginelectureenThe tools are at hand to free you from the bonds of consumer slavery. No longer must you rely on distant and faceless factories or bow down before the false idols of mass produced consumer manufactured items. Never again look into the aisles of oblivion filled with mass produced products. Take rapid prototype manufacturing into your life and return to a time before corporations robbed you of our individualism. A cottage industry paradise awaits those with the digital skills and the means to acquire or build the machines that can actualize the items that exist now only in your imagination.Presenting research into the potential to replace all consumer products with personally designed and built items utilizing rapid prototyping manufacturing.
This talk will present an overview of the rapid prototype machines available and take the audience on a visual adventure into the beautiful world of rapid prototyping machinery with enough luscious graphic detail to make even the most die-hard luddite salivate with lust for the dream fulfilling technology.
Projects to get beginners started and initiated into the rapid prototype lifestyle and familiar with the principals and techniques of rapid prototyping will be shared and source code provided online. These projects will be shared to get you started with rapid prototype machinery and break the cycle of consumer desperation. Many pathways will be presented leading to a future of wonderful digitally sharable objects. Bre21:4501:00Saal 1the_infinite_libraryThe Infinite LibraryStorage and Access of Pornographic InformationlectureenDecades ago, Jorge Luis Borges wrote about infinite libraries and perfect memory with the slightly sad air of someone who'd seen those things and knew their faults. Today we work toward infinite libraries and perfect memory with little heed for the possible consequences. How could it be bad to have everything possible stored? To remember everything? I don't know that it will be bad, but I do know that it will be different from our current lives of loss and forgetting. Right now, storing pornography causes problems even for people who have nothing especially perverted to hide: A collection of pornography gets to the heart of what it means to be a private individual. As we move from mass media to individually produced media, from edited collections of porn (magazines, commercially produced films) to individual snapshots and youtube clips and stored bittorrents, the particularity of a collection of porn will be testimony to its owner's private set of tastes.Of course, it has always been a pain to store pornography -- and so we have the cultural trope of a stash of magazines "under the mattress" or in a box hidden in the closet. But as the sex industry shifts toward digital publication at every level, we might imagine that mere storage will become a problem of the past, or, at least, a problem related to legacy materials (books, magazines, videos, comic books, photographs, etc.). Cheap, massive storage media means no more problem, right?
Well, reviewers of porn find that they quickly amass more material than they will ever have time to peruse; librarians who need to provide access to controversial and poorly cataloged material end up overwhelmed; even casual collectors of pornography still need some way to keep track of what they have.
Toward that end, I am doing preliminary research on how people store and access their digital pornography collections. In my early interviews, I have already encountered a fascinating mix of responses; one person has said they store their porn "in the cloud," while another explained his detailed system for hiding digital porn files from his partner.
As I close, I will spend some time considering how we will store the pornography that isn't even being created yet. If science fiction author Charlie Stross is right, before long we will all be"life-logging" -- recording everything that happens to us, which of course would include all our sexual experiences. I think we might also one day be able to indulge in fully immersive AI-driven pornographic experiences (such as texting back-and-forth with artificially intelligent SMS-bots, sending texts and photos and audio to a perfectly responding far-away "partner"), and we'll also want some way to keep those experiences.
We'll have everything stored -- but what will the social consequences be? If it is trivially easy to amass a porn stash so large that it cannot be "consumed" in one person's lifetime, should a person with a large collection of pornography be considered a pervert? (Hint: I don't think so.) If everyone has so much porn, perhaps we have nothing to hide!Rose White
event image attribution
23:0001:00Saal 1fnord_news_showFnord News ShowWir helfen Euch, die Fnords zu sehenlecturedeDas wird dieses Jahr ein apokalyptischer Fnord-Rückblick inklusive Georgien-Krieg und Finanzkrise. Wir versuchen, die Geschehnisse in eine Art Mega-Verschwörungstheorie zu weben, sodass eine Gruppe (oder vielleicht zwei oder drei) an allem schuld sind.Wir sind uns sicher: Es wird sehr unterhaltsam.
Die Themen werden sein:
* Bankendomino
* Propaganda zum Georgienkrieg
* Terrorismus, Abhören und Schäuble
NICHT der US-Wahlkampf, da hat keiner mehr Bock drauf.Frank RiegerFelix von Leitner00:0001:00Saal 1soviet_untergersdorfSoviet UnterzoegersdorfA Nation In TransitlectureenJoin a glorious gala presentation with his Excellency and a battalion of members of the Soviet Unterzoegersdorf Military Enforcement Community. We will present the envious "First World" with the fruits of our techno-labor. Among other triumphs on display will be the second part of an ongoing series of so-called "Computer Games" or "Virtual Hyper-Rooms" glorifying the struggles of the Motherland, Soviet Unterzoegersdorf: Sector II. We promise not to mention the SALT II agreement."Be as radical as reality." - Comrade Lenin (1870 - 1924)
People of the world, you, who sit in your superficially secure third countries!
Soviet Unterzoegersdorf is the last existing republic of the USSR. The enclave maintains no diplomatic relationship with the surrounding so-called "Republic of Austria" or with the Fortress "European Union". We persist, undaunted by the downfall of the motherland -- the Soviet Union -- in the early 1990s and its negative effect on our economic situation.
It is a great challenge to secure survival for the small but proud confederation. External reactionary forces put the country in danger. It's a lack of respect due to a morally corrupted and perhaps even non-existing unity of the peoples. The goal of a glorious future is almost unreachable. But his Excellency Ambassador of Soviet Unterzoegersdorf understands the immense transformative power of technology and innovation and how they can improve the lives of all citizens. He realizes that technology offers the tools to prevent and create real change.
So, please join a glorious gala presentation with his Excellency and a battalion of members of the Soviet Unterzoegersdorf Military Enforcement Community. We will present the envious "First World" with the fruits of our techno-labor. Among other triumphs on display will be the second part of an ongoing series of so-called "Computer Games" or "Virtual Hyper-Rooms" glorifying the struggles of the Motherland, Soviet Unterzoegersdorf: Sector II. We promise not to mention the SALT II agreement.monochrom
SUZ: The Adventure Game
Wikipedia entry
Soviet Unterzoegersdorf Metroblogging
Soviet Unterzoegersdorf / unterzoegersdorf.su
11:3001:00Saal 2lightning_talks_1Lightning Talks Day24 minutes of famelightningen4 minutes for every speaker. Learn about the good, the bad, and the ugly - in software, hardware, projects, and more.Give a lightning fast talk about your favourite project, program, system - and thereby find people with the same interest to proceed and promote it. Alternatively - give us a good rant about something and give us some good reasons why it should die. ;)
Get right at it, don't waste time by explaining too much, get the main points across, and then let us know how to contact you on the congress for a talk!
Whatever you do - please practise it, and don't be boring. Or else. You have been warned! :-PSven GuckesOliver Pritzkow
Feedback per E-Mail
25C3-Wiki: Lightning Talks on Day 2
25C3-Wiki about the Lightning Talks
Lightning Talks
12:4501:00Saal 2climate_changeClimate Change - State of the SciencelectureenWe are in the midst of a major global warming, as witnessed not just by temperature measurements, but also for example by the record loss of Arctic sea ice in 2007 and 2008. This year, both the Northwest Passage and the Northeast Passage in the Arctic were open for ships to pass through for the first time in living memory.What are the causes of this warming? And how will it affect sea level, tropical storms and other aspects of the climate system? And can we stop this warming, and how? These topics will be discussed based on the most recent scientific results, by one of the leading climate scientists in the world.Rahmstorf
home page of speaker
RealClimate Weblog
KlimaLounge Weblog (in German)
14:0001:00Saal 2flying_for_freeFlying for freeExploiting the weather with unpowered aircraftlectureenBirds, glider pilots, and recently UAVs can exploit a variety of weather effects in order to gain altitude, remain airborne and travel long distances all with no power input – effectively, hacking the atmosphere to fly for free. This talk will explain the aircraft, techniques, meteorology, hardware and software that we use to achieve this. In the process I will show why the sport of gliding may be of interest to hackers, and explain how you too can get involved in this highly rewarding and low-cost form of flying.Introduction – a brief history and philosophical motivation.
Vulnerabilities – an introduction to the different mechanisms by which we can extract energy from the atmosphere including ridge, thermal and wave lift and dynamic soaring.
Hardware – comparison of the various types of soaring aircraft including sailplanes, hang gliders and paragliders, R/C gliders and recent autonomous soaring UAV projects, along with instruments and other equipment.
Software – a look at the increasing array of both ground-based and in-flight software used to aid soaring, much of it now in the form of open source projects developed by and for pilots.
Results – an overview of modern gliding and its accomplishments, and some tales from my own experience as a pilot and instructor.Martin Ling16:0001:00Saal 2blinkenlights_stereoscopeBlinkenlights StereoscopeBehind the scenes of the new light installationlectureenBlinkenlights Stereoscope is the new light installation of Project Blinkenlights, a group that originated form the Chaos Computer Club in 2001. Stereoscope targeted the City Hall in Toronto, Canada and was the biggest and most interactive installation of the group so far. The talk provides insight into how it worked and what technology had been developed to make it all happen.The Stereoscope project marked a new order of magnitude for the project as the 960 windows and two individual towers of the City Hall in Toronto mean a significant increase in size and complexity compared to the last installation at Bibliothèque nationale de France in Paris. Also the logistics involved in producing the necessary material, shipping it to Canada and have it set up in around two weeks asked for new solutions.
One of the biggest obstacles in quick delivery has been the extensive cabling that is required to control each lamp individually. Although professional light equipment is in widespread use solving a few of these problems, that equipment is very expensive to rent or buy and still does not solve all problems including tons of wires. So the project decided that it's now time for a wireless solution.
Based on the OpenBeacon electronics design, the group developed a new wireless dimmer that can be communicated with over the 2.4 GHz frequency range. Each dimmer controls a single lamp, automatically adjusting to 120V or 240V power source and allowing for displaying up to 16 different shades of light. The whole system was hooked up to a wired backbone with wireless distribution units called Wireless Matrix Control Units (WMCU) that talk to the lamps on one side and listen to a central server on the other.
Tim Pritlove
Blinkenlights Stereoscope
Project Blinkenlights Blog
Wikipedia: Toronto City Hall
17:1501:00Saal 2security_of_mica_based_wireless_sensor_networksSecurity of MICA*-based wireless sensor networkslectureenFirstly, we mention an initial qualitative risk assessment, carried out by interviewing the operating manager of a large suspension bridge and a contractor responsible for part of a large subway tunnel network who want to use wireless sensor networks. The core of the talk deals with assessing the practical security of the particular COTS system adopted by our team, the Crossbow MICAz motes running TinyOS or XMesh, together with the Stargate gateway: we designed and implemented a variety of attacks on this system and we discuss the security problems we found, together with appropriate fixes where possible. While some of our attacks exploit generally known vulnerabilities, others like selective jamming and power exhaustion through routing table manipulation are original and interesting in their own right. In section we also demonstrate how an attacker can undetectably alter messages in an IEEE 802.15.4 radio environment. It is available in our paper "Steel, Cast Iron and Concrete: Security Engineering for Real World Wireless Sensor Networks" published in ACNS 2008 (Applied Cryptography and Network Security) conference.Dan Cvrcek18:3001:00Saal 2algorithmic_music_in_a_boxAlgorithmic Music in a BoxDoing music with microcontrollerslectureenSmall devices like microcontrollers, coupled to a few buttons, knobs, encoders and LEDs, allow for a host of interesting and creative musical applications. Solder a few bits together, program a few lines, and you can build a deep device to support your musical exploration. This lecture will show you quickly how the hardware and code works, and then focus on a few interesting applications: controllers, sequencers, sound generators. The workshop will allow you to build your own crazy ideas.If you look at "real" instruments, their principle is very simple most of the time: press a key, get a sound. Pluck a string, get a sound. This simple principle is also what makes their complexity. Every aspect of the interaction with these instruments has been explored. Modern music making software on the other hand often displays thousands of different features, which in the end often works against the musician by blurring his focus.
Some of the most sought after electronic devices are from the 80ies, and feature pretty simple (by today's standards) controlling units and interfaces. Instead of focusing on the "next big thing", like touchscreens, new sensors and technologies, building musical instruments with limited resources allows the musician to go "deep", to think about interaction in a very conscious way. Devices like the monome or the tenori on, featuring just buttons and leds, are following this direction.
Devices like these are pretty easy to build at home, and then can be built robustly enough to find their way into live performances and daily studio use. This event's lecture is about the overall design of devices I built, and shows how the different hardware elements work (microcontroller, buttons, knobs, displays), and then focuses on the flexible ways you can use these simple elements to build interesting instruments. The workshop will then allow participants to create their own instrument based on a simple hardware platform and to take it home with them.wesen
wesen blog
wesens hardware
20:3001:00Saal 2all_your_base_are_belong_to_usAll your base(s) are belong to usDawn of the high-throughput DNA sequencing eralectureenNew DNA genotyping and sequencing technologies have recently advanced the possibilities for both mass and individual genomics by several orders of magnitude. The personal genome on DVD, genetic analysis of entire populations, and government DNA databases are but a few of the results of this process. The field is still accelerating, and the related computational challenges are enormous.In the year 2000, completion of sequencing of the human genome was announced, a work taking decades, costing millions and involving hundreds of scientists around the world. Subsequent advances in DNA sequencing technologies have propelled the possibilities in the field to scales unthinkable a mere decade ago. The price of sequencing an entire human genome quickly approaches $1.000, and can be done by a few individuals and a single machine in a few days. Despite this, more powerful sequencing technologies are under development, and could simplify the process even further within the coming years.
Genotyping is a technology to quickly and cheaply analyze a DNA sample for potential SNPs (single nucleotide polymorphisms, aka point mutations) on a single plate (chip). Today's DNA chips can check for one million SNPs in a cheap and automated fashion. This allows to compare groups of thousands of people for specific markers. Applications for this technology range from finding resistance genes over evolutionary relations to the separation of an individual's DNA from a mixture of thousands of people.
Both technologies require new approaches in computational approaches and storage technology. Analysis is performed on massive computer clusters with thousands of CPUs. Data storage requirements are measured in petabytes, pushing hard disk storage to the limit.
In my talk, I will describe how we got here, how we handle the technological challenges involved, and what the future might hold.Magnus Manske
Where I work
21:4501:00Saal 2console_hacking_2008Console Hacking 2008: Wii FailIs implementation the enemy of design?lectureenThe Nintendo Wii game console has been one of the most popular of all time, selling almost as many units as all of its competitors combined. Despite being cheaper than the PS3 and Xbox360, it contains a sophisticated security architecture that withstood over a year of concerted effort to hack the device. The design itself is impressive; unfortunately, flaws in the implementation (both subtle and severe) render the device easily hacked, with little chance of recovery.24C3 saw the first public demonstration of unsigned code running on the Wii. A year later, we will present full details of that attack and share the results of another full year of research. We will show the bugs that have been found, the reasons they may have existed, and what attempts the vendor has made to fix them.
Gamers will probably find this talk interesting, but it will be most valuable for anyone who hacks on (or designs) embedded systems. Basic knowledge of crypto is assumed. We will have an area set up in the Hackcenter for those who want to learn more about this subject, before or after the presentation.bushingmarcan
Presenters' blog
Technical info about the Wii
23:0001:00Saal 2life_is_a_holodeckLife is a Holodeck!An overview of holographic techniqueslectureenThis talk will give you an overview of the different techniques for spacial representation and show you how they work. Starting with a brief history on the invention of stereoscopy and lenticular representation we will quickly get into history and invention of holography, the basic principles and milestones during development through to the latest available applications and technologies. Different types of Holograms will be shown and explained.
Topics:
* Dennis Gabor - Leith/Upatnieks Invention and the first Hologram "Train and Bird"
* Holographic Mastering Techniques:
* H1 (classical 2 beam transmission Hologram on a mastering-table)
* Whitelight copies of such H1´s - Lippmann / Denisyuk / Reflection Holograms
* Rainbow/Benton Hologram:
- Photoresist mastering and electroforming to produce printing plates (shims) for embossed Holograms
- Dot-Matrix Origination - Computer generated Pixel Holograms usually on foil
- True-Color Reflection / Transmission Hologram Mastering
* Video-, Animation and fully computer generated 3D Holograms
Holographic Techniques, Processing, Converting and Special Machinery:
* Microtext + Nanopoints
* "Hidden" information and "hidden" Holograms
* Recombining Systems
* Electron Beam Mastering
* Electroforming Tanks
* Soft- and Hard Embossing Machines: Principle and different types and sizes of conventional holographic embossing machines
* New and future generation manufacturing technology and equipment - Principles of UV/Electron Beam Casting
* Converting Equipment
An overview on market segments as well as current science applications such as HOE´s, (Holographic Optical Elements), holographic interferometry, 3D-projection systems, fully computer generated holograms, optical computing using holographic techniques and other aspects will be given, while at the end we´ll hopefully see what can be done to build your own Holodeck :-)Claus "HoloClaus" Cohnen
Russian Holographer´s lesson on holographic techniques
Dennis Gabor´s Lecture @ Nobel Physics Price 1971
Is the universe and/or our brain a hologram ?
My lecture with additional links and photos
http://
11:3001:00Saal 3embracing_post_privacyEmbracing Post-PrivacyOptimism towards a future where there is "Nothing to hide"lectureenThe breaking away of privacy in the digital world is often understood as something dangerous, and for good reasons. But could there be opportunities in it, too? Do the current cultural and technological trends only dissolve the protected area of privacy, or could they dissolve as well the pressures that privacy is supposed to liberate us from? What if we witness a transformation of civilization so profound that terms like "private" and "public" lose their meaning altogether? Maybe we won't need "privacy" at all in the future because we will value other, new liberties more strongly?In the digital world, more and more data is accumulated about us. More and more methods of datamining are invented to extract information from these data. The youth grows up enjoying informational exhibitionism to a degree many find irresponsible. Ever greater parts of life are integrated into the global public information stream. Will privacy end? If so, what about liberty? We have to look closely at the value of privacy. What does it do for values like freedom, individualism or intimacy? Why is this protected area of privacy necessary?
The conditions of privacy are rapidly changing. We have to evaluate these changes with a perspective that does justice to new modes of identity, sociality and culture: Why hide your personal weirdnesses if 21st century society thrives on difference and originality instead of conformism and predictability? What identity is there to keep private if "identity" is more and more what you externalize from yourself into the internet? Is privacy worth missing out on participation in the global "hive mind" and the "ambient intimacy" of every mind connected with every other mind?
Such questions may sound utopian and/or crazy. They may sound irresponsible, considering anti-privacy trends that may seem much more real and dangerous -- like the surveillance state. But even if you disagree with their validity, they may provoke deeper thinking about the state and value of privacy in a world that is changing more and more rapidly -- and that could hardly be a bad thing.Christian Heller / plomlompom12:4501:00Saal 3full_disk_encryption_internalsFull-Disk-Encryption Crash-CourseEverything to hidelectureenThis is not a hacking presentation, no vulnerabilities are presented. It's a crash-course in full-disk-encryption ("FDE") concepts, products and implementation aspects. An overview of both commercial and open-source offerings for Windows, Linux, and MacOSX is given. A (programmer's) look at the open-source solutions concludes the presentation.Full-Disk-Encryption is an important aspect of data security and everyone should use an appropriate solution to protect their (especially mobile) systems and data. This lecture covers the technology behind Full-Disk-Encryption software products.
The established technical architectures of software solutions for Microsoft Windows and Linux are presented in this lecture: Pre-Boot-Authentication, encryption driver and in-place filesystem encryption.
An overview of commercial products and open-source offerings for Windows, Linux and OSX is given. Distinguishing features of specific products and additional topics are covered, including: TPM support (OS binding and key storage), multi-disk support and threats.
The last segment of the lecture focuses on open-source solutions: TrueCrypt's volume specifications, TrueCrypt's hidden volume capabilities and a comparison of in-place filesystem encryption implementations of TrueCrypt and DiskCryptor. A feature wish-list for open-source Full-Disk-Encryption solutions completes the lecture.Juergen Pabel
Juergen Pabel's Blog
14:0001:00Saal 3exploiting_symbianExploiting SymbianSymbian Exploit and Shellcode DevelopmentlectureenSymbianOS is one of the major smart phone operating system and has been around for many years still exploitation has not been researched yet. The lack of proper exploitation techniques is mostly due to the fact that until the recent introduction of PIPS/OpenC (a POSIX API port) SymbianOS did not have the means for programmers to EASILY write insecure code.The presented work will show that now it is possible to exploit buffer overflows on Symbian like on any other (mobile) platform. To do this we will show some proof-of-concept exploits and provide an overview on writing shellcode for SymbianOS.
Further we will show some short comings of the Symbian security model and discuss the possible impact. To do this we will show that it is possible to create a piece of (mobile) malware that is capable to sign itself.
We believe vulnerability exploitation will become the next big issue on SymbianOS because the current version of Symbian only permits installation of signed applications thereby shutting out currently existing Symbian worms. We believe worm authors will adapt soon.Collin Mulliner
http://www.mulliner.org/symbian/
16:0001:00Saal 3hacking_handcuffsHandschellen hackenEssentielles Grundwissen für alle, die nichts zu verbergen hattenlecturedeJeder kann auf Youtube ansehen, wie man normale Handschellen mit einer Büroklammer öffnet. Aber es gibt verschiedenste Hochsicherheitsmodelle mit deutlich komplizierteren Schlössern, die nur darauf warten, vom Sperrsport entdeckt zu werden...Den meisten ist bekannt, dass normale Polizeihandschellen keine echte Herausforderung für den ambitionierten Lockpicker sind, obwohl es natürlich hilft, die kleinen Unterschiede der verschiedenen Modelle zu kennen. Wesentlich interessanter wird es jedoch, wenn man sich mit den verschiedenen Hochsicherheitsmodellen beschäftigt, die vor allem für Risikotransporte eingesetzt werden, aber in manchen Gegenden auch bei normalen Streifenpolizisten anzutreffen sind.
Dieser Vortrag verschafft einen umfassenden Überblick über die Vielzahl verschiedener in Handschellen eingesetzten Schließmechanismen – und ihre Schwächen. Dabei geht es nicht nur um das Picken diverser Chubbschlösser und Stiftzylinder, die in dem Umfeld durchaus zum Einsatz kommen, sondern auch um überraschende Umgehungstechniken, die das mehr oder weniger raffinierte Schließsystem links liegen lassen. Neben dem inzwischen "klassischen" Angriff auf die amerikanischen Handschellen mit Medeco-Zylinder, der bereits auf der HOPE in New York viele Freunde fand, werden auch einige neue oder wenig bekannte Angriffe auf in Europa verbreitete Modelle vorgeführt und erklärt.
Nach dem Vortrag bietet sich ab 17:00 im Workshopraum A03 die Gelegenheit, das theoretisch erlernte an einer grossen Auswahl mitgebrachter Sportgeräte "Hands on" auszuprobieren.Ray17:1501:00Saal 3tcp_denial_of_service_vulnerabilitiesTCP Denial of Service VulnerabilitiesAccepting the Partial Disclosure ChallengelectureenThe Transmission Control Protocol (TCP) is one of the fundamental protocols used in today's communication networks. Recently, there has been an increased discussion on possible Denial of Service attacks against TCP-based services, which has largely been triggered by the partial disclosure of several vulnerabilities by the security company Outpost24. This talk will present several TCP vulnerabilities in an attempt to find out just what they found.This year, vulnerabilities have been identified in the specifications of various core network protocols. This included BGP, DNS and TCP. Accompanying these wide-ranging discoveries, a new form of vulnerability disclosure named "partial disclosure" has been introduced. In practice, this means that the public knows that there is something wrong, yet, it is uninformed about the details. This, of course, can be understood as a challenge to find out just what could be wrong, which is what we at Recurity Labs did after the Denial of Service vulnerabilities in TCP had been announced.
This talk will present known vulnerabilities in the protocol, which have been receiving rather sparse media-attention, as well as some attacks we have been working on during our research. Additionally, we hope to provide sufficient background information on the protocol's fundamental weaknesses to motivate further research on the subject. We argue that certain assumptions made by the protocol engineers almost 30 years ago do not hold in today's networks and that most possible Denial of Service attacks against TCP can be derived from these assumptions.Fabian Yamaguchi18:3001:00Saal 3scalable_swarm_roboticsScalable Swarm RoboticsFormica: a cheap, open research platformlectureenThe topic of swarm robotics will be introduced, including the current state of the art and some current research platforms. The problems of scalability in robot swarms will be discussed, particularly of programming and maintaining a large group of robots. The Formica platform represents a novel, very low cost approach to swarm robotics. Its design and implementation will be described, and the lecture will culminate in a live demonstration of a swarm of 25 robots cooperating on a task.Swarm robotics is a hot research area. In cases such as earthquake rescue or planetary exploration, a swarm of cheap, simple robots may benefit from redundancy and distributed problem-solving. However, the cost of current robotics platforms prohibits experimentation with swarms numbering more than a few tens of units. As a result, the practicalities of software and hardware maintenance in large swarms are yet to be addressed.
At the University of Southampton, four colleagues and I developed a small, low-cost platform for swarm robotics research. We named it Formica. 25 robots 25x25x15mm in size were designed and built, costing only £25 each. They are capable of infrared communication, sensing and reprogramming, autonomous charging, and can drive for around 2 hours before a recharge. Low power MSP430 microcontrollers are used, with 16kB of program memory and 512 bytes of RAM. We presented the robots at ALIFE XI, the 11th international conference on artificial life, where they attracted a lot of attention from other researchers and the press. As a result, we have released the hardware and software under open source licenses to encourage further development in the community.
I would like to describe the design of the Formica platform and introduce some of the research it is used for. The swarm of 25 robots was assembled and tested by a small team of students in a single day. I will briefly describe how we overcame the problems of mass production on a very low budget. I will take questions from the audience, and encourage 25C3 attendees to hack on the platform. Finally, I will give a live demonstration of the swarm in action.Jeff Gough
A rough, early video of the swarm
BBC coverage of Formica at the ALIFE conference
Some more detailed press coverage
A detailed overview of the project
20:3001:00Saal 3banking_malware_101Banking Malware 101Overview of Current Keylogger ThreatslectureenIn the recent years, we observed a growing sophistication how credentials are stolen from compromised machines: the attackers use sophisticated keyloggers to control the victim's machine and use different techniques to steal the actual credentials. In this talk, we present an overview of this threat and empirical measurement results.Nowadays, attackers often steal sensitive information from a victim's machine with the help of a keylogger that sends the stolen information to a so called dropzone. A dropzone is a publicly writable directory on a server in the Internet that serves as an exchange point for keylogger data: the malware running on a compromised machine sends all stolen credentials to the dropzone, where the attacker can pick them up and start to abuse them. Such an approach is more promising than "traditional" phishing sites since the attacker can steal many more credentials from a single victim. In this talk, we present the results of an empirical study of this phenomenon, giving many details about these attacks we observed during the recent months.
In the first part of the talk, we provide a detailed overview of some of the most common keyloggers found in the wild. We focus on the two malware families ZeuS/Zbot and Limbo/Nethell and show how they propagate, what features they have, and how the actual dropzone works. Several other malware families will be briefly covered to cover a larger number of threats. Afterwards, we present several statistics and qualitative information for the keylogger data we found on some dropzones. Thorsten Holz
https://honeyblog.org/archives/9-Banking-Trojans.html
21:4501:00Saal 3tricks_makes_you_smileTricks: makes you smileA clever or ingenious device or expedient; adroit technique: the tricks of the trade.lectureenA collection of engaging techniques, some unreleased and some perhaps forgotten, to make pentesting fun again. From layer 3 attacks that still work, to user interaction based exploits that aren't 'clickjacking', to local root privilege escalation without exploits and uncommon web application exploitation techniques.Francesco `ascii` Ongaro23:0001:00Saal 3fnord_news_show_enFnord News Show (English interpretation)We help in seeing teh FnordslectureenEnglish Interpretation and video transmission of the event in Saal 1
This year's apocalyptic Fnord-review will include the war in Georgia and the financial-crisis. We try to web the events into a kind of mega-conspiracy, so that only one group (or probably two or three) are guilty.We are sure: This will be enjoyable.
These are the topics:
* Bankendomino
* Propaganda regarding the war in Georgia
* Terrorism, interception and Schäuble
NOT the US-election – nobody wants to hear this any more.Felix von LeitnerFrank Rieger
Interpretation project 25C3
11:3001:00Saal 1running_your_own_gsm_networkRunning your own GSM networklectureenThis presentation will mark the first public release of a new GPL licensed Free Software project implementing the GSM fixed network, including the various minimal necessary functionality of BSC, MSC, HLR. It will introduce the respective standards and protocols, as well as a short demonstration of an actual phone call between two mobile phones registered to the base station.On the Ethernet/IP based Internet, we are used to Free Software and general-purpose hardware. The worlds second largest communications network GSM couldn't be any more different. Even though the protocols are standardized and publicly available at the ETSI, all implementations are highly-guarded proprietary secrets of a few major players in the industry. The hardware is even more closed, as there is not a single GSM subscriber or base station chipset with even the least bit of publicly known information.
Nonetheless, in recent years there are a number of different projects working on driving a wedge of Openness into this world. You might have heard about other projects like the THC GSM sniffer project (pure wireshark-like functionality) and OpenBTS (a software defined radio based GSM base station interfacing with the Asterisk VOIP server).
This presentation is about yet another new GSM related Open Source project. A project that follows the GSM specs more closely and actually aims at interoperability with existing equipment such as hardware BTS hooked up via S2M interface to a Linux-running PC.
As part of the presentation we plan to show a live demonstration of a phone call using our own GSM network.Dieter SpaarHarald Welte
project homepage
12:4501:00Saal 1evoting_after_nedapeVoting after Nedap and Digital PenWhy cryptography might not fix the issue of transparent electionslectureenCryptographic methods have been suggested as a solution of the transparency and auditability issues in electronic voting. This talk introduces some of the suggested approaches and explains why such methods replace one issue with another, rather than fixing it. Cryptographic methods like Three Ballot, Punchscan, Scantegrity and Bingovoting have been suggested to provide the level of transparency and auditability which is missing in Direct Recording Electronics (DRE), like the NEDAP systems used in Germany's parliamentary elections. These methods introduce a level of complexity into elections which prevents most voters from understanding the election process and its verification. Where elections are currently controlled by the people, trust in the ability of experts is required when cryptographic methods are introduced.
From a more technical perspective, where DRE systems require trust in correct recording and counting of the votes, cryptographic methods might just replace this by the need to trust in the secrecy of the vote.Ulrich Wiesner
Punchscan
ThreeBallot
Scantegrity
Bingo Voting
14:0001:00Saal 1neusprechNeusprech im ÜberwachungsstaatPolitikersprache zwischen Orwell und OnlinelecturedePolitiker wollen ihre Überwachungspläne schmackhaft machen. Neben der inhaltlichen Verharmlosung von Vorratsdatenspeicherung, Onlinedurchsuchung, Videoüberwachung usw. nutzen sie sprachliche Mittel, um ihre Maßnahmen durchzusetzen. Negativ besetzte Wörter werden durch positive ersetzt und rhetorische Muster werden verwendet, um negative Aspekte auszublenden. Der Vortrag beleuchtet Merkmale der Politikersprache, die in Anlehnung an George Orwell als Neusprech bezeichnet werden kann. Infolge der Anschläge vom 11. September 2001 ist die „innere Sicherheit“ zu einem wichtigen Thema der Politik geworden. Während sich Politiker durch sicherheitspolitische Maßnahmen Zuspruch erhoffen, ist die mit solchen Maßnahmen verbundene Einschränkung der persönlichen Freiheit problematisch und unpopulär. Daher versuchen Sicherheitspolitiker, ihre Pläne rhetorisch-sprachlich so zu verpacken, dass positive Aspekte hervorgehoben und negative ausgeblendet werden.maha/Martin Haase
Chaos Radio Express 081 zum Thema Neusprech
16:0001:00Saal 1mifare_2008Analyzing RFID SecuritylectureenMany RFID tags have weaknesses, but the security level of different tags varies widely. Using the Mifare Classic cards as an example, we illustrate the complexity of RFID systems and discuss different attack vectors. To empower further analysis of RFID cards, we release an open-source, software-controlled, and extensible RFID reader with support for most common standards.RFID tags and contact-less smart cards are regularly criticized for their lack of security. While many RFID tags have weaknesses, the security level of different tags varies widely. Using the Mifare Classic cards as an example, we illustrate the complexity of RFID systems and discuss different attack vectors. To empower further analysis of RFID cards, we release an open-source, software-controlled, and extensible RFID reader with support for most common standards.Henryk PlötzKarsten Nohl17:1501:00Saal 1dectDECTThe Digital Enhanced Cordless Telecommunications standardlectureenDigital Enhanced Cordless Telecommunications (DECT) is a synonym for cordless phones today. Although DECT can be found nearly everywhere, only little is known about the security of DECT. Most parts of the DECT standard are public, but all cryptographic algorithms used in DECT (authentication and encryption) are secret and not known to the public. Nevertheless we decided to investigate the security of DECT closer ...Digital Enhanced Cordless Telecommunications (DECT) is a synonm for cordless phones today. Although DECT can be found nearly everywhere, only little is known about the security of DECT. Most parts of the DECT standard are public, but all cryptographic algorithms used in DECT (authentication and encryption) are secret and not known to the public.
We will show you the following:
* An introduction into the DECT protocol.
* An introduction to the DECT authentication and key management functions.
* An introduction into the DECT low level communication.
* A detailed security analysis of the protocol.
* The secret DSAA algorithm
* Parts of the secret DSC algorithmErik TewsRalf-Philipp WeinmannAndreas Schuler
deDECTed.org
Slides
Contact
18:3001:00Saal 1attacking_nfc_mobile_phonesAttacking NFC mobile phonesFirst look at the security of NFC mobile phoneslectureenNear Field Communication (NFC) based services and mobile phones are starting to appear in the field, therefore it is time to take a look at the security of the services and especially the NFC mobile phones themselves.The presentation will provide this first look at the security of NFC mobile phones. We will show some known theoretical attacks and how they may work in the field. Further we will present results from analyzing a specific NFC mobile phone, here we will reveal some security issues and methods to exploit them. Also we will provide a small survey of NFC applications in the field. Finally we will release a small set of tools to do further analysis on NFC mobile phones and applications.
If you have an NFC mobile phone I kindly ask you to bring it to the congress and come to me before or after my talk and show it to me, thanks!Collin Mulliner
http://www.mulliner.org/nfc/
20:3001:00Saal 1methods_for_understanding_targeted_attacks_with_office_documentsMethods for Understanding Targeted Attacks with Office DocumentslectureenAs more security features and anti-exploitation mechanisms are added to modern operating systems, attackers are changing their targets to higher-level applications. In the last few years, we have seen increasing targeted attacks using malicious Office documents against both government and non-government entities. These attacks are well publicized in the media; unfortunately, there is not much public information on attack details or exploitation mechanisms employed in the attacks themselves. This presentation aims to fill the gap by offering:* A brief overview of the Office file format,
* In-depth technical details and practical analytical techniques for triaging and understanding these attacks,
* Defensive mechanisms to reduce the effectiveness of the attacks,
* Forensics evidence that can help trace the attacks,
* Static detection mechanism for these vulnerabilities (i. e., how to write virus signatures for these vulns),
* Information and techniques to help detect these attacks on the wire. Bruce Dang21:4501:00Saal 1cisco_ios_attack_and_defenseCisco IOS attack and defenseThe State of the ArtlectureenThe talk will cover the past, present and future of Cisco IOS hacking, defense and forensics. Starting from the historic attacks that still work on less well managed parts of the Internet, the powerful common bugs, the classes of binary vulnerabilities and how to exploit them down to the latest methods and techniques, this session will try to give everything in one bag.To each attack type, we will also see what defensive measures are taken, what should be done and how Cisco forensics people will identify the attack and nail the attacker (or not).FX of Phenoelit
Phenoelit
Cisco Forensics and Wiki
23:0002:00Saal 1hacker_jeopardyHacker JeopardyDie ultimative Hacker-QuizshowcontestdeDas bekannte Quizformat -
aber natürlich mit Themen, die man im Fernsehen nie zu sehen bekäme.Hacker Jeopardy ist ein Quiz nach dem bekannten umgedrehten Antwort-Frage-Schema. Heise hat es mal "Zahlenraten für Geeks" genannt, was natürlich eine unfair vereinfachte Darstellung ist – es müssen auch Buchstaben und Sonderzeichen erraten werden. :)
Es werden drei Auswahlrunden gespielt, deren Sieger im Finale gegen den Titelverteidiger des Vorjahres antreten müssen. Wer war das noch?Stefan 'Sec' ZehlRay11:3001:00Saal 2lightning_talks_2Lightning Talks Day3 - Morning4 minutes of famelightningen4 minutes for every speaker. Learn about the good, the bad, and the ugly - in software, hardware, projects, and more.Give a lightning fast talk about your favourite project, program, system - and thereby find people with the same interest to proceed and promote it. Alternatively - give us a good rant about something and give us some good reasons why it should die. ;)
Get right at it, don't waste time by explaining too much, get the main points across, and then let us know how to contact you on the congress for a talk!
Whatever you do - please practise it, and don't be boring. Or else. You have been warned! :-PSven GuckesOliver Pritzkow
Feedback per E-Mail
25C3-Wiki: Lightning Talks on Day 3 - Morning
25C3-Wiki about the Lightning Talks
Lightning Talks
12:4501:00Saal 2repurposing_the_ti_ez430uRepurposing the TI EZ430Uwith msp430static, solder, and syringelectureenUSB devices are sometimes composed of little more than a microcontroller and a USB device controller. This lecture describes how to reprogram one such device, greatly expanding its potential.At only twenty dollars, the Texas Instruments EZ430U is a bargain of an in-circuit debugger for the MSP430 microcontroller. The board itself is composed of little more than an MSP430 and a USB to Serial controller. The board's JTAG fuse is unblown, and full schematics are included in public documentation.
This lecture will discuss the use of the EZ430U, not as a debugging tool, but as a development platform in and of itself. Topics will include the writing of replacement firmware, analysis of the default firmware, reprogramming the USB to Serial controller, and potential target applications.Travis Goodspeed
Repurposing the EZ430, Part 1
Repurposing the EZ430, Part 2
Repurposing the EZ430, Part 3
Goodspeed 25C3 EZ430 Slides
14:0001:00Saal 2privacy_in_the_social_semantic_webPrivacy in the social semantic webSocial networks based on XMPPlectureen[[ Thank you all for your feedback. I currently register some hacking space on berlios.de so we can have a mailing list and maybe a wiki! please contact me at: jan.heuer <<ät<< uni-muenster.de ]]
In the last years the static web has moved towards an interactive web – often referred to as the web2.0. People collaboratively write articles in online encyclopedias like Wikipedia or self-portray themselves with profiles in social networks like Myspace. Delicious allows people to tag their bookmarks and share them with friends. Twitter is a short status message service to tell friends what you're doing right now. The diversity of applications attracts a huge amount of users and the application can be used from any computer.However, many people have privacy concerns with such applications but the advantages and features often outweigh them. Instead of arguing against such services we rather propose an alternative architecture based on the Extensible Messaging and Presence Protocol XMPP.
Within a social network, members can link with each other in order to create a personal network of friends. Often, the number of friends is a kind of “social status” and displayed on a person’s profile page. This community aspect attracts a lot of users, especially those who are technically not very experienced. Other social applications don’t focus on linking with other members in the first place but allow their users to tag and share special content-types with others. Examples for tagged resources are photos on Flickr, bookmarks on Del.icio.us or publications on Citeulike and Bibsonomy. Both tagging and networking attracted a great deal of attention in the last years.
However, people who want to use the services and share data with others have to provide them to the service maintainer. Most social networks allow to mark data as private or reduce their visibility, but this is not the issue. The main problem we see in current social networks is that private data are given to potentially not trustworthy companies. Users don't know what the companies do with their data or if they can revert their data at all. It may still exist on their servers or in backups. And users can't be sure that private data are always well protected. Security issues often occurred recently in social networks, allowing other to access private data although they were not allowed to. Though the audience of the 25C3 is probably aware of this issues, the technically less experienced people are not. Therefore a simple "don't use it if you don't like it"-rule is not satisfying. We want to show that technical alternatives to current social networks exist.
We propose a network architecture where users keep the total control of access to their data. Instead of using a client-to-server architecture like traditional social networks do, we use the Extensible Messaging and Presence Protocol XMPP also known as the jabber instance messaging network. Like in instant messenger programs, people can add friends to their personal network. Once they mutually authorized each other, personal data can be exchanged. A public-private-key infrastructure on top of the xmpp communication ensures that message cannot be intercepted or read by any third party – including the xmpp server itself.
The semantic part in our application are the information exchanged between the clients. We decided to use existing ontologies and schemas like FOAF (Friend of a Friend) and the Tag Ontology. In our first prototype users are able to create their personal profile and to bookmark and tag websites. Those data can then be exchanged with friends. Another feature are recursive searches of those bookmarks which allows to retrieve bookmarks of friend-of-friends (as long as they give their permission). We decided to use semantic technologies because we also wanted to show how a semantic web could look like in future. The overall goal is to develop an open, distributed system to exchange information - privately and protected.
The current application is an open source prototype in Java6. The application is available as webstart application and is therefore platform independent. The network is open to other clients and other platform. Other possible applications could be Flash programs, Java applets or browser extensions. Integration into existing instant messenger program is also a possibility.
Ideas for coming features are:
* Integrate the default "StudiVZ/Facebook" features like pin board, groups, photo-to-person links, etc.,
* Share current location with friends (that is something I would never periodically upload to a website...),
* integrate into local PIM applications: integrated small LDAP server for all address information of friends, RSS feed of latest content from friends,
* OpenID provider (through an HTTP-to-XMPP interface),
* Use the Public-Key in E-Mails, too.
Future Challenges are:
* How can a role-based access control be integrated?
* Once a contact is offline, its information are unavailable. How can they efficiently cached in the network?
My talk will cover some examples of privacy issues and discuss the general architecture. Unless there is concrete interest I won't discuss very research specific topics. I'll give a short introduction into the idea of the semantic web, the arising privacy issues in social networks and the idea of the web-of-trust.Jan Torben
The pace project
Java Webstart of the prototype
16:0001:00Saal 2the_ultimate_commodore_64_talkThe Ultimate Commodore 64 TalkEverything about the C64 in 64 MinuteslectureenRetrocomputing is cool as never before. People play C64 games in emulators and listen to SID music, but few people know much about the C64 architecture. This talk attempts to communicate "everything about the C64" to the listener, including its internals and quirks, as well as the tricks that have been used in the demoscene, trying to revive the spirit of times when programmers counted clock cycles and hardware limitations were seen as a challenge.The Commodore 64 was released in 1982 as an entry- and hobby-level machine competing against the Atari 8 bit series and the Apple II. Compared to other systems on the market, it had a lot of RAM (64 KB), and very sophisticated video and audio hardware. While it was quickly forgotten in the US, it reached its peak in the late 80s in Europe, being a very affordable hobby and game computer. Being the longest running computer of all time, being produced for 12 years, programmers understood the hardware very well, and continued finding new tricks how to create even better graphics effects. "AGSP" for example, a very sophisticated trick that makes it possible to arbitrarily scroll "multicolor bitmaps", e.g. for platform games, wasn't used in games until about 1993.
This talk explains all the hardware details of the C64: The programming model of the 6502 CPU family, the Complex Interface Adapters (CIA), the Sound Interface Device, and the programming details as well as common ticks involving the Video Interface Controller (VIC-II). The disk interface will be discussed just as well as the design of the 1541 drive.
The listener will get a good understanding of 8 bit programming and creative programming on extremely limited hardware, as well as common tricks that can be generalized to other systems.Michael Steil17:1501:00Saal 2security_and_anonymity_vulnerabilities_in_torSecurity and anonymity vulnerabilities in TorPast, present, and future lectureenThere have been a number of exciting bugs and design flaws in Tor over the years, with effects ranging from complete anonymity compromise to remote code execution. Some of them are our fault, and some are the fault of components (libraries, browsers, operating systems) that we trusted. Further, the academic research community has been coming up with increasingly esoteric – and increasingly effective! – attacks against all anonymity designs, including Tor.Roger will walk through some of the most egregious bugs and design flaws we've had, and give some intuition about lessons learned building and deploying the largest distributed anonymity network ever. Then he'll outline the wide variety of current vulnerabilities we have, explain what they mean for our users, and talk about which ones we have a plan for and which ones will continue to be a pain for the coming years.
Last, we'll speculate about categories and topics that are likely to introduce new problems in the future.Roger Dingledine
early outline for my talk material
18:3001:00Saal 2onioncat_tor_based_anonymous_vpnOnionCat – A Tor-based Anonymous VPNBuilding an anonymous Internet within the InternetlectureenOnionCat manages to build a complete IP transparent VPN based on Tor's hidden services, provides a simple well-known interface and has the potential to create an anonymous global network which could evolve to a feature- and information-rich network like we know the plain Internet today.Tor provides so-called "Hidden Services". These are services which are location hidden within the Tor network. This means that not only users are hidden but also services (destination). Tor manages this by assigning virtual addresses to them, so-called .onion-URLs. Tor builds all connections based on them.
Unfortunately, access to hidden services is currently not very user-friendly which makes them unattractive although they could provide high privacy in today's world.
OnionCat provides an IP-transparent service which does on-demand connections to designated hidden services. This is a Tor-specific virtual private network (VPN). Because of its IP-transparency any client program can use hidden services without further
workarounds.
This talk is about OnionCat in general, gives a brief introduction into its internals and application examples.Daniel HaslingerBernhard Fischer
OnionCat Project Page
TOR in General. Project home page.
TOR Designpaper
20:3001:00Saal 2biometrie_epaDer elektronische PersonalausweisEndlich wird jeder zum "Trusted Citizen"lecturedeDie Einführung von Fingerabdrücken und biometrischen Gesichtsbildern in den geplanten elektronischen Personalausweis (ePA) ist 2008 beschlossen worden. Versprochen wird uns die sichere Identitätskontrolle, geliefert vom Dienstleister des Vertrauens, der Bundesdruckerei GmbH. Konzeptionelle Fehler aus dem Paßgesetz werden jedoch im neuen Scheckkartenformat des ePA wiederholt.Der biometrische ePass läßt grüßen: kein Sicherheitszuwachs, aber hohe Kosten auch beim Personalausweis. Biometrie-gestützte Identitätskontrollen werden nun für jedermann verpflichtend, denn anders als noch beim Reisepaß ist mit dem ePA nun jeder Bürger in Deutschland gezwungen, ein biometrisches Ausweisdokument zu beantragen. Damit wird die Lücke im System geschlossen. Da auch dauerhaft hier lebende Ausländer eine elektronische biometrische Karte bekommen, wird also endlich der Traum von der vollerfaßten Bevölkerung wahr.
Die erkennungsdienstliche Behandlung bei ePA ist vorerst für die Fingerabdrücke freiwillig, nicht jedoch für das Gesichtsbild. Was technisch geplant ist und wohin die Reise geht, erzählen wir dem geneigten Zuhörer. Finden Sie sich in der Zwischenzeit schon mal bei ihrer nächstgelegenen biometrischen Registrierstation ein.Constanze Kurzstarbug21:4501:00Saal 2objects_as_softwareObjects as Software: The Coming RevolutionHow RepRap and physical compilers will change the world as we know it (and already have)lectureenHow physical compilers (CNC machines, laser cutters, 3D printers, etc) are changing the way we make things, how we think about the nature of objects. This talk will focus on the future of digital manufacturing, and how self-replicating machines will make this technology accessible to everyone: ushering in a new era of technological advance.Open source software is essentially based on sharing instructions. These coded instructions deal with very tedious things no human would ever want to attempt manually. Luckily, we have computers that understand these instructions and gleefully execute them much faster than any human possibly could. Because of that, we have packets flying across the internet, multi-million pixel displays, and many other amazing technologies. This is all due to computers reliably executing our instructions perfectly and quickly. We know that if we write code on computer A, then it will function exactly the same on computer B (at least in theory ;)
Open source hardware is following a similar route: designs and instructions to create real, physical objects are freely shared. Currently it is fairly difficult to take a design for an object and automatically execute that design as a real object. Due to many exciting developments in the world of open source hardware, this is slowly changing. Things like CNC machines, laser cutters, and 3D printers are becoming more prevalent. These machines will become the physical computers of the coming revolution. As there machines become more and more prevalent, they will also likely increase in quality as well as decrease in cost, allowing people across the globe to digitally share designs which can be created and used locally, without requiring a large skill set to create them. Just as the computer revolution has allowed non-programmers to access the internet and do amazing things with their computers, the physical compiler revolution will allow non-engineers to download and 'print' objects such as robots, appliances, shoes, electronics, and more.
This revolution will transform physical objects into software that be sent around the world in an instant.Zach Hoeken
The RepRap Project
11:3001:00Saal 3the_privacy_workshop_projectThe Privacy Workshop ProjectEnhancing the value of privacy in todays students viewlectureenThe lecture intends to give an overview of the Privacy Workshop project started in Siegen (NRW, Germany) and to animate listeners to participate in the project.
Update 2008-12-30: we finally put the slides online, but there are still some cc-license tags that need to be fixed for the last pictures. The flickr-links are ok though, so please don't moan and stay tuned :)The general idea behind the project “Privacy Protection Workshop Project” is getting in touch with pupils to demonstrate them the importance of privacy protection and demonstrate security technologies that are important in the digital age we live in. The questions we want to raise awareness of, are:
Is there still a need of privacy protection when party videos and pictures in swimwear substitute for job interviews? Who may be able to access my pictures in “SchülerVZ” and other web2.0 platforms? Why is an email more similar to a postcard than a sealed letter? Is it necessary to encode the data on my USB-stick or rather hope it never get lost?
In our experience these important questions are more or less hardly ever considered.
Our workshop-plan distinguishes between two ways of educational methods. First we offer information sessions within the educational curriculum in schools. These will give the pupils an understanding of security measures that are helpful and in our opinion necessary for dealing with SchülerVZ & Co. These sessions are developed in co-operation with their teachers. Second we offer workshops outside the official school hours that will delve more deeply into concepts such as cryptography and secure passwords. The workshop participants are encouraged to put these concepts into direct action by using their brought along USB-sticks and/or Laptops. Due to the complexity of the technologies and their use in day-to-day life we concentrate on Truecrypt and Torpark for USB-sticks and GnuPG for email security.
This workshop will be a new version of: eh2008.koeln.ccc.de/fahrplan/events/2436.de.html
Our first workshop was introduced on EH2008 in March this year. A major part of the presentation was the evaluation of our first workshop focusing on mistakes and how to improve. Promoting our workshop has changed from sending invitations via post to direct and personal contact with teacher and staff at schools. We want to inspire teacher and staff and make them aware of the importance of our project. Currently I am myself a trainee teacher and by now colleagues approach me on a regular basis asking to visit their classes.
Our experience is outlined in an article published December this year in the scholarly journal “Deutschunterricht” published by www.westermann.de the article has been written in collaboration with Axel Krommer:
www.deutschdidaktik.ewf.uni-erlangen.de/home/index,id,88,selid,275,type,VAL_MEMO.htmlChristoph BrüningKai Schubert
Website of the Privacy Workshop Project (in German)
12:4501:00Saal 3zehn_big_brother_awards_in_atZehn Big Brother Awards in .atRückblick über eine bewegte ZeitlecturedeAls erster Big-Brother-Awards-Veranstalter schaffte es Österreich, dieses Jahr die Preise bereits zum zehnten mal zu vergeben. Und obwohl es sich nur um eine Zehnerpotenz handelt, und nicht um eine zur Basis 2, ist es Zeit für einen Rückblick – und einen kleinen Ausblick.Zehn Veranstaltungen ganz unterschiedlichen Charakters haben wir hinter uns gebracht. Anwaltsbriefe und Klagen erhalten, haarsträubende Geschichten erlebt – und zum Jubiläumsjahr haben wir ein Buch herausgebracht. Aber ein ganz anderes als man vielleicht erwarten würde: ein Science-Fiction-Buch mit 27 Kurzgeschichten – über das, was uns Überwachung bringen könnte. Denn wer beschäftigt sich sonst so intensiv mit Zukunftsszenarien, wie Science Fiction?
Außerdem erzählen wir über Höhen und Tiefen aus zehn Jahren: wo wir einstecken mussten, und wo wir siegreich waren.Adrian Dabrowski
http://www.bigbrotherawards.at
http://sf.quintessenz.at
14:0001:00Saal 3introduction_to_new_stream_cipher_designsAn introduction to new stream cipher designsTurning data into line noise and backlectureenEven with "nothing to hide", we want to protect the privacy of our bits and bytes. Encryption is an important tool for this, and stream ciphers are a major class of symmetric-key encryption schemes. Algorithms such as RC4 (used in WEP/WPA, bittorrent, SSL), A5/1 (GSM telephony), E0 (bluetooth), as well as AES in counter (CTR) mode, are important examples of stream ciphers used in everyday applications.Whereas a block cipher such as AES works by encrypting fixed-length data blocks (and chaining these together in a suitable mode of operation), stream ciphers output an unique and arbitrary-length keystream of pseudorandom bits or bytes, which is simply XORed with the plaintext stream to produce the ciphertext. Advantages of stream ciphers often include smaller hardware footprint and higher encryption speeds than comparable block ciphers such as AES. However, cryptanalysis has led to attacks on many of the existing algorithms.
The ECRYPT Stream Cipher Project (eSTREAM) has been a 4-year project funded by the EU to evaluate new and promising stream ciphers. The project ended in April 2008, with a final portfolio which currently consists of 7 ciphers: 3 suitable for hardware implementation, and 4 aimed at software environments. The portfolio ciphers are considered to provide an advantage over plain AES in at least one significant aspect, but the designs are very different and often suited for different applications.
Since the eSTREAM ciphers are quite new, many of them are not well known outside the academic community. The goal of this talk is to give a very quick presentation of each of the 7 portfolio ciphers: Grain v1, MICKEY v2, Trivium, HC-128, Rabbit, Salsa20/12 and SOSEMANUK.Tor E. Bjørstad
The eSTREAM Project
djb's notes on eSTREAM
Wikipedia has more details
16:0000:30Saal 3squeezing_attack_tracesSqueezing Attack TracesHow to get useable information out of your honeypotlectureenThis talk will give an overview about how modern attack analysis tools (dynamic honeypots, an automated shellcode analyzer, and an intrusion signature generator) can be used to get a deep understanding about what attacks do and how they work. A live demo will be given to demonstrate the usage of those tools.Knowing what's going on in the field of attacks against Internet hosts is one of the most important things for everybody dealing with IT security. People need to stay current with attack technology to understand and implement countermeasures. However, firewall logs and IDS alerts do not provide the details we need. New technologies like honeynets try to bridge this gap: As active sensors they try to catch as much information as possible about an intrusion attempt. But they only collect data most of the time and help little when it comes to actually analyzing attacks.
If we want to understand the attack situation, we need to get some real attack traces first. After that, we can extract the exploit and try to understand, what it does. This can be easy (SQL injection attempts are human readable, for example) but also very hard and time consuming: For a piece of shellcode it would generally be necessary to step over the code in a debugger, a task that is hard to automate. We show a workaround. Finally, once an attack is analyzed, it would be nice to construct a blocking rule or an IDS signature to catch further attempts and prevent other systems from being exploited.
In the talk, we will introduce the idea of using dynamic honeypots for gathering traces of nearly arbitrary server-side attacks. We will show how an automatic shellcode detection and analysis can be performed with a x86 CPU emulation software. Lastly, we will briefly explain how a signature generator can find common parts in different attack traces and how these can be used to assemble a pattern which can be used in a network intrusion detection system.
We will show how to put these tools together in a short live demo.Markus KötterTillmann Werner16:4501:30Saal 3hacking_into_botnetsStormfucker: Owning the Storm BotnetlectureenIn the talk we will demonstrate how to own the storm botnet (live demo included).Georg 'oxff' WicherskiTillmann WernerFelix LederMark Schlösser18:3001:00Saal 3swf_and_the_malware_tragedySWF and the Malware TragedyHide and Seek in A. FlashlectureenThis talk rounds up possible web-based attacks using Flash with a particular focus on obfuscation, de-obfuscation and the generic detection of malicious SWF.While there are some tools out there to analyze AS2 and AS3 based SWF, using various techniques, analysis of SWF can become a nightmare. Starting with a closer look at recent Flash based attacks, this talk will explore ways to recognise these attacks in advance on the one hand, and means to make it even more difficult to prevent them on the other hand. On the way, we will see why and how attackers obfuscate ActionScript code and what methods will probably be used in the future to make detection of malicious payloads much harder.fukamiBeF
erlswf @ Google Code
FlashSec wiki
20:3001:00Saal 3lightning_talks_2_2Lightning Talks Day3 - Evening4 minutes of famelightningen4 minutes for every speaker. Learn about the good, the bad, and the ugly - in software, hardware, projects, and more.Give a lightning fast talk about your favourite project, program, system - and thereby find people with the same interest to proceed and promote it. Alternatively - give us a good rant about something and give us some good reasons why it should die. ;)
Get right at it, don't waste time by explaining too much, get the main points across, and then let us know how to contact you on the congress for a talk!
Whatever you do - please practise it, and don't be boring. Or else. You have been warned! :-PSven GuckesOliver Pritzkow
Feedback per E-Mail
25C3-Wiki: Lightning Talks on Day 3 - Evening (Afternoon)
25C3-Wiki about the Lightning Talks
Lightning Talks
21:4501:00Saal 3rebel_at_workWeizenbaumRebel at workmoviedeGezeigt wird ein Dokumentarfilm von Silvia Holzinger und Peter Haas über den Deutsch-Amerikaner Joseph Weizenbaum – eine Kultfigur in der Informatik. Bekannt wurde er in den 70er Jahren als scharfzüngiger Wissenschafts- und Gesellschaftskritiker. Sein Buch "Die Macht der Computer und die Ohnmacht der Vernunft" ist zum Klassiker geworden, sowohl unter Philosophen als auch unter Informatiker. Joseph Weizenbaum ist 2008 in Berlin an den Folgen eines Schlaganfalls verstorben.Peter HaasSilvia Holzinger
Trailer
23:0002:00Saal 3hacker_jeopardy_enHacker Jeopardy (English interpretation)The ultimative Hacker-QuizshowcontestenEnglish Interpretation and video transmission of the event in Saal 1
The famous quiz –
of course with topics you will never see in TV.Hacker Jeopardy is a quiz in the well-known answer-question-scheme.
We will play three rounds, and a final one where all round-winners will play against the winner from last year.Stefan 'Sec' ZehlRay
Interpretation project 25C3
11:3001:00Saal 1why_technology_sucksWhy technology sucksIf technology is the solution, politicians are the problemlectureenMore and more technology is seen as the ultimate solution for many problems. Lack of understanding and bending rules towards the technology show that politicians and managers have an established level of incompetence. Of course this poses a problem. We tend to forget that hacking also means is having fun with things. Let's ride the incompetence and use technology 'concepts' for the things we want.We have come to live in a brave new world where technology has added a great value to our existence. The possibilities seem endless and undoubtly are fun. If it isn't fun, breaking it is definitely fun. Living the geeklife is worthwhile.
However managers and politicians have discovered technology too, but they have one serious disability: they aren't geeks and thus by definition not capable of using it in a useful, effective way. Like a spoiled child they won't stop until their toys are installed. In the process of having their way they ignore the real, often damaging effects on society. The aim seems to be to demonstrate how modern and incompetent they really are.
Those 'visionary minds' use technology in a way it wasn't intend and it turns out to be a bad idea. In contrast hackers find fun, unforseen ways of using systems. So when many politicians decry the Netherlands to be an innovative, techsavvy nation, you get a fun talk with a lot of good ideas to respond.Walter van Host12:4501:00Saal 1not_soy_fastNot Soy Fast: Genetically Modified, Resource Greedy, and coming to a Supermarket Near YouThe silent march of the multinational GMO soy industry and its growing power in South America, the EU, and around the World.lectureenSoy is the magic ingredient that we often look to for our alternative, healthier, and more responsible diets. Yet the soy industry, with its boom in profits and global reach, behaves the exact opposite way.Genetically Modified, Resource Greedy, and Appearing at a Supermarket Near You
The silent march of the multinational GMO soy industry and its growing power in South America, the EU, and around the World.
For any of us in the last 20 years who have chosen to become vegetarians or just reduce the amount of meat that we eat, soy has long been our best friend. Soy, our good alternative food source friend which was our good source of protein and came in all kinds of shapes and forms, sometimes it even tasted like that old sausage or that filet mignon, only it was tofu. And that's how it has been for many alternative eaters, for a very long time, meat is bad, and hey – we've got soy as a healthy and not meat source of goodness.
Meanwhile, by the time the late 90's rolled around, in the corridors of the European Commission, there was talk of a new kind of food crop, one that had been engineered to resist typical farming concerns like weeds and pests. Some even promised to reduce the amount of work required to grow it, saving farmers on labor costs.
Experts and regular citizens around the world began to ask questions such as what would the long term effects be if people would consume this soy? What about the effects on agriculture if these types of crops are grown near regular soy? And from there.. more questions and frequently, few conclusive answers. One result was the EU's ban on GMO soy for human consumption. Yet despite this ban, GMO soy could be used for animal feed. Indeed by 2006, the European Union became the leading importer of soy, including GMO soy, from South America, 85% of which went towards livestock feeding. Livestock which eventually are consumed by humans.
But the story is much larger than the EU and genetically modified food. Because with the growing scope and power of big soy agribusiness, nations like Brazil and Paraguay would experience a quiet soy revolution. A revolution that would bring an end to the way of life for many indigenous people, as well as destroy a significant amount of the amazon rain forest, all in the name of soy.
While all this is going on, so to is the fair trade and alter-globalization movement of the late 1990's. Following in their tradition, throughout the 00's, activists from across Europe take matters into their own hands, in countries such as Portugal and Germany, physically going to GMO plantations and destroying the crops as an act of civil disobedience.
This is but a snapshot of a very complex struggle that effects not only anyone who eats soy products, but all food. An issue that involves not only policy makers and farmers, but our collective future and public health. It has been called, the omnivore's dilemma, what some in the media feel is too complicated to report about. This is the story of our soy industry, whether we like it our not.Bicyclemark
A-Seed Europe
Responsible Soy Declaration
Friends of the Earth Europe
14:0001:00Saal 1wikileaksWikileaksWikileaks vs. the WorldlectureenWikileaks is developing an uncensorable Wikipedia for untraceable mass document leaking and analysis. In the past year, Wikileaks has publicly revealed more sensitive military documents than the entire world's press combined. Its mission has been quite successful after the launch, spawning reportage worldwide and effectively helping to bring about reform on important matters based on factual information. As of now the effort has spawned thousands of press references in major newspapers like The NY Times, The Guardian and the BBC, and tens of thousands in blog posts.We will talk about experiences that have been made within the first year of its operation, the impact activities on Wikileaks had in various parts of the globe, technical, political and legal challenges faced as well as give an overview of the state of classic and internet media today. We will also talk about conclusions we can derive from these experiences and will present strategies on how investigative journalism, and therefore the fourth estate as the only truly independent control over the state and our future might be resurrected. Lastly we will address why your involvement and that of the technical community is inherently important to ensuring free and uncensored access to information in the future.
During the year of operation we have been able to make many different observations on the state of free information on the internet, the media, governments, military and corporations. We have observed how material that is published is being picked up, sued for, digested, hyped or ignored, and these observations, whether legal, behavioral or qualitative, lead to insights and conclusions that we would like to present and discuss.
Especially we have found the 4th estate as 'the' supposedly independent control over the state, inherently important to any society and its development, is clinically dead, bankrupt and headed in a dangerous direction. While the number of reportage is increasing with bloggers and other new media, the number of genuine reportage, let alone investigative journalism, is rapidly decreasing. This today goes in hand with censorship even in the free world and its media becoming daily routine and increasingly easy. Wikileaks has developed mechanisms that can actively help to address this problem and as has been proven from experience, lead to change and reform. We have found these mechanisms and others in their effectiveness only depend on the awareness and involvement of the public, on our all 'making use of them'.
We want to present these findings in an effort to further this awareness and involvement, especially in the technical community that possesses a lot of the power to shape these important facets of our technologically-driven society, and so in some respect might carry a certain responsibility towards the future of our world.wikileaks
Wikileaks
15:1501:00Saal 1md5_considered_harmful_todayMD5 considered harmful todayCreating a rogue CA Certificatelectureen![We have executed an attack that ...](http://events.ccc.de/congress/2008/Fahrplan/attachments/1207_censored.jpg)David MolnarMarc StevensArjen LenstraBenne de WegerAlexander SotirovJacob AppelbaumDag Arne Osvik
Homepage
16:3001:30Saal 1security_nightmaresSecurity Nightmares 2009Oder: worüber wir nächstes Jahr lachen werdenlecturedeSecurity Nightmares - der jährliche Rückblick auf die IT-Sicherheit und der Security-Glaskugelblick für's nächste Jahr.Security Nightmares betrachtet die Vergangenheit, Gegenwart und Zukunft von Sicherheitsvorfällen in der IT. Wir machen eine Rückschau auf unsere Vorhersagen der letzten Jahre, unterhalten uns darüber, was sonst noch passiert ist, und wagen dann die Vorschau ins nächste Jahr. Als besonderes Highlight wird dieses Jahr ein schöner Symbian Exploit während der Security Nightmares released, was uns Gelegenheit gibt, mal wieder über Mobile Malware zu orakeln. RonFrank Rieger18:1501:00Saal 1closing_ceremonyClosing CeremonylectureenSandro Gaycken11:3001:00Saal 2lightning_talks_3Lightning Talks Day44 minutes of famelightningen4 minutes for every speaker. Learn about the good, the bad, and the ugly - in software, hardware, projects, and more.Give a lightning fast talk about your favourite project, program, system - and thereby find people with the same interest to proceed and promote it. Alternatively - give us a good rant about something and give us some good reasons why it should die. ;)
Get right at it, don't waste time by explaining too much, get the main points across, and then let us know how to contact you on the congress for a talk!
Whatever you do - please practise it, and don't be boring. Or else. You have been warned! :-PSven GuckesOliver Pritzkow
Feedback per E-Mail
25C3-Wiki: Lightning Talks on Day 4
25C3-Wiki about the Lightning Talks
Lightning Talks
12:4501:00Saal 2la_quadrature_du_netLa Quadrature du Net - Campaigning on Telecoms PackagePan-european activism for patching a "pirated" lawlectureenLa Quadrature du Net (Squaring the Net) is a citizen group informing about legislative projects menacing civil liberties as well as economic and social development in the digital age. Supported by international NGOs (EFF, OSI, ORG, Internautas, Netzwerk Freies Wissen, April, etc.), it aims at providing infrastructure for pan-European activism about such topics as network neutrality, privacy, "graduated response", etc.From May to September 24th 2007, a campaign was setup to raise elected representatives', journalists' and public's awareness into the legislative hijack, by the content industries, of the European network regulation law ("Telecoms Package"). A strong mobilization around serious bits of analysis, and proper community tools helped to really influence things.
This talk is about how we got to "correct" the bad provisions in the text by applying legislative "patches" in the first reading. If the second reading is happening around the 25C3, then fresh news and updates will be provided.
On the "graduated response" ("three strikes approach" or "riposte graduée"), which initiated the founding of La Quadrature du Net, we realized that the industry's strategy for increasing control over the Internet included the use of "legislative bootstrapping": initiating a law in some country (France in that case), for propagating it on European and worldwide level afterwards.
Thus, using our local expertise on the topic (Olivennes bill about graduated response ordered by N. Sarkozy) could be exported at European level, especially when the "Telecoms Package" was at the very same moment being hijacked to include IP provisions, to legalize a pan-European graduated response, and to directly harm net neutrality.
La Quadrature du Net was built with the aim of bridging gaps between concerned NGOs across different European countries, providing analysis, pointers, tools and methods allowing everyone to participate on those key issues.
Many good solutions were brought into the text, cleaning the most disturbing parts of it (yet leaving some problematic bits), by constructing dialogues with concerned members of European Parliament (MEPs), producing legal and political analysis, and helping European citizens to participate.
Jérémie ZimmermannMarkus Beckedahl
La Quadrature du Net
Wiki page about Telecoms Package
An analysis and scoring of MEPs recorded votes on Telecoms Package on our "Political Memory"
Political Memory - a tool for tracking members of parliament activity
La Quadrature's campaign around first reading of the Package, on Sept. 24th
14:0001:00Saal 2vertex_hackingVertex HackingReverse Engineering von 3D-DateiformatenlecturedeEs geht um die Methoden beim Umgang mit unbekannten Dateiformaten, speziell im Bereich der 3D-Modelle. Vorgestellt werden sollen die Werkzeuge, die Vorgehensweise, ein paar mögliche Fallstricke, interessante Implementierungsdetails und schlussendlich auch das Ergebnis in Form der Bibliothek libg3d.Inhalte sollen vor allem sein:
* Umgang mit strukturierten Binärformaten
* Datenformate im 3D-Bereich
* Spektrum der verschiedenen Formate/möglichen Lösungen
to be continued...Markus Dahms
Homepage libg3d/G3DViewer
15:1501:00Saal 2mining_social_contacts_with_active_rfidMining social contacts with active RFIDlectureenWe describe the implementation of a distributed proximity detection firmware for the OpenBeacon RFID platform. We report on experiments performed during conference gatherings, where the new feature of proximity detection was used to mine and expose patterns of social contact. We discuss some properties of the networks of social contact, and show how these networks can be analyzed, visualized, and used to infer the underlying social structure.The SocioPatterns project aims to shed light on patterns and statistical regularities in social dynamics. To date, little quantitative information is available about these patterns, and measuring real-world dynamics is indispensable for obtaining a complete picture. In this talk we focus on social contact between people and describe how the OpenBeacon active RFID platform was used to gather experimental data on social contact at a few conference gatherings.
In a variety of contexts, spatial proximity is a good proxy for social interaction. Spatial proximity of persons wearing active RFID tags can be inferred by tracking the location of the tags, and using the position information to decide whether two tags are located nearby. However, locating the tags requires several receiving stations, and contact inference is subjected to errors that limit both its spatial and temporal accuracy. Because of this, we decided to move from contact inference to direct contact detection.
We rewrote the firmware of the OpenBeacon tags specifically targeting proximity detection. We are now able to detect proximity between persons with a very good spatial (~1 m) and temporal (~10 s) resolution. We achieve this by operating the RFID devices in a bi-directional fashion, over multiple radio channels. Tags no longer act as simple beacons, emitting signals for the receiving infrastructure. They exchange messages in a peer-to-peer fashion, to sense their neighborhood and assess contact with other tags. The contact events detected by the RFID network are then relayed to the monitoring infrastructure and post-processed. On suitably tuning the system parameters we achieve reliable detection of face-to-face interaction within about 1 m. This allows, for example, to discriminate who is talking with whom in a small crowded room.
In this talk we discuss our implementation of the contact detection firmware for OpenBeacon tags. We provide some details on data analysis and on the visualization of the longitudinal contact networks we measure. We report the results of an experiment involving about 100 people at a conference, and discuss some interesting statistical regularities of social contact. We also discuss how contact information and trajectory similarity can be used to infer the structure of the social network underlying the community of monitored persons, and how background information can be integrated into this picture. We close by pointing to future directions for research as well as to mashups with social networking services.Ciro CattutoMilosch Meriacaestetix
SocioPatterns
OpenBeacon
video 1 on Vimeo
video 2 on Vimeo
video 1 on YouTube
video 2 in YouTube
12:4501:00Saal 3predictable_rng_debianPredictable RNG in the vulnerable Debian OpenSSL packagethe What and the HowlectureenRecently, the Debian project announced an OpenSSL package vulnerability which they had been distributing for the last two years. This bug makes the PRNG predictable, affecting the keys generated by openssl and every other system that uses libssl (eg. openssh, openvpn).We will talk about this bug (the speaker was the discoverer of this bug), its discovery and publication, its consequences, and exploitation. As well, we will demonstrate some exploitation tools.Luciano BelloMaximiliano Bertacchini14:0001:00Saal 3crafting_and_hacking_separated_at_birthCrafting and Hacking: Separated at BirthlectureenWhat do hackers have in common with crafters? Lots. While crafting is more often about string and glue than bits and electrons, crafters often feel the same need to create things and manipulate materials into something new. The roots of computing are intertwined with craft around the invention of the Jaquard punchcard loom. We'll look at where the two scenes have gone since then, and what we can gain by reconnecting the hacker world with its softer, more decorative cousin.In 1801, Joseph Marie Jacquard designed a loom whose patterning was controlled by a piece of perforated pasteboard. This allowed the creation of longer, more complex patterns with a smaller margin for error. Punch cards remained popular through the 70s... but what about craft? Arts and Crafts are rarely considered to be on the forefront of technology... but a number of projects are bringing hackers and crafters back together.
Over the last 5 years, the internet has created a huge community of "open crafting". Sites like craftster.org encourage people to share ideas and build upon them, much like open source software. It's transformed the "cottage industry" crafts as well. Crafters go to ecommerce site such as etsy.com or dawanda.com to not only sell their wares, but to participate in communities centered around crafting and building their businesses. Many of the sellers on these sites have no formal business training, it's all DIY.
Bringing these crafting communities online has sparked interest in technology for a lot of crafters. I'll review some really fun projects people have done, like the News Knitter (casualdata.com/newsknitter/), Raph's Twitchy kits (twitchy servo-bots which are super popular with crafters), and some of my own tinkering with the knitting machines (flickr.com/photos/kellbot/2285229844/) and experiments with the laser cutter (www.kellbot.com/2008/09/lasering-rocks/). The current project I'm working on uses Processing to generate patterns for origami boxes, which I then cut on the laser.
My point, and I do have one, is that crafters and hackers have a lot in common. Artists have been setting up shared studios / workspaces, and their needs and interests are similar to those of hackerspaces: space to work, access to equipment, and a supportive community to help them grow their ideas. Our combination craft/hack nights at NYC Resistor have been immensely successful. The two communities have a lot to gain by embracing each other!Kellbot15:1501:00Saal 3pflanzenhackenPflanzenhackenZüchten 2.0lecturedeOb Tomaten, Zitronen oder Cannabis: Nutzpflanzen werden längst nicht mehr konventionell in Erde gezüchtet. Von der Auswahl des Saat- und Erbguts bis zur Ernte ist der Anbau von Pflanzen aller Art ein schwieriges, aber spannendes Thema. Die von der Industrie angestellte Forschung hilft auch dem Hobbyzüchter: Pflanzen, die ohne Erde kultiviert und wenige Wochen nach der "Aussaat" erntereif sind, gehören längst nicht mehr in Science-Fiction-Filme, sondern in den Keller des geneigten Bastlers.
Dieser Vortrag soll aufzeigen, dass nicht nur bei Bits'n'Bytes, sondern auch bei Obst und Gemüse durchaus hackbares Potential besteht.Pflanzenzucht ist keine Esoterik, sondern hackbares Terrain. Zwangsläufig muss der Plantagenbesitzer in spe viel Freude an der Technik mitbringen. So mancher Techie wird sich bei der Konstruktion der eigenen Mikroplantage in seinem Element wiederfinden. Das Thema staubtrocken zu behandeln, wäre witzlos. Während des Vortrags wird es viele Beispiele, Anregungen und Vorführungen zu sehen geben. So gibt dieser Vortrag dem geneigten Gärtner Tipps an die Hand, statt der gekauften Fertiglösung im Ikea-Schrank demnächst aus Heißkleber und Plastikschläuchen entstandene Plantagenträume im eigenen Keller zu beherbergen.Paul Asmuth
Vortrag auf dem Easterhegg 2008
Vortrag auf der GPN7
16:3001:30Saal 3security_nightmares_enSecurity Nightmares 2009 (English interpretation)Or: about what we will laugh next yearlectureenEnglish Interpretation and video transmission of the event in Saal 1
Security Nightmares – the yearly review on IT-Security and a look into the crystal ball for next year.Security Nightmares examine the past, present and future on security-incidents in the IT. We will have a review on our last year's prediction, have a talk about what else happened and we take a chance for a preview into next year. A special highlight this year will be a release of a nice Symbian Exploit during the Security Nightmares; this will give us the chance to think about Mobile Malware.Frank RiegerRon
Interpretation project 25C3