Chaos Computer Club - 30C3 (high quality mp4)

To Protect And Infect (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

2013 will be remembered as the year that the Internet lost its innocence for nearly everyone as light was shed on the widespread use of dragnet surveillance by the NSA and intelligence agencies globally. With the uprisings of the Arab Spring where people raided the offices of their regimes to bring evidence to light, we've seen a tremendous phenomenon: a large numbers of whistleblowers have taken action to inform the public about important details. The WikiLeaks SpyFiles series also shows us important details to corroborate these claims. There is ample evidence about the use and abuses of a multi-billion dollar industry that have now come to light. This evidence includes increasing use of targeted attacks to establish even more invasive control over corporate, government or other so-called legitimate targets. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5439.html

30C3 Infrastructure Review (30c3)

Mon, 30 Dec 2013 01:00:00 +0100

about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5609.html

Hacking as Artistic Practice (30c3)

Sat, 28 Dec 2013 01:00:00 +0100

!Mediengruppe Bitnik are contemporary artists. In their talk they will show two examples of their work, illustrating the translation of hacking from the computer field into an artistic practice. Bitnik will show how to hack the opera in ten easy steps and what happens when you send a parcel with a hidden live webcam to Julian Assange at the Ecuadorian Embassy in London. Using the strategies of hacking, !Mediengrupppe Bitnik intervenes into settings with the aim of opening them up to re-evaluation and new perspectives. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5425.html

Thwarting Evil Maid Attacks (30c3)

Mon, 30 Dec 2013 01:00:00 +0100

Increasingly, users and their computing hardware are exposed a range of software and hardware attacks, ranging from disk imaging to hardware keylogger installation and beyond. Existing methods are inadequate to fully protect users, particularly from covert physical hardware modifications in the "evil maid" scenario, and yet are very inconvenient. Victims include governments and corporations traveling internationally (e.g. China), anti-government activists in places like Syria, and anyone who is a target of a motivated attacker who can gain physical access. Physically Unclonable Functions, combined with a trusted mobile device and a network service, can be used to mitigate these risks. We present a novel open-source mobile client and network service which can protect arbitrary hardware from many forms of covert modification and attack, and which when integrated with software, firmware, and policy defenses, can provide greater protection to users and limit potential attack surface. We'll also be showing video of an unreleased tool to the public utilized by surveillance teams. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5600.html

Sysadmins of the world, unite! (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

Finally, the world is aware of the threat of mass surveillance and control, but we still have a fight on our hands, and that fight is both technical and political. Global democracy is not going to protect itself. There has never been a higher demand for a politically-engaged hackerdom. Jacob Appelbaum and Julian Assange discuss what needs to be done if we are going to win.

about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5397.html

Even More Tamagotchis Were Harmed in the Making of this Presentation (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

You might remember Tamagotchi virtual pets from the 1990's. These toys are still around and just as demanding as ever! At 29C3, I talked about my attempts to reverse engineer the latest Tamagotchis, and this presentation covers my progress since then. It includes methods for executing code on and dumping code from a Tamagotchi, an analysis of the Tamagotchi code dump and a demonstration of Tamagotchi development tools that make use of these capabilities. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5279.html

Closing Event (30c3)

Mon, 30 Dec 2013 01:00:00 +0100

about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5606.html

The Exploration and Exploitation of an SD Memory Card (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

All “managed FLASH” devices, such as SD, microSD, and SSD, contain an embedded controller to assist with the complex tasks necessary to create an abstraction of reliable, contiguous storage out of FLASH silicon that is fundamentally unreliable and unpredictably fragmented. This controller is an attack surface of interest. First, the ability to modify the block allocation and erasure algorithms introduces the opportunity to perform various MITM attacks in a virtually undetectable fashion. Second, the controller itself is typically powerful, with performance around 50MIPS, yet with a cost of mere pennies, making it an interesting and possibly useful development target for other non-storage related purposes. Finally, understanding the inner workings of the controller enables opportunities for data recovery in cards that are thought to have been erased, or have been partially damaged. This talk demonstrates a method for reverse engineering and loading code into the microcontroller within a SD memory card. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5294.html

Do You Think That's Funny? (30c3)

Fri, 27 Dec 2013 01:00:00 +0100

This lecture shall give a first person account of how circumstances have dramatically changed for actionist art practice over the last 15 years. I will use examples from my own art practice to show the impossibility to engange in digital and real-life actionism as they are considered criminal under anti-terrorist laws. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5376.html

CounterStrike (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

Lawful Interception is a monitoring access for law enforcement agencies, but also one of the primary data sources of many surveillance programs. (Almost?) every Internet service provider needs to provide LI functionality in its routers. However, LI exposes a larger attack surface to the one being surveilled than any router should. Could this be a mistake? about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5304.html

25 Jahre Chipkarten-Angriffe (30c3)

Sat, 28 Dec 2013 01:00:00 +0100

Eine unterhaltsame, spannende und lehrreiche Reise durch 25 Jahre Chipkarten-Angriffe mit tiefen Einblicken in Amateur- und Profi-Hackerlabore, inklusive eines Ausblicks in neueste Methoden und zukünftige Ansätze. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5548.html

Fnord News Show (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

Im Format einer lockeren Abendshow werden wir die Highlights des Jahres präsentieren, die Meldungen zwischen den Meldungen, die subtilen Sensationen hinter den Schlagzeilen. Kommen Sie, hören Sie, sehen Sie! Lassen Sie sich mitreißen! about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5490.html

Seeing The Secret State: Six Landscapes (30c3)

Sat, 28 Dec 2013 01:00:00 +0100

Although people around the world are becoming increasingly aware of the United States' global geography of surveillance, covert action, and other secret programs, much of this landscape is invisible in our everyday lives. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5604.html

07KINGSTON25 JAMAICA: MALARIA UPDATE Dispatches from Fort Meade (30c3)

Fri, 27 Dec 2013 01:00:00 +0100

At Fort George "Orwell" Meade, home of the NSA and the US Defense Information School, managing the message of Chelsea Manning's trial was facilitated by a lack of public access to most of the court filings and rulings until 18 months into her legal proceeding. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5634.html

Security of the IC Backside (30c3)

Sat, 28 Dec 2013 01:00:00 +0100

In the chain of trust of most secure schemes is an electronic chip that holds secret information. These schemes often employ cryptographically secure protocols. The weakest link of such a scheme is the chip itself. By attacking the chip directly an attacker can gain access to the secret data in its unencrypted form. In this presentation we demonstrate the attack class of the future, backside attacks. This class of attacks mitigate all device countermeasures and can access all signals of the device. As opposed to the attacks of today, these attacks can also be applied to complex systems such as the ARM SoCs of modern smartphones. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5459.html

Baseband Exploitation in 2013 (30c3)

Fri, 27 Dec 2013 01:00:00 +0100

Exploitation of baseband vulnerabilities has become significantly harder on average. With Qualcomm having grabbed 97% of the market share of shipped LTE chipsets in 1Q2013, you see their chipset in every single top-of-the-line smartphone, whether it is an Android, an iPhone, a Windows Phone or a Blackberry. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5618.html

The Year in Crypto (30c3)

Sat, 28 Dec 2013 01:00:00 +0100

This was a busy year for crypto. TLS was broken. And then broken again. Discrete logs were computed. And then computed again. Is the cryptopocalypse nigh? Has the NSA backdoored everything in sight? Also, answers to last year's exercises will be given. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5339.html

Hardware Attacks, Advanced ARM Exploitation, and Android Hacking (30c3)

Sat, 28 Dec 2013 01:00:00 +0100

In this talk (which in part was delivered at Infiltrate 2013 and NoSuchCon 2013) we will discuss our recent research that is being rolled into our Practical ARM Exploitation course (sold out at Blackhat this year and last) on Linux and Android (for embedded applications and mobile devices). We will also demonstrate these techniques and discuss how we were able to discover them using several ARM hardware development platforms that we custom built. Where relevant we will also discuss ARM exploitation as it related to Android as we wrote about in the "Android Hackers Handbook" which we co-authored and will be released in October 2013. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5193.html

Security Nightmares (30c3)

Mon, 30 Dec 2013 01:00:00 +0100

Was hat sich im letzten Jahr im Bereich IT-Sicherheit getan? Welche neuen Entwicklungen haben sich ergeben? Welche neuen Buzzwords und Trends waren zu sehen? about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5413.html

Glass Hacks (30c3)

Sat, 28 Dec 2013 01:00:00 +0100

A one hour technical lecture that covers everything from machine learning and AI to hardware design and manufacture. Includes demonstrations of applications enabled by an always-on image capturing wearable computer. You'll leave with a clear understanding of the field's status quo, how we got here, and insight into what's around the corner. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5537.html

The Four Wars (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

Based on her own experiences as an Intelligence Officer for MI5 (the UK domestic security service) and a whistleblower, Annie Machon will talk about the relationships between the wars on 'terror', drugs, whistleblowers, and the internet, and suggest some ideas about what we can do. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5295.html

To Protect And Infect, Part 2 (30c3)

Mon, 30 Dec 2013 01:00:00 +0100

about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5713.html

Hacker Jeopardy (30c3)

Fri, 27 Dec 2013 01:00:00 +0100

The Hacker Jeopardy is a quiz show. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5577.html

Amtliche Datenschützer: Kontrolleure oder Papiertiger? (30c3)

Mon, 30 Dec 2013 01:00:00 +0100

In dem Vortrag beschäftigt sich der Ex-Bundesdatenschützer mit der Rolle der Datenschutzbeauftragten: Welche Durchsetzungsmöglichkeiten haben sie? Wie ist ihr Verhältnis zur Zivilgesellschaft? Welchen Einfluss können sie auf europäischer und internationaler Ebene ausüben? about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5623.html

The good, the bad, and the ugly - Linux Kernel patches (30c3)

Sat, 28 Dec 2013 01:00:00 +0100

Companies are often blamed for not working upstream. Surprisingly, the situation is not per se better with community projects. To change the latter for the better, Wolfram will show some examples regarding the Linux Kernel and present ideas to create win-win-win situations. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5446.html

Through a PRISM, Darkly (30c3)

Mon, 30 Dec 2013 01:00:00 +0100

From Stellar Wind to PRISM, Boundless Informant to EvilOlive, the NSA spying programs are shrouded in secrecy and rubber-stamped by secret opinions from a court that meets in a faraday cage. The Electronic Frontier Foundation's Kurt Opsahl explains the known facts about how the programs operate and the laws and regulations the U.S. government asserts allows the NSA to spy on you. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5255.html

The philosophy of hacking (30c3)

Mon, 30 Dec 2013 01:00:00 +0100

Modern society's use of technology as an instrument for domination is deeply problematic. Are instrumentality and domination inherent to the essence of technology? Can hacking provide an alternative approach to technology which can overcome this? How do art and beauty fit into this approach? about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5278.html

Mobile network attack evolution (30c3)

Fri, 27 Dec 2013 01:00:00 +0100

Mobile networks should protect users on several fronts: Calls need to be encrypted, customer data protected, and SIM cards shielded from malware. Many networks are still reluctant to implement appropriate protection measures in legacy systems. But even those who add mitigations often fail to fully capture attacks: They target symptoms instead of solving the core issue. This talks discusses mobile network and SIM card attacks that circumvent common protection techniques to illustrate the ongoing mobile attack evolution. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5449.html

Hacking the Czech Parliament via SMS (30c3)

Mon, 30 Dec 2013 01:00:00 +0100

The Czech art collective Ztohoven' project “Moral Reform” was accomplished in collaboration with web security experts. Together they created the unique art concept of a mobile phone mass-hack. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5593.html

The Tor Network (30c3)

Fri, 27 Dec 2013 01:00:00 +0100

Roger Dingledine and Jacob Appelbaum will discuss contemporary Tor Network issues related to censorship, security, privacy and anonymity online. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5423.html

Concepts for global TSCM (30c3)

Mon, 30 Dec 2013 01:00:00 +0100

After studying the various levels of activities that come together in BuggedPlanet and realizing the scope and level of implementation of NSA´s SIGINT theatre, it´s propably time to step back, summarize the big picture and ask how we handle it properly. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5495.html

Die Drohnenkriege (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

Die Drohnenkriege sind Ausdruck einer rasanten Entwicklung: vom „Krieg gegen den Terror“ nach 9/11 zur Kriegsführung der Zukunft. Einer Zukunft, die gelegentlich der Science Fiction der späten Achtziger zu entstammen scheint, in der Roboter die schmutzigen Kriege der Menschen kämpfen und sich schließlich gegen ihre Schöpfer erheben. Letzteres liegt noch längst nicht im Bereich des Möglichen, aber Wege zur Erschaffung autonomer Kampfroboter werden bereits beschritten. Der Vortrag will das Phänomen des Drohnenkrieges politisch einordnen und einen Ausblick versuchen. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5532.html

Human Rights and Technology (30c3)

Mon, 30 Dec 2013 01:00:00 +0100

This talk aims to shed some light on recent human rights violations in the context of the use of digital information and communications technology, particularly considering the latest disclosures about the surveillance programmes of Western intelligence services. At the same time, it shall provide information about Amnesty International's positions and activities in this field and invite anybody interested in our work to get involved. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5539.html

World War II Hackers (30c3)

Fri, 27 Dec 2013 01:00:00 +0100

The use of encryption to secure sensitive data from unauthorized eyes is as old as human communication itself. Before the relatively new method of computerized encryption software converting data into a format unintelligible to anyone lacking the necessary key for its decryption, for a long time there was pen and paper and the human brain doing quite a bit of work. Up until the 20th century encryption had to be done literally by hand, to then be transmitted in paper form, via telegraphy or radio. In this context, encryption of data has always been of special importance during times of political conflict and war; subsequently, it saw its major developments during those times in history. This talk will examine and explain common hand encryption methods still employed today using the example of one very successful Soviet espionage group operating in Japan in the 1930s and 1940s: the spy ring centered around Richard Sorge, codenamed “Ramsay”. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5474.html

Das FlipDot-Projekt (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

Inbetriebnahme alter Flip-Dot-Anzeigemodule eines Autobahn-Parkleitsystems zu einer interaktiven Anzeige. Reverse Engineering des Protokolls und Entwicklung einer Steuerplatine auf Basis des Raspberry Pi. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5426.html

The Internet (Doesn't) Need Another Security Guide (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

As Internet privacy/security professionals and amateur enthusiasts, we are often asked to give advice about best practices in this field. Sometimes this takes the form of one-on-one advice to our friends, sometimes it's training a room full of people, and sometimes you may be asked to write a blog post or a brief guide or an entire curriculum. This talk will survey the current Internet privacy guide landscape and discuss the perils and pitfalls of creating this type of resource, using the Electronic Frontier Foundation's Surveillance Self Defense project as a case study. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5538.html

Extracting keys from FPGAs, OTP Tokens and Door Locks (30c3)

Sat, 28 Dec 2013 01:00:00 +0100

Side-channel analysis (SCA) and related methods exploit physical characteristics of a (cryptographic) implementations to bypass security mechanisms and extract secret keys. Yet, SCA is often considered a purely academic exercise with no impact on real systems. In this talk, we show that this is not the case: Using the example of several wide-spread real-world devices, we demonstrate that even seemingly secure systems can be attacked by means of SCA with limited effort. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5417.html

Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

In this work we present a stealthy malware that exploits dedicated hardware on the target system and remains persistant across boot cycles. The malware is capable of gathering valuable information such as passwords. Because the infected hardware can perform arbitrary main memory accesses, the malware can modify kernel data structures and escalate privileges of processes executed on the system. The malware itself is a DMA malware implementation referred to as DAGGER. DAGGER exploits Intel’s Manageability Engine (ME), that executes firmware code such as Intel’s Active Management Technology (iAMT), as well as its OOB network channel. We have recently improved DAGGER’s capabilites to include support for 64-bit operating systems and a stealthy update mechanism to download new attack code. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5380.html

Lightning Talks, Day 4 (30c3)

Mon, 30 Dec 2013 01:00:00 +0100

about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5564.html

The Gospel of IRMA (30c3)

Sat, 28 Dec 2013 01:00:00 +0100

Attribute Based Credentials (ABC) allow users to prove certain properties about themselves (e.g. age, race, license, etc.) without revealing their full identity. ABC are therefore important to protect the privacy of the user. The IRMA (I Reveal My Attributes) project of the Radboud University Nijmegen has created the first full and efficient implementation of this technology on smart cards. This allows ABC technology to be used in practice both on the Internet as well as in the physical world. We will discuss ABCs in general, the IRMA system, it's advantages and pitfalls, and future work. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5214.html

Data Mining for Good (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

For over thirty years, human rights groups in Guatemala have carefully documented the killing and disappearance of many people in the early 1980s. There are tens of thousands of records in many databases, and over 80 million paper pages of police records available in the Archives of the National Police. Most of the prosecutions of the former military and police officials who committed the atrocities depends on eyewitnesses, specific documents, and forensic anthropologists' examination of exhumed bones. However, data analysis helps to see the big patterns in the violence. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5405.html

THE DATABASE NATION, a.k.a THE STATE OF SURVEILLANCE (30c3)

Mon, 30 Dec 2013 01:00:00 +0100

23rd of December 2008 was a sad day in India for civil liberties. On this day, The Indian Parliament passed the "The Information Technology (Amendment) Act" with no debate in the House, which effectively means is that the government of India now has the power to monitor all digital communications in the country without a court order or a warrant. The "world's largest democracy" strongly leaning towards becoming a surveillance state raises many questions and poses severe challenges for free speech and economic justice in India and globally. This talk will map and review the current political, socio-cultural and legal landscape of mass-surveillance, data protection and censorship in India and analyse how it ties in to the global landscape of surveillance and censorship. It will also aim to create a discussion space to investigate the deeper effects of these so called "welfare" projects and how citizen-led movements can drive the state towards stronger data protection and privacy laws. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5421.html

Warum die Digitale Revolution des Lernens gescheitert ist. (30c3)

Mon, 30 Dec 2013 01:00:00 +0100

Der digitale Wandel hat uns grandiose Chancen für selbstbestimmtes, kreatives, kollaboratives, kritisches und demokratisches Lernen gebracht. Wir haben sie nicht genutzt. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5467.html

Dead Man Edition (30c3)

Mon, 30 Dec 2013 01:00:00 +0100

Die alarmierenden Zustände beim Abbau der Rohstoffe, die in den Bauteilen (z. B. dem Tantal-Elektrolytkondensator) eines Computers stecken, rufen Menschenrechtler auf den Plan. In den U.S.A. ist es 2010 gelungen, ein umstrittenes Gesetz umzusetzen, das die Finanzierung von Kriegsparteien durch Erzhandel regulieren soll. In der EU soll nun ähnliches geschehen. Der Vortrag klärt über die Geschichte auf, nennt Konsequenzen und formuliert Forderungen. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5293.html

No Neutral Ground in a Burning World (30c3)

Fri, 27 Dec 2013 01:00:00 +0100

The news of the past few years is one small ripple in what is a great wave of culture and history, a generational clash of civilizations. If you want to understand why governments are acting and reacting the way they are, and as importantly, how to shift their course, you need to understand what they're reacting to, how they see and fail to see the world, and how power, money, and idea of rule of law actually interact. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5491.html

30C3 Opening Event (30c3)

Fri, 27 Dec 2013 01:00:00 +0100

Introductory event to say hello to everybody, give a brief overview of the event's features and look into history and future alike

about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5605.html

Coding your body (30c3)

Mon, 30 Dec 2013 01:00:00 +0100

The average movement habits of a clichè hacker are legendary. Cowering for days in front of unergonomic hardware setups, stoic ignorance of hardly decodeable signs of the body like hunger, eye- and backpains. Probably due to a general disinterest in non-digitally engineered systems. Shouldn’t a true hacker know at least bits and pieces about the codes and signs of the body? We all know bits and pieces.. but are they the correct and helpful ones? We will discuss some technical and biological details of slipped discs, posture disservice and pain. I will show fundamental “red flags” which have to be serviced by a medical geek. But not all medical geeks have a good idea about the body's code, therefore I will also suggest some helpful therapies for the most common cases. Bottom line: how to code your body to prevent pain without relying on smattering. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5289.html

Keine Anhaltspunkte für flächendeckende Überwachung (30c3)

Fri, 27 Dec 2013 01:00:00 +0100

Die Enthüllungen Edward Snowdens haben die deutsche Politik für kurze Zeit in Aufregung gebracht. Für eine Beruhigung reichte es bereits aus, die Enthüllungen in sprachlich-logisch cleverer Weise zu verarbeiten, sie teilweise in ein anderen Kontext zu stellen und so schließlich Entwarnung geben zu können: Die Bundesregierung hat „keine Anhaltspunkte für flächendeckende Überwachung“. Bei diesem Vorgehen handelt sich um ein Paradebeispiel dafür, wie mit einfachen sprachlich-rhetorischen Tricks die politisch Verantwortlichen die Öffentlichkeit und sich selbst so weit täuschten, dass es ihnen nicht mehr nötig erschien, sich mit den eigentlichen Problemen auseinanderzusetzen, und so das leidige Thema aus dem Wahlkampf herausgehalten werden konnte. Neben den mittlerweile zum Standard gehörenden „Basta“-Floskeln spielte das Phänomen der Modalisierung eine besondere Rolle, wie die genauere Analyse zeigt. Auch logische Fehler wie Zirkelschlüssel und (zu) strikte Einschränkung des thematischen Bezugs erlaubten diese „Flucht-nach-vorne“-Strategie. Die Häufung sprachlicher Tricks und des logisch-inhaltlichen Ausweichens legen eine Inszenierung nahe. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5281.html

Attacking HomeMatic (30c3)

Mon, 30 Dec 2013 01:00:00 +0100

HomeMatic is a good working, inexpensive and quickly spreading home automation system supporting wired as well as (partly AES handshake protected) wireless communication. The first part of our talk deals with security issues of HomeMatic devices and their wireless communication protocol called BidCoS (Bidirectional Communication Standard). In the second part we introduce Homegear, our own interface software to control HomeMatic devices. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5444.html

Beyond the Tech: Building Internet Freedom Tools for Real People (30c3)

Mon, 30 Dec 2013 01:00:00 +0100

Few hackers will disagree that users are not given enough consideration when building Internet Freedom Tools designed to circumvent censorship and surveillance. But how do we do it? This talk will outline a framework for a user-focused approach to the Development and Impact of Internet Freedom Tools through using ethnography, human-centered design, and the practice of research-based product definition. This talk is intended for developers, researchers, and journalists who seek to understand how better tools can be developed to protect anonymity and provide unfettered access to the Internet. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5550.html

BREACH in Agda (30c3)

Sat, 28 Dec 2013 01:00:00 +0100

Software engineering is in a unsustainable state: software is mainly developed in a trial and error fashion, which always leads to vulnerable systems. Several decades ago the correspondence between logics and programming (Curry-Howard) was found. This correspondence is now being used in modern programming languages using dependent types, such as Agda, Coq, and Idris. In this talk I show our development of attacks and security notions within Agda, using the recent BREACH exploit as an example. Our development is a constructive step towards verified software and bridges a gap between theory and practice. I will explain the details about the Curry-Howard correspondence. The target audience are interested people with some programming experience. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5394.html

Making machines that make (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

Making a new control system for a machine is often a slow and tedious task. Maybe you already have a 3 axis stage, and you already know how to move it around. But what if you want to add a camera and use it for position feedback? You'd have to redesign the whole hardware layer. I'll talk about some ways I've built modularity into control systems for machines so that you can quickly iterate on different kinds of machine systems without getting stuck in hardware land forever. This includes connecting synchronized nodes across a network and importing legacy nodes for things like, say, an old pressure box you found in the trash and has rs232 in. Down with gcode! Long live machine control. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5587.html

Towards an affordable brain-computer-interface (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

The brain can be understood as a highly specialized information processing device. Because computers basically do the same thing, it's not too absurd to try to link these two together. The result is a brain-computer-interface. This talk explains the core functionality of our brain and how to access the stored data from the outside. Software and hardware have already reached a somewhat hacker-friendly state, and we want to show you how we got there. We're also here to answer all your questions about the brain. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5395.html

Desperately Seeking Susy (30c3)

Sat, 28 Dec 2013 01:00:00 +0100

Supersymmetry has been particle theorists' favorite toy for several decades. It predicts a yet unobserved symmetry of nature and implies that to each known type of elementary particle there exists a partner particle none of which has been detected up to today. I will explain why it is an attractive idea nevertheless and what is the current situation after the large hadron collider (LHC) at CERN has looked at many places where supersymmetric partners were expected and did not find them. Is it time to give up hope that susy is a property of nature? about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5416.html

WarGames in memory (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

Memory corruption has been around forever but is still one of the most exploited problems on current systems. This talk looks at the past 30 years of memory corruption and systematizes the different existing exploit and defense techniques in a streamlined way. We evaluate (i) how the different attacks evolved, (ii) how researchers came up with defense mechanisms as an answer to new threats, and (iii) what we will have to expect in the future. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5223.html

Introduction to Processor Design (30c3)

Sat, 28 Dec 2013 01:00:00 +0100

This lecture gives an introduction to processor design. It is mostly interesting for people new to processor design and does not cover high performance pipelined structures. Small knowledge on VHDL programming would be great but is not essential. A very small processor core will described here. Demo: Create a backdoor in the VHDL Code of a processor core. Exploit this backdoor to get a root shell in the linux operating system. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5443.html

My journey into FM-RDS (30c3)

Sat, 28 Dec 2013 01:00:00 +0100

How I discovered mysterious hidden signals on a public radio channel and eventually found out their meaning through hardware hacking, reverse engineering and little cryptanalysis. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5588.html

Reverse engineering the Wii U Gamepad (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

A year ago in November 2012, Nintendo released their latest home video game console: the Wii U. While most video game consoles use controllers that are very basic, the Wii U took the opposite route with a very featureful gamepad: wireless with a fairly high range, touch screen, speakers, accelerometer, video camera, and even NFC are supported by the Wii U gamepad. However, as of today, this interesting piece of hardware can only be used in conjunction with a Wii U: wireless communications are encrypted and obfuscated, and there is no documentation about the protocols used for data exchange between the console and its controller. Around december 2012, I started working with two other hackers in order to reverse engineer, document and implement the Wii U gamepad communication protocols on a PC. This talk will present our findings and show the current state of our reverse engineering efforts.

X Security (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

For the past year, I've been looking at the implementation of X.org code. both client and server. During this presentation, I'll give an overview of the good, the bad and the ugly. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5499.html

FPGA 101 (30c3)

Sat, 28 Dec 2013 01:00:00 +0100

In this talk I want to show you around in the mysterious world of Field Programmable Gate Arrays, or short FPGAs. The aim is to enable you to get a rough understanding on what FPGAs are good at and how they can be used in areas where conventional CPUs and Microcontrollers are failing upon us. FPGAs open up the world of high-speed serial interconnects, nano-second event reactions and hardware fuzzing. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5185.html

Anonymity and Privacy in Public Space and on the Internet (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

How is it possible to participate in a social event anonymously? How can we hide from surveillance in public space? How can we communicate anonymously in real life? How can we be private in public? This talk will give an overview about existing hacks and techniques that allow to be private in public, and compare privacy technologies from the web to anonymity techniques that can be used in real life. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5500.html

Calafou, postcapitalist ecoindustrial community (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

Calafou – the Ecoindustrial Postcapitalist Colony – is a settlement of around three dozen people in the Catalonian countryside. Concrete pylons standing 20 meters high hold a highway passing above the wild forest valley, where hall after dilapidated hall of industrial ruins stretch along the banks of a contaminated stream nurturing a twisted yet lively ecosystem. Echoes of unseen, passing cars blend into the organic static of wildlife, punctuated by beats booming from the hacklab speakers. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5571.html

RFID Treehouse of Horror (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

In this lecture, we present a black-box analysis of an electronic contact-less system that has been steadily replacing a conventional mechanical key on multi-party houses in a big European city. So far, there are est. 10.000 installations of the electronic system. The mechanical key has been introduced about 40 years ago to allow mail delivery services to access multi-party houses but has since then aggregated many additional users, such as garbage collection, police, fire brigade and other emergency services. Over 92% of residential buildings in this city are equipped with such a solution. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5334.html

Backdoors, Government Hacking and The Next Crypto Wars (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

Law enforcement agencies claim they are "going dark". Encryption technologies have finally been deployed by software companies, and critically, enabled by default, such that emails are flowing over HTTPS, and disk encryption is now frequently used. Friendly telcos, who were once a one-stop-shop for surveillance can no longer meet the needs of our government. What are the FBI and other law enforcement agencies doing to preserve their spying capabilities? about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5478.html

Lightning Talks, Day 2 (30c3)

Sat, 28 Dec 2013 01:00:00 +0100

about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5562.html

ID Cards in China: Your Worst Nightmare (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

Imagine getting pulled over for running a stop sign and learning for the first time – from the cop – that you are HIV-positive. People in China are required to carry electronic, swipeable ID cards that hold their political views, their HIV status, their mental health situation, and much more. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5543.html

Perfect Paul (30c3)

Fri, 27 Dec 2013 01:00:00 +0100

The facial hacking research presented in this lecture/ performance exploits a well known vulnerability of the human nervous system that it can be easily accessed and controlled by electrodes mounted on the bodies exterior. External digital facial control allows for an unprecedented exploration of human facial expressiveness and has unveiled an unknown expressive potential of the human facial hardware.

Jahresrückblick des CCC (30c3)

Sat, 28 Dec 2013 01:00:00 +0100

Auch das Jahr 2013 geht irgendwann vorbei. Deshalb werfen wir einen Blick zurück auf die für uns besonders relevanten Themen und versuchen abzuschätzen, was im Jahr 2014 auf uns zukommen könnte. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5608.html

Virtually Impossible: The Reality Of Virtualization Security (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

This talk will demonstrate why it is virtually impossible to secure virtual machines implementations properly. In the talk I will try to give an overview of the basics of hardware virtualization technology, the existing attack techniques against virtualization and also explain why it is such a complex problem to create a secure hypervisor. The talk will focus on the low level interfaces and how it affects all aspects of computer platform security. I will also try to review a few interesting Erratas at the end of the talk. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5445.html

Mind-Hacking mit Psychedelika (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

Substanzen wie MDMA, Psilocybin, LSD und Ketamin besitzen erhebliches therapeutisches Potential, und die Erforschung ihrer Wirkmechanismen erlaubt Einblicke in die Funktionsweise der menschlichen Psyche. Der trotz Illegalität relativ einfachen Verfügbarkeit steht ein Mangel an Aufklärung über Risiken, Effekte und Pharmakologie gegenüber, dem mit dieser Einführung begegnet werden soll. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5619.html

White-Box Cryptography (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

The goal of white-box cryptography is to protect cryptographic keys in a public implementation of encryption algorithms, primarily in the context of Pay-TV and tamper-resistant software. I present an overview of the white-box cryptography concept along with the most common applications and proposed designs. I discuss the subtle difference between white-box cryptography, public-key cryptography, and obfuscation. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5590.html

Recht auf Remix (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

Wir leben in einem Zeitalter des Remix. Kreativität und Kultur bauten schon immer auf bereits Bestehendem auf. Internet und digitale Technologien ermöglichen aber die kreative Nutzung existierender Werke in völlig neuen Dimensionen: Nie zuvor war es so vielen möglich, Werke auf so unterschiedliche Arten zu verändern und so einfach anderen zugänglich zu machen. In dem Maße, in dem die kreative Kopie Teil des kommunikativen Alltags breiter Bevölkerungsschichten wird, ist ein Recht auf Remix eine grundlegende Voraussetzung für die Kunst- und Meinungsfreiheit einer Gesellschaft. Die Gegenwart ist jedoch geprägt von restriktivem Rechtemanagement und entgrenzter Rechtsdurchsetzung. Die Initiative "Recht auf Remix" möchte das ändern. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5433.html

Nerds in the news (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

Knight-Mozilla OpenNews sends coders into news organisations on a ten-month fellowship to make new tools for reporting and measuring the news. We believe that to remain relevant, journalism has to smarten up about tech and data. As a global community, we develop tools to datamine public data, news apps to make information accessible, and visualisations to break down complex stories. In my talk, I want to present the lessons about tech that I've learned in a newsroom and the things that still need to be built. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5494.html

Structuring open hardware projects (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

Every successful open hardware project needs a solid organization structure at some point in time, especially when plan to produce and sell your project. In our “i3 Berlin” 3d printer project, we took some elements of the PLM (Product Lifecycle Management) concept and implemented it with open source tools like Github and Blender. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5594.html

Android DDI (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

As application security becomes more important on Android we need better tools to analyze and understand them. Android applications are written in Java and a run in the Dalvik VM. Until now most analysis is done via disassembling and monitored execution in an emulator. This talk presents a new technique to instrument Android applications executed in the DVM. The talk will introduce the new technique in great detail including many small examples and a whole attack based on it. We will go step by step to show you what can be achieved using this technique. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5192.html

2 Takte später (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

Auf dem 29C3 stellten wir euch die Cultural Commons Collecting Society (C3S) als Initiative zur Gründung einer GEMA-Alternative vor. Seit dem ist sehr viel passiert: Unter anderem ist mittlerweile eine Europäische Genossenschaft gegründet, die mit sechsstelligem Kapital aus einer Crowdfunding-Kampagne in das Jahr 2014 geht. Auf Seiten der GEMA sind angesichts der entstehenden Konkurrentin bereits erste Anzeichen für eine Kursänderung wahrnehmbar. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5469.html

Trezor: Bitcoin hardware wallet (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

TREZOR is a hardware wallet for Bitcoin. We identified security of the end users' computer as one of the main problems that block Bitcoin mass adoption. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5545.html

Drones (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

During the last 10 years the technology that was formerly only available to the military, reached the hands of thousands. Researchers, hackers, enthusiasts and hobbyists helped drive the technology further and higher than anyone had imagined just a few years ago. We will recap what the civilian airborne robot community has achieved in the last decade and what the next frontiers are that need to be addressed. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5406.html

Disclosure DOs, Disclosure DON'Ts (30c3)

Sat, 28 Dec 2013 01:00:00 +0100

This talk will focus on responsible disclosure best and worst practices from both legal and practical perspectives. I'll also focus on usable advice, both positive and negative, and answer any questions the audience has on best practices. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5361.html

How to Build a Mind (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

A foray into the present, future and ideas of Artificial Intelligence. Are we going to build (beyond) human-level artificial intelligence one day? Very likely. When? Nobody knows, because the specs are not fully done yet. But let me give you some of those we already know, just to get you started. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5526.html

Zwischen supersicherer Verschlüsselung und Klartext liegt nur ein falsches Bit (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

»Lange Schlüssel sind sicherer als kurze.« »RSA und/oder AES sind einfach zu implementieren.« »Für Zufallszahlen reicht es, java.util.Random zu nehmen.« Solche oder ähnliche Aussagen hört man immer mal wieder. Doch was ist da dran? Welche Fehler werden bei der Benutzung und Implementierung von Kryptografie gern gemacht? about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5502.html

The Pirate Cinema (30c3)

Sat, 28 Dec 2013 01:00:00 +0100

"The Pirate Cinema" reveals Peer-to-Peer information flows. It is a composition generated by the activity on file sharing networks. "The Pirate Cinema" immerses the viewer in network flows. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5607.html

Against Metadata (30c3)

Sat, 28 Dec 2013 01:00:00 +0100

Using case studies of documentary film, Freedom of Information Law document dumps, soundbanks, and a hacker conference, I will demonstrate experiments and results of several years developing open source tools to reorient the idea of documentary around its documents. This is in opposition to a tendancy towards textual and machine-readable metadata, which unduly constrain our wonder, perception, and ability to navigate ambiguous and unknown material. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5453.html

Art of the Exploit: An Introduction to Critical Engineering (30c3)

Sat, 28 Dec 2013 01:00:00 +0100

In this lecture Julian will introduce projects and interventions made by himself and others that foreground Engineering, rather than Art, in the creative and critical frame, offering highly public insights into the hidden mechanisms and power struggles within our technical environment. Projects such as the Transparency Grenade, Packetbruecke and Newstweek will be covered in detail. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5440.html

calc.pw (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

Bei calc.pw handelt es sich um DIY Hardware, mit deren Hilfe man Passwörter aus einem Masterpasswort und einfach merkbaren Informationen (z. B. "ebay", "amazon", etc.) generieren kann. Im Vortrag soll es um die Probleme vorhandener Passwortverfahren (Passwortschemen, Passwortdatenbanken) gehen. Es soll die Theorie hinter der Passwortberechnung erläutert und eine praktische Implementierung dieser Berechnung vorgestellt werden. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5420.html

Technomonopolies (30c3)

Sat, 28 Dec 2013 01:00:00 +0100

We all know monopolies are bad. We even have laws against them that sometimes get enforced. However, today we have new kinds of monopolies that affect us without us even noticing them for what they truly are. And technology plays a central role. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5319.html

Europe, the USA and Identity Ecosystems (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

Talk introducing NSTIC and COM 238, i.e. the current digital identity policy proposals in the USA and European discussing their similarities, differences and possible conflicts.

Lightning Talks, Day 3 (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5563.html

Building a safe NFC ticketing system (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

NFC technology is becoming more and more relevant in our lives. One of its major uses is in ticketing solutions. However, most of companies use bad implementations of NFC technology. By this talk we will explain a complete solution, analyzing security challenges and outlining the best practices and implementation choices. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5479.html

Bullshit made in Germany (30c3)

Sat, 28 Dec 2013 01:00:00 +0100

Die technischen Probleme der De-Mail ließen sich juristisch lösen, und auch bei der E-Mail setzen deutsche Provider bald Sicherheitsstandards der Neunziger Jahre um. Auch für "die Cloud" hat das BSI einen feinen Standard parat – natürlich ohne Verschlüsselung. Wofür bräuchten wir die auch im Schlandnet? about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5210.html

#SOPA, #NSA, and the New Internet "Lobby" (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

The movement against SOPA in the US was the largest protest in online history, and as one of the core organizers, we learned a lot of lessons on how to build a grassroots movement for internet freedom. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5475.html

India's Surveillance State (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

India is currently implementing some of the scariest surveillance schemes in the world. This lecture will shed light on India's surveillance industry, its UID scheme which aims at the collection of all biometric data and on various controversial surveillance schemes, such as the Central Monitoring System (CMS). about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5552.html

Policing the Romantic Crowd (30c3)

Fri, 27 Dec 2013 01:00:00 +0100

This talk considers the use of new technology to police large crowds in the Romantic period. We examine ethical aspects of modern surveillance technologies by looking at debates around crowd control and face recognition in the age that first imagined, and reflected on, the surveillance state. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5447.html

Long Distance Quantum Communication (30c3)

Fri, 27 Dec 2013 01:00:00 +0100

This talk should introduce the general 30c3 participant with several components of long distance quantum communication. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5536.html

30C3 Keynote (30c3)

Fri, 27 Dec 2013 01:00:00 +0100

via videolink.

about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5622.html

Der tiefe Staat (30c3)

Fri, 27 Dec 2013 01:00:00 +0100

Dieser Vortrag beschreibt Konzept und Idee des tiefen Staates anhand der Geschichte der BRD. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5415.html

Turing Complete User (30c3)

Sat, 28 Dec 2013 01:00:00 +0100

With the disappearance of the computer, something else is silently becoming invisible as well — the User. Users are disappearing as both phenomena and term, and this development is either unnoticed or accepted as progress — an evolutionary step. Though the Invisible User is more of an issue than an Invisible Computer. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5547.html

Forbidden Fruit (30c3)

Fri, 27 Dec 2013 01:00:00 +0100

Various dietary restrictions are historically associated with human culture and civilization. In addition, millions suffer from eating disorders that have both pathological and cultural origins. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5613.html

Hello World! (30c3)

Sat, 28 Dec 2013 01:00:00 +0100

USB DeadDrops, IRL map marker in public, FUCK 3D glasses or How to vacuum form a guy fawkes mask. I will present an extensive overview of my art projects from over the last 10 years including the Fake Google car by F.A.T. and moar!! It all started here at the CCC congress! :)) For more info see link ---> about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5611.html

Triggering Deep Vulnerabilities Using Symbolic Execution (30c3)

Fri, 27 Dec 2013 01:00:00 +0100

Symbolic Execution (SE) is a powerful way to analyze programs. Instead of using concrete data values SE uses symbolic values to evaluate a large set of parallel program paths at once. A drawback of many systems is that they need source code access and only scale to few lines of code. This talk explains how SE and binary analysis can be used to (i) reverse-engineer components of binary only applications and (ii) construct specific concrete input that triggers a given condition deep inside the application (think of defining an error condition and the SE engine constructs the input to the application that triggers the error). about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5224.html

Überwachen und Sprache (30c3)

Fri, 27 Dec 2013 01:00:00 +0100

Der Vortrag stellt fortgeschrittene linguistische Methoden des politisch motivierten Internetmonitorings vor. Er gibt keine Anleitung, wie man sich der Überwachung wirkungsvoll entziehen kann, denn das ist ohnehin zwecklos. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5377.html

Breaking Baryons (30c3)

Fri, 27 Dec 2013 01:00:00 +0100

A light-hearted presentation about many aspects of particle accelerators like the LHC and their particle collision experiments. Aimed at technically interested non-scientists and physics buffs alike. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5305.html

Monitoring the Spectrum: Building Your Own Distributed RF Scanner Array (30c3)

Fri, 27 Dec 2013 01:00:00 +0100

Software-Defined Radio (SDR) has increased in popularity in recent years due to the decrease in hardware costs and increase in processing power. One example of such a class of devices is the RTL-SDR USB dongles based on the Realtek RTL2832U demodulator. This talk will discuss my experience in building a distributed RF scanner array for monitoring and spectrum mapping using such cheap SDR devices. The goal is to help the audience understand the what, why, and how of building their own RF monitoring array so that they will be able to do it themselves. In this era of increasingly being ``watched'', we must be prepared to do our own ``watching''. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5142.html

Magic Lantern (30c3)

Sat, 28 Dec 2013 01:00:00 +0100

We present Magic Lantern, a free open software add-on for Canon DSLR cameras, that offers increased functionality aimed mainly at DSLR pro and power users. It runs alongside Canon's own firmware and introduces to consumer-grade DSLRs features usually only found in professional high-end digital (cinema) cameras. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5554.html

The ArduGuitar (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

The ArduGuitar is an electric guitar with no physical controls, i.e. no buttons or knobs to adjust volume, tone or to select the pickups. All of these functions are performed remotely via a bluetooth device such as an Android phone, or via a dedicated Arduino powered blutetooth footpedal. The musician still plucks the strings, of course! This talk will give an overview of the technology and particularly the voyage that took me from nearly no knowledge about anything electronic to enough know-how to make it all work.I will explain what I learned by collaborating on forums, with Hackerspaces and with component providers: "How to ask the right questions." The guitar with its Arduino powered circuit and an Android tablet will be available for demo; the code is all available on the github arduguitar repo with the associated Arduino footpedal libraries. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5595.html

Basics of Digital Wireless Communication (30c3)

Fri, 27 Dec 2013 01:00:00 +0100

The aim of this talk is to give an understandable insight into wireless communication, using existing systems as examples on why there are different communication systems for different uses. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5527.html

Y U NO ISP, taking back the Net (30c3)

Sun, 29 Dec 2013 01:00:00 +0100

Building and running an ISP is not that difficult. It's hard to say how many people are connected to the Internet by such weird structures, but we know that they are more and more each day. What is at stake is taking back the control of the Internet infrastructure and showing that a neutral Internet access is natural. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5391.html

Revisiting "Trusting Trust" for binary toolchains (30c3)

Sat, 28 Dec 2013 01:00:00 +0100

Ken Thompson's classic "Reflections on Trusting Trust" examined the impacts of planted build chain bugs, from an example of a compiler Trojan to a hypothetical "well-placed microcode bug". Once theoretical & remote, such scenarios have lately been revealed as a stark reality. But what if we could have every individual piece of software or firmware in the binary toolchain bug-free, performing just as their programmers intended? Would we be safe from run-away computation if only well-formed inputs to each of the individual tools were allowed? Not so. Potential for malicious computation lurks in a variety of input formats along all steps of the binary runtime process construction and execution. Until the "glue" data of an ABI and the binary toolchains in general is reduced to predictable, statically analyzable power, plenty of room for bug-less Trojans remains. We will discuss our latest work in constructing Turing-complete computation out of different levels of metadata, present tools to normalize and disambiguate these metadata, and conclude with proposals for criteria to trust binary toolchains beyond "Trusting trust" compilers and planted bugs. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5542.html

Plants & Machines (30c3)

Sat, 28 Dec 2013 01:00:00 +0100

Did you ever feel the need to be in charge of your environment? We did . A detailed story of our experience playing with 220VAC and water to build an automated, digitally controlled ecosystem. A place, where you can be the climate-change. Double the temperature, triple the floods, let it storm or rain. A Tamagotchi that generates food from electricity. All done with Arduino, raspberry Pi and Node.js. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5437.html

An introduction to Firmware Analysis (30c3)

Fri, 27 Dec 2013 01:00:00 +0100

This talk gives an introduction to firmware analysis: It starts with how to retrieve the binary, e.g. get a plain file from manufacturer, extract it from an executable or memory device, or even sniff it out of an update process or internal CPU memory, which can be really tricky. After that it introduces the necessary tools, gives tips on how to detect the processor architecture, and explains some more advanced analysis techniques, including how to figure out the offsets where the firmware is loaded to, and how to start the investigation. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5477.html

Sim Gishel (30c3)

Fri, 27 Dec 2013 01:00:00 +0100

Sim Gishel is a multimedia robot. He sings and dances on request. He will try hard to take part in casting shows to become a popstar. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5544.html

Console Hacking 2013 (30c3)

Fri, 27 Dec 2013 01:00:00 +0100

About a year ago Nintendo released their latest video gaming console, the Wii U. Since 2006, the Wii has led to one of the most active homebrew scenes after its security system was completely bypassed. This talk will discuss the improvements made in Wii U's architecture and explain how it was broken in less than 31 days. The talk is targeted at those who hack (or design) embedded system security, but gamers might also find it interesting. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5290.html

Bug class genocide (30c3)

Fri, 27 Dec 2013 01:00:00 +0100

Violation of memory safety is still a major source of vulnerabilities in everyday systems. This talk presents the state of the art in compiler instrumentation to completely eliminate such vulnerabilities in C/C++ software. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5412.html

We only have one earth (30c3)

Sat, 28 Dec 2013 01:00:00 +0100

An abundant number of existential risks threatens humanity. Many of those planetary by nature. Current science already enables us to colonize nearby space, yet nobody bothers to supply the modest financial resources. Hence this call to action. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5468.html

Hillbilly Tracking of Low Earth Orbit (30c3)

Sat, 28 Dec 2013 01:00:00 +0100

Satellites in Low Earth Orbit have tons of nifty signals, but they move quickly though the sky and are difficult to track with fine accuracy. This lecture describes a remotely operable satellite tracking system that the author built from a Navy-surplus Inmarsat dish in Southern Appalachia. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5463.html

Firmware Fat Camp (30c3)

Fri, 27 Dec 2013 01:00:00 +0100

We present a collection of techniques which aim to automagically remove significant (and unnecessary) portions of firmware binaries from common embedded devices to drastically reduce the attack surface of these devices. We present a brief theoretical explanation of Firmware Fat Camp, a collection of "before" and "after" photos of graduates of FFC, along with a set of live demonstrations of FFC in action on common embedded devices. Modern embedded systems such as VoIP phones, network printers and routers typically ship with all available features compiled into its firmware image. A small subset of these features is activated at any given time on individual devices based on its specific configuration. An even smaller subset of features is actually used, as some unused and insecure features cannot are typically enabled by default and cannot be disabled. However, all embedded devices still contain a large amount of code and data that should never be executed or read according to its current configuration. This unnecessary binary is not simply a waste of memory; it contains vulnerable code and data that can be used by an attacker to exploit the system. This “dead code” provides an ideal attack surface. Automated minimization of this attack surface will significantly improve the security of the device without any impact to the device’s functionality. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5356.html

Kryptographie nach Snowden (30c3)

Fri, 27 Dec 2013 01:00:00 +0100

Die Verwendung von mittelmäßiger Kryptographie scheint gegen Angreifer mit Milliarden-Etat komplett versagt zu haben. Namentlich RC4, MD5 und SHA1 scheinen praxisrelevant brechbar. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5337.html

10 Years of Fun with Embedded Devices (30c3)

Fri, 27 Dec 2013 01:00:00 +0100

A review of the 10 year history of the OpenWrt project, current events, and upcoming developments. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5497.html

IFGINT (30c3)

Fri, 27 Dec 2013 01:00:00 +0100

Mit Informationsfreiheitsgesetz (IFG) und FragDenStaat.de kann man als Bürger den Staat einfach zurücküberwachen. Was erfährt man, wenn man fragt? Wo sind die Probleme, was sind die Workarounds? Ein Blick zurück auf 2013, nach vorn auf 2014 und ein Aufruf das IFG zu nutzen. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5509.html

Seidenstraße (30c3)

Fri, 27 Dec 2013 01:00:00 +0100

Auf dem 30C3 wird es, neben der bisher gewohnten digitalen Infrastruktur mit Netz, Telefon etc. dieses Jahr auch erstmalig ein Rohrpost-System mit dem schönen Namen Seidenstraße geben. Als Inspiration dient die auf geschlossenen Drainagerohren und Staubsaugern basierende Installation OCTO der Künstlergruppe Telekommunisten, die einigen von der letzten transmediale bekannt sein dürfte. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5610.html

Script Your Car! (30c3)

Sat, 28 Dec 2013 01:00:00 +0100

Almost all higher-end cars come with very beefy in-car entertainment hardware. In this talk, I'll describe how to take advantage of an existing hands-free kit to connect your car to the internet and script your dashboard in python. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5360.html

Rock' em Graphic Cards (30c3)

Fri, 27 Dec 2013 01:00:00 +0100

This talks introduces programming concepts and languages for parallel programming on accelerator cards. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5298.html

Der Kampf um Netzneutralität (30c3)

Fri, 27 Dec 2013 01:00:00 +0100

Seit Jahren nur in Fachzirkeln diskutiert gab es 2013 den Durchbruch für die Debatte um Netzneutralität. Mit der Ankündigung der Deutschen Telekom im Frühjahr, zukünftig auf Volumentarife umzusteigen und Partnerdienste priorisiert durchzulassen, wurde Netzneutralität eines der meistdiskutierten netzpolitischen Debatten des Jahres. Auf nationaler Ebene startete das Bundeswirtschaftsminsiterium eine Diskussion über eine Verordnung und auf EU-Ebene legte die Kommission einen Verordnungsvorschlag vor. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5348.html

HbbTV Security (30c3)

Fri, 27 Dec 2013 01:00:00 +0100

HbbTV (Hybrid broadband broadcast TV) is an emerging standard that is implemented in a growing number of smart TV devices. The idea is to bundle broadcast media content with online content which can be retrieved by the TV set through an Internet connection. Mechanisms that allow the online content to be accessed by the TV set can be attacked and might put the TV user’s privacy at stake. The presentation highlights possible attack vectors of HbbTV-capable TV sets and introduces possible mitigations. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5398.html

EUDataP: State of the Union (30c3)

Sat, 28 Dec 2013 01:00:00 +0100

Jan Phillip Albrecht is rapporteur of the European Parliament for the EU's General Data Protection Regulation as well as for the EU-US data protection framework agreement. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5601.html

Toward a Cognitive "Quantified Self" (30c3)

Fri, 27 Dec 2013 01:00:00 +0100

The talk gives an overview about our work of quantifying knowledge acquisition tasks in real-life environments, focusing on reading. We combine several pervasive sensing approaches (computer vision, motion-based activity recognition etc.) to tackle the problem of recognizing and classifying knowledge acquisition tasks with a special focus on reading. We discuss which sensing modalities can be used for digital and offline reading recognition, as well as how to combine them dynamically. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5387.html

Programming FPGAs with PSHDL (30c3)

Sat, 28 Dec 2013 01:00:00 +0100

Learning to program an FPGA is time consuming. Not just do you need to download and install 20 GB of vendor tools, but you also need to wrap your brain around the strange ideas of hardware description languages like VHDL. PSHDL aims to ease the learning curve significantly and provide more people with the ability to program FPGAs. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5186.html

Open source experimental incubator build up (30c3)

Sat, 28 Dec 2013 01:00:00 +0100

This is a call for participation in a project aimed to build up an open source based experimental incubator which can be used for variety of food, beverage and bio hacking projects allowing for easy control and monitoring of internal condition like temperature and humidity. Working groups will be established to develop prototypes which can be easily and relatively cheaply assembled. Securing funding and establishing a portal to effectively share the news and knowledge within the groups and wider community will be major part of the first phase. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5566.html

SCADA StrangeLove 2 (30c3)

Sat, 28 Dec 2013 01:00:00 +0100

SCADA StrangeLove team will present their research on ICS systems for the second time on CCC. Last year we showed current situation with security of industrial world and disclosed a big number of vulnerabilities found in Siemens ICS solutions. Part of vulnerabilities, we can say most notable one, wasn’t disclosed due to Responsible Disclosure. This time we already know. We will speak about several industrial protocols and their weaknesses. During this year we played with new industrial hardware and software – this patitially brings new “We don’t know yet” vulnerability details. Moreover, we’ll mention creepiest bugs undisclosed from last year, tell you about new ones and build attack vectors from them. At last, we will share our experience in pentesting ICS enviroments. Speakers: Gleb Gritsai and Sergey Gordeychik about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5582.html

lasers in space (30c3)

Fri, 27 Dec 2013 01:00:00 +0100

This talk will give an introduction on lasers and space and it will show the huge diversity of applications for lasers in space. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5311.html

Hardening hardware and choosing a #goodBIOS (30c3)

Fri, 27 Dec 2013 01:00:00 +0100

A commodity laptop is analyzed to identify exposed attack surfaces and is then secured on both the hardware and the firmware level against permanent modifications by malicious software as well as quick drive-by hardware attacks by evil maids, ensuring that the machine always powers up to a known good state and significantly raising the bar for an attacker who wants to use the machine against its owner. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5529.html

The GNU Name System (30c3)

Fri, 27 Dec 2013 01:00:00 +0100

DNS, DNSSEC and the X.509 CA system leak private information about users to server operators and fail to provide adequate security against modern adversaries. The fully decentralized GNU Name System provides a privacy-enhancing and censorship-resistant alternative. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5212.html

Reverse engineering of CHIASMUS from GSTOOL (30c3)

Fri, 27 Dec 2013 01:00:00 +0100

We reverse-engineered one implementation of the non-public CHIASMUS cipher designed by the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, short BSI). This did not only give us some insight on the cipher, but also uncovered serious implementation issues in GSTOOL which allow attackers to crack files encrypted with the GSTOOL encryption function with very little effort. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5307.html

Electronic Bank Robberies (30c3)

Fri, 27 Dec 2013 01:00:00 +0100

This talk will discuss a case in which criminals compromised and robbed an ATM by infecting it with specially crafted malware. The successful compromise of an ATM can easily result in the loss of several hundred thousand dollars. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5476.html

Fast Internet-wide Scanning and its Security Applications (30c3)

Sat, 28 Dec 2013 01:00:00 +0100

Internet-wide network scanning has powerful security applications, including exposing new vulnerabilities, tracking their mitigation, and exposing hidden services. Unfortunately, probing the entire public address space with standard tools like Nmap requires either months of time or large clusters of machines. In this talk, I'll demonstrate ZMap, an open-source network scanner developed by my research group that is designed from the ground up to perform Internet-wide scans efficiently. We've used ZMap with a gigabit Ethernet uplink to survey the entire IPv4 address space in under 45 minutes from a single machine, more than 1300 times faster than Nmap. I'll explain how ZMap's architecture enables such high performance. We'll then work through a series of practical examples that explore the security applications of very fast Internet-scale scanning, both offensive and defensive. I'll talk about results and experiences from conducting more than 300 Internet-wide scans over the past 18 months, including new revelations about the state of the HTTPS CA ecosystem. I'll discuss the reactions our scans have generated--on one occasion we were mistaken for an Iranian attack against U.S. banks and we received a visit from the FBI--and I'll suggest guidelines and best practices for good Internet citizenship while scanning. about this event: http://events.ccc.de/congress/2013/Fahrplan/events/5533.html