Version Voltron


Thursday 11:00

Opening Event

35C3: Refreshing Memories - Adams (de)

Hier geht es los.

Thursday 11:30

Locked up science

Tearing down paywalls in scholarly communication - Clarke (en)

Restricting access to knowledge and science is not beneficial for society. So why are scientific results still locked up behind paywalls? Even though the answer to this question is enlightening, the story is quickly told. Much more important is th...

Politics, research funders, libraries and scientists have to join forces and to push forward to flip scholarly communication from closed to open access. What has happened so far? What are the current developments? What can each of these parties contribute to the transformation of scholarly communication? Open access guidelines, repositories and the hashtag #ICanHazPDF are just a few examples of approaches that jointly undermine the paywalls. One that has been recognized even beyond the scientific community is Project DEAL which aims to achieve open access for scientific publications from German scientists with major academic publishers.

Things are currently progressing very fast and a lot can happen in the weeks between now and the congress. The talk will start with a brief introduction to the most common way of scholarly communication, where science is still mainly locked up behind paywalls. In line with the most recent developments, the talk will then focus on different approaches to open up science and their political and practical consequences. Whatever happens, the transformation of scholarly communication is well underway and it will affect not only the scientific commu...

The Precariat: A Disruptive Class for Disruptive Times.

Why and How the Precariat will define the Global Transformation to save our planet. - Adams (en)

The combination of the ongoing technological revolution, globalisation and what are usually called 'neo-liberal' economic policies has generated a global system of rentier capitalism in which property rights have supplanted free market principles ...

Artistic PCB Design and Fabrication

From doodle to manufacture: how I make mechanically complicated PCBs. - Dijkstra (en)

When a electrical device needs to be a piece of art or used as a mechanical component, a printed circuit board is more than a piece of fiberglass with wires embedded in it. In chemical engineering applications internal holes which allow fluids to ...

Making electrical-artistic and electrical-mechanical PCBs adds steps and complications to the usual PCB fabrication process. In this talk I will go over my project workflow and discuss how and why I do each step. I will also discuss problems I have run into during both the design and the manufacturing process.

An overview of my workflow is as follows:

  • Make a sketch of what the final PCB will look like and what it will do.

  • Make a schematic of the electronics (kicad).

  • Assign footprints to the electrical components (kicad).

  • Check the manufacturers webpage for the design criterion on internal cuts.

  • Create a CAD file of the PCB outline (no electrical connections) (fusion 360/solidworks etc).

  • (optional) Conduct multiphysics simulations of the PCB outline, to find an optimal design (comsol etc).

  • Make boxes to represent the footprints of the electrical components and place these where you want them to be on the final PCB (fusion 360/solidworks etc).

  • Think about how the boards will be panelized and insert mouse bites/tabs for V-cuts as needed (fusion 360/solidworks etc).

  • Export a 2D drawing of the PCB including the compone...

Going Deep Underground to Watch the Stars

Neutrino Astronomy with Hyper-Kamiokande - Eliza (en)

Neutrinos are “ghost-like” elementary particles that can literally go through walls. They can bring information from places that are impossible to observe through other means.
This talk provides a glimpse behind the scenes of a next-generation ne...

Neutrinos are tiny elementary particles that do not interact through the electromagnetic force. Almost like ghosts, they can literally go through walls and escape places that are inaccessible by other means, giving us a unique way of observing the interior of stars or nuclear reactors.

Hyper-Kamiokande – a cylindrical water tank that is 62 m high and 76 m in diameter – is a next-generation neutrino detector, which will be built inside a mountain 250 km northwest of Tokyo starting in 2020. The talk will give an overview on the process of designing and building a subterranean detector of this size, starting from preparations for cavern construction and ending with the design of photodetectors, electronics and data analysis.

In addition, the talk will cover selected areas of the physics programme of this detector. It will be explained how detecting neutrinos from our sun lets us figure out why the sun shines and how we can measure the temperature at its core to a precision of about 1%. Finally, I will explain how such a neutrino detector can help us watch, millisecond by millisecond, how giant stars explode in a supernova, creating many of the chemical elements that are neces...

The Rocky Road to TLS 1.3 and better Internet Encryption

Borg (en)

Since a few months we have a new version of TLS, the most important encryption protocol on the Internet. From the vulnerabilities that created the need of a new TLS version to the challenges of deploying it due to broken devices this talk will giv...

In August the new version 1.3 of the Transport Layer Security (TLS) protocol was released. It‘s the result of a process that started over four years ago when it became increasingly clear that previous TLS versions suffered from some major weaknesses.

In many ways TLS 1.3 is the biggest step ever done in the history of TLS and its predecessor SSL. While previous TLS versions always tried to retain compatibility and not change too many things, the new version radically removes problematic and insecure constructions like static RSA key exchanges, fragile CBC/HMAC constructions and broken hash functions like MD5 and SHA1.

As a bonus TLS 1.3 comes with a reworked handshake that reduces the number of round-trips and thus provides not just more security, but also better performance. If that sounds too good to be true: An optional, even faster mode of TLS 1.3 – the zero round trip or 0RTT mode – makes some security researchers worried, because they fear it introduces new security risks due to replay attacks.

Though the road to TLS 1.3 was complicated. The Internet is a buggy place and particularly Enterprise devices of all kinds – middleboxes, TLS-terminating servers and TLS-in...

Thursday 12:30

Mind the Trap: Die Netzpolitik der AfD im Bundestag

Clarke (de)

Die AfD-Bundestagsfraktion wird in der Öffentlichkeit vor allem mit ihren rassistischen Positionen wahrgenommen – mit ihren netzpolitischen Aktivitäten bleibt sie zumeist unter dem Radar. Dieser Talk zeigt, wie die AfD-Fraktion die Netzpolitik den...

Als Mitarbeiterin einer Bundestagsabgeordneten von den Grünen verfolge ich täglich das Verhalten der AfD in netzpolitischen Debatten im Bundestag: Im Plenarsaal, im Ausschuss Digitale Agenda, in der Enquête-Kommission Künstliche Intelligenz und bei Veranstaltungen und Diskussionen mit außerparlamentarischen Organisationen.

Dabei ist mir aufgefallen, dass die netzpolitischen AfD-Abgeordneten in ihrem Verhalten eher einem kooperationsorientierten statt einem krawallorientierten Parlamentariertyp innerhalb ihrer Fraktion zuzuordnen sind. Die inhaltliche Positionierung der AfD wiederum folgt bei verschiedenen netzpolitischen Debatten zumeist einer von drei verschiedenen Strategien: Konsensorientiert, anti-europäisch oder Opfermythos-betonend. Diese Beobachtungen werden mit einer Reihe von Beispielen illustriert.

Bei den netzpolitischen Diskussionen im Bundestag finden die zentralen Auseinandersetzungen zwischen der Großen Koalition und den demokratischen Oppositionsparteien statt. Was die AfD-Fraktion dazu sagt, wird häufig kaum wahrgenommen.

Dieser Talk zeigt, wie die AfD-Fraktion die Netzpolitik dennoch als vermeintlich neutrales Thema nutzt, um für ihre rechtsextreme Par...

Thursday 12:50

"The" Social Credit System

Why It's Both Better and Worse Than We can Imagine - Borg (en)

The Chinese Social Credit System (SCS) has been discussed a lot in Western media. However, we do not know currently how the system that is supposed to take nationwide effect by 2020 will look like, as there are more than 70 pilot projects currentl...

The author, Antonia Hmaidi, is a PhD candidate in East Asian Economics with a focus on China. She presented a talk on the impact of internet censorship at the 33C3. This talk’s goal is to provide those interested with a technically-grounded understanding of “the” Chinese social credit system and its possible impact on Chinese society and economy. In doing so, it seeks to provide a more nuanced picture than is usually presented in either Chinese or Western media. Working on data science and machine learning in her free time allows the author to better understand the algorithms comprising “the” social credit system.

Election Cybersecurity Progress Report

Will the U.S. be ready for 2020? - Adams (en)

Recent attacks against elections in the U.S. and Europe demonstrate that nation-state attackers are becoming more aggressive, even as campaigning and voting are becoming increasingly reliant on computers. How much has changed since 2016, when the...

Strengthening election cybersecurity is essential for safeguarding democracy. For over 15 years, I and other computer scientists have been warning about the vulnerable state of election security, but attacks against recent elections in the U.S. and Europe demonstrate that sophisticated attackers are becoming more aggressive, even as campaigning and voting become increasingly reliant on computers.

Since 2016, I’ve been working with election officials and members of congress to strengthen election cybersecurity. In this talk, I’ll give a progress report about what’s happened since then and what still needs to happen to secure future elections. While many U.S. states have made progress at securing some aspects of their election infrastructure, and Congress provided $380M in new funding to the strengthen elections, significant vulnerabilities remain that put the integrity of future elections at risk. To demonstrate the ongoing threat, I’ll hold a mock election on stage with a real U.S. voting machine still used in 18 states, and show how remote attacks could potentially affect the outcome of a close national contest.

Finally, I’ll explain how defenses developed by researc...


Decentralizing semiconductor manufacturing - Eliza (en)

While a lot of projects are currently developing their own processors, mostly as open source in Verilog, VHDL or even Chisel, we miss the free process that actually manufactures these chips. So we're developing the "Libre Silicon" project, a porta...

The manufacturing is proprietary and has vendor lock-ins with triple NDAs – one for the process development kit (PDK), the technology itself; – one for the Standard Cell Library you can use to synthesize your RTL; – and even another one for the details of all purchase commitments.

Our purpose is a free and open, community based silicon manufacturing process (GitHub link) without any NDAs, a Standard Cell Library (GitHub link) not only for that process as well as a suitable, refurbished, new-written open source tool chain QtFlow (GitHub link).

During the last couple of months we already developed the first free 1µm process and are now close to manufacturing a first test wafer (GitHub link). Even though 1µm does not sounds very ambitious, this process node is still quite well documented in text books, robust and 5 Volt-tolerant.

Once we get a hang on this, the machinery park in the clean room allows us to shrink down to 500nm and less.

Thursday 13:30

Frontex: Der europäische Grenzgeheimdienst

Das Grenzüberwachungssystem EUROSUR führt Aufklärungsdaten von Satelliten, Flugzeugen, Drohnen und bald auch Fesselballons zusammen - Dijkstra (de)

Die EU-Grenzagentur Frontex nimmt eine Reihe neuer Überwachungsmethoden im Mittelmeer in Betrieb. Die Fähigkeiten zur Beobachtung des sogenannten Grenzvorbereichs gehören zum Grenzüberwachungssystem EUROSUR, das die Europäische Union vor fünf Jahr...

EUROSUR vernetzt die Zentrale von Frontex in Warschau mit den Grenzbehörden der 28 Mitgliedstaaten. Über deren nationale Koordinierungszentren wird Frontex über alle wichtigen Vorkommnisse an den Außengrenzen der Europäischen Union unterrichtet. Kern des EUROSUR-Systems ist die Satellitenaufklärung, über die Frontex auch selbst an den Grenzen beobachten kann. Die Bilder stammen von kommerziellen Satellitendiensten sowie von optischen und radarbasierten Satelliten des EU-Erdbeobachtungsprogramms „Copernicus“. Sie werden vom Satellitenzentrum der Europäischen Union (SatCen) erhoben, aufbereitet und an Frontex übermittelt. Zu den Bildlieferanten gehört der Rüstungskonzern Airbus, der Bilder seiner Radarsatelliten „TerraSar-X“ und „TanDEM-X“ mit einer Auflösung von 24 cm verkauft. Für die schnelle Kommunikation mit den Satelliten nutzt „Copernicus“ als erster Kunde die „Weltraumdatenautobahn“ des Airbus-Konzerns. Die Nutzung der Daten für die einzelnen AnwenderInnen wurde erst kürzlich mithilfe einer App vereinfacht, die ein Mitarbeiter der Abteilung „Informationshoheit“ als eine Art Instagram für Sicherheitsanwendungen beschreibt.
Nun werden auch die technischen Fähigkeiten von „C...

First Sednit UEFI Rootkit Unveiled

Clarke (en)

UEFI rootkits have been researched and discussed heavily in the past few years, but sparse evidence has been presented of real campaigns actively trying to compromise systems at this level. Our talk will reveal such a campaign successfully execute...

UEFI rootkits have been researched and discussed heavily in the past few years, but sparse evidence has been presented of real campaigns actively trying to compromise systems at this level. Our talk will reveal such a campaign successfully executed by the Sednit group. This APT group, also known as Fancy Bear, Sofacy and APT28, has been linked to numerous high profile cyberattacks such as the 2016 Democratic National Committee email leak scandal.

Earlier this year, there was a public report stating that the infamous Sednit/Sofacy/APT28 APT group successfully trojanized a userland LoJack agent and used it against their targets. LoJack, an embedded anti-theft application, was scrutinized by security researchers in the past because of its unusual persistence method: a module preinstalled in many computers' UEFI/BIOS software. Over the years, several security risks have been found in this product, but no significant in-the-wild activity was ever reported until the discovery of the Sednit group leveraging some of the vulnerabilities affecting the userland agent. However, through our research, we now know that Sednit did not stop there: they also tried to, and succeeded, in install...

Thursday 14:10

Taming the Chaos: Can we build systems that actually work?

Possible paths from today's ghastly hackery to what computing should be - Adams (en)

We rely on mainstream computer engineering every day, but it's insanely complex, poorly understood, unreliable, and, as CCC reminds us every year, chronically insecure. This talk will explain some ways that we can do better: taming parts of this ...

Computing has been massively successful, and we routinely trust computer systems with our personal, financial, medical, commercial, and governmental information. But at the same time, these systems are pervasively prone to security flaws and subject to malicious attacks. We have to trust them, but they are not *trustworthy*.

There are two root causes. First, the pan-industry computing infrastructure, of processors, programming languages, and operating systems, is based on designs from a more forgiving time, with simpler systems and little incentive to design-in strong security protection. Second, the conventional engineering techniques we use (prose specifications, manually written tests, and test-and-debug development) are good enough to make systems work in common cases, but cannot exclude all errors - and a single coding error can lead to a devastating exploit.

Are we doomed? Perhaps not. This talk will highlight the sorry state of the art and then draw on cutting-edge research, from the University of Cambridge, SRI International, ARM, and other partners, to show some ways we can do better. First, we'll show how it's become possible to build and use rigorous models ...

Censored Planet: a Global Censorship Observatory

Borg (en)

Six years ago the idea behind CensoredPlanet started, that is now launched at We had a simple (yet essential) guiding principle: measurements that may be politically sensitive should be done without volunteer participation. In ...

SiliVaccine: North Korea's Weapon of Mass Detection

How I Learned to Stop Worrying and Love the Backdoor - Eliza (en)

Meet SiliVaccine – North Korea's national Anti-Virus solution. SiliVaccine is deployed widely and exclusively in the DPRK, and has been continuously in development by dedicated government teams for over fifteen years. When we heard of this strange...

Thursday 14:30

Datenschutz für Neulandbürger

Clarke (de)

Der Datenschutz ist als erst relativ frisch erkämpftes Abwehrrecht von Bürgern gegen Firmen und Staat ein wichtiges, aber häufig missverstandenes Rechtsgebiet. Zuletzt ist es durch die Grundverordnung auf europäischer Ebene in den Blick der Netzöf...

Ziele des Vortrags (wird noch zum Volltext ausgearbeitet)
* Eingrenzen des Rechtsgebiets
* Beleuchten der Geschichte, Kontrast zu anderen "Geheimnis-Schutz"-Rechten
* positive Auswirkungen auf den Bürger seit Kodifizierung durch BVerfG und Hessischem Datenschutzgesetz
(angebliche) negative Auswirkungen auf Sicherheit, Strafverfolgung und Wirtschaftlichkeit
* jüngste Neuerungen seit DSGVO
* tatsächliche Auswirkungen der DSGVO auf bestehende Infrastruktur ("Blogsterben", "war vorher schon illegal")
* Mythos Datenschutzerklärung
* Wie sieht unsere Lieblings-Datenschutzerklärung aus?
* Ausblicke auf weitere Initiativen

Updates von der europäischen Außengrenze

Dijkstra (de)

Als Organisation für Menschenrechtsbeobachtungen geben wir Euch einen Überblick der aktuellen Entwicklungen an der EU-Außengrenze auf dem Mittelmeer.

Mare Liberum betreibt ein Schiff auf dem Mittelmeer, um Menschenrechtsverletzungen zu dokumentieren. Dabei arbeiten wir zur Zeit in der Ägäis, der Seegrenze zwischen der Türkei und Griechenland. Hier flüchten noch immer tausende Menschen auf der Suche nach Schutz und Würde.

Seit den Vorträgen von Sea-Watch und der Iuventa-Crew ist viel Zeit vergangen. Die zivilen Seenotrettungsorganisationen fahren nicht mehr raus – sind alle gerettet?

Wie hat sich die Situation für die Flüchtenden und Helfer verändert?

Wie werden Euch einen Überblick der aktuellen Entwicklungen an der EU-Außengrenze auf dem Mittelmeer geben.

Warum schaffen es die europäischen Staaten nach fünf Jahren Katastrophe im Mittelmeer nicht, das Sterben zu beenden? Was ist eigentlich deren Agenda?

Warum wollen alle ständig eine neue Flagge?

Wie gut funktionert eigentlich der EU-Türkei-Deal?

Welche staatlichen Akteure gibt es auf dem Wasser und was machen sie?

Warum ist die Rolle der Menschenrechtsbeobachter, selbst in Europa, so wichtig?

Thursday 16:10

(Cyber-)Stalking: Wenn Grenzen verschwimmen

Dijkstra (de)

Von unerwünschten Nachrichten über Bedrohungen bis hin zum Intimizid. Allein im Jahr 2017 wurden rund 18.483 Fälle von Stalking polizeilich erfasst, die Dunkelziffer wird auf 600.000-800.000 Betroffene geschätzt. Unter dem Begriff Stalking wird...

Neben einer kurzen Einführung in den Phänomenbereich werden die Ursachen und Typologien des Stalkings skizziert, sowie Internventionsmöglichkeiten präsentiert: Welche psychotherapeutischen Unterstützungsmaßnahmen gibt es für Betroffene und Ausführende? Welche juristischen Möglichkeiten gibt es?

Da rund jeder zwölfte Mensch in Deutschland in seinem Leben von Stalking betroffen ist und der/die Ausführende zumeist aus dem Nahbereich der/des Betroffenen stammt, kann sich auch im eigenen Freundeskreis die Frage stellen: Wie kann ich einer/m Stalking-Betroffen/m unterstützen und helfen? Oder wie spreche ich eine/n vermutlichen Stalking-Ausführende/n auf sein/ihr Verhalten an?

Hunting the Sigfox: Wireless IoT Network Security

Dissecting the radio protocol of Sigfox, the global cellular network for the IoT you have probably never heard of - Adams (en)

Sigfox is an emerging low-power wide-area network (LP-WAN) technology for IoT devices, comparable to LoRa.

This talk recounts my analysis of Sigfox's radio protocol ...

Sigfox can be compared to a cellular network, but for mostly battery-powered IoT devices that don't need to transmit much data. While some sparse details on Sigfox's architecture and its security have been published and some basic reverse engineering has been carried out, most of the protocol specifications remain proprietary and closed, so by now, no independent security audit was performed. Advertised use cases of Sigfox include air quality monitoring, weather stations, utilities metering and tracking farm animals. In this talk, I illustrate why these applications are fine, but why one might not want to track a money transporter with Sigfox or base a home alarm system on it.

The Sigfox network is very atypical, with uplink and do...


The decentralized P2P gossip protocol - Eliza (en)

In this talk @zelf invites to the world of Scuttlebutt, the decentralized P2P gossiping protocol, and how it can be transformative for society through decentralization of data and enabling local community development.

Scuttlebutt is a fast growing decentralized social network. As an alternative to the large corporate social networks it enables autonomy for the users and a free zone from big data harvesting.

It’s based on a protocol (referred to as SSB) which connects the users via a blockchain styled base with each user functioning as a node. Since the information is collected via a 2 or 3 step social connection it’s completely usable while offline and syncs when connected to a local network, a friend or wifi.

Scuttlebutt has a large community of users who together develop the protocol and platforms. Completely open-source there are many initiatives of projects, maintenance and explorations as part of the Scuttlebutt ecosystem. Some of these projects range from local community on-boarding by @luandro in Quilombola - Brazil, git-ssb by @cel, and even a chess interface!

As the Scuttlebutt interface is interchangeable, with the one most widely used being Patchwork, there is a possibility to utilize the same network with multiple applications. Perfect for local communities in rural areas or for environments which require offline workability or simply for user with integrity, the potenti...

How does the Internet work?

An explanation of Inter-Net and everyday protocols - Borg (en)

This Foundations talk explains the systems and protocols that make up the Internet, starting from a laptop with a Wi-Fi connection. No particular technical knowledge required.

Many consider "the Internet" a utility similar to electricity - and that's a great attitude! - but for most, "the Internet" only means access to a few centralized services offered by mega-corporations "for free", around which people build their entire social and professional lives.

Come along for a look behind the scenes of all those fancy websites, let's go through what the Internet actually is!

Knowing the difference between the network and services reachable through the network is perhaps more important than ever, because if we implicitly give service providers all the power by never asking for a public, utility-like network then that's the end of the Internet as we know it. Key word: Net neutrality.

So in this talk we will discover the network. In simple terms and without too much technical detail we'll start out with the "atom" of networks the packet, then cover the fundamental Internet Protocol (IPv4-only for simplicity), we'll try to answer what is a network? - not obvious it turns out, we'll look at where do IP addresses come from? and then we'll move on to the Internet cornerstone that is routing. We'll approach routing from t...

Space Ops 101

An introduction to Spacecraft Operations - Clarke (en)

After launching a spacecraft into orbit the actual work for mission control starts. Besides taking care of the position and speed of the spacecraft this includes e.g. detailed modeling of the power usage, planning of ground station contacts, paylo...

Suppose you built your own satellite and somehow managed to launch it into space, what are you going to do next? Can you just ssh into your onboard computer and try out a couple of things to take a picture of earth and download the file? Did you just lose contact with your satellite due to an empty battery, because it heated up too much or because it rotated in the wrong direction? What are other issues you might forget to account for?

After understanding why in spacecraft operations nothing works the way one expects we will have some answers to these questions. Also we will see how these problems are nowadays tackled by mission control centers all over the world, what happens in emergencies, what FDS, GDS, LEOP and TTC stand for and why spacecraft operators worry so much about weird particularities of time systems. Everything will be illustrated by real-life examples.

The only prerequisite for this talk is that you know that earth is not flat!

Thursday 17:10

Stalking, Spy Apps, Doxing: Digitale Gewalt gegen Frauen

Die digitale Seite der häuslichen Gewalt - Dijkstra (de)

Digitale Formen von Gewalt gegen Frauen sind keine eigenständigen Phänomene, sondern in der Regel Weiterführungen oder Ergänzungen von anderen Gewaltformen. Stalking, Kontrolle, Bedrohung, Erpressung, Beleidigung, Überwachung sind altbekannte Aspe...

Warum ist Kinderpornographie ein Kernthema der deutschen und europäischen Innenpolitik, aber kaum jemand redet über Revenge-Porn?

In diesem Talk geht es um die verschiedenen Formen digitaler Gewalt und darum, wie oft sie vorkommen und wer davon betroffen ist.

Es gibt kaum aussagekräftige Zahlen und wenig Hilfe für Betroffene. Warum wissen wir sowenig und was gibt es für Möglichkeiten, sich gegen die verschiedenen Formen digitaler Gewalt zu wehren?

Introduction to Deep Learning

Adams (en)

This talk will teach you the fundamentals of machine learning and give you a sneak peek into the internals of the mystical black box. You'll see how crazy powerful neural networks can be and understand why they sometimes fail horribly.

Computers that are able to learn on their own. It might have sounded like science-fiction just a decade ago, but we're getting closer and closer with recent advancements in Deep Learning. Or are we?

In this talk, I'll explain the fundamentals of machine-learning in an understandable and entertaining way. I'll also introduce the basic concepts of deep learning. With the current hype of deep learning and giant tech companies spending billions on research, understanding how those methods works, knowing the challenges and limitations is key to seeing the facts behind the often exaggerated headlines.

One of the most common applications of deep learning is the interpretation of images, a field that has been transformed significantly in recent years. Applying neural networks to image data helps visualising and understanding many of the faults as well as advantages of machine learning in general. As a research scientist in the field of automated analysis of bio-medical image data, I can give you some insights into these as well as some real-world applications.

Information Biology - Investigating the information flow in living systems

From cells to dynamic models of biochemical pathways and information theory, and back. - Eliza (en)

How to apply Shannon's information theory to biology.

Cells, from bacteria to human cells, constantly take up, store, retrieve, communicate and make decisions based on information. How they realise all this computation using very unreliable components is still largely an open question. Instead of transistors they have to employ proteins, but proteins constantly degenerate and are re-built making their numbers fluctuate. If cellular signalling is impaired severe diseases can be the result, for instance cancer or epilepsy.

As cellular communication is so pervasive and essential, researchers start to look into this information flow in biological systems in more detail. My research group at the BioQuant centre, Heidelberg University, is also active in this area, an area which I would call Information Biology — the study of how biological systems deal with information.

I will show you how you can apply Shannon's information theory to biological systems. For this we need three ingredients, namely dynamic models of biological pathways, stochastic simulation algorithms (that take into account intrinsic fluctuations in molecular numbers), and, of course, Shannon's theory of information.

I will give bri...

Thursday 17:30

Digital Airwaves

Software Defined Radio Basics and some Modulation Theory - Clarke (en)

Encoding or decoding random radio-waveforms doesn't need incredible expensive hardware anymore which offers new possibilities for building up over-the-air communication systems. There are Software Defined Radios providing affordable cellular radio...

With a cheap DVB-T USB receiver used with some SDR-Software you can already have a look whats going on in the airwaves around you at certain frequencies. But what happens between the antenna and your computer display showing or decoding the signal? The talk should give basic information and background about SDR and some modulation theory.

There will probably be a SDR Challenge at the Congress to practice you new skills.

Hacking the most popular cryptocurrency hardware wallets - Borg (en)

In this presentation we will take a look at how to break the most popular cryptocurrency hardware wallets. We will uncover architectural, physical, hardware, software and firmware vulnerabilities we found including issues that could allow a malici...

Hardware wallets are becoming increasingly popular and are used to store a significant percentage of the world’s cryptocurrency. Many traders, hedge funds, ICOs and blockchain projects store the entirety of their cryptocurrency on one or very few wallets. This means that users of hardware wallets store tens of millions of euros of cryptocurrency on small USB peripherals that costs only a few euros to manufacture. Moreover, many users that trade and speculate in cryptocurrency interact, update, and generate transactions using their hardware wallets on a daily basis.

In this talk we look at the good, the bad and the ugly of hardware wallet security: We will walk through the different architectures of the wallets, look at the different attack vectors and talk about the challenges of building secure hardware before diving in deep finding vulnerabilities in the different wallets.

The vulnerabilities we will present range from vulnerabilities that can be fixed in a firmware upgrade, to bugs that will require a new hardware revision, up to attacks on the microcontrollers themselves, requiring new silicon to be fixed.

Some of the (most entertaining) vulnerabilities will be demo...

Thursday 18:10

Afroroutes: Africa Elsewhere

VR experience "Beyond Slavery" - Eliza (en)

Let's think "Beyond Slavery": Afroroutes is a one-of-a-kind VR experience conceived as a journey through 3 displaced African heritages, immersing users in Rituals and Ceremonies to experience that well-conserved memory form, but also to feel the p...

Afroroutes is a VR experience taking you to some burning key destinations where African culture has been displaced through slavery and then, rooted again. From Salvador to Bahia to Gujarat through Tangier, there is a common history. Based on this VR Experience, the debate should be extended around "Beyond Slavery".

What happened with the millions of displaced African men and women? Where are their descendants living today? Did their original culture and language disappear? How did their heritage contribute to building their new countries? How did the assimilation or rejection process go? How has this memory subsisted, and how is it lived and celebrated today? But also, how to assimilate that chapter of history and transform it into a real global narrative - is there what we call a "diasporic identity"? And if it is the case, how to build this identity within a global, disrupted world? How can digital tools push this storytelling process? 

The medium "Virtual Reality" takes all its sense in this project, allowing an immersive and almost physical experience of those paths of slavery. This experience is triggered by music and sounds. Music is much more than a simple way o...

Hackerethik - eine Einführung

Verantwortung und Ethik beim schöpferisch-kritischen Umgang mit Technologie - Adams (de)

Die Hackerethik ist die Grundlage für den Umgang mit den diversen ethischen Problemen, die sich beim schöpferisch-kritischen Umgang mit Technologie (auch "hacking" genannt) stellen.

Die Hackerethik ist die Grundlage für den Umgang mit den diversen ethischen Problemen, die sich beim schöpferisch-kritischen Umgang mit Technologie (auch "hacking" genannt) stellen. Sie bietet Anhaltspunkte für die alltäglichen Fragestellungen und Probleme, die aufkommen, wenn man Technologie anders benutzt, als der Hersteller es sich gedacht hat, wenn man Lücken in Systemen findet und ausnutzt oder über Berge von persönlichen Daten stolpert. Dieser Talk gibt eine Einführung in die verschiedenen Aspekte der Hackerethik und regt zum Nachdenken über die ethischen Fragen an, die sich Menschen mit speziellen Fähigkeiten und Fertigkeiten stellen, wenn sie ihren Neigungen nachgehen.

Compromising online accounts by cracking voicemail systems

Dijkstra (en)

Voicemail systems can be compromised by leveraging old weaknesses and top of current technology. The impact goes way beyond having your messages exposed.

Voicemail systems have been with us since the 80s. They played a big role in the earlier hacking scene and re-reading those zines, articles and tutorials paints an interesting picture. Not much has changed. Not in the technology nor in some of the attack vectors. Can we leverage the last 30 years innovations to compromise voicemail systems? And what is the real impact today of pwning these?

In this talk I will cover voicemail systems, it's security and how we can use oldskool techniques and new ones on top of current technology to compromise them. I will discuss the impact of gaining unauthorized access to voicemail systems and introduce a new tool that automates the process.

Correction: There is no default PIN on O2 anymore. Initial PINs are generated randomly as it is the case for Vodafone and Telekom.

Thursday 18:50

Citzens or subjects? The battle to control our bodies, speech and communications

A call to action to defend our ePrivacy and eliminate upload filters - Clarke (en)

Technology is the solution: What is the problem? This seems to be the motto. Algorithms may be about to control our free speech while tracking technologies could control our bodies and communications. Will we react or stay quiet?

Technology is the solution: What is the problem? This seems to be the motto. Whether it is about preventing the dissemination of terrorist content or to prevent copyright infringements the solution from the legislator is upload filters.

While content is controlled by algorithms, devices need to be under scrutiny. That is why confidentiality of communications needs to be secured now too.

We have little time to stop these threats from becoming a reality, but we have most citizens on our side and the EU elections near. We still can and have to win this battle. Otherwise, once filters are put for copyright or terrorist content, they will be used for anything else. And if software and hardware does not defend our privacy by design and by default, 24/7 surveillance will be the new "normal".

"Das ist mir nicht erinnerlich." − Der NSU-Komplex heute

Fünf Monate nach dem Urteil im ersten NSU-Prozess - Borg (de)

Sieben Jahre lang musste den Behörden jedes Stück der versprochenen Aufklärung des NSU-Komplexes abgerungen werden. Das Urteil im ersten NSU-Prozess zeigt: Deutschland ist nur sehr eingeschränkt bereit, rechtem Terror entgegenzutreten und ihn aufz...

Am 4. November 2011 enttarnte sich der „Nationalsozialistische Untergrund“ (NSU) selbst. Fast sieben Jahre später, am 10. Juli 2018, wurde das Urteil im ersten NSU-Prozess gesprochen. Heute, fünf Monate nach der von Neonazis bejubelten mündlichen Urteilsverkündung, müssen wir mit einem Urteil umgehen, in dem sich viele gebrochene Aufklärungsversprechen zuspitzen. Das Gericht geht von der These aus, der NSU sei ein weitgehend isoliertes „Trio“ ohne Netzwerk und ohne Verstrickung der Behörden gewesen. Nach allem, was in den letzten Jahren – teilweise mühsam – über den NSU-Komplex ans Licht gezerrt werden konnte, ist die „Trio“-These aber nicht haltbar. Zum NSU-Komplex gehören ein Neonazinetzwerk, der gesamtgesellschaftliche Rassismus und das Handeln der Polizei sowie des Verfassungsschutzes.
Gleichzeitig stellen sich die Angehörigen der vom NSU Ermordeten und die Überlebenden der Anschläge immer noch die gleichen Fragen wie 2011: Wer hat die Tatorte ausgewählt? Warum wurde gerade ihr Vater, Ehemann, Sohn, ihre Tochter ermordet? Wer ist Teil des Unterstützungsnetzwerks des NSU? Was wusste der Verfassungsschutz und was machte er warum mit seinem Wissen (nicht)?
Klar ist: Die ge...

Thursday 19:10

A Routing Interregnum: Internet infrastructure transition in Crimea after Russian annexation

Eliza (en)

This lecture tells the story of Internet infrastructure transformations in Crimea, the peninsula disputed between Russia and Ukraine between 2014 and 2018. It is based on an extensive year-long study involving network measurements and interviews w...

This talk is based on a one-year long research conducted at Citizen Lab [2], using a mixed methods approach. On the one hand, we conducted network measurements with OONI probe [3], testing a set of URLs from Crimean vantage points, and comparing results with mainland Russia and Ukraine. We have done an analysis of BGP routing history, and AS neighbouring history, using data from RIPE and CAIDA in collaboration with researchers behind the "Internet Health Report" initiative [4] using the recently deployed methodology of "AS Hegemony Index" [5]. On the other hand, we conducted an extensive qualitative study, including interviews with Crimean ISPs, Ukrainian and Russian tech activists and representatives of RIPE and other Internet governance bodies; web-ethnography (analysis of professional chats and forums of Crimean / Ukrainian ISPs) and media analysis.

We will briefly introduce the context of annexation from the point of view of Internet infrastructure, show an interactive timeline of events that have impacted Crimean Internet ecosystem. Then we will focus on the case of "Infrastructure interregnum", where Ukrainian and Russian traffic co-existed for a while. We will share ou...

Transmission Control Protocol

TCP/IP basics - Dijkstra (en)

TCP/IP is the most widely used protocol on the Internet for transmitting data. But how does it work in detail? This talk will explain the TCP protocol, from handshake over established to teardown in detail - and elaborate a bit on protocol adjustm...

I will briefly explain how computers talk to each other via the Internet Protocol (IP), and explain the transport protocols UDP and TCP, and their interaction with ICMP (for error and control messages). UDP is the user datagram protocol, an unreliable packet-oriented protocol. TCP provides a reliable stream of data, and includes connection establishment, feature negotiation, window management, and teardown.

Over the last years at University of Cambridge I contributed to a formal model of TCP/IP and the Unix sockets API, developed in HOL4. We validated our HOL4 model with the FreeBSD-12 stack using Dtrace (packets, system calls, internal TCP state). In this research, we formalised a more exact TCP state machine than in initial RFCs or common literature (Stevens).

Venenerkennung hacken

Vom Fall der letzten Bastion biometrischer Systeme - Adams (de)

Die Venenerkennung ist eine der letzten Bastionen biometrischer Systeme, die sich bisher der Eroberung durch Hacker widersetzt hat. Dabei ist sie ein lohnendes Ziel, schützt sie doch Bankautomaten und Hochsicherheitsbereiche. In diesem Talk machen...

Seit Jahrzehnten vor allem im asiatischen Raum eingesetzt sind bisher keine ernsthaften Versuche bekannt Venenerkennungssysteme zu üeberwinden. Neben dem Mythos der Hochsicherheit sind vor allem die, unsichtbar im Körper gelegenen Merkmale dafür verantwortlich. In diesem Talk werden wir zeigen, mit welch geringem Aufwand man an die "versteckten" Venenbilder gelangen kann und wie, auf Grundlage dieser, Attrappen gebaut werden können, welche die Systeme der beider grosser Hersteller überwinden.

Thursday 20:50

A la recherche de l'information perdue

some technofeminist reflections on Wikileaks - Eliza (en)

Performance lecture by Cornelia Sollfrank that makes a (techno-)feminist comment on the entanglements of gender, technology and information politics exemplified by the case of Julian Assange and Wikileaks. The artist takes us in her text assemblag...

The performance is a technofeminist comment on the wikileaks case, in particular the fact that Julian Assange has spent more than five years in confinement following a rape accusation. Instead of making a moral judgement, however, the performance uses and combines sources from information science, psychoanalysis, cultural studies, feminist studies and activism to embed the case is a wide cultural landscape in which gendered structures becomes more than obvious. The performance is divided into 9 chapters with headers such as Information, Organisation, Zeroes&Ones, Binary Worlds, Pure Difference, Cyberfeminism, Gender&Technology, Naked Information and Transparency, and creates a captivating atmosphere by the use of sound and visuals.

Chaos im Fernsehrat

Clarke (de)

Seit Juli 2016 darf ich – nominiert unter anderem vom CCC – den Bereich "Internet" im Fernsehrat des ZDF vertreten. Nach gut zwei Jahren ist es Zeit für eine Zwischenbilanz: Was macht ein Fernsehrat, was machen öffentlich-rechtliche Angebote im Ne...

Der Fernsehrat vertritt die Interessen der Allgemeinheit gegenüber dem ZDF. Deshalb ist er kein Expertengremium, sondern so vielfältig wie die Gesellschaft selbst. Seine Mitglieder werden von unterschiedlichen gesellschaftlichen Gruppen entsandt. Der Fernsehrat tagt öffentlich. Sowohl die Tagesordnung als auch die Zusammenfassungen der wesentlichen Ergebnisse der Sitzungen werden im Internet veröffentlicht.

So beschreibt sich der ZDF-Fernsehrat auf seiner Webseite selbst. Nach einem Urteil des Bundesverfassungsgerichts im Jahr 2014 mussten die Länder den ZDF-Staatsvertrag neu formulieren, der Fernsehrat ist deshalb seit Juli 2016 neu zusammengesetzt. Nur noch maximal 20 von 60 Mitgliedern dürfen aktive Politiker sein, der Rest soll verschiedene gesellschaftliche Gruppen repräsentieren. Neu hinzu kamen im Zuge der Neuordnung Vertreter, die von den Ländern – in der Regel auf Vorschlag von Vereinen oder Verbänden – für Bereiche wie Minderheiten, Menschen mit Behinderung, Digitales oder LGBTQI nominiert werden.

Während Bayern das Nominierungsrecht für den Bereich "Digitales" an den Branchenverband der Telekommunikationsindustrie BITKOM delegiert hat, w...

G10, BND-Gesetz und der effektive Schutz vor Grundrechten

Die strategische Fernmeldeüberwachung des BND vor dem Bundesverfassungsgericht - Adams (de)

Der Vortrag behandelt die Klage des Internetknotens DE-CIX gegen die strategische Fernmeldeüberwachung des BND vor dem Bundesverwaltungsgericht in Leipzig, was wir aus dem Urteil über den Rechtsschutz der Bürger lernen können und wieso der Fall nu...

What The Fax?!

Hacking your network likes it's 1980 again - Borg (en)

We all know what FAX is, and for some strange reason most of us need to use it from time to time. Hard to believe its 2018, right?

But can FAX be something more than a bureaucratic burden? Can it actually be a catastrophic security hole that ma...

Unless you've been living under a rock for the past 30 years or so, you probably know what a fax machine is. For decades, fax machines were used worldwide as the main way of electronic document delivery. But this happened in the 1980s. Humanity has since developed far more advanced ways to send digital content, and fax machines are all in the past, right? After all, they should now be nothing more than a glorified museum item. Who on earth is still using fax machines?

The answer, to our great horror, is EVERYONE. State authorities, banks, service providers and many others are still using fax machines, despite their debatable quality and almost non-existent security. In fact, using fax machines is often mandatory and considered a solid and trustworthy method of delivering information.

What the Fax?!

We embarked on a journey with the singular goal of disrupting this insane state of affairs. We went to work, determined to show that the common fax machine could be compromised via mere access to its fully exposed and unprotected telephone line – thus completely bypassing all perimeter security protections and shattering to pieces all modern-day security concepts.

Join us...

Thursday 21:50

Genom-Editierung mit CRISPR/Cas

“Eine neue Hoffnung” oder “Angriff der Klonkrieger”? - Borg (de)

CRISPR/Cas hat die Genforschung revolutioniert und könnte bald in großem Stil gentechnisch eingesetzt werden. Aber was ist CRISPR und wie funktioniert es? Kurz gesagt: Teile des adaptiven Immunsystems von Bakterien werden genutzt, um Gene zu verän...

André ist Physiker, Biochemiker und Wissenschaftskommunikator.
Katrin studierte Biochemie, verpodcastete Wissenschaftsnachrichten und berät wissenschaftliche Softwareprojekte.
Anna ist Biologin und hat während ihrer Doktorarbeit teilweise mit CRISPR gearbeitet.
Obwohl wir aus verschiedenen Bereichen der Wissenschaft kommen, haben wir eine gemeinsame Leidenschaft: Themen aus der Wissenschaft verständlich darzustellen. Eine der vielversprechendsten neuen Technologien ist CRISPR/Cas. Dabei handelt es sich um eine Gentechnikmethode, die ein großes Potenzial für Mensch und Umwelt hat. Aber wie jedes Werkzeug kann CRISPR sowohl für Gutes als auch für Böses eingesetzt werden - und es ist nicht immer einfach zu sagen, was was ist, besonders in biologischen und ökologischen Systemen. CRISPR hilft uns, Genfunktionen und Krankheiten besser erforschen zu können. Es könnte uns auch helfen, die Folgen des Klimawandels in vielerlei Hinsicht zu bekämpfen - doch haben wir uns nicht genug in die Umwelt eingemischt? CRISPR könnte uns helfen, Krankheiten zu behandeln, vielleicht sogar bei Embryonen mit genetischen Krankheiten. Aber ist es ethisch vertretbar, die menschliche Keimbahn zu verändern...

Thursday 22:10

Tactical Embodiment

Activism and Performance In Hostile Spaces Online - Eliza (en)

During her talk “Tactical Embodiment,” artist and activist Angela Washko will present several different strategies for performing, participating in and transforming online environments that are especially hostile toward women. She will introduce h...

During her talk “Tactical Embodiment,” artist and activist Angela Washko will present several different strategies for performing, participating in and transforming online environments that are especially hostile toward women. She will introduce her long-term performative intervention “The Council on Gender Sensitivity and Behavioral Awareness in World of Warcraft” alongside several interventions, interviews, performances, written works and video games works she has created with the manosphere and online men’s seduction communities. In addition to walking the audience through her research, Washko will screen excerpts from her interview with a seduction coach who has been dubbed “The Web’s Most Infamous Misogynist” and highlight instructional DVDs, books, and hidden-camera videos created by a community of pick-up artists who teach men how to interact with and seduce women. The talk will close with an audience-participation based performative play-through of her most recent project “The Game: The Game,” a dating simulator video game presenting the practices of several infamous pick-up artists.

“The Game: The Game” is a video game presenting the practices of several prominent ...

Open Source Firmware

Eine Liebesgeschichte - Dijkstra (de)

Open Source firmware ist ein Begriff seit 1999 wo LinuxBIOS (coreboot) und u-boot als Projekt starteten. Heute nach fast 20 Jahren ist endlich Open Source firmware bei den Herstellern von Hardware angekommen:

Google Chromebooks - coreboot

Quantum Mechanics

A Gentle Introduction - Clarke (en)

An (almost) self-contained introduction to the basic ideas of quantum mechanics. The theory and important experimental results will be discussed.

Quantum mechanics is one of the two paradigm-changing physical theories of the early twentieth century (the other being special and general relativity). Suddenly, one of the most fundamental physical theories was no longer deterministic: Measurement is a probabilistic process in quantum mechanics. This caused a controversy on how to interpret this and whether quantum mechanics is a complete theory that continues until today.

This talk tries to counter a trend: Most people know the fundamentals of special relativity, while few know quantum mechanics beyond the Bohr model of hydrogen. On reason is that the presentation of quantum mechanics in schoolbooks is often dated, inaccurate and incomplete, and, as a consequence, quantum mechanical concepts are often used as a magical component in fringe science and esoteric theories.

The talk will shortly discuss some of the experimental results that have lead to the formulation of quantum mechanics and then formulate the theory. The parts of quantum mechanics that often show up in quack theories will be examined and dissected.

Allergy advice: This talk may contain mathematics. Some prior knowledge of linear algeb...

All Your Gesundheitsakten Are Belong To Us

"So sicher wie beim Online-Banking": Die elektronische Patientenakte kommt - für alle. - Adams (de)

Plötzlich geht alles ganz schnell: Online-Behandlungen und elektronische Gesundheitsakten sind dieses Jahr für Millionen Krankenversicherte Wirklichkeit geworden. Zu einem hohen Preis: Bereits einfache Angriffe lassen das Sicherheitskonzept der Ap...

Die elektronische Gesundheitskarte ist gescheitert. Stattdessen kommt jetzt die elektronische Patientenakte: In spätestens drei Jahren sollen die Befunde, Diagnosen, Röntgenbilder und Rezepte aller gesetzlich Krankenversicherten online und zentral gespeichert verfügbar sein. Schon heute können Millionen Versicherte eine solche Lösung nutzen und, wie Gesundheitsminister Jens Spahn fordert, "auch auf Tablets und Smartphones auf ihre elektronische Patientenakte zugreifen". Zeitgleich zur elektronischen Patientenakte steht die Onlinebehandlung vor der Tür: Das Fernbehandlungsverbot wurde vor wenigen Monaten gekippt, und schon heute können sich Millionen Versicherte ausschließlich online behandeln lassen.

Nach Jahren des Wartens geht dabei alles ganz schnell. "Diese Maßnahmen dulden keinen Aufschub", sagt Spahn. Und macht uns alle damit zu Beta-Testern in Sachen Gesundheit. Mit fatalen Folgen: Unsere streng vertraulichen Gesundheitsdaten liegen für alle sichtbar im Netz.

In diesem Vortrag zeige ich an fünf konkreten Beispielen, welche fahrlässigen Entscheidungen die Online-Plattformen und Apps der Anbieter aus dem Bereich Gesundheitsakte und Telemedizin so angreifbar machen und...

Thursday 22:50

Modchips of the State

Hardware implants in the supply-chain - Borg (en)

Hardware implants and supply chain attacks have been in the news recently, but how feasible are they and what can we do about them? In this talk we'll examine the design of a proof of concept SPI bus hardware implant that has similar capabilities ...

We don't know how much of the Bloomberg story about hardware implants installed in Supermicro servers shipped to Apple and Amazon is true, nor do we know the story behind the story and the reasons for the vehement denials by all the parties involved.

However, a technical assessment of details of the describe implants reveals that a supply chain attack on the hardware is definitely possible, that the capabilities of the BMC can be used to bypass OS protections, and that there are means to access the BMC that would not necessarily generate readily identified network traffic.

In this talk we'll examine the design of a proof of concept SPI bus hardware implant that has similar capabilities to those described in the Bloomberg/Supermicro article as well as some countermeasures that we can use to try to detect these "modchips" and increase our trust in our systems.

Thursday 23:30

It Always Feels Like the Five Eyes Are Watching You

Five Eyes’ Quest For Security Has Given Us Widespread Insecurity - Clarke (en)

This talk will discuss all about the Five Eyes, the espionage alliance between Australia, Canada, New Zealand, the United Kingdom and the United States. It is one of the largest intelligence operations in the world, which monitors billions of comm...

This talk will go into details about the Five Eyes (FVEY), covering its origins in the aftermath of World War II, its expansion in the cold war, ECHELON, and further expansion in the the era of counter-terrorism, through today, where the Five Eyes have set their sights on enabling mass surveillance and stopping strong encryption.

The discussion will include:
- The history and background of the Five Eyes
Cold War (ECHELON)
- How the FVEY spying and intelligence sharing works
- Malware
- Backdoors
- Routers
- Internet exchanges
- Domestic sharing: when one member spies on another’s citizens, and shares the information back to get around prohibitions on domestic surveillance.
- More Eyes, More Problems. Proposals to expand the number of eyes, including many within the EU
- Whistleblowers: What the documents shared by Edward Snowden revealed about the Five Eyes
- The Five Eyes latest fight: Against strong encryption. FVEY member claim to aim to "thwart the encryption of terrorist messaging,” and the UK and Australia have taken steps through legislation to weaken security.
- Why this matters - the legal and policy framework for communication...


Endlich viele neue Gründe zu demonstrieren - Adams (de)

Heimatminister Horst Seehofer und seine Amtskollegen in den Ländern erweitern die Rechte der Polizeien und planen ein „Musterpolizeigesetz“. Damit handelten sie sich die größten Proteste gegen Überwachungsvorhaben seit Jahren ein.

Wir geben nicht nur einen Überblick über die zahlreichen Neuregelungen der Polizeigesetze in den Bundesländern, sondern berichten auch aus den Anhörungen in den Landtagen und von den Stellungnahmen. Wir erklären, was in den neuen Gesetzen steht und welche rechtlichen und technischen Grenzüberschreitungen wir zu kritisieren haben.

Und wir haben ein paar Forderungen.

Hacking Ecology

How Data Scientists can help to avoid a sixth global extinction - Dijkstra (en)

As humans have a large negative impact on ecosystems all around the globe, we are approaching a major extinction event in which around 70% of all species will go extinct. This talk will give an introduction to a data-driven and system-based view o...

Since life emerged on this planet around 3 billion years ago, five global extinction events took place, that are characterized by over 60% of all species disappearing within a geologically short time interval. The last decades of environmental research, however, made it evidently clear that anthropogenic impacts on the global ecology could lead to a sixth global extinction. Being caused by the destabilization of ecosystems due to climate change, poaching, fragmenting of habitats, species invasions, pollution and other human activities, this extinction event would be the first induced by a species and not by natural catastrophes.

Two general paths of action seem available to mitigate this threat or at least limit the damage: One consists of radically limiting anthropogenic influence on nature by restricting human habitats (to, as argued by E. O. Wilson among others, half of the earths surface), which, however, seems politically infeasible. A second strategy aims to effectively re-stabilize ecosystems by selective and specific intervention, but this would require a much deeper knowledge of ecosystem processes and how to modulate them.

In this talk, I will provide an overvie...

SD-WAN a New Hop

How to hack software defined network and keep your sanity? - Eliza (en)

The software defined wide-area network is technology based on SDN approach applied to branch office connections in Enterprises. According to Gartner's predictions, more than 50% of routers will be replaced with SD-WAN Solutions by 2020.

The SD-...

Detailed Outline:

1. SD-WAN overview

a. SD-WAN in a nutshell
b. Typical SD-WAN design overview
c. Cloud, on premise, hybrid architecture
d. Common technology stack (netconf, strongswan, DPDK, etc.)
e. Customization, vCPE and VNF
f. Security features

Basic terminology, the essentials of SD-WAN architecture: declared advantages and implementation options. Customization approaches via tailored and 3rd party VNF and uCPE/vCPE. Overview of built-it and additional security features.

2. SD-WAN attack surface
a. Management interfaces
b. Local shells and OS
c. Control plane and data plane separation
d. Analytics-Controller-vCPE/uCPE-VNF communications
e. Hypervisor and virtualization (VNF) separation
f. Routing, IPSec Overlay
g. Updates and Cloud features

Technical analysis of data and control flow between major components in typical SD-WAN architecture (Orchestration – Controller – vCPE – VNF [and back]). Attack vectors, vertical and horizontal (for multi-tenant/managed service) privilege escalation scenarios.

3. Security Assessment

a. SD-WAN as a (virt...

Thursday 23:50

Inside the AMD Microcode ROM

(Ab)Using AMD Microcode for fun and security - Borg (en)

Microcode runs in most modern CPUs and translates the outer instruction set (e.g. x86) into a simpler form (usually a RISC architecture). It is updatable to fix bugs in the silicon (see Meltdown/Spectre), but these updates are encrypted and signed...

We build on our results presented on 34C3 to provide more insight into how microcode works and more details of the microcode ROM itself.

tl;dr diff to last talk:
- Mapped physical readout to virtual addresses, we can now read the microcode implementation of specfic instructions
- More microcode semantics known, more stable programs
- Opensource framework for creating, diassembling and testing microcode on AMD CPUs
- Simple hardware setup to develop microcode programs
- More practical examples of what you can do with microcode, focused on defense instead of offense this time

Since 34C3 we worked on recovering the microcode ROM completely and used that knowledge to implement constructive microcode programs that add to or enhance functionality of the CPU. We also worked on our now open source framework to create and diassemble microcode for AMD CPUs up to 2013. We will give a short intro into how to use it to create custom microcode programs and test them on real hardware. We also provide guidelines on how to construct the test setup we used, which is essentially any old AMD mainboard (native serial port required), a RaspberryPi with a serial adapter and some wiring incl...

Thursday 00:40

Freude ist nur ein Mangel an Information

Ein Demotivationsworkshop zur politischen Lage. - Adams (de)

Nico Semsrott hat in Zeiten des globalen Rechtsrucks den überflüssigsten Job der Welt: Er ist Demotivationstrainer. Mit Powerpointpräsentationen und viel Pessimismus schafft er es, komplexe Themen zu vereinfachen, ohne dabei auf alternative Fakten...

Politisch gesehen ist zwar alles aussichtslos. Aber wenn man schon aufgibt, kann man man genauso gut auch das Resignieren aufgeben. Deswegen kandidiert Nico auf Platz 2 der Europaliste der Partei Die PARTEI. Um dann in Brüssel als Kommissionspräsident die Demokratie in Europa einzuführen. Notfalls gegen den Willen der Bürgerinnen und Bürger.

Friday 11:30

C2X: The television will not be revolutionized.

From Cyberfeminism to XenoFeminism - Eliza (en)

From Cyberfeminism to XenoFeminism - a short history of radical appropriations of media. This discussion will question how media is made (for whom and for what) and how meaning is produced through different contexts. it will feature media hacks an...

Sci-Hub, film excerpts, Red Planet and more will be referenced. It will also address how and where media matter, comparing different technologies, commenting on CCC projects and what is more/less relevant in different African and European contexts. We will also explore how media and technical developments are informed by their social, economic and political environments.

Lightning Talks Day 2

Borg (en)

Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a cre...

Did you think that the thrill of sharing your ideas in front of a huge audience at a C3 was something you'd never experience? Do you work on a cool project and want to get the word out? Was your talk one of the hundreds that got rejected? Did you come up with an awesome hack that you need to share? Go ahead and enter your Lightning Talk now!

The 35C3 Lightning Talks consist of three fast paced sessions which are perfect for pitching new software or hardware projects, exploits, creative pranks or strange ideas you need to get out to a global audience. Even if you don't have an awesome idea or project to share, a Lightning Talk is perfect for pitching your Assembly, your workshop or even a longer talk you'll give as a self-organized session. Your five minutes of fame!

For registration and schedule info, please check out

A farewell to soul-crushing code

Towards correct software that enriches our lives - Dijkstra (en)

A major part of software development is maintenance, i.e. tinkering with software that should already be completed but still somehow does not work as it should. Software developed by tinkering is the antithesis to resilient technology, and a growi...

So how do we gain autonomy over the software of the future, which is currently spiralling out of control? Not with object-oriented programming, as it turns out: Mutable state, the absence of uniform abstraction mechanisms and the complexity introduced by inheritance make it hard for humans to develop correct and robust software. While "agile" has given developers autonomy over the soul-crushing processes of the past, the prevalent technology - object-orientation - is a fundamental part of the problem, not of the solution. It is time to say goodbye; we must start to teach the principles of systematic construction of correct software instead. At the core of this revolution is the consistent application of functional programming, i.e. of immutable data structures, systematic abstraction and data modelling. The talk illustrates the problems of the programming techniques of the past, and shows how to build robust models that lead to useful software.

Inside the Fake Science Factories

Adams (de)

This talk investigates fake science factories; international twilight companies whose sole purpose is to give studies an air of scientific credibility while cashing in on millions of dollars in the process. We present the findings, outcomes and me...

Until recently, fake science factories have remained relatively under the radar, with few outside of academia aware of their presence; but the highly profitable industry has been growing significantly in the last five years and with it, so are the implications. To the public, fake science is often indistinguishable from legitimate science, which is facing similar accusations itself.
We expose the scale and value of two fake science operations: Well-known institutions and professors who abuse this route of publication for personal gain and the deadly consequences when the public believe in fake cures or weird discoveries that seem scientific at a very first glance. Beyond the pressure to publish, we find varying motivations from paid vacations and promotions to obtaining stipends and research grants.
Our findings highlight the prevalence of the pseudo-academic conferences, journals and publications and the damage they can and are doing to society.
For 35C3 we did some extra analytics and will publish new numbers, how pseudo-academic publishing has dropped since the story got out in several countries in July 2018.

Exploring fraud in telephony networks

Clarke (en)

Telephone networks form the oldest large scale network that has grown to
touch over 7 billion people. Telephony is now merging many complex
technologies (PSTN, cellular and IP networks) and enabling numerous
services that can be easily monetiz...

This talk aims to improve the understanding of the fraud ecosystem in
telephony networks. We first provide a clear taxonomy that
differentiates between the root causes, the vulnerabilities, the
exploitation techniques, the fraud types and finally the way fraud
benefits fraudsters.

As concrete examples, we first look into International Revenue Share
Fraud (IRSF), where phone calls to certain destinations are hijacked by fraudulent operators and diverted to the so-called ‘international premium rate services’. This fraud often involves multiple parties who collect and share the call revenue, and is usually combined with other
techniques (such as voice scam, mobile malware, PBX hacking) to generate call traffic without payment. We will further explore the IRSF ecosystem by analyzing more than 1 million `premium rate' phone numbers that we collected from several online service providers over the past 3 years.

In the second part, we will look into voice spam, a prevalent fraud in
many countries. After giving an overview of various types of unwanted phone calls, we will focus on a recent countermeasure which involves connecting the phone spammer with a phone bot (“robocall...

Friday 12:50

The Urban Organism

Hacking [in] Hong Kong - Eliza (en)

This talk will engage the practises and protocols of hacking in the context of Hong Kong, drawing parallels from the stigmergic responses of the city (consensus network organisation) and the peer-production (or attempt) of the hackerspace, Dim Sum...

Part I: Culture + Society: Idiosyncrasies of the Metropolis
I.i Political and economic structures from outside (the space) to the inside (the space).
I.ii Cultural identities from the outside to the inside
I.iii The resulting pastiche

Part II: Dim Sum Labs and _TFGTH: Hong Kong's First and Only Hackerspace
II.i Brief introduction to our space and activities
II.ii Introduction of the book (_TFGTH)
II.iii A few excerpts within
II.iv Demonstration of the interactive cover of the book

Part III: Peer Production: Collaborative Scenarios
III.i Meritocracy vs Democracy
III.ii How this applies in the space/
III.iii How this applied to the project (_TFGTH)
III.iv How this applies to the city
III.v Parallels between hacking and urbanism

Jahresrückblick des CCC 2018

Refreshing Memories - Adams (de)

Biometrische Videoüberwachung, Hausdurchsuchungen, Polizeiaufgabengesetze, Staatstrojaner und ganz viel Cyber: Wir geben einen Überblick über die Themen, die den Chaos Computer Club 2018 beschäftigt haben.

Neben der Zusammenfassung und der Rückschau auf das vergangene Jahr wollen wir aber auch über zukünftige Projekte und anstehende Diskussionen reden.

SymbiFlow - Finally the GCC of FPGAs!

A fully FOSS, Verilog to bitstream, timing driven, cross FPGA, usable toolchain. - Clarke (en)

The SymbiFlow project aims to be the "GCC of FPGAs" - a fully open source toolchain supporting, multiple FPGAs from different vendors. Allowing compilation from Verilog to bitstream without touching vendor ...

The SymbiFlow project aims to be the "GCC of FPGAs" - a fully open source toolchain supporting multiple FPGAs from multiple different vendors. FPGAs have been around since 1980s but most have previously require getting giant closed source proprietary black boxes from the FPGA vendor (10 gigabytes or more!). Thanks to SymbiFlow this is no longer the case!

Like the previous IceStorm efforts, SymbiFlow includes both documentation of FPGA bitstreams and a workingtoolchain for compiling Verilog into these bitstreams. Unlike previous efforts, this new toolchain supports industry standard timing driven place, and route and significantly larger designs. This makes SymbiFlow a big change over the previous Project IceStorm effort and enables support for large, modern FPGAs that can be used for things like high resolution video and many gigabit networking.

This presentation will give you an update on the current status of the project. What currently works, the future roadmap and how you can help with the project and how to expand the number of supported FPGAs even further.

Currently SymbiFlow ...

Modern Windows Userspace Exploitation

Dijkstra (en)

In this talk we will go through the different mitigations in Windows 10 and see how they affect modern userspace exploitation. We will explain the primary ones and the different ways to bypass them. Finally, we will demo a cool exploit that achiev...

In the past few years, many new mitigation techniques were introduced both into Windows kernel and userspace. These are supposed to make exploitation of certain vulnerabilities significantly harder, reduce exploit reliability, and require dependency on multiple primitives. It impacts many of the core components of the OS and build stack, including the loader, front-end allocator, compiler, and memory management. With such investment and impact, how effective are these really, from the exploit developer’s perspective?
In this talk, we’ll explain the primary mitigations in Windows that hinder modern memory corruption exploitation in userspace. Using examples of real-world vulnerabilities, we will see how to achieve arbitrary code execution on different Windows versions, comparing their impact on exploits. On our journey to code execution, we will learn the motivation behind these mitigations, understand their design, scope, and implementation, and study their weaknesses.

Friday 14:10

Reality Check! Basel/Lagos?? In virtual reality?

An African tale of art, culture and technology - Eliza (en)

This talk will share the experience of a leading African extended reality lab - Imisi 3D. It will highlight this African journey to adopt augmented and virtual reality, the challenges and lessons learned and will then focus on some of the arts and...

Explaining Online US Political Advertising

Borg (en)

Over the summer Facebook, Google, and Twitter have started making transparent United States political ads shown on their platforms. We have been collecting and analyzing these political ads to understand how candidates, elected officials, PACs, no...

Based on our analysis we will explain how major political sponsors are using online advertising system to send microtargeted messages to different audiences. We will also explain the messages, targetting, goals, spending, and impressions for major US political advertisers. As part of our project to improve the transparency of online political advertising, we have publically released our data and tools for others to analyze online political ads.

This will be a talk about improving the transparency of online political advertising.

We will start by describing the online political advertising transparency efforts that Facebook, Google, and Twitter have implemented.

We will next explain how we collected data from each of these efforts and are making it public.

After this, we will explain some of the methodologies and tools we are building to help analyze and visualize this data. Next, we will present some of our findings on how online political ads are being targetted and the messages they are communicating with different target audiences.

We will also present some case studies on major online political advertisers such as Donald Trump, Beto O’Rourke, the NRA, and Plan...

The nextpnr FOSS FPGA place-and-route tool

the next step forward in open source FPGA tools - Clarke (en)

Project IceStorm provides the first end-to-end open source FPGA toolchain, was originally presented at 32c3, and only targetted Lattice iCE40 FPGAs. nextpnr is the next big step for open source FPGA tools, providing a retargetable open source FPGA...

nextpnr is a retargetable FOSS FPGA place-and-route tool that is replacing arachne-pnr as place-and-route tool in the IceStorm open source iCE40 flow. (I have originally presented IceStorm and arachne-pnr at 32c3.)

nextpnr is retargetable, meaning it can be ported to other FPGA architectures easily, uses timing-driven algorithms, provides a python scripting API, supports complex placement and floorplanning constraints, and has a nice GUI. Python and GUI support are optional, which may be useful when deploying nextpnr on an embedded platform. In short: It is a big step forward for open source FPGA tools, attempting to close the gap to vendor tools in some aspects, and even setting new standards in other aspects.

As of now, iCE40 FPGAs (Project IceStorm) and ECP5 FPGAs (Project Trellis) are supported in nextpnr, but support for more architectures is expected to follow in short order.

Sense without sight: a crash course on #BlindNavigation

Dijkstra (en)

Learn to see the world without your eyes. Wonder what it's like to navigate while blind? Want to learn to use your everyday senses in ways you don't know you don't know? In this talk, I hack you with permanently enhanced sensory perceptio...


This talk is not the same on video as in person. Come in person if you can.

A few things I'll cover require a cane, but the vast majority are sensory input that you already have, and you simply don’t realize or pay attention to.

This will also (briefly) cover how and how not to interact with a blind person on the street, cognitive shifts from perceiving the world as a blind person, real vs myth difficulties, etc.

This talk is specifically focused on navigation and sensory experience. It won't cover Braille, computers, general life skills, medical/legal issues, or the like.

After you attend, I'd greatly appreciate your feedback: If you post about it, I'd appreciate if you use gender neutral pronouns for me, and tag me (saizai) or send me a link.


The talk is applied and participatory, not just abstract. I want you to actually experience what I discuss, so that you have a genuine qualitative sense of what it is like to navigate the world while blind.

You will have a better experience if you are totally sober, don't have arms ...

Friday 16:10

Theater und Quantenzeitalter

„Die Parallelwelt“- Das Schauspiel Dortmund und die Digitalität - Dijkstra (de)

Seit 2010 ist die Sehnsucht des Schauspiel Dortmund, ein gegenwärtiges und wagemutiges Schauspiel für ein Publikum des 21. Jahrhunderts zu schaffen, ein Volkstheater für die Digitale Moderne. Intendant Kay Voges, Videokünstler Mario Simon und Engi...

Einen Theaterabend, der die Ränder des Erzählens auslotet und die Grenzen zwischen Theater, Film und Netz in Frage stellt: Im September 2018 hatte „Die Parallelwelt“ simultan am Schauspiel Dortmund und am Berliner Ensemble Premiere. Regisseur Kay Voges, Videokünstler Mario Simon und Software-Ingenieur Lucas Pleß vom Schauspiel Dortmund berichten über die Entwicklung eines Theaterabends, für den zwei Bühnen und zwei Zuschauerräume in zwei Städten in Echtzeit per Glasfaser verbunden sind. „Die Parallelwelt“ spielt mit der Vervielfältigung von Identitäten im Zusammenspiel mit dem Wandel von Bildern, die sich die menschliche Spezies zu dem Kosmos macht, dessen Teil sie ist – und mit Entgrenzung, Auflösungs-Alptraum und einer Neuzusammensetzung der Welt, wie wir sie kannten.

„Die Parallelwelt“ ist die neueste Produktion zum Thema Menschsein im Digitalen Zeitalter vom Dortmunder Team um Kay Voges, das seit 2010 inhaltlich und formal an den Grenzen von Theater und Installation, Performance, Coding, Game und neuer Medienkunst forscht. Die Sehnsucht von „Deutschlands führendem Theaterlabor“ (DIE WELT): Ein gegenwärtiges und wagemutiges Schauspiel für ein Publikum des 21. Jahrhunderts,...

Verhalten bei Hausdurchsuchungen

Praktische Hinweise für den Kontakt mit der Staatsmacht - Borg (de)

Es ist 6 Uhr und ein Trupp uniformierter Polizisten steht vor deiner Wohnungstür. Was solltest du bis dahin getan haben und was solltest du jetzt tun?

Eine Hausdurchsuchung ist etwas, was sich niemand ersehnt und vor dem wir möglichst verschont bleiben wollen. Dennoch passiert es auch im Chaosumfeld immer wieder, dass Hackerinnen und Hacker Besuch von den Staatsorganen bekommen.

Dieses Jahr erwischte es unter anderem die Zwiebelfreunde, das OpenLab in Augsburg, den C3DO und evtl. andere. Daher solltet ihr euch gedanklich auf eine Durchsuchung vorbereiten und Schritte ergreifen.

Im Vortrag erzählen euch Jens und Kristin, welche Maßnahmen weit vor einer Durchsuchung sinnvoll sind. Weiterhin geben sie euch Empfehlungen, auf was ihr bei einer laufenden Durchsuchung achten solltet und wie es nach einer Hausdurchsuchung weitergeht.

The Surveillance State limited by acts of courage and conscience

An update on the fate of the Snowden Refugees - Adams (en)

An update on the circumstances of the Snowden Refugees will be provided at the 35C3 event and venue in December 2018.

There have been many significant events and incidents during 2018, and some of these will be disclosed at the talk.

Updates will provided on the Snowden Refugees appeals in Hong Kong and their refugee claims with Canada.

There will also be disclosures on continued surveillance and harassment by the Hong Kong authorities.

Wind: Off-Grid Services for Everyday People

Integrating nearby and offline connectivity with the Internet - Eliza (en)

The internet has become essential services, and offline methods of sharing data are rapidly disappearing. Other possible networks are often better suited when connectivity is not available or affordable. Radios, sensors, and computing are availa...

We rely on the internet for so many things, from personal relationships to essential services. As the internet has gotten stronger, the asynchronous and offline methods of sharing data are rapidly disappearing. There has not been enough investment in the many other possible nets, even though they are often better suited for situations where connectivity is not available or affordable. The potential in radios, sensors and processing available in the cheapest of smartphones and routers are not fully utilized or realized.

Wind is a network designed for opportunistic communication and sharing of local knowledge. It is built on impermanence, movement, and spontaneity. Wind is a direct counterpoint to the metaphor of the Web, a system built upon the concept of fixed physical nodes, centralized authorities and permanent links. It is rooted in the mindsets and needs of people and communities who face challenges communicating. Wind is shaped by the movements and density of people in time and space.

The Wind project began with giving F-Droid the ability to "swap apps" using only Bluetooth and local Wi-Fi connections. We have enabled users with limited connectivity to gather and ...

How medicine discovered sex

Introduction to sex- and gender-sensitive medicine - Clarke (en)

Men with osteoporosis or depression, women with heart attacks - these are examples of diseases where medicine still shows a gender bias. Assuming that men and women have the same bodies, except when it comes to the reproductive organs still causes...

Friday 17:30

Never Forgetti

a didactic live-gaming performance about dying women across video game history - Dijkstra (en)

Never Forgetti

lecture performance, 2018

multiplatform game,

soundtrack & strategy guide

Never Forgetti is a didactic live gaming lecture about the deaths of female video game characters and how their normative framing prevents them from developing agency to avert their fatal destiny. The performance investigates on power relationships between lecturer and audience to reflect on how models of subjugation are established in media and our current social realities. Taking on the persona of Jenny Vorfahrt, a mysterious character that exists both outside and inside the gaming realm, I provide attendees with showcase of gameplay and theoretical knowledge about life and death of popular heroines, as well as the symbolism of classical game design. In reality, however, Jenny is pursuing her own secretive agenda...

The good, the strange and the ugly in 2018 art &tech

On art, AI, hormones hacking and other prospects of a post-human world - Clarke (en)

What's been good, exciting, spooky and challenging in art and science/technology over this past year. With a short incursion into the ugly because even artists have the right to be awful.

Global warming, the threat of another economic crisis, the rise of far right discourses across Europe or the mass extinction of natural species, it might seem futile to invest time and attention to contemporary art. And yet, with their inquisitive mind, their skills in (ab)using new media and their provocative attitude, artists and critical designers can play a valuable role in creating richer narratives around issues that tend to polarize and/or dismay.

The talk will look at the good, the strange and the exciting in art and science/technology over this past year. With a short incursion into the ugly because even artists have the right to be awful.

Some of the topics explored might include the environmental and human cost of AI, hormones hacking, 'racism' behind innocent looking devices and other prospects of a post-human world.

How to teach programming to your loved ones

Enabling students over example-driven teaching - Borg (en)

Teaching beginners how to program is often hard. We love building programs, and seeing our loved ones struggle with this is painful. Showing them how to copy-paste a few example programs and change a few parameters is easy, but bridging f...

The talk is based on many years of research by the Program by Design, DeinProgramm, and Bootstrap educational projects, as well as over 30 years of personal teaching experience in school, university and industrial contexts. A word of warning: The resulting approach is radically different from most teaching approaches used in universities and schools. In particular, it avoids teaching purely through examples and expecting students to develop the skills to arrive at the solutions on their own. Instead, it eaches explicit methodology that enables students to solve problems of surprising complexity on their own, whether they are 11 or 55, whether in a classroom, a training facility, or your home. Extensive documentation, material, and software to support this methodology is available for free.

Projekt Hannah

Ein open-source Hardware- und Software-Design für vierbeinige Laufroboter - Eliza (de)

Um das Entwickeln von eigenen Laufrobotern zu erleichtern, brauchen wir offene Alternativen zu bestehenden Plattformen. Am Beispiel unseres Projektes "Hannah" stellen wir euch Möglichkeiten vor, wie Open Source in Robotik-Hardware praktisch einges...

Wir bauen einen vierbeinigen Laufroboter, der vollständig open-source in Hard- und Software ist, denn Roboter werden für uns alle sicherer und nützlicher sein, wenn wir ihre Funktionalität vollständig verstehen und ihrer Hardware vertrauen können. Außerdem sind wir überzeugt, dass zukünftige Robotik/KI-Systeme für die Menschheit allgemein förderlich sein werden, wenn die zugrundeliegende Technologie unabhängig von privaten Interessen und in den Händen von Wissenschaftlern, Ingenieuren und Hackern weltweit ist.

Bei der Entwicklung von Laufrobotern ist die notwendige Hardware oft nicht erschwinglich, oder die Quellen für die Hardware-Designs oder die Software schwer zugänglich. Einen Laufroboter von Grund auf zu entwickeln kann leicht mehrere Jahre dauern, was für Forscher und Hobbyisten viel Aufwand bedeutet und für Startups ein hohes Risiko darstellt.

Wir entwickeln ein völlig freies quelloffenes Hardware- und Software-Design für einen Laufroboter, welches von allen verwendet, studiert, modifiziert und verteilt werden kann, und wollen damit einen Beitrag zur Demokratisierung des Bereichs der Laufroboter leisten. Das mechanische Design besteht aus 3D-gedruckten oder Laser-g...

Smart Home - Smart Hack

Wie der Weg ins digitale Zuhause zum Spaziergang wird - Adams (de)

Mehr als 10.000 unterschiedliche Device-Hersteller aus aller Welt verwenden die Basis-Plattform (WIFI-Modul, Cloud, App) eines einzigen Unternehmens zur technischen Umsetzung ihrer Smart-Home-Produkte.
Die Analyse dieser Basis zeigt erhe...

Für die dem Vortrag zu Grunde liegenden Tests wurden verschiedenste Glühbirnen und Steckdosen verschiedener Hersteller bestellt und untersucht. Dabei fiel sofort auf, dass sehr oft ein ESP8266 (sehr kostengünstiger 32-Bit-Mikrocontroller mit integriertem 802.11 b/g/n Wi-Fi) der chinesischen Firma espressif verwendet wird.
Weitere Untersuchungen zeigten, dass neben dem verwendeten WIFI-Modul, unabhängig vom aufgedruckten Hersteller der Smart-Devices, auch dieselbe Cloud, sowie die gleiche Basis-App eines chinesischen IoT-Modul-Herstellers verwendet wird.
Diese Basis-Plattform ermöglicht somit jedem weltweit in kürzester Zeit selbst zum Reseller von bereits fertigen Produkten, wie „Smart Bulbs“ und „Smart Plugs“ zu werden, oder seine ganz eigenen Smart-Devices auf den Markt zu bringen, auch ohne den Besitz tieferer technischer Kenntnisse bezüglich IoT oder IT-Sicherheit.

Die Analyse der "Smart"-Devices, die diese Basis-Plattform verwenden, ist allgemein erschreckend. Einfachste Sicherheitsregeln werden nicht befolgt und es gibt gravierende systematische und konzeptionelle Mängel, die stark zu Lasten der Sicherheit der Endanwender gehen. Aufgrund der einfachen Möglic...

Friday 18:30

Feminist Perspectives

Inclusive and Diverse Spaces and Communities - Dijkstra (en)

A variety of initiatives aims at encouraging female engagement in the hacker and maker scene. We present there some promising approaches and key learnings in a joint panel discussion.

Hong Phuc grew up in a small town in the Mekong Delta, south of Vietnam, She could never imagine how her life went a completely different path than what she was told as a young girl.

Le RESET is a French feminist hackerspace created in 2016 by a small group of queer & feminist hackers and hacktivists. The goal was to create a space at the intersection of communities that often remain apart.

Em O'Sullivan is a former hackerspace and Maker Faire organiser. Currently, they are a PhD student researching ways to improve women and non-binary people's engagement with technology via makerspaces.

Ready to Code is a young project from Stuttgart that teaches girls and women how to code and stand up for themselves.

Friday 18:50

The Enemy

War, Journalism, VR - Adams (en)

The Enemy brings you face-to-face with combatants from three conflict zones: with the Maras in Salvador, in the Democratic Republic of the Congo, and in Israel and Palestine. Their testimonies and confessions about their lives, experiences, and pe...

The Enemy by Karim Ben Khelifa, a groundbreaking interactive Virtual Reality (VR) exhibition, and immersive experience, makes its North American premiere at the MIT Museum. Through 360-degree imaging and recordings, participants will encounter combatants on opposite sides of conflicts in Israel/Palestine, the Congo, and El Salvador. In their own words, each will offer personal perspectives on war, including thoughts on motivations, suffering, freedom, and the future.

The exhibition incorporates concepts from artificial intelligence and cognitive science-based interaction models. Conceived by acclaimed photojournalist Karim Ben Khelifa, this ambitious project was further developed during a visiting artist residency at MIT hosted by MIT’s Center for Art, Science & Technology (CAST) and in collaboration with MIT Professor D. Fox Harrell.

Computer, die über Asyl (mit)entscheiden

Wie das BAMF seine Probleme mit Technik lösen wollte und scheitert - Borg (de)

Welchen Dialekt spricht eine Geflüchtete aus Syrien? Was verrät das Handy eines Asylsuchenden aus dem Irak darüber, wo er herkommt? Und ist der Name Wasef eigentlich typisch für Afghanistan? Über diese Fragen entscheiden im Bundesamt für Migration...

Im Jahr 2015 stellte fast eine halbe Million Menschen einen Asylantrag in Deutschland. Das BAMF war überfordert, immer mehr unbearbeitete Anträge sammelten sich an. Der vermeintliche Ausweg lautete Prozessoptimierung. Allein im Jahr 2016 wurden 25 Millionen Euro für Unternehmensberatungen wie McKinsey ausgegeben, die das Amt zu einer Entscheidungsfabrik machen sollten. Dass die Behörde über das Schicksal von Menschen entscheidet, trat in den Hintergrund. Immer mehr Entscheidungen in immer kürzerer Zeit, kaum ausgebildete Entscheider, schlechte Übersetzer, massive Datenschutzprobleme und viele falsche Ablehnungen, die im Nachhinein vor Gericht landeten und im Nachhinein revidiert werden mussten.

Ein Beitrag zur vermeintlichen Optimierung sollten IT-Systeme für ein "Integriertes Identitätsmanagement" leisten, das aus vier Teilen besteht: Ein "Transliterationsassistent" soll Namen in arabischer Schrift einheitlich in lateinische Buchstaben übertragen,...

Was schützt eigentlich der Datenschutz?

Warum DatenschützerInnen aufhören müssen von individueller Privatheit zu sprechen. - Eliza (de)

Beim Datenschutz geht es mitnichten um Privatsphäre, um das eigene Schlafzimmer oder um das Teilen privater Daten bei Facebook. Es geht gleichermaßen um den Erhalt einer demokratischen Gesellschaftsordnung wie um den Erhalt individueller Handlungs...

Erst mit diesem strukturellen Blick können wir politischen Nebelkerzen wie "Selbst-Datenschutz", "Dateneigentum", "individuelle Datensouveränität" oder etwa "Algorithmen-Ethik" etwas entgegensetzen, die zunehmend als Lösung für das Problem der Verdatung der Gesellschaft angeboten werden. Wir müssen uns strukturell und auch theoretisch mit dem Problem der Informationsmacht großer Organisationen (Behörden, Firmen) beschäftigen, wenn wir einer grundrechtsorientierten digitalen Gesellschaft leben wollen. Denn Datenreichtumsbefürworter- und DatenschutzverächterInnen, die derartige Probleme wie so oft dem Individuum aufbürden wollen, haben nämlich keinen theoretischen Unterbau.

Dieser Foundation-Talk vermittelt passioniert das Rüstzeug und die nötigen Grundlagen, um tatsächlich sinnvolle Datenschutzbebatten zu führen.

Analyze the Facebook algorithm and reclaim data sovereignty

Algorithms define your priorities. Who else besides you can know what you need? - Clarke (en)

Facebook monopoly is an issue, but looking for replacements it is not enough. We want to develop critical judgment on algorithms, on why data politics matter and educate, raise awareness for a broad audience. With

As algorithms define what our priorities are, they should be recognized as an extension of our will. We must be able to consciously build our own algorithms, change them whenever we want, and not have to delegate this decision to a commercial entity, with opaque functioning and objectives.

This is the goal of, a goal that can only be achieved through education. We recognize that not everyone possesses the knowledge and skills to design their own algorithms, and therefore there is the need to create a support community, where algorithms can be shared, compared, improved and criticized. The algorithm is power; it can be a harmful cage or a helpful filter. Only autonomous and informed individuals can decide what is most appropriate for them at a given time.

We also worked on analyzing YouTube algorithm! And others platform should follow; the collaborative observation approach is replicable in every platform which personalizes the results. This talk wants to be accessible for ordinary social media users. We understand that many have to be on these platforms, but at least, we ...

Friday 20:50

Schweiz: Netzpolitik zwischen Bodensee und Matterhorn

Massenüberwachung, Netzsperren und andere netzpolitische Schauplätze in der Schweiz - Eliza (de)

Datenreichtum, E-Voting, Massenüberwachung und andere netzpolitische Schauplätze in der Schweiz

Der Kampf um die Freiheit im digitalen Raum wird auch in der Schweiz intensiver. Wir blicken auf das netzpolitische Jahr 2018 in der Schweiz zwischen Bodensee und Matterhorn zurück. Wir behandeln jene Themen, die relevant waren und relevant bleiben. Weiter zeigen wir, was von der Digitalen Gesellschaft in der Schweiz im neuen Jahr zu erwarten ist.

Themen sind unter anderem:

Massenüberwachung: Kabelaufklärung und Vorratsdatenspeicherung sowie die Beschwerden, welche die Digitale Gesellschaft in der Schweiz führt.

E-Voting: Abstimmungen und Wahlen im Internet sowie der Kampf für das Vertrauen in die Direkte Demokratie in der Schweiz.

Netzsperren: Die Zensur im schweizerischen Internet begann mit «Denkt denn niemand an die Kinder?» und geht nun mit Geldspielen im Internet weiter …

Urheberrecht: Wie die USA im «Piratenstaat» Schweiz ihre Forderungen durchsetzen, unter anderem mit Massenabmahnungen gegen Filesharing.

Datenschutz: Wo war in der Schweiz besonders viel «Datenreichtum» zu beobachten?

Digitale Gesellschaft in der Schweiz: Razzia am «H...

Snakes and Rabbits - How CCC shaped an open hardware success

Borg (en)

This talk will present a historical narrative of the background behind how the NeTV + Milkymist inspire the HDMI2USB then helped the

Open hardware projects tend to evolve differently from open software projects. Even though it’s very easy to fork an open software project, pull requests and merges help ensure the main branch of a project continues to improve. Furthermore, open software projects tend to evolve along with their tools, as evidenced by the concurrent maturation of Servo and Rust, or Linux and Git. In contrast, open hardware projects tend to fork and then fracture the community as they gain commercial success and go closed, as evidenced in the evolution of the 3D printer and drone communities. There are also few examples of hardware projects that co-evolve with their tools.

The evolution of the NeTV + Milkymist to the HDMI2USB to the NeTV2, along with the concurrent maturation and adoption of the Migen and LiteX ecosystem, is one of these rare examples.

This talk will present a historical narrative of the background behind each of these projects and how...

Attacking end-to-end email encryption

Efail, other attacks and lessons learned. - Adams (en)

In this talk, I’ll present several attacks that leak the plaintext of OpenPGP or S/MIME encrypted emails to an attacker. Some of the attacks are technically interesting, i.e. the two different efail attacks, some are somewhat silly, yet effective....

Email remains the least common denominator when two or more people communicate over the Internet. While many modern messengers use end-to-end (e2e) encryption by default, email relies on transport encryption among email servers, which offers a much weaker protection.

OpenPGP and S/MIME are two competing standards that bring e2e encrypted communication to email. While S/MIME is mostly used in corporate environments and built into many of the widely used email clients, OpenPGP often requires that users install additional software and plugins. Both technologies never reached large deployment, mostly because both suffer from a range of usability issues. However, it is commonly assumed that if one manages to use OpenPGP or S/MIME to encrypt emails, it is very secure.

In this talk, I’ll discuss several attacks that leak the plaintext of OpenPGP or S/MIME encrypted emails to an attacker. Some of the attacks are technically interesting, i.e. the two different efail attacks, some are somewhat silly, yet effective. Some abuse HTML emails, some also work with plain ASCII emails.

The disclosure of the efail vulnerabilities caused a lot of stir in the press and the community, which...

Jailbreaking iOS

From past to present - Dijkstra (en)

This talk aims to give a general overview of iOS Jailbreaking by starting at what jailbreaking was back in the days and how it evolved up until today, while also taking a quick look at how it might evolve in future.

Therefore the following top...

I will give an introduction in jailbreak terminology and walk through the jailbreak history, thus presenting how iOS devices have been hacked/jailbroken in the past while focusing on what mitigations Apple added over the years.
Therefore i will discuss what effects these mitigations have on jailbreaking and how they were (and still are) dealt with.

This should be interesting for hackers new in the iOS game, as several technical aspects are covered, but also for people who jailbreak their devices and want to get a better understanding of what is happening under the hood of jailbreaks as well as what challenges hackers have to face and why things evoled the way they are right now.

This talk is structured somewhat similar to my previous talk 2 years ago "iOS Downgrading - From past to present".
Watching my previous talk is not neccessary for understanding this one, but is suggested to get a better overall image of iOS hacking.

A Christmas Carol - The Spectres of the Past, Present, and Future

Clarke (en)

With the beginning of last year, two major security vulnerabilities have been disclosed: Meltdown and Spectre. While mitigations in software and hardware have been rolled out right away, new variants have been continuously released in the followin...

Only a few days after the Chaos Communication Congress closed its doors last year, two major security vulnerabilities have been disclosed to the public.
Meltdown and Spectre exploit critical vulnerabilities in modern processors, allowing attackers to read arbitrary data currently processed on the computer without any permissions or privileges.
While mitigations in software and hardware have been proposed and rolled out right away, new variants of Spectre and Meltdown attacks have been published frequently in the following months.

Spectre v1? Spectre v2? Meltdown? Spectre-NG? SpectreRSB? L1TF? Foreshadow? - With all those names and variants, how can you possibly have still a clear overview of those vulnerabilities?
With all those operating systems, compiler, and microcode updates, is my system really protected?

In our talk, we present a novel classification of Spectre and Meltdown attacks and propose a new naming scheme to ease the naming complexity of the current jungle of variants.
Furthermore, we give an overview of all proposed mitigations and show that an attacker can still mount an attack despite the presence of implemented countermeasures.
Finally, we show new v...

Friday 21:50

Wallet Security

How (not) to protect private keys - Eliza (en)

There are multiple different ways to store cryptocurrency secret keys. This talk will investigate advantages and disadvantages of different methods with regards to cryptographic backdoors known as kleptograms.

With the increasing popularity of cryptocurrencies such as Bitcoin, there is now a variety of different wallet solutions and products available. Wallet in this context refers to any device or piece of software which store secret keys. Those secret keys are typically used to create and sign transactions (payments, smart contracts, etc.) using ECDSA.

Wallet implementations range from simple open-source software to hardware tokens. Some solutions store the keys in files (possibly encrypted with a passphrase), while others use hardware-based cryptography modules. Hardware-based key storage comes with a lot of advantages. The chips are designed to make it hard to extract keys.

What is often overlooked is that it is hard to verify that the wallet actually does what the manufacturer claims it does. One obvious solution is to not connect the wallet to a computer with Internet access in order to avoid exposure of secrets. However, there are possible cryptographic backdoors called kleptograms that can hide the secret information within the published signatures in a way that is provably undetectable.

The kleptographic attacks were first discovered by Adam Young and Moti Yung in 19...

Friday 22:10

The Ghost in the Machine

An Artificial Intelligence Perspective on the Soul - Adams (en)

Artificial Intelligence gives us a uniquely fascinating and clear perspective at the nature of our minds and our relationship to reality. We will discuss perception, mental representation, agency, consciousness, selfhood, and how they can arise in...

Cognitive Science describes our mind by identifying it as a particular kind of machine, a generally intelligent computer built from a nervous system embedded into the body of a social primate. Intelligence can be understood as a system's ability to create models, usually in the service of regulating the interaction of this system with its environment. But how does such regulation give rise to a sense of self and conscious awareness?

This is the fifth installment on the series From Computation to Consciousness, which covers philosophy of mind, epistemology, the nature of consciousness, the emergence of social structure and the relationship between mind and universe using concepts from computer science and Artificial Intelligence.

Simulating Universes

What Virtual Universes Can Tell Us About Our Own - Dijkstra (en)

In this talk I want to present the computational undertakings in the field of cosmological structure formation and galaxy formation. Here, sometimes gigantic simulations help us to unravel the processes that led to the Universe that we can see tod...

Almost every field of human discovery has gained immensely from the invention of computers, astrophysics maybe more than most others. Experiments are not an option in astrophysics. We cannot form planets, stars, or galaxies in laboratories on earth, but only observe them in an uncontrolled fashion using telescopes. We therefore rely on mathematical models that predict observations which we can test in reality. As the range of analytically tractable problems is very limited we rely on computers to numerically help us to understand the cosmos.

In this talk I will concentrate on a specific branch of astrophysics and cosmology, the science of the evolution of the Universe as a whole: simulations of cosmological structure formation. These simulations follow dark matter in an expanding universe as it collapses under the influence of gravity into the structures which are the birthplaces of galaxies. We will see how these galaxies are glowing tracers on the highly complex, almost invisible structure of the cosmic web.

The largest of these simulations are immense computational undertakings and take tens of millions of core-hours to run on tens of thousand of cores while producing h...


… und das Rennen um den schnellsten Computer der Welt - Clarke (de)

Der nationale Höchstleistungsrechner SuperMUC-NG unterstützt die öffentliche Wissenschaft in Deutschland. Wie ist er aufgebaut, was kann man damit tun, und wo steht er im Vergleich mit den schnellsten Supercomputern der Welt?

Im September 2018 wurde nach einem Jahr für die öffentliche Ausschreibung und Beschaffung sowie einem halben Jahr Bauzeit die Inbetriebnahme des bayerischen Höchstleistungsrechners SuperMUC-NG gestartet. Der Rechner am Leibniz-Rechenzentrum (LRZ) in Garching wird derzeit diversen Tests unterzogen und soll Anfang 2019 für die Wissenschaft in Deutschland zur Verfügung stehen. In diesem Vortrag soll die Architektur von SuperMUC-NG vorgestellt und auf seine Besonderheiten eingegangen werden. Dazu zählt u. a. der Einsatz von herkömmlichen Skylake-Prozessoren und der Verzicht auf Beschleuniger (GPGPUs), aber auch die spezielle Heißwasserkühlung in Kombination mit Adsorptionskältemaschinen. Anhand ausgewählter Anwendungsbeispiele aus der Astrophysik, den Erdwissenschaften, der Genomanalyse und der personalisierten Medizin wird gezeigt, wofür diese Rechner gebaut werden. Natürlich ist SuperMUC-NG nicht der einzige derartige Rechner auf der Welt und mit der Top 500 Liste der Supercomputer gibt es zwei Mal jährlich ein "Rennen" um den schnellsten Computer der Welt. Wo steht Deutschlands derzeit schnellster akademischer Rechner im internationalen Vergleich, und warum ist dieser Vergleich g...

The Layman's Guide to Zero-Day Engineering

A demystification of the exploit development lifecycle - Borg (en)

There's a certain allure to zero-day exploits. At the apex of the security industry, these elusive technologies are engineered by a persistent few to open doors of software systems that were never meant to exist. We go behind-the-scenes to provide...

In this talk, we will discuss the engineering process behind a zero-day that was used to exploit Apple Safari at PWN2OWN 2018. Rather than placing an intense focus on the technical challenges required to weaponize this particular chain of vulnerabilities, we reflect on this experience as a case-study of the analytical approach we employ to attack unfamiliar software targets. In addition to these methods, we will contrast how this process differs from CTF/Wargame challenges, highlighting the path one can take to graduate from casual enthusiast to security professional.

Friday 22:50


Disobedient Innovation - Eliza (en)

Through the hacking of surveillance techniques, machine learning, and big-data analytics, DISNOVATION.ORG’s trilogy of internet bots is uncovering and repurposing some of the influential and opaque operating systems of our online environment.

Started in 2012 with The Pirate Cinema (exposing the dynamics of peer-to-peer media sharing and its materiality), followed by Predictive Art Bot (a disruption of the normative effects of social media on creativity), and continued with Computational Propaganda (a ‘system test’ of the online political influence apparatus), this series explores black box technologies and the algorithmic governance of our aspirations, decisions, and political views. These three artworks aim to reveal emergent algorithmic imaginaries, expose the inner workings of these systems, and stimulate critical debate.

Friday 23:30

What is Good Technology?

Answers & practical guidelines for engineers. - Clarke (en)

The last years, we all have felt the impact of applying technologies like machine learning, social networks and data-driven decision making on a massive scale to our societies. Yet all that technology has been developed by engineers like us. It's ...

The Good Technology Collective was founded in December of 2017 in Berlin by a diverse group of experts from academia, government & the private sector with the goal to bring fresh wind into the discussions everybody seemed to have about the impact of modern technology in the wake of the full impact of fake news, algorithmic biases, filter bubbles & massive data breaches - without ever resulting in tangible action.
The GTC hosts and supports regular events to educate engineers, publishes articles to educate society through media partnerships, holds internal round tables and aims to work with policy makers long-term. As part of this years effort, we are releasing "Ethical Engineering Guidelines" that offer a practical way for engineers and organizations to responsibly develop new technology that takes ethics & societal impact more into account and can easily be applied to small and large projects alike. These guidelines have been developed throughout the year a parts of them presented at various events as they progressed, to collect feedback and further improve them.
Members of GTC range from (former) whistle blowers, activist MPs, Oxford professors in ethics, authors to entrepre...

Die EU und ihre Institutionen

Adams (de)

Ein kurzer Grundlagenabriss über die Institution der Europäischen Union, insbesondere zur Funktionsweise und Zusammenarbeit

Welche Institutionen gibt es? Welche Rollen haben sie? Wie sind die Machtverhältnisse? Was läuft gut? Was läuft schlecht? tbc

A deep dive into the world of DOS viruses

Explaining in detail just how those little COM files infected and played with us back in the day - Borg (en)

It is now 27 years since MS-DOS 5.0 was released. During its day there was the threat of viruses breaking your system or making it act in unpredictable ways. Due to its age and near total lack of consumer use it is safe to assume that all of the v...

Computers have come a long way in the last 27 years, and so has malware too. This talk will start off with some of the most famous and widely known payloads. A basic guide on how MS-DOS runs applications, and we will work up from there to analysing all 17k+ samples with that are in the archives using automatic tooling to pick out some of the most interesting ones.

If you don’t have reverse engineering skills, don’t be afraid! We will start off with the basics of how the IBM PC works, MS DOS execution, binary runtime, and how we automatically run/disassemble/trace/fuzz malware on mass.

The year in post-quantum crypto

Dijkstra (en)

The world is finally catching on to the urgency
of deploying post-quantum cryptography:
cryptography designed to survive attacks by quantum computers.
NIST's post-quantum competition is in full swing,
and network protocols are explor...

Post-quantum cryptography has become one of the most active
areas in cryptography,
trying to address important questions from potential users.

Is post-quantum cryptography secure?
In the first ten months of this year
we have seen several serious breaks
of submissions to the NIST competition.
At this point, out of the original 69 submissions,
13 are broken and 8 are partially broken.
Are the remaining 48 submissions all secure?
Or is this competition a denial-of-service attack
against the cryptanalysis community?
NIST will select fewer candidates for the 2nd round,
but it is not clear whether there is an adequate basis
for judging security.

Does post-quantum cryptography provide
the functionality we expect from cryptography?
For example,
the original Diffie-Hellman system
provides not just encryption
but also more advanced features
such as non-interactive key exchange
(not provided by any NIST submissions)
and blinding.
The era of post-NIST post-quantum cryptography has begun
with the exciting new CSIDH proposal,
which has non-interactive key exchange
and is smaller than any NIST submission,

Friday 23:50


Lesung - Eliza (de)

"Mondnacht" von Stanislav Lem. Das berühmte SF Rundfunk-Hörspiel als Lesung mit analogen und digitalen Mitteln.

Drei SchauspielerInnen lassen die letzte Mondnacht einer Raumfahrtbesatzung aufleben. Der Mond sieht still zu, wie sich in der beengten Atmosphäre der Raumstation ein verheerendes Spiel des Misstrauens entfaltet.
Mit analogen und digitalen Soundeffekten werden die Zuhörer in die Hemisphere entführt. Ein besonderes Ereignis mit dem genialen Text des Meisters der SF Literatur.

Friday 00:30

All Creatures Welcome

a utopian documentary about the digital age - Borg (de)

"All Creatures Welcome sketches a utopian image of society in the digital era. Accompanied by the appeal to “use hacking as a mindset,” the viewers immerse themselves, together with the filmmaker, in a documentary adventure game and explore the wo...

Together with the filmmaker and the slogan"use hacking as a mindset" we immerse in a documentary adventure game and explore the world of Komputerfrieks, as they used to call themselves at the inaugural meeting of the Chaos Computer Club in 1981. We come upon an open, free-spirited society. The events of the CCC are a kind of utopian real-world reflection of the virtual spectrum. We encounter angels, activists, robots, coders and makers. We learn what a hack is, why lockpicking can be important, how a cellular system works. We dive into the game and become part of the community that is as inclusive as it is sophisticated. Still outside of this collective the challenges are immense in an era, in which political certainties and institutions increasingly erode. Models of governance, economics, social order, technology and science are being put into question 24/7. With the internet’s rules of conduct, national laws are being repealed and transformed into global structures. While the worldwide web would structurally actually allow a radical renewal of democracy, changing it from representation to participation, more and more states are drifting towards authoritarian societies in poli...

Meine Abenteuer im EU-Parlament

Adams (de)

Bei der Europawahl 2014 wurde ich als Spitzenkandidat der Partei für Arbeit, Rechtsstaat, Tierschutz, Elitenförderung und basisdemokratische Initiative in das Europäische Parlament gewählt.

Seit Juli 2014 bin ich dort Mitglied im Ausschuss für Kultur und Bildung, in der Delegation für die Beziehungen zur Koreanischen Halbinsel und war stellvertretendes Mitglied im Haushaltskontrollausschuss bis Juni 2015.

Seit Januar 2017 bin ich stellvertretendes Mitglied im Ausschuss für auswärtige Angelegenheiten.

In diesen Rollen erlebe ich so manches Abenteuer.

Saturday 11:30

Lightning Talks Day 3

Borg (en)

Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a cre...

Did you think that the thrill of sharing your ideas in front of a huge audience at a C3 was something you'd never experience? Do you work on a cool project and want to get the word out? Was your talk one of the hundreds that got rejected? Did you come up with an awesome hack that you need to share? Go ahead and enter your Lightning Talk now!

The 35C3 Lightning Talks consist of three fast paced sessions which are perfect for pitching new software or hardware projects, exploits, creative pranks or strange ideas you need to get out to a global audience. Even if you don't have an awesome idea or project to share, a Lightning Talk is perfect for pitching your Assembly, your workshop or even a longer talk you'll give as a self-organized session. Your five minutes of fame!

For registration and schedule info, please check out

Internet, the Business Side

a try to explain the ecosystem - Eliza (en)

Net neutrality, a big buzzword in the last years. It is not only a buzzword? There are economic reasons why it is a stake. This talk tries to give an overview and explain how money is made in the "internet" and how it is related to net neutrality.

Topics discussed:
- Early Days and the Finance behind the Internet / Darpanet
- "Day 0" of the Internet as we know it today
- Step By Step Explanation how the internet is built from Access To Backbone To World and back again
- Add some price tags to the network and a try to explain the ecosystem behind it
- „Netzneutralität“ a definition?
- Show the relation between Netzneutralität and the price tags
- Outlook into the next 24 months

Die dreckige Empirie

Kann man empirischen Studien trauen? - Adams (de)

Kann man empirischen Studien trauen oder nicht? Wie kann ich gute Studien von schlechten unterscheiden? Und was mache ich, wenn es zu einem Thema Studien mit gegensätzlichen Befunden gibt? Der Vortrag soll helfen, Antworten auf diese Fragen zu fin...

Empirischen Studien begegnet man nicht nur in Vorlesungen und Laboren, auch in den Nachrichten und in Diskussionen werden sie zitiert und oft als unumstößliche Wahrheit dargestellt. Andererseits gibt es ein großes Misstrauen gegenüber diesen Studien. Den Satz „Traue keiner Statistik die du nicht selbst gefälscht hast“ hat wohl jeder schon gehört und beim Congress im letzten Jahr hieß es mit Verweis auf psychologische und sozialwissenschaftliche Methoden „Science is broken“. Aber entspricht das wirklich der Wahrheit? Der Vortrag beschäftigt sich mit der Frage, was die Denkweise hinter empirischen Studien ist und wie man sie besser verstehen kann. Dabei sollen sowohl Grundlagen wie Wahrscheinlichkeiten, verschiedene statistische Testverfahren und Metaanlysen als auch Probleme wie p-Hacking und die Replikationskrise angesprochen werden. Ziel des Vortrags ist es, den Zuhörer*innen einen Eindruck davon zu vermitteln, was empirische Studien aussagen können und was nicht. Dabei liegt besonderes Augenmerk auf der Frage, ob und welchen empirischen Studien man trauen kann. Man benötigt keine Vorkenntnisse zum verfolgen des Vortrages. Als Beispiele werden aktuelle und klassische Studien au...

Provable Security

How I learned to stop worrying and love the backdoor - Dijkstra (en)

Modern cryptography is based on security-proofs. We will demonstrate how these work, why they are desirable and what their limitations are.

Even the use of secure primitives like AES or RSA does not guarantee that the end-result is secure as well. In recent years breaks of modern primitives have in fact become exceedingly rare, yet stories like the KRACK-attack or ROBOT keep appearing.

The obvious answer to these problems would be to proof that our protocols are secure. While that may sound great in theory, there are many issues as well:

  • Proving (almost) anything secure, would require to solve a millennium-problem.

  • Given the above, assumptions are required; but which assumptions are reasonable?

  • The word “secure” may seem intuitive, but can we formally define it? And can something be too secure?

  • Idealizing primitives can solve many problems, but what about over-idealizations?

  • Can backdoors be necessary to prove security?

  • A proof can only show the absence of attacks in a certain model. What about attacks outside those models?

From Zero to Zero Day

Clarke (en)

In this talk I will share my story of how in a little over a year, a high school student with almost zero knowledge in security research found his first RCE in Edge.

After starting my BSc in CS and Math I picked up a new hobby: solving coding challenges. The next logical step was to try harder challenges, which lead me to participate in CTF competitions. During these CTFs I found that I’m fascinated by vulnerabilities: finding mistakes or things that developers failed to think through. This is how I started going down the rabbit hole.

Fast forward a year later, I found my first 0-day, a critical RCE in Edge. To understand it, we will review the recent trend of JIT Type Confusion vulnerabilities in ChakraCore. I will talk about the vulnerability I found, explain how I discovered it and show similar vulnerabilities recently found by other researchers. Finally, I will demo a working exploit of this vulnerability.

This session could be helpful both for people interested in getting into the security field, and for experienced security researchers who want to learn more about browser vulnerabilities and exploitation.

Saturday 12:50

Transhuman Expression

Interdisciplinary research in Painting and Robotics. with Prof. Oliver Deussen, PhD candidate Marvin Guelzow, and the Artist Liat Grayver. - Eliza (en)

The meeting point of art and science as a place of inspiration, exchange of knowledge and creation is the main focal point of the talk. Together with Prof. Oliver Deussen, the PhD candidate Marvin Guelzow, and Liat Grayver we will discuss both the...

The painting robot developed at the University of Konstanz in southwestern Germany is a pioneer project in this field and is presently the only one with a visual feedback system. Much more than just a printer capable of reproducing a flat image, the e-David creates unique works through the application of paint strokes that are irreproducible in terms of their colour blend and the materiality of their layering. The possibility of visual feedback brings up many questions within the contemporary discourse on deep learning, artificial intelligence and robotic creativity.
The Collaborating explored further possibilities to exploit the painting robot creatively, and reflected on ideas about the ways in which these could be implemented in the form of software and hardware. A number of questions of wider impact arose as the result of our collaboration: When and why would a semantic method of defining the object in the image be used? Is it an advantage or a disadvantage to paint semantic objects without having a pre-existing cognitive understanding of them? How could I use abstract forms, grammatical structures or mathematic models to achieve more complex surfaces? How would computer la...

Safe and Secure Drivers in High-Level Languages

How to write PCIe drivers in Rust, go, C#, Swift, Haskell, and OCaml - Dijkstra (en)

Drivers are usually written in C for historical reasons, this can be bad if you want your driver to be safe and secure. We show that it is possible to write low-level drivers for PCIe devices in modern high-level languages.
We are working on supe...

Supposedly modern user space drivers (e.g., DPDK or SPDK) are still being written in C in 2018 :(

This comes with all the well-known drawbacks of writing things in C that might be prevented by using safer programming languages.
Also, did you ever see a kernel panic because a driver did something stupid? It doesn't have to be that way, drivers should not be able to take down the whole system.

There are three steps to building better drivers:

1. Write them in a safer programming language eliminating whole classes of bugs and security problems like bad memory accesses

2. Isolating them from the rest of the operating system: user space drivers that drop privileges

3. Isolating the hardware using the IOMMU

We show that it is possible to achieve all of these goals for PCIe drivers on Linux by implementing user space network drivers in all of the aforementioned programming languages. Our techniques are transferable to other drivers that would benefit from more modern implementations.

Our drivers in Rust, C#,

Die verborgene Seite des Mobilfunks

HF-Störquellen im Uplink - Adams (de)

Der Vortrag beleuchtet die Einflüsse auf den geheimnisvollen Teil des Mobilfunks – Störquellen im Uplink und deren Auswirkungen auf die Mobilfunk-Kommunikation sowie Praktiken zum Aufspüren von HF-Störquellen.

Die Feldstärke-Balkenanzeige eines...

Der Uplink von Mobilfunknetzen ist für die mobile Kommunikation unerlässlich, aber niemand kann ihn wirklich sehen. Der Uplink kann durch Störsender, Repeater und viele andere HF-Quellen gestört werden. Wenn er gestört ist, ist die mobile Kommunikation eingeschränkt. Ich werde zeigen, welche Arten von Störquellen den Uplink stören können und welche Auswirkungen das auf die Nutzung des Mobilfunks hat und wie Interference Hunting durchgeführt werden kann.

Zunächst erläutere ich die notwendige Pegelsymmetrie des Downlinks (von der Mobilfunk-Basisstation - eNodeB zum Endgerät) und dem Uplink (vom Endgerät zurück zur eNodeB). Da die Sendeleistungen von Endgerät und eNodeB sehr unterschiedlich sind, erkläre ich technische Hintergründe zum Erreichen der Symmetrie. Im Folgenden werde ich die Probleme und Möglichkeiten bei der Messung von Uplink-Signalen am eNodeB erläutern, in Empfänger kann man ja schlecht hineinschauen. Der Downlink ist im Vergleich dazu sehr einfach zu messen, man sieht die Balken auf dem Smartphone oder kann APPs dazu nutzen, die detaillierte Feldstärkeinfos etc. liefern. Der Uplink bleibt allerdings weitgehend unsichtbar. Wenn dieser allerdings am eNodeB gestört...

Kosmische Teilchenbeschleuniger und ihre Spuren in der Antarktis

Über die Identifikation des ersten kosmischen Teilchenbeschleunigers und den Beginn einer neuen Ära in der Multimessenger-Astronomie - Clarke (de)

Vor 5.7 Milliarden Jahren emittierte der Blazar TXS0506+056 eine große Menge schwach wechselwirkender Neutrinos. Von dem durch ein supermassives schwarzes Loch im Zentrum seiner Galaxie angetriebenen kosmischen Teilchenbeschleuniger fand eines die...

Bereits 1912 entdeckte Viktor Hess die als kosmische Strahlen bekannten hochenergetischen Teilchen, die im Sekundentakt aus dem Weltall auf die Erdatmosphäre treffen. Einige von ihnen stammen aus unserer Sonne, andere von Quellen in unserer eigenen Galaxie – bei den höchsten Energien liegen die Ursprünge allerdings vermutlich in weit entfernten Galaxien. Unglücklicherweise handelt es sich größteils um geladene Ionen, die auf ihrem Weg durch das Universum durch Magnetfelder abgelenkt werden und nicht zu ihren Quellen zurückverfolgt werden können. Deswegen konnte in den mehr als 100 Jahren seit ihrer Entdeckung keine eindeutige Quelle extragalaktischer kosmischer Strahlen identifiziert werden.
Trotz allem gibt es dort draußen Objekte, die winzige Teilchen mit den unvorstellbar geringen Massen von 10^-24g auf die Energie beschleunigen, mit der Rafael Nadal seine Tennisbälle aufschlägt. In irgendeiner Form müssen diese Objekte strahlen und neben kosmischen Strahlen auch andere Teilchen emittieren. Hier setzt die Idee von Multi-Messenger Astroteilchenphysik an: Bei der Untersuchung der energiereichsten Objekte unseres Universums werden zugleich Licht, Neutrinos und Gravitationswel...

Saturday 14:10

Best of Informationsfreiheit

Transparenz mit der Brechstange - Adams (de)

Mit (u. a.): Rainer Rehak, Anna Biselli, Andre Meister, ...

Was für die Breitbandversorgung in Deutschland gilt, gilt auch für Transparenz: Überall Demokratie-Funklöcher, die man stopfen muss, am besten mit Klagen. Wir erzählen, was das Informa...

MicroPython – Python for Microcontrollers

How high-level scripting languages make your hardware project beautifuly easy - Clarke (en)

MicroPython is a lean and efficient implementation of the Python 3 programming language that includes a small subset of the Python standard library and is optimised to run on microcontrollers and in constrained environments.

This talk will gi...

MicroPython is an Open Source project and developed in the open on GitHub. With more than 7000 stars, it ranks in the top 100 of the most popular C/C++ projects.

The MicroPython pyboard is a compact electronic circuit board that runs MicroPython on the bare metal, giving you a low-level Python operating system that can be used to control all kinds of electronic projects.

MicroPython is packed full of advanced features such as an interactive prompt, arbitrary precision integers, closures, list comprehension, generators, exception handling and more. Yet it is compact enough to fit and run within just 256k of code space and 16k of RAM.

MicroPython aims to be as compatible with normal Python as possible to allow you to transfer code with ease from the desktop to a microcontroller or embedded system.

It's used by educators, makers and professional hard- and software developers around the world. The use cases reach from embedded hardware testing over Industrial Internet of Things into space applications.

The Critical Making Movement

How using critical thinking in technological practice can make a difference - Borg (en)

Critical Thinking + Making = Critical Making. Around the world, academics and grassroots communities alike are engaging in critical making. With roots in critical design and critical engineering, etc., the point is to re-politicise making, help pe...

Using critical thinking in the DIY culture to look beyond the idealised picture of the maker and "reintroduce a sense of criticality back into post-2010 maker culture to un-sanitize, un-smooth and re-politicize it" (Hertz) is a relatively recent notion. More and more academia introduce Critical Making into their curricula, but bottom-up, grassroots movements also use critical making. Not only to raise awareness and hopefully change the status quo but also to see profit-oriented innovation practices vary, to minimise their adverse effects on society and the environment.

This lecture will explore the notion of using more societal reflection in technology (both hardware and software) and its importance for our future. Insights on political-activist examples and case studies from around the world (Indonesia, Brazil, Germany) will be presented, with a focus on practice, practitioner and motivation. The aim is to explore making movement as a broader, global yet hyper-locally relevant phenomenon.

Planes and Ships and Saving Lives

How soft and hardware can play a key role in saving lives at sea and why Frontex doesn´t like it - Eliza (en)

The death rate at Europes seaborder reached a historical record: One out of five trying for Europe drowned this September: Main reason is the crackdown on sea rescue by European authorithies who barely pass any information on distress cases to com...

The death rate at Europes seaborder reached a historical record this year: One out of five people, who left wartorn libya on flimsy boats, bound for Europe, drowned in September 2018. The main reason for the increasing death rate ist the crackdown on sea rescue by European authorithies. Back in 2015 and 2016, when rescue NGOs took up rescue efforts on the deadliest waters of the world, the Italian Coast Guard, the NGOS and even the European Navy worked hand in hand, to save as many lives as possible. Nowadays European authorithies are trying to turn the central med into a blackbox: As they rather want to watch people drown then to see them arrive at Europes shores, and barely any information on distress cases is passed to competent rescue workers, the hope of those trying to escape torture, slavery hunger and other forms of violence soleyly lies on the efforts of the civil rescue fleet.

Since no rescue coordination center clearly takes responsibility in favor of those in distress, the technical means of communication and such to increase the search capacity or to document incidents at sea, used on the aerial and nautical assets of the civil rescue fleet, do play a key role i...

Self-encrypting deception

weaknesses in the encryption of solid state drives (SSDs) - Dijkstra (en)

We have analyzed the hardware full-disk encryption implementation of several Self-Encrypting Drives (SEDs) from Samsung and Crucial (Micron) by reverse engineering their firmwares. The vendors combined cover a majority of the market share of SE...

In recent years, protection of sensitive data has received increased attention.
Protection of digital data has become a necessity, certainly in the light of new European Data Protection Regulation. Technically, encryption is the go to protection mechanism; it may be implemented in software or hardware (or both). It can be applied on the level of individual files, or the entire drive, which is called full-disk encryption. Full-disk encryption is often the solution of choice as it takes away concerns of sensitive data leakage through, for example, temporary files, page files and caches. Several software solutions for full-disk encryption exist, and modern operating systems typically integrate it as a feature. However, purely software-based encryption has inherent weaknesses, such as the encryption key being present in RAM at all times and performance drawbacks.

In an attempt to address these weaknesses, hardware full-disk encryption is often proposed; the encryption is performed within the drive itself, thereby confining the encryption key exclusively to the drive. Typically, the encryption itself is performed by a dedicated AES co-processor, whereas the software on ...

Saturday 16:10

Archäologische Studien im Datenmüll

Welche Daten speichert Amazon über uns? - Adams (de)

Jeder Nutzer hat das Recht bei seinen Dienstanbietern eine Kopie seiner Daten anzufordern. Doch wer macht das schon? Wir haben genau das getan. Das Ergebnis war nicht nur eine intensive und emotionale Brieffreundschaften mit der Datenschutz-Abteil...

Jeder Nutzer hat das Recht bei seinen Dienstanbietern eine Kopie seiner Daten anzufordern. Doch wer macht das schon? Wir haben genau das getan. Das Ergebnis war nicht nur eine intensive und emotionale Brieffreundschaft mit der Datenschutz-Abteilung von Amazon. Das Ganze hat auch sehr viel Datenmüll zu Tage befördert. Amazon schickte eine Tabelle mit den letzten 15.000 Klicks – zu jedem Eintrag gab es bis zu 50 zusätzliche Angaben.

Auf den ersten Blick war klar: In diesen Datenbergen lohnt es sich zu wühlen. Genau das haben wir in den darauf folgenden Monaten getan. Mit einigen Analysen haben wir nach Auffälligkeiten und Mustern gesucht und diese auch gefunden. Amazon weiß, wann wir wo unterwegs waren, wie es um die Qualität unserer Internetverbindung steht, wie es um die Häufigkeit von um Familienbesuchen bestellt ist und und welche Zeitung wir lesen.

Der Vortrag erklärt auf unterhaltsame und kurzweilige Weise, was sich aus unserem Datenmüll mit einfachen Mitteln alles herauslesen lässt. Und warum es problematisch ist, wenn Amazon unsere Vorlieben irgendwann besser kennt, als enge Freunde. Als Bonus geben wir Euch noch die wichtigsten Tipps & Kniffe auf den Weg, wie ihr ...

Matrix, the current status and year to date

Dijkstra (en)

Matrix is an open standard for communication over the Internet. I will talk about the matrix standard, both the technical implementation and the reasons for its creation. We will focus on the changes and progress that has been made in the previous...

In Soviet Russia Smart Card Hacks You

Clarke (en)

The classic spy movie hacking sequence: The spy inserts a magic smart card provided by the agency technicians into the enemy's computer, … the screen unlocks … What we all laughed about is possible!

Smartcards are secure and trustworthy. This is the idea smart card driver developers have in mind when developing drivers and smart card software. The work presented in this talk not only challenges, but crushes this assumption by attacking drivers using malicious smart cards.

We will present a fuzzing framework for *nix and Windows along with some interesting bugs found by auditing and fuzzing smart card drivers and middleware. Among them classic stack and heap buffer overflows, double frees, but also a replay attack against smart card authentication.

Since smart cards are used in the authentication process, a lot of vulnerabilities can be triggered by an unauthenticated user, in code running with high privileges. During the author's research, bugs were discovered in OpenSC (EPass, PIV, OpenPGP, CAC, Cryptoflex …), YubiKey drivers, pam_p11, pam_pkc11, Apple's smartcard-services and others.

Viva la Vita Vida

Hacking the most secure handheld console - Borg (en)

Since its release in 2012, the PlayStation Vita has remained one of the most secure consumer devices on the market. We will describe the defenses and mitigations that it got right as well as insights into how we finally defeated it. The talk will ...

How do you hack a device running a full featured, security hardened, and completely proprietary operating system executed on a custom designed SoC? Although the PlayStation Vita did not reach the market success of its contemporaries, it was a surprisingly solid device security-wise. Sony learned from the mistakes of PS3 and PSP and there were (mostly) no "FAIL" moments. It carried exploit mitigations that are standard today but groundbreaking for a "popular" device in 2012: SMAP, kernel ASLR, > 2 security domains, and more. Molecule was the first group to run unsigned code on the device as well as the first to hack kernel mode and TrustZone. However, to target the security co-processor (F00D), we need to bring out the big guns. Using a highly customized version of the popular ChipWhisperer hardware, we carried out hardware attacks on the device including fault injection (glitching) and side channel analysis. In a board with twelve layers, dozens of unknown ICs, and hundreds of passives, how do you even begin to attack it without any information? We will start with the basics: a whirlwind tour of the theory behind the attacks. Then we will move to the practical application: mappi...


Tamper Proofing Commodity Hardware and other Applications - Eliza (en)

We are presenting an innovative technology, which allows verifying the authenticity, integrity and/or the physical state of an item by employing the propagation behaviour of electromagnetic waves. In particular, it enables to check for any tamper ...

Cyber-physical systems are ubiquitous and are often located in non-trustworthy environments, in which data is processed that is both sensitive and worth protecting. Despite employed protection, measures such as secured communication an extraction of data and/or manipulation of it are often easily feasible if physical access to the components of the system is given. Or with the words of Brian Gladman: “It is relatively easy to build an encryption system that is secure if it is working as intended and is used correctly but it is still very hard to build a system that does not compromise its security in situations in which it is either misused or one or more of its sub-components fails (or is ’encouraged’ to misbehave) ... this is now the only area where the closed world is still a long way ahead of the open world and the many failures we see in commercial cryptographic systems provide some evidence for this.”
Our technology is aiming to verify the integrity of such systems in order to detect attempts of an attack and activate appropriate countermeasures. The propagation behaviour of electromagnetic waves allows for an extension of the protection from individual small components t...

Saturday 17:10

Die Häuser denen, die darin wohnen!

Langfristig bezahlbares, gemeinsames „Mieteigentum“ schaffen – auch ohne Banken - Dijkstra (de)

Wir wenden uns gegen Gentrifizierung, Luxussanierung und Spekulation mit Häusern. Das Mietshäuser Syndikat ist ein bundesweiter Verbund linker, selbstverwalteter Hausprojekte mit dem Ziel der Initiierung und dauerhaften Erhaltung von gemeinschaftl...

In einer Zeit, in der Mieten teilweise die Hälfte des Einkommens verschlingen, wollen wir mit unserer Idee des Mietshäuser Syndikats (MHS) dagegenhalten. Jedes Haus eines MHS-Hausprojektes wird dabei Gemeineigentum, die aktuellen Mieter*innen sind damit auch ihre eigenen Vermieter*innen. Das MHS beruht auf drei Grundpfeilern: Die Gruppen müssen sich selbst organisieren, sie müssen in einen Solidarfonds zur Initialisierung weiterer Hausprojekte einzahlen, und sie dürfen "ihr" Haus nie mehr verkaufen. Die einzelnen Hausprojekte agieren wirtschaftlich eigenständig, der Dachverband (das MHS) hält jedoch Besitzanteile an allen Hausprojekten und hat damit ein Vetorecht bei Verkaufsabsichten. Solvente Hausprojekte fungieren zudem intern oft als Direktkreditgeber mit dem Ziel, die Abhängigkeit von kommerziellen Bankkrediten erheblich zu reduzieren bzw. sie langfristig komplett obsolet zu machen. Die Mieten werden nur soweit erhöht, dass die laufenden Kosten gedeckt werden können. So entstehen bezahlbare Wohnräume und Räume für soziale und politische Initiativen – auch in Städten, in denen Mieten mittlerweile unerschwinglich geworden sind.

Derzeit gibt es 133 MHS-Hausprojekte, in Fran...

Domain Name System

Hierarchical decentralized naming system used since 30 years - Clarke (en)

Whenever you enter a name into your computer, it resolves it to a numerical IP address. This resolution uses the Domain Name System (DNS), which is a hierarchical decentralised naming system used on the Internet. DNS is organised in a way that top...

DNS is used since 1985 for the Internet, and provides useful service for various protocols. Its initial design could not foresee its wide usage 30 years later. DNS is a core dependency of today's Internet usage. Within the MirageOS project we re-develop network protocols, and I was eager to learn about all the details of DNS, a protocol which has been around and will be around for more time since a lot of systems depend on it.

Truly cardless: Jackpotting an ATM using auxiliary devices.

Adams (en)

Pursuit of “good customers’ experience“ not only leads to new customers, but also attract criminals of all sorts. Presentation will give overview of current security situation of ATMs with different auxiliary devices allowing cardless transactions...

Era of ATMs has started in London in 1967. Since time, when the “hole-in-the-wall” cash machine used radiocarbon paper cheques, ATMs became more complex and smart, providing opportunity to withdraw money without cards. Vendors, in accordance to banks and consumer’s demand, create ATMs that replace plastic cards and PINs with smartphones or QR codes.
Cash withdrawal from an ATM now easier than never before not only for clients, but also for attackers. Jackpotting an ATM via malware or black box are pretty familiar. Countermeasures against such attacks are already in place in many banks. Thus, attackers need to discover new (or well-forgotten) ways to achieve their evil goals.
We will not chew the fat, telling stories about the old days, because new functionality provides new possibilities. Migration from Windows XP to Windows 7/10 means there is always PowerShell on the ATM. “New” types of input devices allow BadBarcode-like attacks. Legitimate auxiliary device connected to the ATM in pursuit of so-called good customers’ experience may lead to ejection of all money from ATM.

Saturday 17:30

Sneaking In Network Security

Enforcing strong network segmentation, without anyone noticing - Eliza (en)

Highly compartmentalized network segmentation is a long-held goal of most blue teams, but it's notoriously hard to deploy once a system has already been built. We leveraged an existing service discovery framework to deploy a large-scale TLS-based ...

The "hard-shell, soft-center" model of network security has been popular since the invention of networks--building proper internal controls is often skipped when organizations grow quickly, and by the time that scale has been achieved, security teams resort to defending the perimeter. In this talk, I'll show an example of how we took a large modern network to a significantly more secure model by building network segmentation into the existing service discovery framework in use.

Service discovery is a critical part of recent network design, and popular frameworks often offer security features. However, these tend to be difficult to implement after the network has already been established, and don't offer endpoint-to-endpoint solutions. We built a series of extensions to SmartStack, an open-source service discovery framework, that allow it to protect all communications with mutual TLS and offer both authentication and authorization. This was all done in a way that's transparent to the applications on either side, allowing us to migrate to this system without changing any application code or teaching developers the details of the system.

This talk will discuss the technologie...


why clearing memory is hard. - Borg (en)

This presentation will start off with a simple problem (how do you clear memory that holds sensitive content). It explores numerous possible solutions, and presents real live facts and figures. bugs in common applications will be shown.

Saturday 18:10

Russia vs. Telegram: technical notes on the battle

Adams (en)

It's time to highlight facts and epic fails that were observed on the wire during attempts to block Telegram in Russia.

Russian Federal Service for Supervision of Communications, IT and Mass Media started the process to ban Telegram on April the 16th. Roskomnadzor press-office claimed that the process will take a few hours. Telegram mostly worked in Russia during the incident beginning and still works half a year later.

Russia banned Amazon, Google, Microsoft, DigitalOcean, Hetzner and other networks covering almost 0.5% of Internet Protocol address space, presumably, to put pressure on international businesses to make Telegram persona non-grata on those networks.

Russia also banned IP addresses of major local businesses (VKontakte, Yandex and others), presumably, by mistake. A flaw in the filter was exploited to bring one of the major ISPs down for a while. Moscow Internet exchange point announced that alike flaw of the filter could be used to disrupt peering. Proxy-hunting experiments were observed sniffing live network traffic, both for obfuscated MTProto proxy and good old Socks5.

This talk will not cover legal aspects of the lawyers fighting for Telegram in court. Also, it will not show any "insider" information from Telegram team.

Mehr schlecht als Recht: Grauzone Sicherheitsforschung

Dijkstra (de)

Reverse Engineering zum Aufspüren von Schwachstellen ist gängige Praxis. Umso überraschender kam für 2 Forschungsteams die Abmahnung durch Rechtsanwälte eines Herstellers. Sie hatten Schwachstellen aufgedeckt und damit, so der Hersteller, seine Re...

Web-based Cryptojacking in the Wild

When your browser is mining coins for other people - Clarke (en)

A cryptojacking website abuses the computing resources of its visitors to covertly mine for cryptocurrencies in the browser. In this talk, we explore this phenomenon and answer, amongst others, the following questions: How does the mining script w...

With the introduction of memory-bound cryptocurrencies, such as Monero, the implementation of mining code in browser-based JavaScript has become a worthwhile alternative to running dedicated mining rigs. Based on this technology, a new form of parasitic computing, widely called cryptojacking, has gained momentum in the web.

In this talk, we systematically explore this phenomenon: To begin with, we demonstrate how modern web technologies are used to create an efficient miner solely in JavaScript. We then present our methodology on how to identify mining scripts on real websites at scale, which we use for a study on the Alexa top 1 million websites. In particular, we perform several secondary analyses to gain insight into the cryptojacking landscape, including a measurement of code characteristics, an estimate of expected mining revenue, and an evaluation of current blacklist-based countermeasures.

Saturday 18:50

Freedom needs fighters!

Wie die GFF mit strategischen Klagen für Freiheitsrechte kämpft und was in 2019 auf uns zukommt - Borg (de)

Der Talk gibt einen Überblick über die Arbeit der Gesellschaft für Freiheitsrechte (GFF): Wir klagen, um Grund- und Menschenrechte vor Gesetzgebern und Behörden zu schützen.

Die letzten Jahre waren harte Zeiten für die Bürgerrechte: Im Bund regierten große Koalitionen, die reihenweise Überwachungsgesetze verabschiedeten - etwa die Staatstrojaner im Strafverfahren, das neue BKA-Gesetz oder den Zugriff von Geheimdienste auf die biometrischen Passbildern aller Bürgerinnen und Bürger, selbst wenn sie sich nichts haben zuschulden kommen lassen. Auch in vielen Bundesländern scherten sich die Parlamente nicht viel um Grundrechte, etwa in Bayern, wo seit dem Sommer das härteste Polizeigesetz seit dem Ende der Nazi-Diktatur herrscht - ein Gesetz, das so krass ist, dass sich sogar die Polizeigewerkschaft kritisch äußerte. Diese und viele andere Themen beschäftigen die GFF, die mit strategischen Klagen versucht, Grundrechte und Menschenrechte zu schützen. Unsere Arbeit geht dabei weit hinaus über den Bereich "digitale Grundrechte" hinaus: Derzeit laufen Verfahren bzw. bereiten wir Verfahren vor gegen § 219a StGB (Maulkorb für Ärzt*innen, die Abtreibungen vornehmen), die Polizeigesetze in Bayern, NRW und Hessen, das Verbot von linksunten.indymedia, die Staatstrojaner in der StPO sowie gegen die Internet-Massenüberwachung durch den BND durch das G10 und das BND-...

Attacking Chrome IPC

Reliably finding bugs to escape the Chrome sandbox - Eliza (en)

In this talk, I discuss how to reliably find bugs in the Chrome IPC system with the goal of escaping the sandbox. I show how to enumerate the attack surface, how to identify the weak areas, and how to fuzz those areas efficiently to consistently p...

Since the win32k lockdown on the Chrome renderer process, full chain Chrome exploits on Windows have become very rare, with the most recent successful competition exploit occurring in 2015.

By applying new fuzzing strategies, I was able to identify many vulnerabilities in the sandbox in the past year, one of which I used to demonstrate a full chain exploit at Hack2Win this year when combined with a teammate's RCE bug.

In this talk I hope to show how I found these bugs by using extremely targeted fuzzing in a way that was easy to setup but reliably had great results, and briefly cover how we leveraged one use after free bug to fully escape the sandbox.

Saturday 19:10

Modeling and Simulation of Physical Systems for Hobbyists

Essential Tools for Developing, Testing and Debugging Systems Interacting with the Real World - Clarke (en)

This is a foundations talk about modeling and simulation as tools for development, testing and debugging systems. It requires very little previous knowledge to address all makers and hobbyists interested in creating or modifying hardware that phys...

During the development of robots, drones or other machines, the individual components are usually not all available at the same time, but are developed and tested separately and then assembled to the final system. Thus, it is often useful to have a placeholder that acts just like the missing components that are not present. Or, for debugging, it might be useful to have a reference configuration, which is known to work, in order to exclude potential sources of error. On the other side, it might be helpful to artificially recreate errors to test the system for robustness to these errors without risking real hardware. This is where modeling and simulation are useful tools to make the development faster and less error-prone.

This talk explains basic modeling and simulation techniques that help even for small project, how to model the physical effects encountered most frequently and to make a simulation of the created model run in a simple way. All examples will be held as practical as possible for community projects, relying only on common hardware and open-source software, in order to make them useful for a broad audience.

Bring your computer with Gnumeric, Python and OMEdito...

The Mars Rover On-board Computer

How Curiosity's Onboard Computer works, and what you can learn from how it was designed - Adams (en)

Mars Rover Curiosity is one of the most sophisticated pieces of hardware ever launched into space. Because of the communication delay from Earth to Mars, it needs to accomplish most of its tasks completely autonomously: landing, navigation, explor...

While space is a somewhat unique environment, we can still learn a lot by looking at how the pieces hardware and software on board of Curiosity are designed and managed. The spacecraft only has one onboard computer that took over from the second it was launched towards Mars. It navigated the stars and orbits, managed a very complicated landing procedure, and now drives around as a car-sized rover over rocks and slippery ravines, all while collecting samples and analysing them with its on board lab.

First we'll have a look at the history of the Mars Science Laboratory plans, then in part two we will launch into hardware. What processors do we have, how are the working together? How is redundancy handled, and shielding against radiation?

As a part three, we'll look closely at the rover's software. Using over the air updates, almost all code running on Curiosity has been pushed there after it had landed on Mars. NASA pushed updates to enable new scientific missions, to make it traverse the environment in a different way, and to route around broken hardware.

After listening to this talk, you should find yourself inspired to look at problems of softw...

A Blockchain Picture Book

Blockchain origins and related buzzwords, described in pictures. - Dijkstra (en)

Where is the blockchain, how long is it, and what does it have to do with cryptography? And is it really something completely new? I spent a lot of time in pubs explaining to people what this blockchain hype is all about. It turns out that the bes...

We make a short excursion into the field of distributed computing where we gain a rough understanding of the origins behind this technology - in a most abstract way.
We explore how different kinds of Blockchains are formed and what kind of properties we may achieve - good as well as the bad ones.
Be warned: This is not meant as investment advice. The goal of the talk is to give you an actual basic understanding of the topic so you can teach your uninformed friends at the pub, too.

Saturday 20:50

A WebPage in Three Acts

live coding performance - Eliza (en)

A Web Page in Three Acts is a live coding performance which combines principles of choreography within the formal structures of coding. An assemblage of semi-improvised visuals and composition experiments in web environments. The screen becomes an...

For the series ‘WebPage Act I, II, III’, Joana Chicau created a specific grammar or vocabulary that links choreographic concepts from post-modern dance with web-coding functions.
This technique follows the concept of esoteric programming languages, also called esolang, used when writing so ware, integrating a new grammar into an existing one. Although an esolang doesn’t have a proper functionality, it is used in combination with other programming languages to explore alternative ways of composing and writing code. Chicau started using esoteric programming languages as an a empt to overcome the abstractness of algorithmic code, and simultaneously as a way to develop my own design language, which derives from choreographic concepts.
The performance starts with a standard webpage, followed by the opening of the web console. The screen is now divided in two stages: the ‘frontstage’, the interface a user normally accesses and the ‘backstage’ or the web console in which programming languages can be ran. In the web console Chicau is calling, juxtaposing and manipulating different functions from a glossary of code, while simultaneously displaying the varied outcomes of graphic eleme...


Mein DIY-Smartphone-Bau - Dijkstra (de)

Ich möchte euch zeigen, wie ich mir aus einem Raspberry PI ein Smartphone baue. Auf welche Probleme und Schwierigkeiten ich dabei gestoßen bin und welche Lösungen ich gefunden habe. Das Projekt ist noch nicht abgeschlossen, es fehlen noch ein paar...

Ich hab gar nicht gedacht, das der Bau eines Smartphones so kompliziert sein kann. Raspberry Pi + Touchdisplay ist nicht alles, was es zu bedenken gibt, bei diesem Projekt. Im Moment lebt das Smartphoneprojekt in einer Butterbrotdose und zieht in der S-bahn oder U-bahn schon mal die Aufmerksamkeit auf sich. Wenn die Powerbank passthrough kann, ist das vorteilhaft, hab ich feststellen müssen. Die Einrichtung der X und Y Achsen auf dem Touchdisplay, damit man damit auch die OnScreenTastatur bedienen kann, war nicht so einfach. Und ich musste feststellen das Landscape nicht die richtige Größe zum flüssigen arbeiten ist. Die meisten Linux-Programme sind, nicht so direkt Touchfähig oder brauchen zu viel Speicher. Dann gab es auch große Herausforderungen! Löten lernen war so eine. Erst lernen wie man lötet, um dann das entlöten zu lernen, um sich dann an den PI zu trauen. Diese und andere Geschichten zum Bau meines Smartphones möchte ich euch erzählen.

Remo2hbo -Robustes und reparierbares Vitalparametermonitoring

Medizingeräte für Alle - Clarke (de)

Moderne Medizintechnik ist teuer und wenn sie kaputt geht, dann kann man sie normalerweise nur durch Servicetechnikerinnen austauschen lassen. Designkriterien orientieren sich an den Gesundheitsversorgung reicher Länder. Wir stellen ein System zur...

Medizinische Versorgung orientiert sich immer stärker an ökonomischen Aspekten und das gilt auch für Medizingeräte. Insbesondere werden sie für Industrieländer entwickelt. Wie bei Laptops und Smartphones geht der Trend zu unreparierbaren Einmalgeräten. Was aber, wenn man als kleine NGO mit wenig Geld mit dem mobilen Krankenhaus im Krisengebiet ist oder eine Gesundheitsstation in Kirgisien aufbaut? Da hilft dann auch die gutgemeinte Spende von alten Medizingeräten nicht so richtig viel weiter und endet schnell als Elektroschrott. Mit dem Anspruch, dass Medizinische Versorgung überall möglich sein muss und Gesundheit keine Ware ist, bauen wir einen Vitalparametermonitor, der sowohl hard- als auch softwaremäßig open source ist und möglichst robust und reparierbar ist. Im Rahmen des Talks wollen wir Euch die wichtigsten Designkriterien, unsere Tests mit "herkömmlichen" kommerziellen Systemen und unsere Hard- und Softwarelösungen vorstellen und mit Euch disktutieren. Wenn alles läuft wie geplant, gibt es sogar schon Lötkits des Prototypen zum Selbstkostenpreis...

Conquering Large Numbers at the LHC

From 1 000 000 000 000 000 to 10: Breaking down 14 Orders of Magnitude - Borg (en)

We are going to outline the ingredients necessary to perform measurements at the LHC, starting from an ordinary bottle of hydrogen. Let us take you on a journey following the path of the protons from this bottle to being ready for collisions in on...

The Large Hadron Collider at CERN is one of the largest and most precise machines mankind has built. As a particle accelerator, it enables us to study proton collisions in large detector experiments such as ATLAS and CMS. These detectors basically work like huge cameras with millions of channels taking up to one billion snapshots of the collisions per second. In a large fraction of these collisions, reactions take place that have been studied and understood for decades now. The very rare processes, however, are those that are especially interesting, but at the same time challenging to extract.
The probabilities of processes, that have been studied and confirmed so far, span a range of 14 orders of magnitude. Finding the needle in the haystack of events we record at the LHC is like trying to score a field goal in basketball from space.
The rareness of the interesting phenomena not only calls for pure physics understanding, but it also requires advanced techniques in data mining to find as many events of interest as possible while reducing the number of incorrectly accepted events. Hence, data handling in high energy physics means to dig into petabytes of data to filter out and...

Du kannst alles hacken – du darfst dich nur nicht erwischen lassen.

OpSec für Datenreisende - Adams (de)

Schon Wladimir Wladimirowitsch Putin wusste: "Hacker, das sind freie Menschen, so wie Künstler." Wie wollen dafür sorgen, dass es so bleibt.

Der Hacksport erfreut sich immer größerer Beliebtheit – nicht nur in Russland.

In diesem Einführungs-Talk geben wir einen Überblick über die Risiken des Hobbys: Eingetretene Türen, Hausdurchsuchungen und hohe Anwaltskosten trüben den Genuss des freien Hacksports.

Hier lohnt es sich für den hackenden Nachwuchs, aus den Fehlern anderer zu lernen. Wir geben klassische Beispiele für Fehler in der Operational Security, damit Ihr sie nicht machen müsst.

Saturday 21:50

Media Disruption Led By The Blind

Hacking Visual Culture - Eliza (en)

Visual culture dominates our societies, every day encouraging and rewarding corporations and their users to create more visual content to populate their digital spaces and build their digital lives. But what if there was an unseen method of disrup...

As we move towards immersive computing (XR) being the primary means of human-computer interaction, are we thinking of the blind and visually impaired? To this date, the simple answer to that question is no. However, through the visual innovations of VR HMDs, we have seen a strong momentum build for improved sonic and tactile computer interfaces. In my project Infinite Observer, I am working directly with blind innovators and content creators to set standards for UX in VR, and to empower the next generation of computing to support accessibility for the blind and visually impaired.

Infinite Observer is the first narrative VR experience designed from the ground up by the blind for the blind. The experience places you in an underground ring of blind hackers called the Infinite Observers. As you discover throughout the experience, the group is filled with members of unique sensory skill sets and a deep understanding of the vibratory qualities that make sound so powerful. They monitor movements using echolocation and build resonant frequency-based weaponry. They can shift tectonic plates, teleport using molecular vibration, and hack into digital communication via sub-frequencies un...

No evidence of communication and morality in protocols: Off-the-Record protocol version 4

Borg (en)

OTRv4 is the newest version of the Off-The-Record protocol. It is a protocol where the newest academic research intertwines with real-world implementations. It is also one of the first protocols that comes from the global south which makes the pol...

As we know from past revelations, the Internet has become a place where any action is surveilled and recorded. In the light of this, the OTR protocol was created. But it was created long time ago. In the past years, there have been a increased work on cryptographic primitives, and privacy and security notions. But these thoughts have not been incorporated into projects. OTRv4 is the newest version of the Off-The-Record protocol, which tries to incorporate these new ideas. At the same time, OTRv4 is a protocol that challenges the common thinking around protocols as it comes from the global south, and takes moral questions into its design, as Rogaway tried to defined on his "The Moral Character of Cryptographic Work?" paper. Furthermore, OTRv4 tries to update the notion of deniability and why it is important for the world.

Hacking the Human Microbiome

Dijkstra (en)

The human microbiome is a diverse community of bacteria that lives inside us. Their contribution towards our personal well-being or sickness is controversially discussed within the scientific world and, likewise, in our society. First attempts to ...

First, I will answer some general questions to lay the foundation: What is the human microbiome? How is it studied? Why is there a hype at the moment?
Subsequently, I will explain fundamental concepts of human microbiome research: Faecal microbiome transplantations (“eating poop”), microbiome enrichment (“taking probiotics”), microbiome depletion (“swallowing antibiotics”), and rational, targeted interventions (“getting or killing a single bug”).
This will be followed by an introduction into different experimental and computational methods, that are being performed to discern the complex interplay between bacteria and our human body. The data obtained from these analyses are hard to interpret. The conclusions drawn from the data hardly move beyond associations. The advancement of the field from discovered correlations to causations is demanded but rarely achieved. I will outline major challenges in measurement techniques and analysis pipelines. The debate about the proper acquisition, encryption, storage and accessibility of genetic information of the human person itself is still in its infancy. Discussions about the (meta-)genetic information of the human microbiome are lacki...

Saturday 22:10

Funkzellenabfrage: Die alltägliche Rasterfahndung unserer Handydaten

Wie wir alle regelmäßig den Behörden ins Netz gehen und wie man immerhin mehr Transparenz schaffen kann - Clarke (de)

Polizei und Geheimdienste sammeln per "Funkzellenabfrage" Tag für Tag Millionen von Standort-Daten. Netzbetreiber liefern den Behörden regelmäßig Datensätze aller Mobilfunknummern, die zu einem bestimmten Zeitpunkt in bestimmten Funkzellen waren. ...

Dieser Talk macht deutlich, was diese Form der Massenüberwachung aus bürgerrechtlicher Sicht bedeutet. Danach stellen die Speaker das Berliner Funkzellenabfragen-Transparenz-System vor, das zumindest ein wenig Licht ins Dunkel dieser Überwachungsmaßnahmen bringen kann.

Electronic Evicence in Criminal Matters

An introduction and critique of the EC proposal for a regulation - Adams (en)

The lecture will give an introduction into the "EC Proposal for a Regulation on European Production and Preservation Orders for Electronic Evidence in Criminal Matters (COM (2018) 225 final)" and .
the impact to civil liberties of the users as we...

Saturday 22:50

The foodsaving grassroots movement

How cooperative online structures can facilitate sustainable offline activism - Eliza (en)

When you're fighting for a cause, you need tools that reflect your values. While venture capital-backed tools are seductive, especially at the beginning of your movement, they can be harmful in the long-term. This session shows how co-operatively ...

Capitalist and consumerist structures have led to reduced incentives to make the most efficient use of food. Wastage is massive and the reasons are many: misshapen vegetables, damaged packaging, mislabeling, forecasting errors, unsold items, etc. These are all symptoms of the structure of our industrialised food production structures, food waste is inherent in these systems.

Many organisations have sprung up to try and access this food, using many approaches. France has tried to outlaw supermarket food waste, apps like Olio and Too Good To Go try and use the startup/funding approach, charities like FareShare in the UK receive massive government funding to redistribute to other charities. Startups and big charities replicate the hierarchical structures and bureaucratic processes of capitalist organisations. Whilst they can achieve much at times, we don't believe this is the sustainable resilient model - profit motives or government objectives dictate the approach to take.

In Germany was created as a grassroots volunteer movement with origins in the dumpster diving scene. It has scaled up to co-ordinate the activities of 30...

Internet of Dongs

A long way to a vibrant future - Borg (en)

With great pleasure comes great responsibility. A responsibility, which is not taken enough into consideration by the smart sex toy manufacturers as they should, while handling extremely sensitive data. As long as there is no serious breach, there...

In recent years the internet of things has slowly creeped into our daily life and is now an essential part of it, whether you want it or not. A long-existing sub category of the internet of things is a mysterious area called teledildonics. This term got invented about 40 years ago and described (at this time fictional) devices, allowing their users to pleasure themselves, while being interconnected to a global network of plastic dongs. In the 21st century, teledildonics actually exist. Multiple devices are on the (multi-million dollar) market, offering the ability to pleasure an individual, while being connected to the internet. Those devices offer functionalities, like remote pleasuring over local links as well as over the internet. They implement social media-like functionalities such as friends lists, instant messaging, movie chats and explicit-image sharing.
With great pleasure comes great responsibility. A responsibility, which is not taken enough into consideration by the smart sex toy manufacturers as they should, while handling extremely sensitive data. As long as there is no serious breach, there is no problem, right?
This was the basis for a research project called ...

Circumventing video identification using augmented reality

Dijkstra (en)

Video identification is the process of establishing the identity of a person via video chat. The person to be identified has to show his face as well as her official ID card to the camera. This lecture gives a step-by-step tutorial on how such vid...

To be specific, we will use a credit-card printed with markers, which will be detected using the Aruco library shipping with OpenCV.
The resulting position and orientation will then be used to render a 3D representation of an official ID card with arbitrary information.
The 3D representation will be rendered using OpenGL. A shader will compose its look using several layered textures.
Additionally, skin detection will be used to create a skin mask in the area of the card to avoid rendering over fingers held in front of it.
Finally, the input image, the known position and orientation of the card, the rendered fake card and the skin mask will be composed to a convincing output image - ready to be presented to the call center agent.

Saturday 23:10

Desinformation und Fake News - Bekämpfung und Verifizierung leicht gemacht

Adams (de)

Für Journalisten bieten soziale Netzwerke eine Vielzahl von Quellen und Informationen, in einem Ausmaß, das vor Jahren unvorstellbar war. Doch damit steigt auch das Risiko immer weiter, auf Manipulationen und „Fake News“ hereinzufallen. In Zeiten ...

Während Bildmaterial bis vor wenigen Jahren noch hauptsächlich eigenproduziert oder eingekauft wurde oder über Agenturen geliefert wurde, kann dank Smartphones jeder zum Video- und Nachrichtenproduzent werden. Teilweise haben solche Videos eine Reichweite, von der etablierte Medien nur träumen können. Es geschieht kaum eine Breaking News, bei der nicht nach wenigen Minuten bereits Bilder im Netz kursieren. Dass solche Bilder nicht ungeprüft übernommen werden sollten, hat sich zum Glück rumgesprochen. Aber wie kann der Wahrheitsgehalt eines Bildes oder Videos unabhängig und nachvollziehbar verifiziert werden? Viele Medienhäuser haben erkannt, dass traditionelle Recherchemethoden bei diesem Thema schnell an ihre Grenzen stoßen und haben Verifizierungsteams gegründet. Glücklicherweise gibt es viele Programme, Webseiten und Plug-Ins, die einen bei der Verifizierung unterstützen. Der Vortrag zeigt, welche Arten von Fälschungen es gibt und wie man Fälschungen mit welchen Mitteln entlarven kann.

Saturday 23:30

#afdwegbassen: Protest, (Club-)Kultur und antifaschistischer Widerstand

Über kreative Organisation, poltische Aktionen und das Bedürfnis nach vernetztem Aktivismus - Clarke (de)

Im Mai 2018 initiierte Reclaim Club Culture (RCC) in Berlin einen Protest gegen einen Aufmarsch der AfD und die AFDsierung der Gesellschaft. Zusammen mit mehr als 170 Techno Clubs, Festivals und Veranstalter*innen organisierten wir innerhalb von z...

Dieser Impuls war Teil einer Mobilisierung, die in 2018 - zumindest was Großdemos angeht - insgesamt wieder ein wenig Hoffnung macht. Gleichzeitig stellt sich die Frage, wie wir unsere Straßenmobilisation stärker in den gesellschaftlichen Alltag tragen. Auf keinen Fall dürfen wir trotz unserer Paar Erfolge vergessen, wie es unter anderem in Ellwangen und Chemnitz aussieht und dass global und in Europa gerade wieder ein vermehrtes Aufkommen faschistischer Regierungen Realität ist.
Mit den entsprechenden Folgen für die dort lebenden Menschen.
Derzeit arbeiten wir an Organisationsstrukturen, wie Infrastruktur, Kommunikation, Netzwerken und Sicherheit, die weitere politische Aktivitäten unterstützen sollen. Während dieser Arbeit und der Durchführung von weiteren Aktionen blieben einige Fragestellungen innerhalb dieser Felder unbeantwortet. Einer der größten Unterstützer*innenkreise der Aktion war der wohl älteste Club Berlins: der CCC.
Wir werden unsere gegenwärtigen Ansätze vorstellen, untersuchen und daran die Frage knüpfen, wie durch die Hackercommunity der digitale Raum als Unterstützung im Kampf gegen Faschismus besser aktiviert werden kann. Ziel dabei ist gemeinsam ein ande...

Saturday 23:50

Österreich: Überwachungsstaat oder doch nur Digitalisierung für Anfänger?

Ein Jahr unter der rechtsextremen Regierung - Dijkstra (de)

In Österreich regiert seit einem Jahr eine Koalition aus der rechtskonservativen ÖVP und der rechtsextremen FPÖ. Eine ihrer ersten Maßnahmen war eine vollkommen überzogene Verschärfung von Überwachungsbefugnissen: Bundestrojaner, Anlassdatenspeich...

Die neue österreichische Regierung steht für mehr Überwachung und weniger Datenschutz. Viele der Maßnahmen treffen alle Menschen in diesem Land und nicht nur Kriminelle. Schutzsuchenden werden die Menschenrechte überhaupt aberkannt. Künftig sollen sie im Asylverfahren ihre Mobiltelefone zur Beweissicherung aushändigen müssen. Diese können dann komplett ausgelesen werden, es kommt zu einer digitalen Hausdurchsuchung. Damit wird stärker in die Rechte von Asylwerbern und Asylwerberinnen eingegriffen, als in die von Menschen, die einer schweren Straftat verdächtigt werden.

Heikle personenbezogene Daten aus öffentlichen Datenbanken sollen zu allen wissenschaftlichen Zwecken – auch kommerziellen – zur Verfügung stehen, z.B. auch Daten aus der Elektronischen Gesundheitsakte (ELGA). Krankenkassen wurden zur Rasterfahndung in Gesundheitsdaten verpflichtet, um "Missbrauch von Versicherungsleistungen" zu verhindern. Auch eine Vorratsdatenspeicherung von IP-Adressen versuchte die Regierung in einen Gesetzesentwurf zu schmuggeln - als es auffiel und Protest hervorrief, nahm sie den Vorschlag jedoch sofort wieder zurück.

In unserem Vortrag versuchen wir, einen Überblick darüber zu g...

How Facebook tracks you on Android

(even if you don’t have a Facebook account) - Borg (en)

In this talk, we’re looking at third party tracking on Android. We’ve captured and decrypted data in transit between our own devices and Facebook servers. It turns out that some apps routinely send Facebook information about your device and us...

In this talk, we’re looking at third party tracking on Android. We’ve captured and decrypted data in transit between our own devices and Facebook servers. It turns out that some apps routinely send Facebook information about your device and usage patterns - the second the app is opened. We’ll walk you through the technical part of our analysis and end with a call to action: We believe that both Facebook and developers can do more to avoid oversharing, profiling and damaging the privacy of their users.


… und warum ihr dabei mitmachen solltet - Eliza (de)

Die Repaircafé-Bewegung rollt über unser Land herein. Wie können wir uns daran beteiligen und Synergien nutzen?

In vielen Städte sind in den letzten Jahren Reparaturtreffs zur festen Institution geworden. Was gibt es für Schnittmengen mit der Hacker- und Makerszene? Warum solltet ihr euch beteiligen, was gibt es dabei zu beachten und zu gewinnen?

Saturday 00:10


The sumo robot fight for the technically ungifted - Adams (en)

We let the technically ungifted build robots and to fight each other for the laughs.

Please contact @honky in RocketChat or visit the ChaosZone Hall 2 if you want to participate. We need at least 8 Robots to participate, if we have more, we'll...

Let's build funny robots and let them fight each other as long as we are superior to them :) Please let's dishonor high tech and celebrate everything made out of stuff we usually throw away (and blinks).

Please contact @honky in RocketChat or visit the ChaosZone Hall 2 if you want to participate. We need at least 8 Robots to participate, if we have more, we'll bring this to the battlefield.

Saturday 01:10

Chaos Communication Slam

Technische Liebesgedichte & Horrorgeschichten im Dichterwettstreit - Adams (de)

Chaos meets Poetry Slam.
Der humoristische Dichterwettstreit mit Informatikhintergrund. Mitmachen ausdrücklich erwünscht.

Und keine Sorge, ein Poetry Slam hat nichts mit dem Ingeborg-Bachmann-Preis zu tun. Hierbei geht es um einen Wettkampf bei dem selbstgeschriebene Texte live vorgetragen werden. Prosa, Lyrik, lustige Geschichte, das ist eure Wahl. Erzählt von euren Sysadmin Lovestorys, WebDev-f*ckUps oder was auch immer euch auf der Seele liegt.
Für Kurzentschlossene bieten wir euch davor noch einen Crash Kurs in Slam Poetry an, damit auch ihr das Publikum begeistern könnt und mit in das Finale einzieht. Die Session findet ihr zeitnah im Event-Wiki. Auf dieser Seite findet ihr auch eine Adresse, um euch für das große Event anzumelden.
Durch den Abend begleitet euch das Slam-erfahrene Team der "Slamigans" aus dem Umfeld des Chaostreff Flensburg. Moderiert von Thorben Dittmar, früherer U20-Local aus dem Kühlhaus und ewiger zweiter Platz, stimmt das Publikum zusammen über die besten Beiträge ab. Das Siegertreppchen darf sich schon auf tolle Preise freuen.
Also schnell anmelden!

Sunday 11:30

Radical Digital Painting

Fantastic Media Manipulation - Eliza (en)

Radical Digital Painting groups and presents several ideas and artifacts related to contemporary painting and contextualizes its connection to historical processes and digital technology. It is inspired by and is a continuation of Radical Computer...

Through demonstrative, interactive performance lectures, American artist and educator Jeffrey Alan Scudder presents homegrown software inventions and new theories about painting and picture making.

He has performed 60 times since 2016 across the US and Europe, mostly in art schools for students, and often with collaborators Goodiepal, Casey REAS, Julia Yerger, and Artur Erman.

A Google search for “digital painting” today mostly brings up Photoshop tutorials related to translating age old representational painting techniques to computational media, but the topic of digital painting has much more to offer fine arts in terms of poetry and theory.

Painting software today has largely developed out of a need for traditional artists to keep up pace of work in large scale mass media production pipelines, like those of video games and movies. Few systems have been developed to explore the spontaneity and spirituality present in modernism and contemporary art and further develop the language of painting in general.

Jeffrey has created several programs that highlight abstract expressivity, play, and improvisation over production quality and technical control.

In addition t...

Are machines feminine?

exploring the relations between design and perception of machines and the dynamics in between - Dijkstra (en)

Why do navigation systems have feminine voices? We know Tay, Eliza, Siri not only as female names, but also as chatbots and software, which directly interact with humans. Although computer programs are per se genderless, gender seems not to be can...

This talk aims to examine how we map gender on computers and machines. This includes looking at software in machine-human interaction, as well as digging deeper into a cultural history of imagining and building human-like machines.
To look at this, two view points are taken;
In the examples of the virtual assistants; What do the responses these devices give in conversation reveal about their design? What are the expectations and projections users map onto a machine when they interact with it?
This connects to the cultural imagining of machines as subjects, which has been pondered in literature and film before and parallel to technical research. From 18th century clockwork powered figures, that wrote and played music, to 19th century literature, in which young men fall in love with piano playing automata to A.I. characters in movie series and cinema.
This talk tries to explore the relations between design and perception of machines and the dynamics in between.

Lightning Talks Day 4

Borg (en)

Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a cre...

Did you think that the thrill of sharing your ideas in front of a huge audience at a C3 was something you'd never experience? Do you work on a cool project and want to get the word out? Was your talk one of the hundreds that got rejected? Did you come up with an awesome hack that you need to share? Go ahead and enter your Lightning Talk now!

The 35C3 Lightning Talks consist of three fast paced sessions which are perfect for pitching new software or hardware projects, exploits, creative pranks or strange ideas you need to get out to a global audience. Even if you don't have an awesome idea or project to share, a Lightning Talk is perfect for pitching your Assembly, your workshop or even a longer talk you'll give as a self-organized session. Your five minutes of fame!

For registration and schedule info, please check out

Hacking how we see

A way to fix lazy eye? - Clarke (en)

We mostly see with the mind, and the mind is flexible. For the four hundred million people with amblyopia (lazy eye), their brain encountered an installation error when linking both eyes as babies. As a "Plan B", their brain switched one eye off....

By providing an open set of tools for creating comparable experiments, our goal is not just to provide a tool, and a set of tools for building more tools, but to provide the basis for one of the world's largest open-science experiments.

Nobody claims to have predictive scientific models of how the visual system works in its entirety, and that means there is still so much more to discover. In the case of Lazy Eye, some aspects of the visual system are de-activated and/or dormant. What we can do is to comparatively explore which techniques and approaches have which effects on opening visual perceptions, and thereby drive our understanding of the system forward on a theoretical and practical level.

If you'd like to know more, check out and come along to this talk. :-)

What the flag is CTF?

Adams (en)

Every year since 2011 on the 28C3 we organize a Capture the Flag contest for people on the Congress and from all over the world. This year we want to give you an overview about what a CTF is, the challenges, the players, the community and how much...

Capture the Flag competitions started to become a thing in the infosec community more than 20 years ago. When we started playing they were casual games to improve our skill set every now and then on weekends with a bunch of friends. In recent years, the CTF community grew much bigger and nowadays you can play a CTF every weekend if you want to. So what is it all about?

For the past 7 years, we organized the C3 CTF with a variety of challenges that try to be oriented towards real-world scenarios. The range of topics include reverse engineering, crypto(graphy) and web, and of course good old binary exploitation. If you solve a task, you get a flag. As simple as that. For the second time this year, we also run a separate, entry-level CTF designed for folks who do not like spending 48 hours on a single challenge. We are honored that over a thousand teams are playing with us every year from every corner of the world, and trolling our IRC channels.

We will present some challenges from this year's contest to give you an idea what you are up to when you decide to play. You will see how to solve our challenges even if you never played a CTF before. We realize that everybody needs t...

Sunday 12:30

Court in the Akten

OpenSchufa und OffeneGesetze - Eliza (de)

Private Unternehmen müssen nicht so transparent sein wie Behörden - selbst wenn sie sich wie Behörden benehmen.
Welche Mittel können wir nutzen, um trotzdem Lichts ins Dunkel der Konzerne zu bringen? Wir stellen zwei Projekte mit unterschiedlich...

Microtargeting und Manipulation

Von Cambridge Analytica zur EU-Wahl - Adams (de)

Die Möglichkeiten des Microtargetings, aber auch der Desinformation mit Hilfe von Werbeplattformen wie Facebook sind vielfältiger, als man vor dem Cambridge-Analytica-Skandal vielleicht vermutet hätte. Darauf wollen wir auch angesichts der anstehe...

Seit dem US-Präsidentschaftswahlkampf und dem Brexit-Entscheid sind Details ans Licht gekommen, wie politische Propaganda heute praktisch durchgeführt wird. Was die noch nicht einmal beendeten Untersuchungen bisher ergeben haben, wollen wir zusammenfassen. Denn dass sie mindestens dazu beitrugen, die Wahlergebnisse zu beeinflussen, ist nun nachvollziehbar.

Entsprechend werden in Brüssel derzeit Gegenmaßnahmen geplant, die die Wahlen zum Europäischen Parlament vor ungebetenen verdeckten Manipulationen schützen sollen. Aber halten sich die zur Wahl Stehenden selber an ihre Forderungen und Vorschläge?

Sunday 12:50

Open Source Orgelbau

Clarke (de)

Spaß und ein kleines Bisschen Wissenschaft mit 3D-gedruckten Orgelteilen

Musikinstrumentenbau ist überwiegend geheim-by-accident, es wird persönlich weiter gegeben und ist nicht ohne weiteres öffentlich zugänglich. Das ist für musik- und handwerklich interessierte Nerds natürlich unbefriedigend.
3D-gedruckte Pfeifen werden ich mitbringen.

## Ablauf
* Kurze Einführung, was ist eine Orgel eigentlich
* Was kann man heute cooler machen mit 3D-Druck und modischer Elektronik, Erläuterungen zu Funktionsweisen und CAD-Files
* Überlegungen über Tastatur-Dynamik

## Links
Das Spektrogramm auf dem Mac:
ffmpeg -f avfoundation -i ":0" -lavfi showspectrum=s=1440x900:slide=rscroll -c:v rawvideo -r 25 -pix_fmt yuv420p -f matroska - | mpv -
Linux: ffplay -f pulse -i "default"

Previously auf

Parametrische Orgelpfeifen-Files (FreeCAD und OpenSCAD):


Kernel Tracing With eBPF

Unlocking God Mode on Linux - Dijkstra (en)

Have you ever wanted to trace all syscalls or dump all IPC traffic across a Linux system? Until recently, doing so may have required some significant setup involving a half-baked tracing kernel module, a custom kernel module, or even using a kerne...

eBPF (or "extended" Berkeley Packet Filter) is a bytecode and virtual machine used as a safe computing environment within the Linux kernel to perform arbitrary programmatic actions. It is a redesign of the original BPF bytecode VM used, typically in userspace, to power features like tcpdump filters. eBPF has an entirely different set of capabilities and instructions, with its primary goal being to serve as a JIT-able virtual machine instruction set that can be targeted by compilers of a memory-safe "restricted C" language. In the Linux kernel BPF and eBPF have been applied to various different kernel features, from programmatic syscall filtering (for sandboxing) to performing efficient custom packet processing inline on the kernel's network data plane.

In this talk, we will first introduce and briefly discuss the internals of the eBPF implementation in the Linux kernel, its features, and the current set of components that it may be integrated with. We will also briefly cover how eBPF does not intrinsically make C code secure and demonstrate how using eBPF instead of other, more mature, technologies may introduce vulnerabilities.

The majority of this talk will focus on usin...

Sunday 13:30

Netzpolitischer Wetterbericht 2018

Die Höhen und Tiefen der deutschen und europäischen Netzpolitik - Adams (de)

Das Jahr 2018 bietete wieder zahlreiche Beispiele für einen netzpolitischen Wetterbericht. Die Große Koalition lief sich mit der Bundesregierung warm und am Ende des Jahres droht man den Überblick über zahlreiche Kommissionen und Arbeitsgruppen zu...

Während die Urheberrechtsrichtlinie wahrscheinlich Uploadfilter und Leistungsschutzrecht auf EU-Ebene verankert, bringen die Innenminister Uploadfilter gegen Terrorpropaganda voran.

Die ePrivacy-Verordnung hatte im Parlament zuviele Fans von Verbraucherrechten, deshalb wird sich jetzt im EU-Rat gestoppt. Der Skandal um Cambridge Analytica führte dazu, dass Geschäftsmodelle und Datenschutz bei Facebook und Co in der Öffentlichkeit stärker diskutiert wurden und nebenbei erblickte die Datenschutzgrundverordnung das Licht der Öffentlichkeit. Fast alles in der Netzpolitik dreht sich derzeit um Künstliche Intelligenz, wobei immer noch unklar ist, was sich Politikerinnen und Politiker darunter vorstellen, wenn sie davon sprechen. Irgendwas mit Arbeitsplätzen auf jeden Fall, vielleicht auch noch was mit Ethik und Regulierung. Je nach Perspektive.

Dafür gibt es natürlich mehr Überwachung. Es gibt neue Behörden und Agenturen für den Bau von Staatstrojanern und am Bahnhof Südkreuz wurden erfolgreich/erfolgslos biometrische Videoüberwachungssysteme getestet, die demnächst überall ausgerollt werden könnten. Neue Polizeigesetze bringen mehr Überwachungsbefugnisse auf Länderebene.

Es ...

Sunday 14:10

Cat & Mouse: Evading the Censors in 2018

Preserving access to the open Internet with circumvention technology - Clarke (en)

The deepening of global Internet infrastructure comes accompanied with an invigorated capacity and intent by adversaries to control the information that flows across it. Inextricably, political motivations and embedded power structures underlie th...

The deepening of global Internet infrastructure comes accompanied with an invigorated capacity and intent by adversaries to control the information that flows across it. Inextricably, political motivations and embedded power structures underlie the networks through which we interpret and understand our societies and our world - censorship threatens the integrity of the public sphere itself. The increasing technical sophistication of information controls deployed by censors in adversarial network environments around the world can be uniquely viewed and researched by circumvention tool providers, whose work continues to preserve access to the open Internet for all communities. Through this presentation, we endeavour to share insights gained from the front lines of this technical contest.

The following key questions will be answered in this session:
- What are circumvention tools conceptually and how do they work?
- How have the techniques of adversaries evolved?
- What are the latest innovations in circumvention technology?
- How have emerging economies been affected, where censorship and and surveillance hardware and software are built-in to newly established ICT infrastru...

Augmented Reality: Bridging the gap between the physical and the digital world

Dijkstra (en)

There has been a lot of talk about Virtual Reality (VR), but still there are very little applications to enhance our everyday lives outside of entertainment. Augmented Reality (AR), the less known sibling of VR, has the power to have a more profou...

The recent renaissance and the technical advance brought Virtual Reality (VR) into the spotlight of the mainstream media and led to many promises of a upcoming VR revolution. But despite the abundance of VR headsets, the profund impact into our everyday lives is still not on the horizon. However, hidden in the shadows of VR, Augmented Reality (AR) has a much higher potential to change our lives. In contrast to VR, which aims to replace our physical reality with a virtual one, AR expands our physical world with virtual content. While VR disconnects us from the world, AR bridges the gap between the real and the digital world.

Research in last decades focused mostly on specialized and professional use, e.g., in medicine or the industry. Nonetheless, there are a lot of applications for everyday usage, like navigation, traveling, education, and others. Probably the most important promise of AR is that it can help mend the ever increasing breach between humans and technology. Todays technical systems are often to complex, processes to distributed for humans to fully understand the function and state of systems. With AR we can superimpose these information directly on our physical w...

Let's reverse engineer the Universe

exploring the dark - Borg (en)

There is four times more dark matter and over fifteen times more dark energy than regular matter in the universe. And we have absolutely no idea what these invisible dark substances might be. This talk will show how we know that dark energy and da...

When it comes to dark matter, cosmology is facing a crisis. Many theories that can be tested nowadays where falsified and dark matter particle candidates still haven't been found in most of the predicted energy ranges. Whatever dark matter and dark energy will turn out to be, it will be stunning. So stay tuned and explore the dark.

Sunday 14:30

Kickstart the Chaos: Hackerspace gründen für Anfänger

Ein Erfahrungsbericht aus unbetreuter Vereinsmeierei - Eliza (de)

Laut Mythos wurde der CCC nur zu einem Verein, weil als einzige andere Rechtsform nur noch die kriminelle Vereinigung zur Alternative stand. Damit es bei euch nicht soweit kommt zeigen wir euch wie ihr bequem aus eurem Interessensverband, der Bret...

Was macht eigentlich ein Vorstand? Ist Kassenwart sein nicht voll viel Papierkram? Wie mache ich jetzt richtige Beitrittserklärungen?
Alles Fragen die unser eins gerne davon abhalten einen richtigen Verein zu gründen. Wenn man sich aber kurz in das Abenteuer Vereinsrecht stürzt hat man am Ende ein klasse Tool in der Werkzeugkiste um noch fantastischer im Hackerspace zusammen an Projekten arbeiten zu können.
Wir sprechen dabei aus teilweise schmerzlicher, teilweise lustiger Erfahrung. Samuel und Thorben waren beteiligt an der Gründung und Entwicklung mehrerer Vereine. In den letzteren Versuchen dann auch mit mehr Erfolg. So existiert und floriert bis heute auch der Chaostreff Flensburg e. V., an dessen Geschichte wir euch zeigen wollen wie ihr einen Hackerspace oder ähnliches auf die Beine stellen könnt, wo ihr ihn beheimatet, wie ihr Mitglieder gewinnt, eine Community schafft und auch das nötige Kleingeld für eure Projekte zusammenkratzt. Was für Tools und Technik könnt ihr auf eure Probleme werfen und wo hilft der Gang zum befreundeten Steuerberater? Und wie kann man überhaupt ein Teil des großen Chaos werden, ohne überhaupt nur eine Seele dabei zu haben die weiß worum es geh...

Dissecting Broadcom Bluetooth

Adams (en)

Broadcom's Bluetooth firmware on popular devices – such as Nexus 5, Nexus 6P, Raspberry Pi 3, and Raspberry Pi 3+ – shares the same firmware update mechanisms, which allows for local firmware modifications. With InternalBlue we published a framewo...

In the first part of this talk we present the InternalBlue framework, which allows to experiment with Broadcom-based Bluetooth chips. On Nexus 5 and 6P, it already supports monitoring and injection tools for the lower layers of the Bluetooth protocol stack.

The second part of this talk focuses on security. We show how behavior during pairing can be modified, e.g. by setting other device features or IO capabilities. We also demonstrate an implementation of the recent publicly known ECDH key exchange attack.

Last, we demonstrate a new attack (CVE-2018-19860) that can crash the Bluetooth stack and execute a limited set of functions – only requiring knowledge of the Bluetooth MAC address of the device under attack. This vulnerability has silently been patched in newer firmware versions, but it applies to Broadcom chips in popular devices such as Nexus 5, Raspberry Pi 3, iPhone 6, Xperia Z5, Samsung Galaxy Note 3, MacBook Pro 2016 and more.

Sunday 16:10

35C3 Infrastructure Review

Up and to the right: All the statistics about this event you could wish for - Borg (en)

35C3 is run by teams of volunteers. In this event, they will provide some insight into the challenges they faced while building the GSM, DECT and IP networks, running video streams, or organizing ticket sales. All graphs will be pointing up and to...

Security Nightmares 0x13

Adams (de)

Was hat sich im letzten Jahr im Bereich IT-Sicherheit getan? Welche neuen Entwicklungen haben sich ergeben? Welche neuen Buzzwords und Trends waren zu sehen?

Wie immer wagen wir den IT-Security-Alptraum-Ausblick auf das Jahr 2019 und darüber hinaus. Denn was wir wirklich wissen wollen, ist ja schließlich: Welche artifiziell intelligenten Poltergeister werden in unseren Geräten herumspuken, welchen Meistern werden sie gehorchen und wie werden wir sie wieder los?

Sunday 17:10

Closing Event

Adams (de)

Hier hört es auf.

Archived page - Impressum/Datenschutz