Chaos Computer Club - 31C3: a new dawn (opus)

Erste Stunden der Zweisamkeit (31c3)

Sat, 27 Dec 2014 00:00:00 +0100

about this event:

Iridium Pager Hacking (31c3)

Sun, 28 Dec 2014 16:45:00 +0100

The chronicles of reversing the Iridium pager system. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6236.html

Mit Kunst die Gesellschaft hacken (31c3)

Sat, 27 Dec 2014 14:00:00 +0100

Ein Mahnmal gegen die Vereinten Nationen, 25.000 Euro Kopfgeld auf eine deutsche Waffenhändlerfamilie, eine falsche Kampagne für das Familienministerium oder die Flucht der "Mauerkreuze" vom Reichstagsufer an die EU-Außengrenzen: wenn das Zentrum für Politische Schönheit (ZPS) das Kriegsbeil ausgräbt, ist eine kontroverse Debatte garantiert. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6584.html

Trustworthy secure modular operating system engineering (31c3)

Sat, 27 Dec 2014 12:45:00 +0100

We present Mirage OS, a modular library operating system developed from scratch in the functional programming language OCaml. Each service, called unikernel, is an OCaml application using libraries such as a TCP/IP stack, DNS. It is either compiled to a Xen virtual machine image or to a Unix binary (for development). State in 2014 is that it runs on x86 and arm, we implemented a clean-slate TLS (1.0, 1.1, 1.2), X.509, ASN.1 stack, crypto primitives, Off-the-record. We also have TCP/IP, HTTP, a persistent branchable store (similar to git) - all implemented in OCaml. A virtual machine serving data via https is roughly 2MB in size - no libc inside :) about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6443.html

Reproducible Builds (31c3)

Sat, 27 Dec 2014 14:00:00 +0100

Software build reproducibility is the ability to use independent build machines to compile bit-identical binaries from program source code. In this talk, we will discuss the motivation for and the technical details behind software build reproducibility. We will describe the technical mechanisms used by the Tor Project to produce reproducible builds of the Tor Browser, and also introduce the early efforts of both F-Droid and Debian to achieve these same build integrity properties on a more wide-scale basis. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6240.html

Let’s build our own personalized open textile production line (31c3)

Sat, 27 Dec 2014 14:00:00 +0100

The talk is about our project to develop software and hardware tools for a fair and environment friendly garment and textile production and how we break down the locks that exists on every level in the industry from design, to software, machines and distribution. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6447.html

Mein Bot, der Kombattant (31c3)

Sat, 27 Dec 2014 17:15:00 +0100

Der Vortrag bietet eine sprachwissenschaftlich informierte Perspektive auf den Informationskrieg mit Fokus auf operative Kommunikation in sozialen Medien. Am Beispiel eines selbst entwickelten Bots werden wir linguistische Prozeduren zur Manipulation von Kommunikation mit dem Ziel der Beeinflussung von Wissen, Werten, Gefühlen und Handlungsdispositionen vorstellen. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6184.html

31C3 Infrastructure Review (31c3)

Tue, 30 Dec 2014 16:00:00 +0100

Sections

0:10 Network (NOC)
26:19 Power
29:39 Seidenstraße (SOC)
37:21 Video (VOC)

about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6557.html

The case of Chelsea Manning (31c3)

Fri, 02 Jan 2015 21:31:32 +0100

A discussion with U.S. Army private Chelsea Manning's attorneys Nanny Hollander, Ahmed Ghappour, and Chase Strangio. Moderated by journalist Alexa O'Brien.

Traue keinem Scan, den du nicht selbst gefälscht hast (31c3)

Sun, 28 Dec 2014 23:00:00 +0100

Kopierer, die spontan Zahlen im Dokument verändern: Im August 2013 kam heraus, dass so gut wie alle Xerox-Scankopierer beim Scannen Zahlen und Buchstaben einfach so durch andere ersetzen. Da man solche Fehler als Benutzer so gut wie nicht sehen kann, ist der Bug extrem gefährlich und blieb lange unentdeckt: Er existiert über acht Jahre in freier Wildbahn. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6558.html

Premiere: We love surveillance (31c3)

Fri, 02 Jan 2015 15:36:20 +0100

Premiere of the English version of the shortfilm "We love surveillance".

Why are computers so @#!*, and what can we do about it? (31c3)

Tue, 30 Dec 2014 12:45:00 +0100

Computers have become ubiquitous and essential, but they remain massively error-prone and insecure - as if we were back in the early days of the industrial revolution, with steam engines exploding left, right, and centre. Why is this, and can we do better? Is it science, engineering, craft, or bodgery? I'll talk about attempts to mix better engineering methods from a cocktail of empiricism and logic, with examples from network protocols, programming languages, and (especially) the concurrency behaviour of programming languages and multiprocessors (from the ARMs in your phone to x86 and IBM Power servers), together with dealings with architects and language standards groups. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6574.html

State of the Onion (31c3)

Tue, 30 Dec 2014 14:00:00 +0100

The current state of the Tor network and community, covering important updates, discussions of the ecosystem of software, and include a longer Q&A than previous CCC talks! about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6251.html

Paypals War on Terror (31c3)

Tue, 30 Dec 2014 16:00:00 +0100

We are the PayPal 14. For the last several years we've been restricted in what we could or couldn't say about our court case. Our sentencing is on December 4th, ending the legal restrictions on what we can share about our story. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6377.html

31C3 Closing Event (31c3)

Tue, 30 Dec 2014 18:30:00 +0100

about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6562.html

Security Nightmares (31c3)

Tue, 30 Dec 2014 17:15:00 +0100

Was hat sich im letzten Jahr im Bereich IT-Sicherheit getan? Welche neuen Entwicklungen haben sich ergeben? Welche neuen Buzzwords und Trends waren zu sehen? about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6572.html

Lightning Talks Day 4 (31c3)

Tue, 30 Dec 2014 12:45:00 +0100

Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick! about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6580.html

Telescope Making (31c3)

Tue, 30 Dec 2014 17:15:00 +0100

In this talk an introduction to amateur telescope making (ATM) will be provided. Starting from grinding the mirror, testing it and building the telescope around it. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/5931.html

Tor: Hidden Services and Deanonymisation (31c3)

Tue, 30 Dec 2014 17:15:00 +0100

This talk presents the results from what we believe to be one of the largest studies into Tor Hidden Services (The Darknet) to date. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6112.html

Now I sprinkle thee with crypto dust (31c3)

Tue, 30 Dec 2014 16:00:00 +0100

When the Internet was designed, it was thought to be meadows full of daisies. As we now know, it's a dark place, where communication is monitored and subverted. This session presents both developments in known solutions, as well as novel suggestions, to liberally apply crypto to improve the foundations of Internet communications. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6597.html

Virtual Machine Introspection (31c3)

Tue, 30 Dec 2014 16:00:00 +0100

New methods and approaches for securing cloud environments are becoming increasingly more critical as traditional host security strategies are not well integrated into virtual environments. For example, antivirus scans are a critical component of layered defense-in-depth, but in the cloud they rapidly exhaust available CPU and memory. The cloud environment nevertheless offers a unique opportunity: the ability to peer into a running operating system from an outside perspective, known as virtual machine introspection (VMI). More interestingly, it is also possible to alter the behavior of the virtualized components to help protect virtual systems in real-time. In this talk we will explore the open-source LibVMI library which over the last year, as part of the DARPA Cyber Fast Track program, has been significantly extended to ease the process of developing cloud security solutions. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6297.html

Let's Encrypt (31c3)

Tue, 30 Dec 2014 14:00:00 +0100

As we've called for widespread use of HTTPS, the cost and complexity of the certificate system has been an obstacle. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6397.html

Diamonds are a quantum computer’s best friend (31c3)

Tue, 30 Dec 2014 12:45:00 +0100

The next revolution in data processing is Quantum computing. This talk is an entertaining “tour de force” starting with a brief introduction to the fascinating yet strange theories of quantum physics, the concepts of using these in quantum computing and the latest results on qubits in devices made out of real diamonds. If you want to learn about the machines that decrypt your passwords in the coming years and how you can actually grow diamonds in your microwave oven (and who wouldn’t?) this talk is for you! about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6157.html

Attribution revolution (31c3)

Tue, 30 Dec 2014 12:45:00 +0100

Re-using works licensed under Creative Commons seems pretty simple, but it can often be quite time consuming. One image might be okay, but keeping track of the license and attribution of a thousand images in your mashup, or when quoting from massively crowdsourced data sets such as Wikipedia? Whoah! Don’t we have computers to do that for us!? We do – but there’s no widespread support for including licensing or author information when sharing or reusing digital works. This session will discuss how this should work in the open knowledge environment. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6214.html

The rise and fall of Internet voting in Norway (31c3)

Tue, 30 Dec 2014 11:30:00 +0100

In the parliamentary elections of September 2013, more than 250 000 Norwegians in selected municipalities were able to vote from home. They were taking part in a national trial of Internet voting, building on an advanced cryptographic protocol. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6213.html

Low Cost High Speed Photography (31c3)

Tue, 30 Dec 2014 11:30:00 +0100

Capturing the splash of a water balloon, the snap of a mouse trap or the impact of a bullet results in exciting pictures. Best of all, it doesn't require expensive equipment. This talk covers the theory of high speed photography, the required hardware, microcontroller hacking and setting up an improvised studio in the shower. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/5943.html

Higher-Dimensional Geometry and Fractals (31c3)

Mon, 29 Dec 2014 23:30:00 +0100

Extending the common 3-space-to-2-space projections to 4D and higher and how certain types of fractals can be presented using these expansions. After that we'll have a closer look at Fractal Flames as used in Electric Sheep. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6072.html

The Time is Right (31c3)

Mon, 29 Dec 2014 21:15:00 +0100

Das c-atre collectivdrama präsentiert THE TIME IS RIGHT, ein Science-Fiction-Theaterstück nach einer Idee von yetzt. „Es geht um das große Ganze! Die Bewahrung von freiem Wissen, freier Kultur – ohne Copyright-Mafiosi, die jeden Pups, der dir entfleucht, lizenzieren wollen!“ (Jo) Als die Aktivisten Mo und Jo bei einer ihrer geheim-gefährlichen Widerstandsaktionen gegen die drohende Allmacht der Verwertungsgesellschaften von dieser sonderbaren jungen Frau, die wie aus dem Nichts erscheint, überrascht werden, ahnt noch niemand, welche weitreichenden Folgen diese Begegnung im Kampf für die Kunst der Zukunft gehabt haben wird. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6543.html

The Machine To Be Another (31c3)

Mon, 29 Dec 2014 22:45:00 +0100

The Machine To Be Another is an open-source interactive system designed to explore the relationship between identity and empathy through interdisciplinary performance-experiments drawing from neuroscience, VR, storytelling and art. Through research collaborations we have been developing applications in contexts of conflict resolution, the arts and healthcare. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6385.html

Infocalypse now: P0wning stuff is not enough (31c3)

Mon, 29 Dec 2014 23:30:00 +0100

This speech about how the hacker scene is failing its own ideals and what questions must be addressed to make a real difference. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6205.html

Snowden Effect vs. Privacy Paradox (31c3)

Mon, 29 Dec 2014 23:30:00 +0100

"Vertrauen ist gut - Kontrolle ist besser." Dieses Idiom gilt mehr denn je, sofern man die Aktivitäten von Geheimdiensten bewerten mag. Wie seit einiger Zeit bekannt ist, ist die Mär der massenhaften Überwachung des Einzelnen Realität. Ob und inwieweit dies Auswirkungen auf die Realität des Einzelnen hat, steht im Fokus der vorliegenden Studie. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6455.html

Eye Wear Computing (31c3)

Mon, 29 Dec 2014 21:15:00 +0100

The talk gives an overview about the emerging field of smart glasses and how they can be used to augment our mind (e.g. how to improve our brain with technology). The talk will focus mostly on how to quantify cognitive tasks in real world environments. I also present a first application scenarios on how to use smart eyewear (e.g. google glass or JINS MEME) for short term memory augmentation and cognitive activity recognition. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6460.html

Die Krise der Bilder ist die Krise der Politik (31c3)

Mon, 29 Dec 2014 17:15:00 +0100

Im Rahmen meiner Forschungsarbeit "Das Bild im digitalen Wandel" beschätige ich mich mit der Veränderung der Bilder im Rahmen der Veränderung der medialen Anwendung und Vermittlung von Bildern. Darüber würde ich gerne sprechen. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6381.html

What Ever Happened to Nuclear Weapons? (31c3)

Mon, 29 Dec 2014 17:15:00 +0100

An overview of 70 years of nuclear weapons, focusing on some of the underlying physics, the international politics that surround the topic, modern technology for nuclear weapons detection and monitoring, and what everyone can do to help nuclear disarmament. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6121.html

IFG – Mit freundlichen Grüßen (31c3)

Mon, 29 Dec 2014 20:30:00 +0100

Die interessantesten IFG-Geschichten des Jahres mit Anfragen und Ablehnungen, Klagen und Kampagnen. Außerdem: wie wir mit Hilfe des Journalismus der Informationsfreiheit neuen Antrieb geben werden! about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6366.html

MegaCode to facility gates (31c3)

Mon, 29 Dec 2014 22:45:00 +0100

How do garage gate remotes work? It turns out the ones from MegaCode simply send a individual fixed code. And with little efforts if was possibly to clone them, send arbitrary codes, and record them all. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6462.html

UNHash - Methods for better password cracking (31c3)

Mon, 29 Dec 2014 22:45:00 +0100

This talk will show a new method for password cracking called UNHash. UNHash as a tool uses rulefiles that are something in between of a DSL (Domain specific language) and a python script to describe the password cracking process. This talk will show how to mix web service abuse, knowledge of human nature and data mining to enable far better attacks against passwords. We will be focusing on a few features: cracking default passwords on network systems with minimal effort, testing for embedded backdoors and offline attacks by data mining and modeling about 33 million user account to gain insight in how users choose their passwords and how can we use that knowledge to speed up password cracking for 20% more gain for non pseudorandom passwords. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/5966.html

Automatically Subtitling the C3 (31c3)

Mon, 29 Dec 2014 22:00:00 +0100

Transcribing a talk comes relatively easy to fast typists, whereas turning a transcript into time-aligned subtitles for a video requires a much larger human effort. In contrast, speech recognition performance (especially for open-source-based solutions), is still poor on open-domain topics, but speech technology is able to align a given text to the corresponding speech with high accuracy. Let's join forces to generate superior subtitling with little effort, and to improve future open-source-based speech recognizers, at the same time! about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6554.html

Trackography (31c3)

Mon, 29 Dec 2014 22:00:00 +0100

Have you ever wondered who is watching while you are reading your favourite media online? Whether we are reading the Guardian, the New York Times, the Hindu or any other news website, third party trackers are collecting data about our online behaviour. This lecture will present Tactical Tech's new project, Trackography, which shows that we are all part of a global tracking business. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6299.html

Computer Science in the DPRK (31c3)

Mon, 29 Dec 2014 21:15:00 +0100

This talk will reflect on teaching Computer Science in Pyongyang over the last two years, and look at how technology has been integrated into civilian life in the DPRK. Remaining an extremely isolated country, many people would be surprised to hear that cellphones have become commonplace within the capitol, let alone that the country invests in custom hardware and software. I'll talk through the current state of desktop and mobile technology in pyongyang, and what's changing. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6253.html

The Perl Jam: Exploiting a 20 Year-old Vulnerability (31c3)

Mon, 29 Dec 2014 22:00:00 +0100

tl;dr EXPLOIT ALL THE PERL. We chained several of Perl’s ridiculous syntax quirks in order to create a surprisingly powerful attack, bringing down some of the most popular Perl-based projects in the world to their knees. Brace yourselves, RCE exploits are coming. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6243.html

Axoloti (31c3)

Mon, 29 Dec 2014 20:30:00 +0100

Axoloti is an integrated platform for digital audio: its graphical editor is an easy-to-use toolbox for creating sound synthesis or processing algorithms. The audio processing runs on a microcontroller board, and runs standalone after editing. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6402.html

The Magical Secrecy Tour (31c3)

Mon, 29 Dec 2014 21:15:00 +0100

June 5, 2014 marked one year since leaks by NSA whistleblower Edward Snowden began to be introduced to a worldwide public. On this date, transmediale teamed up with N.K. Projekt and Leslie Dunton-Downer, 2014 fellow at The American Academy in Berlin, for the Magical Secrecy Tour, a bus journey exploring Berlin as the global capital of informed response to mass surveillance. This inside look at the project features first-ever screening of footage shot by filmmaker Simon Klose (TPB AFK) for his documentary about the tour. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6596.html

Agri-tech and the Arts: From Barns to D-Space (31c3)

Mon, 29 Dec 2014 20:30:00 +0100

What do the arts and literature have to contribute to urgent debates about the technization of food production? What can a play from 1605 tell us about fairer distribution of natural resources today? Equally, how might a cyber thriller from 2011 help us debate contentious issues such as gene-based technologies and utopian visions of knowledge-led society? This talk considers agri-tech and food security across a wide sweep of social and political terrain, from the Arab Spring to the European horsemeat scandal, from Shakespeare to Daniel Suarez. It argues that the arts and sciences need to cooperate to deepen understanding about, and define actions on, the big challenges facing a needy world. Finally, it suggests ways in which the arts and technology can assist us in arriving at a model of society in which resources are distributed not only more efficiently, but also more equitably. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6135.html

The Maker movement meets patent law (31c3)

Mon, 29 Dec 2014 18:30:00 +0100

The Maker movement and patent law are like two planets moving on the orbit of innovations. Occasionally, they collide … because the Maker planet moves too fast. But, back on the Earth. Encounters with patent law can be of many reasons, e.g. filing a patent application or being blocked in making by a patent (or much worse, being accused of a patent infringement). The latter motivated the question of the permissible uses of patented inventions. The talk explains which activities on patents are lawful and keep Makers safe in their making. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6043.html

Living Drones (31c3)

Mon, 29 Dec 2014 20:30:00 +0100

During World War I, homing pigeons were used to carry messages and take photographs over enemy territory. Today, experiments are being conducted to remote-control insects for similar purposes. This talk intends to give an overview of 100 years of living drones, speculate on future developments in the field, and question the ethical implications of the practice. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6275.html

Freedom in your computer and in the net (31c3)

Mon, 29 Dec 2014 11:30:00 +0100

For freedom in your own computer, the software must be free. For freedom on the internet, we must organize against surveillance, censorship, SaaSS and the war against sharing. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6123.html

ES GIBT VIEL ZU TUN - HAU'N WIR AB. (31c3)

Mon, 29 Dec 2014 18:30:00 +0100

Eine Mietwohnung ist seit circa 20 Jahren verlassen, ihr Bewohner nicht auffindbar. Unveränderte Möblierung, Ausstattung und persönliche Hinterlassenschaften sind jedoch noch vorhanden und unberührt. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6124.html

"Exploit" in theater (31c3)

Mon, 29 Dec 2014 18:30:00 +0100

3 theater projects that illustrate the false "California Ideology" and ask us to look at our slip into neoliberalism through the backdoor of technology and to consider the ethics in the protocol. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6547.html

Thunderstrike: EFI bootkits for Apple MacBooks (31c3)

Mon, 29 Dec 2014 18:30:00 +0100

In this presentation we demonstrate Thunderstrike, a vulnerability that allows the installation of persistent firmware modifications into the EFI boot ROM of Apple's popular MacBooks. The bootkit can be easily installed by an evil-maid via the externally accessible Thunderbolt ports and can survive reinstallation of OSX as well as hard drive replacements. Once installed, it can prevent software attempts to remove it and could spread virally across air-gaps by infecting additional Thunderbolt devices. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6128.html

Source Code and Cross-Domain Authorship Attribution (31c3)

Mon, 29 Dec 2014 17:15:00 +0100

Stylometry is the study of linguistic style found in text. Stylometry existed long before computers but now the field is dominated by artificial intelligence techniques. Writing style is a marker of identity that can be found in a document through linguistic information to perform authorship recognition. Authorship recognition is a threat to anonymity but knowing ways to identify authors provides methods for anonymizing authors as well. Even basic stylometry systems reach high accuracy in classifying authors correctly. Stylometry can also be used in source code to identify the author of a program. In this talk, we investigate methods to de-anonymize source code authors of C++ and authors across different domains. Source code authorship attribution could provide proof of authorship in court, automate the process of finding a cyber criminal from the source code left in an infected system, or aid in resolving copyright, copyleft and plagiarism issues in the programming fields. Programmers can obfuscate their variable or function names, but not the structures they subconsciously prefer to use or their favorite increment operators. Following this intuition, we create a new feature set that reflects coding style from properties derived from abstract syntax trees. We reach 99% accuracy in attributing 36 authors each with ten files. We experiment with many different sized datasets leading to high true positive rates. Such a unique representation of coding style has not been used as a machine learning feature to attribute authors and therefore this is a valuable contribution to the field. We also examine the need for cross-domain stylometry, where the documents of known authorship and the documents in question are written in different contexts. Specifically, we look at blogs, Twitter feeds, and Reddit comments. While traditional methods in stylometry that work well within one domain fail to identify authors across domains, we are able to improve the accuracy of cross-domain stylometry to as high as 80%. Being able to identify authors across domains facilitates linking identities across the Internet making this a key privacy concern; users can take other measures to ensure their anonymity, but due to their unique writing style, they may not be as anonymous as they believe. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6173.html

DP5: PIR for Privacy-preserving Presence (31c3)

Mon, 29 Dec 2014 17:15:00 +0100

In the wake of the Snowden revelations and the explicit targetting of address book and buddy list information, social service providers may wish to actively avoid learning which of its users are friends. In this talk, we will introduce the workings of a surprising technology called private information retrieval, or PIR. Then, we will describe its use in DP5, a new suite of privacy-preserving presence protocols that allow people to determine when their friends are online (and to establish secure communications with them), without a centralized provider ever learning who is friends with whom. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6140.html

EMET 5.1 - Armor or Curtain? (31c3)

Mon, 29 Dec 2014 16:00:00 +0100

EMET (Enhanced Mitigation Experience Toolkit) is an application which can be used to further harden a Windows system by adding additional security protections to running processes. These protections include several ROP (Return-Oriented-Programming) checks, shellcode detection mechansims, heap-spray mitigations and many more. The talk covers techniques to bypass EMET 5.1 (the current version) and shows the audience how hard/easy it is for an attacker to accomplish this. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6161.html

Jahresrückblick des CCC (31c3)

Mon, 29 Dec 2014 12:45:00 +0100

Auch das Jahr 2014 geht irgendwann vorbei. Deshalb werfen wir einen Blick zurück auf die für uns besonders relevanten Themen und versuchen abzuschätzen, was im Jahr 2015 auf uns zukommen könnte. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6583.html

The Only Thing We Know About Cyberspace Is That Its 640x480 (31c3)

Mon, 29 Dec 2014 16:00:00 +0100

Since 10 years I write about Vernacular Web and Digital Folklore, about early days of the web and web design before it became a profession. It is not that easy to find pages that were made in 93-97 and are still online or look the same. Things changed in 2009, when Yahoo announced that they are closing Geocities, number one free hosting service of the last century, "myspace of the 90es", first home for many web users and a jest for "professional web" In half a year yahoo gave its users to copy their data, Archive Team managed to partly rescue the pages and release one terabyte torrent of it. In 2010 my partner Dragan Espenschied and I started to download the files. In the middle of 2011 Dragan restored the archive and we started to go through the profiles: collecting, tagging, comparing, analyzing. One Terabyte of Kilobyte Age project started. We don't only collect and restore but bring this culture of the 90es back to the web, using contemporary infrastructure. It is http://oneterabyteofkilobyteage.tumblr.com/ that posts a screenshot of a page every 20 minutes since February 2013. Or my channel on Vine, that allows to see those pages animated and with sound. And of course the blog http://contemporary-home-computing.org/1tb/ where we describe the findings. In my HIGHLY ILLUSTRATED talk I'd like to introduce to the audience pearls of the early web culture, going much deeper than usual Under Construction signs and animated GIFs nostalgia. Will show what did it mean to make a web page technically, philosophically and ideologically. Will also talk about our unique technical setting for emulating the pages and what digital preservation really means. And last but not least will talk about newer cases of deleted social networks and social services. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6373.html

Lightning Talks Day 3 (31c3)

Mon, 29 Dec 2014 12:45:00 +0100

CAESAR and NORX (31c3)

Mon, 29 Dec 2014 16:00:00 +0100

"Nearly all of the symmetric encryption modes you learned about in school, textbooks, and Wikipedia are (potentially) insecure." -- Matthew Green In recent history, we saw time and again (to some extent catastrophic) failures of cryptographic constructions for authenticated encryption (AE) due to bad design choices, implementation errors and a lack of reliable standards. After an introduction providing some background information on these topics, we present CAESAR, a new cryptographic competition which aims to find solutions to the problems mentioned above. In the second part of the talk, we introduce NORX, a new and next-generation AE scheme and our candidate for CAESAR. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6137.html

Correcting copywrongs (31c3)

Mon, 29 Dec 2014 14:00:00 +0100

After years of debate, EU copyright law is finally being revisited. The Commission will present a proposal for reform within 4 months of 31c3. And it's high time: There has never been a bigger discrepancy between the technical feasibility to share information and knowledge across all physical borders and the legal restrictions to actually do so. This talk outlines the unique opportunity and the challenge to bring copyright into the 21st century that lies in front of us. Hackers ensured that people were heard during last winter's public consultation. Can they now also ensure a progressive outcome of the reform process? about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6350.html

Deine Rechte sind in diesen Freihandelsabkommen nicht verfügbar (31c3)

Mon, 29 Dec 2014 16:00:00 +0100

Die Kritik am Freihandelsabkommen TTIP und CETA auf die Chlorhühnchen zu beschränken, greift viel zu kurz. Denn bei den beiden Abkommen zwischen der EU und den USA und der EU und Kanada steht noch viel mehr auf dem Spiel. Egal ob Datenschutz, Demokratie oder Urheberrecht – Abkommen, an denen Konzerne unter Ausschluss der Öffentlichkeit mitschreiben können, sind selten eine gute Idee. Sitzungsdokumente mit “unverbindlichen” Lobby-Vorschlägen und Leaks der Vertragstexte lassen wenig Gutes erwarten. Datenschutzstandards laufen Gefahr zu Handelshemmnissen erklärt zu werden. Konzerne pochen darauf, Staaten vor außerstaatlichen Schiedsgerichten auf Schadensersatz verklagen zu können. Was die Bürger wollen, wurde im ganzen Verhandlungsprozess der beiden Freihandelsabkommen nicht einmal gefragt. Doch “Klicktivismus” war gestern – neue Strategien und Tools halfen dabei, eine Welle des dezentralen Protests loszutreten. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6342.html

Funky File Formats (31c3)

Mon, 29 Dec 2014 14:00:00 +0100

Binary tricks to evade identification, detection, to exploit encryption and hash collisions. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/5930.html

Security Analysis of a Full-Body X-Ray Scanner (31c3)

Mon, 29 Dec 2014 11:30:00 +0100

Full-body scanners, also known as "naked scanners", are used in airports and other government facilities to detect metallic and nonmetallic objects hidden beneath people's clothes. In many countries, they play a critical part in airline security, but they have also been criticized for being unsafe, ineffective, and an invasion of privacy. To shed scientific lights on these questions, we conducted the first rigorous, independent security evaluation of such a system. We bought a government-surplus Rapiscan Secure 1000 full-body scanner on eBay and extensively tested it in our lab. We found that it's possible to conceal knives, guns, and explosives from detection by exploiting properties of the device's backscatter X-ray technology. We also investigated computer security threats: malicious software and hardware that can compromise the effectiveness, safety, and privacy of the machine. In this talk, we'll explain how full-body scanners work, describe the results of our experiments, and draw lessons to inform transportation security, embedded systems security, and the public debate over secretive and privacy invasive government technologies. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6332.html

Let's build a quantum computer! (31c3)

Mon, 29 Dec 2014 12:45:00 +0100

I will explain why quantum computing is interesting, how it works and what you actually need to build a working quantum computer. I will use the superconducting two-qubit quantum processor I built during my PhD as an example to explain its basic building blocks. I will show how we used this processor to achieve so-called quantum speed-up for a search algorithm that we ran on it. Finally, I will give a short overview of the current state of superconducting quantum computing and Google's recently announced effort to build a working quantum computer in cooperation with one of the leading research groups in this field. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6261.html

Damn Vulnerable Chemical Process (31c3)

Mon, 29 Dec 2014 12:45:00 +0100

So you want to author a next Stuxnet (or even cooler than that). Here is the success recipe: forget what you have known about cyber security. When an attack transitions from control of a digital system to control of a physical process, physics and time become controlling factors instead of the digital rules encoded into your microcontroller. The holly CIA trinity is meaningless in the physical world. The uncontrollable but still running process is not really available; process dynamics does not stop simply because the controlling equipment is DoSed; electronically segregated components can still communicate over physical media (the process) and a physical phenomenon can be measured terribly wrongly (so that the wrong measurement will be proudly delivered to the digital application in a totally secure way). Where physics plays a governing role, IT security concepts are rendered useless. Please welcome a new arrival in the "damn"-frameworks series - Damn Vulnerable Chemical Process. Come to the lecture and learn what it takes to exploit a physical process: how to find vulnerabilities and how to exploit them with minimal cost and maximum impact. Get astonished about the gazillion of uncertainties you will have to face on your way to disruptive goal and realize that the TIME is ONLY what matters while designing your attack . Make sure to visit local library and refresh your knowledge on physics, chemistry, mechanics, control theory, signal processing and algorithms. The lecture will teach you how to apply this knowledge in the exciting world of cyber-physical exploitation. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6463.html

Why do we need an open food information platform (31c3)

Mon, 29 Dec 2014 11:30:00 +0100

We from EveryCook are building an open source computerized cooking device. At 29c3 I presented the idea of digital cooking and people gave me an awesome feedback. Now, 2 years later the industry giants have realised that connecting computers and kitchen devices can do awesome things. But do they create open standards? Of course not! They create little black boxes speaking strange languages that you can't integrate in an ecosystem that wasn't designed by the manufacturers themselves. We still want an open ecosystem for free exchange of information about food and recipes. We came closer to our goal. Let me tell you... about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6158.html

NSA Points of Presence in AT (31c3)

Mon, 29 Dec 2014 11:30:00 +0100

- Station VIENNA in der US-Botschaft 1090 Wien - VIENNA ANNEX beim UNO-Sitz in Wien 1220 - Legacy Standort „NSA-Villa“ Wien 1180 - Relaystation Exelberg,Breitbandnetz von NSA/SCS über Wien - Equipment und Funktion der FORNSAT-Station Königswarte. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6430.html

»Hard Drive Punch« (31c3)

Sun, 28 Dec 2014 19:00:00 +0100

In general data is stored on technically sensitive systems and can easily be lost. At the same time files today appear often as indestructible once uploaded to the Internet. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6595.html

The automobile as massive data gathering source and the consequences for individual privacy (31c3)

Sun, 28 Dec 2014 16:00:00 +0100

We report about a LOAD e. V. study regarding data collection of cars, future developments of this technology field, how this data is accessed and secured and what the stakeholders (car manufacturers, car owners and users) positions are on this data gathering. In a summary we outline necessary consequences. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6265.html

10 Jahre OpenStreetMap (31c3)

Sat, 27 Dec 2014 18:30:00 +0100

Seit nun über 10 Jahren gibt es OpenStreetMap. Besonders in den letzten drei Jahren war die Entwicklung überwältigend, sowohl was die Datenlage als auch das gesamte Ökosystem anbelangt. Wir wollen zeigen, was möglich ist und was in der Zukunft (hoffentlich) passieren wird. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6255.html

Fnord News Show (31c3)

Mon, 29 Dec 2014 00:15:00 +0100

Im Format einer lockeren Abendshow werden wir die Nachrichten-Highlights des Jahres präsentieren, die Meldungen zwischen den Meldungen, die subtilen Sensationen hinter den Schlagzeilen. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6109.html

Ich sehe, also bin ich ... Du (31c3)

Sat, 27 Dec 2014 20:30:00 +0100

Bei der Passworteingabe über die Schultern schauen? Die Mateflasche klauen, um an Fingerabdrücke zu kommen? Alles Technik von gestern. Der Vortrag zeigt, wie man heutzutage an Daten kommt, um Authentifizierungsmethoden zu überwinden. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6450.html

Jugend hackt (31c3)

Sat, 27 Dec 2014 18:30:00 +0100

Im September 2014 fand die Veranstaltung Jugend hackt statt: Ein Wochenende Hacken, Basteln und Programmieren mit 120 computerbegeisterten Jugendlichen. Wir als Organisatorinnen und Teilnehmer wollen von dem Event erzählen und unsere Erfahrungen teilen. Der Talk richtet sich gleichermaßen an Jugendliche, die sich für's Hacken begeistern, als auch an alle, die sich für Code Literacy, Medienpädagogik oder den IT-Nachwuchs interessieren. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6559.html

Doing right by sources, done right (31c3)

Sun, 28 Dec 2014 23:00:00 +0100

Whistleblowing is becoming a progressively popular topic and ways to technically support anonymous submissions by journalistic sources are being increasingly discussed and developed. However, there is much more to protecting sources than the technical side. There is currently little discussion about the surrounding ethics, operational security and public protections of sources. Two women that have expertise in all areas of source protection; from submission, to publication, to after-care explain and discuss what source protection really means, issues that have arisen in recent years, often causing disastrous consequences, as well as the important lessons to learn from these and successful cases. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6291.html

Heartache and Heartbleed: The insider’s perspective on the aftermath of Heartbleed (31c3)

Sun, 28 Dec 2014 23:30:00 +0100

Two weeks after the Heartbleed bug was announced, CloudFlare patched the Heartbleed bug, created a challenge to prove the bug could be used to find private keys (uncovering a second bug in OpenSSL) and turned its entire network into a giant honeypot. This session will discuss the specific steps taken to prevent early disclosure, creating and scaling the first public vulnerability test, how the CloudFlare Heartbleed challenge showed that you can reveal private SSL keys (how a second bug in OpenSSL made this possible) the incredible impact of revoking over 100,000 certificates in a single day, and the results of our honeypot revealing the proportion of attack traffic versus research traffic. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6212.html

Superheroes Still Need Phoneboxes (31c3)

Sun, 28 Dec 2014 23:00:00 +0100

This talk asks how we might plan for the continuation of a privacy sustaining internet in light of growing trends in enforced identity checking and demonisation of everyday anonymity. It presents a 'free phonebox' project, which was tested at the FutureEverything art and technology festival in 2014, as an example of a social-technical system that promotes identity ambiguity in communication through the sharing of 'free' mobile phone minutes between strangers. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6175.html

net neutrality: days of future past? (31c3)

Sun, 28 Dec 2014 21:45:00 +0100

Our talk will highlight the current debates surrounding net neutrality in Europe, the United States and other parts of the world. We will look at the results of the SaveTheInternet.eu campaign which was lunched a year ago on 30c3. We will discuss various legal protections for net neutrality, look closer at the experience of the Netherlands and we will give an overview of all important open ends of the debate. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6170.html

The Matter of Heartbleed (31c3)

Sun, 28 Dec 2014 23:00:00 +0100

The Heartbleed vulnerability took the Internet by surprise in April of this year. The vulnerability was one of the most consequential in the history of the Internet, since it allowed attackers to potentially steal login credentials, cryptographic keys, and other private data from up to half of all popular HTTPS sites. In this talk, we take a detailed look at Heartbleed and its aftermath, based on comprehensive measurements and analysis that our research team performed over the past six months. We began tracking Heartbleed's impact within hours of its disclosure using massive ZMap scans and large network telescopes. This allowed us to track which sites remained vulnerable, observe certificate revocations, and monitor for large scale attacks in close to real time. Based on this data, we also conducted one of the largest ever mass vulnerability notifications, informing the network administrators for all devices still susceptible to Heartbleed across the entire IPv4 address space. Finally, we investigated the question of whether attackers knew about and exploited Heartbleed prior to its public disclosure---and we will present new details about this question in the talk. We hope that by learning from the Heartbleed security disaster, our community can prepare to respond more effectively to such events in the future. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6321.html

The Invisible Committee Returns with "Fuck Off Google" (31c3)

Sun, 28 Dec 2014 19:00:00 +0100

“There will be people who resist adopting and using technology, people who want nothing to do with virtual profiles, online data systems or smart phones. Yet a government might suspect that people who opt out completely have something to hide and thus are more likely to break laws, and as a counterterrorism measure, that government will build the kind of ‘hidden people’ registry we described earlier. If you don’t have any registered social-networking profiles or mobile subscriptions, and on-line references to you are unusually hard to find, you might be considered a candidate for such a registry. You might also be subjected to a strict set of new regulations that includes rigorous airport screening or even travel restrictions.” about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6459.html

Too Many Cooks - Exploiting the Internet-of-TR-069-Things (31c3)

Sun, 28 Dec 2014 21:45:00 +0100

TL;DR We unravel the story of a bug that would become one of the most important vulnerabilities released this year. Also, we have free cookies. The findings we published earlier this year demystified the voodoo that is TR-069, demonstrated how mass pwnage can be achieved via server-side attacks, and proved the landscape is ripe for harvesting. We will continue where we left off to explore TR-069 client-side vulnerabilities; we analyze client implementations, pour some insight into mysterious results from our internet-wide scans, and follow to mass pwnage through remote code execution on millions of online devices. again. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6166.html

GIFs: Tod eines Mediums. Und sein Leben nach dem Tod. (31c3)

Sun, 28 Dec 2014 16:00:00 +0100

Im Grunde sind GIFs Schnee von gestern. Es gibt zahlreiche Alternativen, die das, was ein GIF kann, besser können. Und trotzdem haben sich GIFs als Kulturtechnik durchgesetzt. Oder war es nur ein letzter Hype vor dem Tod? Wie kommt es, dass ein Medium, das schon in den 90ern veraltet war, sich noch zwei Jahrzehnte später bester Beliebtheit erfreut? Und was können wir daraus über die Diskrepanz zwischen aktueller technischer Entwicklung einerseits und der tatsächlichen Nutzung von Technologie andererseits lernen? about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6325.html

Fernvale: An Open Hardware and Software Platform, Based on the (nominally) Closed-Source MT6260 SoC (31c3)

Sun, 28 Dec 2014 21:45:00 +0100

We introduce Fernvale, a reverse-engineered, open hardware and software platform based upon Mediatek's MT6260 value phone SoC. The MT6260 is the chip that powers many of the $10 GSM feature phones produced by the Shanzhai. Fernvale is made available as open-licensed schematics, board layouts, and an RTOS based upon the BSD-licensed NuttX, as well as a suite of open tools for code development and firmware upload. We discuss our technical reverse engineering efforts, as well as our methodology to lawfully import IP from the Shanzhai ecosystem into the Maker ecosystem. We hope to establish a repeatable, if not labor-intensive, model for opening up previously closed IP of interest, thereby outlining a path to leveling the playing field for lawful Makers. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6156.html

Inside Field Station Berlin Teufelsberg (31c3)

Sun, 28 Dec 2014 21:45:00 +0100

Of all the NSA's Cold War listening posts, their intelligence facility on top of Berlin's Teufelsberg was their most secretive. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6585.html

Mining for Bugs with Graph Database Queries (31c3)

Sun, 28 Dec 2014 20:30:00 +0100

While graph databases are primarily known as the backbone of the modern dating world, this nerd has found a much more interesting application for them: program analysis. This talk aims to demonstrate that graph databases and the typical program representations developed in compiler construction are a match made in heaven, allowing large code bases to be mined for vulnerabilities using complex bug descriptions encoded in simple, and not so simple graph database queries. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6534.html

Space Hacker (31c3)

Sat, 27 Dec 2014 20:30:00 +0100

At the 26C3 we first presented our vision of sending a rover to the moon. We're still in the pursuit of doing this and are closer than ever. Many things have happened in the past 5 years and we want to share our story with you. But this talk is not just about us, it is also about you! You will have the possibility to contribute to our mission, just tune in to get all the details :) about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6142.html

Vor Windows 8 wird gewarnt (31c3)

Sun, 28 Dec 2014 18:15:00 +0100

Im Vortrag sollen technische und gesellschaftliche Konsequenzen der von Microsoft kontrollierten Windows-8-Secure-Boot-Architektur und mögliche Gegenmaßnahmen diskutiert werden. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6294.html

Attacks on UEFI security, inspired by Darth Venamis's misery and Speed Racer (31c3)

Sun, 28 Dec 2014 20:30:00 +0100

On modern Intel based computers there exists two powerful and protected code regions: the UEFI firmware and System Management Mode (SMM). UEFI is the replacement for conventional BIOS and has the responsibility of initializing the platform. SMM is a powerful mode of execution on Intel CPUs that is even more privileged than a hypervisor. Because of their powerful positions, SMM and UEFI are protected by a variety of hardware mechanisms. In this talk, Rafal Wojtczuk and Corey Kallenberg team up to disclose several prevalent vulnerabilities that result in SMM runtime breakin as well as arbitrary reflash of the UEFI firmware. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6129.html

Preserving arcade games (31c3)

Sun, 28 Dec 2014 20:30:00 +0100

Old-school arcade games were so protected that hacking is the only way to preserve them before all boards are dead, and the games are lost. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/5997.html

Reconstructing narratives (31c3)

Sun, 28 Dec 2014 20:30:00 +0100

Surveillance, cryptography, terrorism, malware, economic espionage, assassination, interventions, intelligence services, political prisoners, policing, transparency, justice and you. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6258.html

Internet of toilets (31c3)

Sun, 28 Dec 2014 19:00:00 +0100

A toilet is a toilet is a toilet ... was a toilet. Nowadays hackers discover a larger interest in doing more with toilets then just what they were designed for in the first place. Within the "Internet of things" scene the sanitarian sphere claims a place of its own. This talk will present current projects, technologies used and research published. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6370.html

Open-BCI DIY-Neuroscience Maker-Art Mind-Hacking (31c3)

Sun, 28 Dec 2014 18:15:00 +0100

leading hackers and researchers from the worldwide hackerspace, universitiy, and DIY artist community, explain current technological possibilites in BCI, and show ways to use open source hardware and software for hackers, makers, artists, personal development, citizen science, providing a framework for alternative culture and free expression balancing the soon coming commercial expansion in "Neurogaming", "Neuromarketing" and "eHealth" talk will illustrate the mutually beneficial relationship between "hacking" and science, with the example of hacking BCIs, as well as an overview into the new field of "BCI Mind-Hacking", such as exploiting remote consumer Neuroheadsets, and Data-Mining the human-brain for sensitive data during casual use. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6148.html

Privacy and Consumer Markets (31c3)

Sun, 28 Dec 2014 18:15:00 +0100

The internet may be the nervous system of the 21st century, but its main business purpose is helping marketers work out how to make people buy stuff. This talk maps out a possible alternative, where consumers co-ordinate online, pooling their data and resources to match demand with supply. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6202.html

Global Civil Society Under Attack (31c3)

Sun, 28 Dec 2014 18:15:00 +0100

An update to our Reports from the Frontlines talk at OHM 2013, we will provide the latest stories and figures from Access' digital security helpline that provides security incident response and technical support to civil society groups and human rights defenders around the world. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6399.html

Hacking Ethics in Education (31c3)

Sun, 28 Dec 2014 17:30:00 +0100

Ethics in Computer Science is now finally gaining some well deserved attention. At the University of Amsterdam, we have started an ethical committee for the System and Network Engineering Master. In this talk we describe how and why we started this committee, and also look back at our first results. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6071.html

Information Control and Strategic Violence (31c3)

Sun, 28 Dec 2014 17:30:00 +0100

Simple access to social media and cell phone has widely been accepted as a positive tool for citizens to voice dissatisfaction with their government and coordinate protest. But why would rulers permit these tools if they merely pose a threat to their own survival? This talk will investigate how a government’s ability to censor and limit the flow of information feeds into its choice of violent responses to protest. I will talk about the conditions under which a government is likely to benefit more from surveilling the free flow of information, and under which conditions it is more likely to benefit from censorship. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6358.html

Mr Beam goes Kickstarter (31c3)

Sun, 28 Dec 2014 17:30:00 +0100

Mr Beam was started as a hobby project aiming to get more experience in 3D printing. For fun we put it on Kickstarter and ended up in kind of a roller coaster. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6589.html

Forging the USB armory (31c3)

Sun, 28 Dec 2014 17:30:00 +0100

The presentation will cover the journey that we have taken to develop the USB armory board from scratch, explaining the lessons learned and its prospected applications. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6541.html

Finding the Weak Crypto Needle in a Byte Haystack (31c3)

Sun, 28 Dec 2014 16:45:00 +0100

Using the same stream cipher key twice is known to be a Very Bad Idea, but keystream-resuse vulnerabilities are still very much a thing of the present - both in legitimate software and in the malware landscape. We describe a heuristic algorithm which can detect vulnerabilities of this kind. We explain the inner workings of the algorithm and demonstrate a proof-of-concept attack on sevreral examples of vulnerable data, including files encrypted by the DirCrypt malware and encrypted traffic generated by malware such as variants of Zeus and Ramnit. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6144.html

Krypto für die Zukunft (31c3)

Sun, 28 Dec 2014 16:45:00 +0100

(K)ein kleiner Rant über Elliptische Kurven, Quantencomputer, Bitcoins und die NSA et al. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6295.html

Programming with dependent types in Idris (31c3)

Sun, 28 Dec 2014 14:00:00 +0100

Idris is a relatively young research programming languages that attempts to bring dependent types to general purpose programming. In this talk I will introduce the concept of dependent types and the Curry-Howard isomorphism and how these can be applied to prove properties about software and eradicate whole classes of bugs and security issues. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6162.html

Lightning Talks Day 2 (31c3)

Sun, 28 Dec 2014 12:45:00 +0100

The eXperimental Robot Project (31c3)

Sat, 27 Dec 2014 17:15:00 +0100

The talk is on the eXperimental Robot Project (XRP), a project to develop an open-hardware humanoid robot. More precisely, we are focusing on the distinguishing feature of a humanoid robot - the ability to walk on two legs. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6234.html

Security Analysis of Estonia's Internet Voting System (31c3)

Sun, 28 Dec 2014 14:00:00 +0100

Estonia is the only country in the world that relies on Internet voting in a significant way for legally-binding national elections — up to 30% of all voters cast their ballots online. This makes the security of Estonia's Internet voting system of interest to technologists and citizens the world over. Over the past year, I helped lead the first rigorous, independent security evaluation of the system, based on election observation, code review, and laboratory testing. The findings are alarming: there are staggering gaps in Estonia's procedural and operational security, and the architecture of the system leaves it open to cyberattacks from foreign powers. Our investigation confirmed the viability of these attacks in the lab, but the Estonian government has chosen to downplay them. We urgently recommend that Estonia discontinue use of the system before the country suffers a major attack. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6344.html

Das Transparenzportal Hamburg (31c3)

Sun, 28 Dec 2014 16:00:00 +0100

Im Vortrag wird die technische Umsetzung des Transparenzportals Hamburg vorgestellt. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6582.html

The Cloud Conspiracy 2008-2014 (31c3)

Sat, 27 Dec 2014 21:45:00 +0100

In 2011 I started trying to warn EU institutions about what we now call PRISM, after working it out from open sources. Civil society, privacy regulators, and the Commission all did nothing. This is the story of exactly how they did nothing, and why, and what is happening now about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6195.html

Tell no-one (31c3)

Sun, 28 Dec 2014 12:45:00 +0100

For nearly one hundred years, the NSA and its predecessors have been engaging in secret, illegal deals with the American telecom industry, with both virtually immune from prosecution. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6600.html

ECCHacks (31c3)

Sat, 27 Dec 2014 21:45:00 +0100

This talk will explain how to work with elliptic curves constructively to obtain secure and efficient implementations, and will highlight pitfalls that must be avoided when implementing elliptic-curve crypto (ECC). The talk will also explain what all the buzz in curve choices for TLS is about. This talk does not require any prior exposure to ECC. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6369.html

Long war tactics (31c3)

Sun, 28 Dec 2014 16:45:00 +0100

Referring to the seminal talk Dymaxion gave at the closing of the NoisySquare at OHM in 2013. This talk will explore what has happened and what has not in the mean time on the "battle ground". An overview will be presented on the technical, legal, political and social battles going on and will provide pointers to further tactics. Finally we will look at how to make sure we keep ourselves safe and sane. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6406.html

Safer playing with lasers (31c3)

Sun, 28 Dec 2014 16:00:00 +0100

How to play with lasers without injuring Yourself and others and how to design the safety circuits of a laser system. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6131.html

Crypto Tales from the Trenches (31c3)

Sat, 27 Dec 2014 23:00:00 +0100

Julia Angwin, Jack Gillum, and Laura Poitras will tell us stories about how they use crypto and privacy-enhancing technologies as high-profile journalists, and rant in an entertaining way about how these tools have failed or are horribly inadequate for their needs. They will also talk about their rare crypto successes. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6154.html

Rocket Kitten: Advanced Off-the-Shelf Targeted Attacks Against Nation States (31c3)

Sat, 27 Dec 2014 23:00:00 +0100

Rocket Kitten is an advanced APT set of campaigns, with a twist - off-the-shelf malware that won’t shame a nation state. The talk will combine an assessment of the threat group’s modus operandi with a technical deep dive. Prepare for some hex dumps. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6575.html

SS7map : mapping vulnerability of the international mobile roaming infrastructure (31c3)

Sat, 27 Dec 2014 23:00:00 +0100

SS7 has been shown repeatedly as an insecure protocol: spoofing, faking, crash through fuzzing, fraud. The main question of our study is to determine how this insecurity is mitigated by network operator’s action to prevent compromise on both network exposure of infrastructure and privacy compromise of subscribers. It's why we wanted to come out with SS7map. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6531.html

Cyber Necromancy (31c3)

Sun, 28 Dec 2014 14:00:00 +0100

Reverse engineering is not all binaries and byte-code. The black art also extends to networks and unobtainable game servers. In this talk we go into the gruesome details of how we dug through the graveyards of console binaries and mausoleums of forgotten network protocols in order to stitch together the pieces necessary to bring our favorite game Metal Gear Online back to life. We will be examining the process of reverse engineering the games custom network protocols in all angles from packet logs to low level disassembly of client code. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/5956.html

Beyond PNR: Exploring airline systems (31c3)

Sun, 28 Dec 2014 12:45:00 +0100

Ever wondered what the cryptic QNY27R on your airline reservaton means? This talk explores typical computing environment as seen in the air transport industry. Discover ancient software, old communication protocols and cryptic systems. What data are stored and how they are exchanged to keep the air transport industry running. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6308.html

Serenität – Anleitung zum Glücklichsein (31c3)

Sun, 28 Dec 2014 12:45:00 +0100

Die radikalen philosophischen Texte von Elektra W. haben das Ziel - seien wir offen und direkt - einen Headcrash des Ich-Erlebens herbeizuführen, das sich im Laufe unserer Enkulturation und Erziehung im Vorderlappen des Großhirns breit gemacht hat. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6244.html

From Maxwell to antenna arrays (31c3)

Sat, 27 Dec 2014 23:00:00 +0100

Maxwell's equations are four differential equations which form the foundation of classical electrodynamics, classical optics, and electric circuits. This talk will take a look at the connection between these equations, wave propagation and antenna arrays. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6361.html

From Computation to Consciousness (31c3)

Sun, 28 Dec 2014 11:30:00 +0100

How can the physical universe give rise to a mind? I suggest to replace this confusing question by another one: what kind of information processing system is the mind, and how is the mind computed? As we will see, even our ideas of the physical universe turn out to be computational. Let us explore some fascinating scenery of the philosophy underlying Artificial Intelligence. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6573.html

Switches Get Stitches (31c3)

Sun, 28 Dec 2014 11:30:00 +0100

This talk will introduce you to Industrial Ethernet Switches and their vulnerabilities. These are switches used in industrial environments, like substations, factories, refineries, ports, or other other homes of industrial automation. In other words: DCS, PCS, ICS & SCADA switches. It is a very good companion talk to Damn Vulnerable Chemical Process? Own your own critical infrastructures today! about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6196.html

Uncaging Microchips (31c3)

Sun, 28 Dec 2014 11:30:00 +0100

An entertaining, thrilling and educational journey through the world of chip preparation. Deep insight into amateur- as well as professional methods and equipment is given, for the first, most important steps for analysis and attacks on dedicated hardware. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6084.html

Why is GPG "damn near unusable"? (31c3)

Sun, 28 Dec 2014 11:30:00 +0100

GPG has been correctly described as "damn near unusable". Why is this so? What does research into usable security tell us? This talk covers the history, methods, and findings of the research field, as well as proposed solutions and open questions. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6021.html

(In)Security of Mobile Banking (31c3)

Sat, 27 Dec 2014 21:45:00 +0100

This talk presents a deep analysis of banking mobile apps available in the world. Based on static and dynamic analysis as well as on the analysis of the final source code we show that a vast majority of them are not respecting users' privacy and users' data protection. Worse a few of them contains critical bugs about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6530.html

AMD x86 SMU firmware analysis (31c3)

Sat, 27 Dec 2014 21:45:00 +0100

You definitely should care. The aim of this talk is to provide insight to the security, architecture and yes you guessed it, vulnerability of the AMD System Management Unit (SMU) firmware found in modern AMD x86 processors. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6103.html

Rocket science – how hard can it be? (31c3)

Sat, 27 Dec 2014 18:30:00 +0100

Three years have elapsed since the call for a "Hacker Space Program" during the Chaos Communication Camp 2011. In this lecture we will review the basics of space flight, discuss common problems and pitfalls encountered by a practitioner on the way to orbit, and report on the state of our sounding rocket program. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6180.html

Towards General Purpose Reconfigurable Computing on Novena (31c3)

Sat, 27 Dec 2014 20:30:00 +0100

The Novena open source laptop contains a FPGA, but free software support for FPGAs is lacking and requires root access to the hardware. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6412.html

Code Pointer Integrity (31c3)

Sat, 27 Dec 2014 20:30:00 +0100

Programs are full of bugs, leading to vulnerabilities. We'll discuss power and limitations of code-pointer integrity (CPI), a strong but practical security policy that enforces memory safety for all code pointers, protecting against any form of control-flow hijack attack (e. g., ROP or JOP). about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6050.html

Mobile self-defense (31c3)

Sat, 27 Dec 2014 18:30:00 +0100

We know that mobile networks can — and do — attack us on many fronts. As this talk will show, even 3G is attackable. It’s high time that we upgrade from complaining to self-defense. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6122.html

SS7: Locate. Track. Manipulate. (31c3)

Sat, 27 Dec 2014 17:15:00 +0100

Companies are now selling the ability to track your phone number whereever you go. With a precision of up to 50 meters, detailed movement profiles can be compiled by somebody from the other side of the world without you ever knowing about it. But that is just the tip of the iceberg. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6249.html

Glitching For n00bs (31c3)

Sat, 27 Dec 2014 17:15:00 +0100

Despite claims of its obsolescence, electrical glitching can be a viable attack vector against some ICs. This presentation chronicles a quest to learn what types of electrical transients can be introduced into an integrated circuit to cause a variety of circuit faults advantageous to an reverser. Several hardware platforms were constructed during the quest to aid in research, including old-skool & solderless breadboards, photo-etched & professional PCBs, FPGAs, and cheap & dirty homemade logic analyzers. The strengths and weaknesses of the various approaches will be discussed. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6499.html

osmo-gmr: What's up with sat-phones ? (31c3)

Sat, 27 Dec 2014 16:00:00 +0100

At 28C3 we introduced the very first steps of the osmo-gmr projects. During this talk, we will present the various advances that have been made in this project on various aspects (voice codec, crypto algorithm, ...) about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6267.html

Revisiting SSL/TLS Implementations (31c3)

Sat, 27 Dec 2014 16:00:00 +0100

We present four new Bleichenbacher side channels, and three successful Bleichenbacher attacks against the Java Secure Socket Extension (JSSE) SSL/TLS implementation and against hardware security appliances using the Cavium NITROX SSL accelerator chip. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/5960.html

Practical EMV PIN interception and fraud detection (31c3)

Sat, 27 Dec 2014 16:00:00 +0100

This talks follows our previous EMV research uncovering new findings as well as a detailed analysis of Chip & PIN fraud markers in order to benefit cardholders, as well as issuing banks, in preventing wrongful liability for fraudulent charges. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6120.html

3D Casting Aluminum (31c3)

Sat, 27 Dec 2014 12:45:00 +0100

We use microwaves to cast aluminum from 3D printed objects. This gives us the ability to cast high quality 6040 aluminum pieces using a 3D printer and commercially available consumer microwaves. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6417.html

How I Learned to Stop Reinventing and Love the Wheels (31c3)

Sat, 27 Dec 2014 16:00:00 +0100

An introduction to the Robot Operating System (ROS) for the home/hackerspace roboticist (if it physically interacts with the world through code, call it robot). about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6077.html

Personal Tracking Devices and Online Identity (31c3)

Sat, 27 Dec 2014 12:45:00 +0100

In the post-NSA world it is important to understand the magnitude of our online activities in order to take informative decisions on our ubiquitous shared lives. Personal Tracking Devices is the result of a two years long study on tracking technologies and the inherent nature of the web and telecommunication networks in general. The study, conducted as part of Ph.D. research in privacy and security at UPC Barcelona Tech, collected a large amount of metadata to raise awareness on the footprints left by users on the web and through mobile apps. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6100.html

SCADA StrangeLove: Too Smart Grid in da Cloud (31c3)

Sat, 27 Dec 2014 14:00:00 +0100

For two years SCADA StrangeLove speaks about Industrial Control Systems and nuclear plants. This year we want to discuss Green Energy. Our hackers' vision of Green Energy, SmartGrids and Cloud IoT technology. We will also speak about the security problems of traditional "heavy" industrial solutions, about the things that Zurich Airport and Large Hadron Collider have in common On top of it you will learn about our new releases, some funny and not so funny stories about discovery and fixing of vulnerabilities and the latest news from the front struggling for the Purity of Essence. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6010.html

„Wir beteiligen uns aktiv an den Diskussionen“ (31c3)

Sat, 27 Dec 2014 12:45:00 +0100

Im Sommer 2014 wurde die sogenannte Digitale „Agenda“ vorgestellt, die als „netzpolitisches Regierungsprogramm“ bezeichnet wurde. Aus texttypologischer Sicht handelt es sich aber eher um einen PR-Text, der so aussieht, als sei er ein Auszug aus einer Wahlkampfbroschüre. Der Vortrag analysiert den Text zunächst inhaltlich, um zu zeigen, worum es im Einzelnen geht und wo Widersprüche auftauchen, dann aus textkritischer und aus linguistischer Perspektive. Insbesondere werden bestimmte Interessen der Bundesregierung und anderer Akteure deutlich, die weniger offen thematisiert werden, aber doch sprachlich zu Tage treten. about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6264.html

31C3 Keynote (31c3)

Sat, 27 Dec 2014 11:30:00 +0100

The 31C3 Keynote about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6571.html

31C3 Opening Event (31c3)

Sat, 27 Dec 2014 11:00:00 +0100

about this event: http://events.ccc.de/congress/2014/Fahrplan/events/6561.html