Chaos Computer Club - 33C3: works for me (high quality webm)

JODI - Apache is functioning normally (33c3)

Thu, 29 Dec 2016 00:00:00 +0100

Joan Heemskerk and Dirk Paesmans, collectively known as JODI, are rightfully venerated for their countless contributions to art and technology, working as an artistic duo since the mid-90’s. about this event: https://c3voc.de

CCC-Jahresrückblick 2016 (33c3)

Thu, 29 Dec 2016 00:00:00 +0100

Wir werden einen Überblick über die Themen geben, die den Chaos Computer Club 2016 beschäftigt haben. Neben der Zusammenfassung und der Rückschau auf das vergangene Jahr wollen wir einen Blick in die Zukunft wagen. about this event: https://c3voc.de

State of Internet Censorship 2016 (33c3)

Wed, 28 Dec 2016 00:00:00 +0100

2016 has been marked by major shifts in political policy towards the Internet in Turkey and Thailand, a renegotiation of the responsibilities of content platforms in the west, and a continued struggle for control over the Internet around the world. Turbulent times, indeed. In this session, we'll survey what's changed in Internet surveillance and censorship in the last year, and provide context for the major changes affecting the net today. about this event: https://c3voc.de

33C3 Closing Ceremony (33c3)

Fri, 30 Dec 2016 18:30:00 +0100

about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8428.html

Surveilling the surveillers (33c3)

Fri, 30 Dec 2016 17:15:00 +0100

In the last years, technology-savvy artists and technologists have taken over the art world with works addressing current societal and political issues. Their works are located at the intersection between art, technology and activism and are dealing with a variety of problems like free speech, freedom of movement, military and governmental power, corporate and governmental surveillance to name just a few. This talk will present relevant works in this field and will draw connections between critical art and regulatory power, warfare, surveillance, electronic waste, electronic self-defense and the re-appropriation of architectural and technological artifacts in militant ways. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/7978.html

Security Nightmares 0x11 (33c3)

Fri, 30 Dec 2016 17:15:00 +0100

Was hat sich im letzten Jahr im Bereich IT-Sicherheit getan? Welche neuen Entwicklungen haben sich ergeben? Welche neuen Buzzwords und Trends waren zu sehen? about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8413.html

33C3 Infrastructure Review (33c3)

Fri, 30 Dec 2016 16:00:00 +0100

NOC, POC, VOC and QOC show interesting facts and figures as an excuse to present all the mischief they’ve been up to this year. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8243.html

The Ultimate Game Boy Talk (33c3)

Fri, 30 Dec 2016 16:00:00 +0100

The 8-bit Game Boy was sold between 1989 and 2003, but its architecture more closely resembles machines from the early 1980s, like the Commodore 64 or the NES. This talk attempts to communicate "everything about the Game Boy" to the listener, including its internals and quirks, as well as the tricks that have been used by games and modern demos, reviving once more the spirit of times when programmers counted clock cycles and hardware limitations were seen as a challenge. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8029.html

Lightning Talks Day 4 (33c3)

Fri, 30 Dec 2016 12:45:00 +0100

Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick! about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8089.html

Virtual Secure Boot (33c3)

Fri, 30 Dec 2016 16:00:00 +0100

Over the last two years secure boot support for virtual machines was added to qemu, kvm (linux kernel) and ovmf (edk2/tianocore). This talk covers the implementation details and the issues we had to deal with along the way. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8142.html

Understanding the Snooper’s Charter (33c3)

Fri, 30 Dec 2016 14:30:00 +0100

The ‚Investigative Powers Bill‘ is about to become law in the UK. Its provisions, from looking up Internet connection records without a warrant to forcing communication service providers to assist with interception and decryption of data, have caused an outcry in the Western world. But how and why did British politics get here? And, most importantly of all: How could we fight back? about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8287.html

Privatisierung der Rechtsdurchsetzung (33c3)

Fri, 30 Dec 2016 14:30:00 +0100

2016 drehte der Anti-Terror-Kampf in der EU auf. Nicht nur im Rahmen der Anti-Terror-Richtlinie wurde über neue Wege diskutiert, wie man das Netz verstärkt unter Kontrolle bringen kann. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8040.html

Warum in die Ferne schweifen, wenn das Ausland liegt so nah? (33c3)

Fri, 30 Dec 2016 14:30:00 +0100

Der Vortrag stellt die in Deutschland zulässigen Überwachungsmaßnahmen des Internetverkehrs aus rechtlicher und operativer Sicht dar und versucht, die sich aus den Erkenntnissen des NSA-Untersuchungsausschusses ergebenden Fragen auf die gelebte Praxis anzuwenden. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8445.html

The Transhumanist Paradox (33c3)

Fri, 30 Dec 2016 13:45:00 +0100

How does a pluralist society – a society built to accommodate our irreconcilable differences – make a choice about the technological future of mankind? How can a liberal state dedicated to upholding individual liberty interfere in technological progress, and why should it? about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8064.html

Datenschutzgrundverordnung: Rechte für Menschen, Pflichten für Firmen & Chancen für uns (33c3)

Fri, 30 Dec 2016 13:45:00 +0100

Ziel des Vortrages ist es, einen Überblick über die neuen aus der Datenschutzgrundverordnung entstehenden Rechte von Betroffenen (also Du mein*e junge*r Jedi) zu geben und dabei aufzuzeigen, an welchen Stellen Musik für uns drin sein kann. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8092.html

Rebel Cities (33c3)

Fri, 30 Dec 2016 13:45:00 +0100

Cities are emerging as a space for local action and local change but also as dangerous spaces where social engineering, exclusion by design and privatised policing take place rapidly, without adequate frames to catch up and assure fundamental rights. Is the city the answer to a new digital ecosystem, with effective mechanisms to enforce it, in the local government powers? about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8248.html

Beyond Virtual and Augmented Reality (33c3)

Fri, 30 Dec 2016 12:15:00 +0100

With recent development in capture technology, preserving one's’ daily experiences and one's’ knowledge becomes richer and more comprehensive. Furthermore, new recording technologies beyond simple audio/video recordings become available: 360° videos, tactile recorders and even odor recorders are becoming available. . The new recording technology and the massive amounts of data require new means for selecting, displaying and sharing experiences. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8225.html

Genetic Codes and what they tell us – and everyone else (33c3)

Fri, 30 Dec 2016 13:00:00 +0100

The genome – the final frontier – or just a complex mess of letters? Somewhere in there, our eye or skin color is hidden. But also, diseases can be diagnosed or predicted by analyzing the genome. More and more research is committed to finding clues for diseases in our genes. The opportunity is clear: If I know about a disease I might get ahead of time, I could possibly intervene before it starts. Yet: How accurate are these predictions and how meaningful are they? And more importantly: What happens to my genetic data once it has been decoded? about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8221.html

Retail Surveillance / Retail Countersurveillance (33c3)

Fri, 30 Dec 2016 13:00:00 +0100

From geo-magnetic tracking for smartphones to facial recognition for email marketing, from physical shopping cart fingerprinting to computer vision algorithms that use your clothing as metadata, this talk will explore the emerging landscape of hyper-competitive retail surveillance. Instead of dramatizing these technologies which can lead to calcification and normalization, the aim of this talk is to energize discourse around building creative solutions to counter, adapt to, or rethink emerging surveillance technologies. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8238.html

Community (33c3)

Fri, 30 Dec 2016 11:30:00 +0100

Mitch Altman (born December 22, 1956) is a San Francisco-based hacker and inventor, best known for inventing TV-B-Gone, as featured speaker at hacker conferences, as international expert on the hackerspace movement, and for teaching introductory electronics workshops. He is also Chief Scientist and CEO of Cornfield Electronics. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8404.html

The High Priests of the Digital Age (33c3)

Fri, 30 Dec 2016 12:15:00 +0100

The High Priests of the Digital Age Are Working Behind Your Back to Make You Confess, and Repent. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8324.html

The Economic Consequences of Internet Censorship (33c3)

Fri, 30 Dec 2016 11:30:00 +0100

Internet censorship today is widespread, both by governments and by private entities. Much of the discussion so far has focused on political and social effects of this censorship. However, censorship also has a clear effect on the economic structure of society that has not been explored. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8170.html

On Smart Cities, Smart Energy, And Dumb Security (33c3)

Thu, 29 Dec 2016 12:45:00 +0100

Smart City is an abstract concept everyone talks about but no one knows what it actually means. No one, except Energy utilities. In this talk we will explore the vast world of Smart Energy, and see how energy providers used the "Smart City" concept to get better control over our energy consumption, all while almost completely ignoring security aspects along the way. Join me and see how Smart Energy is making our lives a little bit better, but also dangerously insecure. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8272.html

The Zcash anonymous cryptocurrency (33c3)

Thu, 29 Dec 2016 23:30:00 +0100

Zcash is the third iteration of an extension to the Bitcoin protocol that provides true untraceability, i.e. fully anonymous transactions. It is arguably the first serious attempt to establish this extension, in the form of its own blockchain, beyond the form of an academic proposal. The talk provides an introduction to the magic that makes it work. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8330.html

Ethics in the data society (33c3)

Thu, 29 Dec 2016 23:30:00 +0100

This talk presents the idea that ethics as logic that can be programmed into machines doesn’t seem to work; perhaps, ethics is something else. This talk is about what that something else may be – power. (This talk is not about the Trolley Problem! But it will mention why it shouldn’t apply to the driverless car.) about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8214.html

The Universe Is, Like, Seriously Huge (33c3)

Thu, 29 Dec 2016 23:30:00 +0100

Astronomers struggle to accurately measure distances in the vastness of the known universe. Get an insight into the sophisticated techniques and dirty tricks of today's astrophysics and cosmology. No physics background required, featuring lots of pretty space pictures. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/7861.html

Hebocon (33c3)

Thu, 29 Dec 2016 23:30:00 +0100

Join with your derpy bot to fight your nemesis! Push it off the table or knock the enemy over. No weapons. No advanced controllers. No tears. Don't take it serious. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8270.html

Methodisch inkorrekt! (33c3)

Fri, 30 Dec 2016 00:15:00 +0100

Wer hat diese Jungs wieder reingelassen?! Nicolas Wöhrl und Reinhard Remfort sind eine Gefahr für Leib und Leben. Unter dem Deckmantel der Wissenschaftskommunikation machen sie auf der Bühne alles das, was sie an der Uni nie gewagt hätten. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8020.html

Edible Soft Robotics (33c3)

Thu, 29 Dec 2016 22:45:00 +0100

As a soft roboticist I am constantly searching for inspiration for novel soft actuators, and as a home cook and artist I consider eating an object to be a high-level form of interactivity. Having noted the similarities between cast silicone and gummi candies it was natural to combine these interests. I will share my experiments in assessing different candies for their engineering potential, and show my work-in-progress for sweet soft robots. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8113.html

The 12 Networking Truths (33c3)

Thu, 29 Dec 2016 22:45:00 +0100

In *The 12 Networking Truths* Swedish artist Jonas Lund will discuss how he has attempted to subvert the contemporary art world system by using different types of exploits to gain an upper hand against the competition. From designing an algorithm for art production to data mining art world personalities, the artist will describe how he has incorporated a classic programming mindset in an otherwise logic-free environment. The 12 Networking Truths refers to RFC 1925 - The Twelve Networking Truths, a memo posted on the 1st of April 1996, positioned as revealing the fundamental truths underlying all network protocol designs. The truths include statements such as ‘It Has To Work.’ and ‘Good, Fast, Cheap: Pick any two (you can’t have all three).’. This memo will be the underlying story line throughout the talk, as each truths has a corresponding position within the artist’s artistic practice. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8191.html

PUFs, protection, privacy, PRNGs (33c3)

Thu, 29 Dec 2016 22:45:00 +0100

A physically unclonable function, or PUF, is some physical structure with properties that are easy to verify, hard to predict, and practically impossible to clone. Ideally, this means it's a device-unique unchanging identifier, which can be used for improving security. However, it can be at odds with privacy and anonymity. This talk will give you an overview of the thirty years of history behind PUFs, and will include the most recent advances in research. The functions, structure, and design will be discussed, as well as devices and materials that have properties to base PUFs on. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8231.html

Eavesdropping on the Dark Cosmos (33c3)

Thu, 29 Dec 2016 22:45:00 +0100

Imagine, there is this huge data center but your user privileges allow you to access only 5% of the data. That is the exact same situation physicists face when trying to study the cosmos. 95% of our universe is made out of something that cannot be seen or touched. We generally call this unknown substance "dark matter" / "dark energy". The recent discovery of gravitational waves gives us a handle on the dark cosmos. We can now listen to invisible events in our universe. But there may also be other methods to shed light on the dark side. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8245.html

Dissecting modern (3G/4G) cellular modems (33c3)

Thu, 29 Dec 2016 14:00:00 +0100

Let's have a detailed look at some modern 3G/4G cellular modems and see what we can find out about their internals using undocumented debug interfaces and software or hardware based hacking techniques. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8151.html

Hacking collective as a laboratory (33c3)

Thu, 29 Dec 2016 22:00:00 +0100

Talk presents findings from sociological investigation on hacking collectives. I will try to answer the question whether hacking collectives are laboratories, as seen by sociology of science. I will also show some peculiar traits of hacking collective, beneficial both for sciences and societies. Perhaps academia needs hackers more than it’s willing to admit? about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8263.html

What We Can Learn about Creativity from 3D Printing (33c3)

Thu, 29 Dec 2016 22:00:00 +0100

For the past three years we studied the world’s largest 3D printing community “Thingiverse”. We explored the remix-relationships—accessible due the community’s use of open licenses—of more than 200.000 individual designs, tracked an entire week’s new designs for half a year, interviewed more than 80 creators and surveyed over 200 more. This allowed us to develop a deep understanding of the creative processes that take place on the platform. In this talk we would like to present our findings. This is of interest to people who care about 3D printing as we can give sort of a behind the scenes view on how ideas come to life here. But it is also interesting to people that care about creativity in general. As what we have found has merit outside of 3D printing, too. In this talk we would like to cover the following: (1) Introduce our research setting and explain why it is useful to study this, (2) provide a consolidated overview on our most interesting findings, and (3) give real life examples for how these findings are transferable to other settings. We have presented primary results of the studies at various academic conferences and have a comprehensive paper on the project currently under revision at the Journal of Information Technology (see attached file). We are a group of three university professors and a Ph.D. student. We work on the intersection of information systems, innovation management, product development, and creativity. We believe that many of the people we studied either attend 33C3 or watch talks online and we therefore think that our results would be of interest to this community. Further, we feel that a well structured talk is better and more entertaining than mailing around our academic journal publications to those who are interested. And lastly, we are eager to receive feedback from a more hands-on audience (than what we deal with at academic conferences). It would be especially useful for us to hear of new developments, discuss ideas for follow-up research projects, and get access to creators that would like to work with us in the future. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8039.html

Saving the World with (Vegan) Science (33c3)

Thu, 29 Dec 2016 21:15:00 +0100

Describing the science behind new high tech vegan foods which will replace animal agriculture. I will also discuss the potential impact to lessen the severity of climate change and give an update on the Real Vegan Cheese biohacker project. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8135.html

From Server Farm to Data Table (33c3)

Thu, 29 Dec 2016 21:15:00 +0100

Early digital computers were the size of rooms. While the devices have gotten smaller, because of the increasingly networked nature of technology the room has gotten bigger--it's ceased having walls and started to cover the ocean floor and ascend into low earth orbit. While Neal Stephenson may have cornered this living-inside-a-computer narrative in 1996 with "Mother Earth, Mother Board", in the past twenty years the seams of the network have become even more opaque, subsumed into The Cloud and other problematic abstractions. This talk will mostly be about different approaches to documenting, comprehending, and thinking about network infrastructure and the ways that the visual vernacular of technologies shape their history and politics. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8412.html

Irren ist staatlich (33c3)

Thu, 29 Dec 2016 21:15:00 +0100

Dieses Jahr feiert das Informationsfreiheitsgesetz (IFG) seinen zehnten Geburtstag – und niemand feiert mit. Zeit für eine Abrechnung. FOIA frei!

about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/7811.html

Interplanetary Colonization (33c3)

Thu, 29 Dec 2016 21:15:00 +0100

The long term survival of the human species requires that we become an interplanetary species. But we must answer two big questions: where are we going, and how do we get there? We explore what scientists know (and don’t know) about humanity’s potential future homes both inside and outside the solar system, and then we’ll dive into the technological challenges of (and potential solutions for) getting humans to and colonizing a new planet. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/7942.html

Von Alpakas, Hasenbären und Einhörnern – Über Anerkennungskultur (33c3)

Thu, 29 Dec 2016 20:30:00 +0100

Wie würdigen verschiedene Tech-Communities das ehrenamtliche Engagement ihrer Mitglieder? Wie lassen sich gewünschte Lernprozesse verstärken? Was sind unsere Erfahrungen bei Jugend hackt? Und was haben Badges damit zu tun? about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8280.html

The Moon and European Space Exploration (33c3)

Thu, 29 Dec 2016 20:30:00 +0100

Since the early successes of moon missions in the Sixtie, mankind has moved on to the earth orbit and other deep space missions. But interest in the moon as a target has intensified recently as the strategies for future missions are evolving. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8406.html

Corporate surveillance, digital tracking, big data & privacy (33c3)

Thu, 29 Dec 2016 11:30:00 +0100

Today virtually everything we do is monitored in some way. The collection, analysis and utilization of digital information about our clicks, swipes, likes, purchases, movements, behaviors and interests have become part of everyday life. While individuals become increasingly transparent, companies take control of the recorded data. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8414.html

Lasers in the sky (with asteroids) (33c3)

Thu, 29 Dec 2016 22:00:00 +0100

At 32C3 we shot lasers into space... now it's lasers in space! We look at space- and airborne laser platforms and what practical uses people have come up with (hint: mostly more or less secret communication and military use). We'll also recap the basic physics and boundaries and check if 'pew pew pew' is really gonna cut it (hint: mostly no). To close, we'll have a look at laser based propulsion for space travel and other speculative applications off the beaten path. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/7927.html

Berechnete Welt (33c3)

Thu, 29 Dec 2016 20:30:00 +0100

Wer all unsere Daten der Gegenwart mit selbstlernenden Algorithmen auswertet, wird die nahe Zukunft grob vorhersagen können. Die Instrumente dafür sind so weit, viele seriöse Forscher arbeiten an Teilbruchstücken. Die Folgen für die Gesellschaft scheinen fatal zu sein. Orwell naht gewaltig. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/7899.html

The woman behind your WiFi (33c3)

Thu, 29 Dec 2016 20:30:00 +0100

Used in cell phone technology, bluetooth devices, and WiFi, Frequency Hopping Spread Spectrum (FHSS) is often said to have been invented in the early 1940s by none other than Hollywood actress and sex symbol Hedy Lamarr. This talk will present the undeniably entertaining history of a well-known actress moonlighting as a military inventor as well as give an overview of the 100-year-old history of frequency hopping and its past and present uses. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8233.html

Lightning Talks Day 3 (33c3)

Thu, 29 Dec 2016 12:45:00 +0100

Making Technology Inclusive Through Papercraft and Sound (33c3)

Thu, 29 Dec 2016 16:00:00 +0100

The participation of women in computer education is low; undergraduate classrooms in Germany were only 10% female in 2000[1]. The picture at the primary school level is fuzzier, as students do not declare majors at that level, but evidence indicates the trend starts from a young age. Can we make computer education more gender-inclusive? Presenting technology in familiar, non-threatening contexts can lead to more balanced gender participation. For example, Chibitronics uses the context of papercraft to present electronics to beginners; the familiarity of papercraft improves the participation of women of all ages in the creation of electronics. Based on these learnings, we have devised the “Love to Code” platform, an open source hardware-to-cloud stack which combines the familiarity of paper craft with a web-based, driver-free embedded firmware development environment based on FSK audio provisioning via a headphone jack. In this talk, we will dive into the novel open source technical contributions of this platform, which includes the audio-based provisioning protocol and the unique rigid-flex design of the circuitry enabling papercraft integration, as well as the multi-threaded client OS and cloud infrastructure required to complete the picture. This combination of new technology with familiar interfaces aims to lower the barrier to computer education, thus making coding a more accessible and inclusive activity. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/7975.html

Building Custom Pinball Machines (33c3)

Thu, 29 Dec 2016 16:00:00 +0100

How to build a pinball machine? We introduce you to all basics and explain the different options for hardware and software. As an example, we show images of our own custom pinball machine. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8012.html

Memory Deduplication: The Curse that Keeps on Giving (33c3)

Thu, 29 Dec 2016 12:45:00 +0100

We are 4 security researchers who have collectively worked on 3 different attack techniques that all (ab)use memory deduplication in one way or another. There is a cross-vm data leak attack, a cross-vm data write attack, and an in-sandbox (MS Edge) Javascript data leak + full memory read/write attack based in MS Edge. In this talk we detail how memory deduplication works and the many different ways it is exploited in our attacks. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8022.html

Liberté, Égalité, Fraternité... and privacy ?! (33c3)

Thu, 29 Dec 2016 14:00:00 +0100

France is under a state of emergency since November 2015. Several laws and a more intrusive surveillance framework, infringing rights and freedoms, have been adopted these recent years in the name of the fight against terrorism. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8072.html

Machine Dreams (33c3)

Thu, 29 Dec 2016 16:00:00 +0100

Artificial Intelligence provides a conceptual framework to understand mind and universe in new ways, clearing the obstacles that hindered the progress of philosophy and psychology. Let us see how AI can help us to understand how our minds create the experience of a universe. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8369.html

Dissecting HDMI (33c3)

Thu, 29 Dec 2016 17:15:00 +0100

Ever wondered what is actually happening when a speaker can't get their laptop to project? While developing the FPGA-based HDMI2USB.tv open hardware for recording conferences, we discovered just how convoluted the HDMI protocol can be. Come hear all the horrible details! about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8057.html

Technologien für und wider Digitale Souveränität (33c3)

Thu, 29 Dec 2016 17:15:00 +0100

''Technologien für und wider Digitale Souveränität'' Die weltweite Vernetzung ist die tiefgreifendste Veränderung seit der industriellen Revolution. In einer Zeit der maßlose Massenüberwachung scheint die Digitale Souveränität den Einsatz privatsphärenfreundlicher Technologien als ein unverzichtbarer Bestandteil von gesellschaftlichen Lösungsversuchen zwingend zu erfordern. In unserem Beitrag möchten wir hackerrelvante Teilaspekte und Verfahren aus einer Studie für das Bundesministerium für Justiz und Verbraucherschutz vorstellen. Unter anderem sind hier kryptographische Protokolle (z. B. Blinde Signaturen, Zero-Knowlege Protokolle) und Methoden zur statistischen Auswertung von vertraulichen Daten (z.B. K-Anonymität, Differentielle Vertraulichkeit) zu nennen. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8097.html

Talking Behind Your Back (33c3)

Thu, 29 Dec 2016 17:15:00 +0100

In the last two years, the marketing industry started to show a fast increasing interest in technologies for user cross-device tracking, proximity tracking, and their derivative monetization schemes. To meet these demands, a new ultrasound-based technology has recently emerged and is already utilized in a number of different real-world applications. Ultrasound tracking comes with a number of desirable features (e.g., easy to deploy, inaudible to humans), but alarmingly until now no comprehensive security analysis of the technology has been conducted. In this talk, we will publish the results of our security analysis of the ultrasound tracking ecosystem, and demonstrate the practical security and privacy risks that arise with its adoption. Subsequently, we will introduce some immediately deployable defense mechanisms for practitioners, researchers, and everyday users. Finally, we will initiate the discussion for the standardization of ultrasound beacons, and outline our proposed OS-level API that enables both secure and effortless deployment for ultrasound-enabled applications. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8336.html

Do as I Say not as I Do: Stealth Modification of Programmable Logic Controllers I/O by Pin Control Attack (33c3)

Thu, 29 Dec 2016 16:00:00 +0100

Input/Output is the mechanisms through which embedded systems interact and control the outside world. Particularly when employed in mission critical systems, the I/O of embedded systems has to be both reliable and secure. Embedded system’s I/O is controlled by a pin based approach. In this work, we investigate the security implications of embedded system’s pin control. In particular, we show how an attacker can tamper with the integrity and availability of an embedded system’s I/O by exploiting cerain pin control operations and the lack of hardware interrupts associated to them. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/7853.html

A New Dark Age (33c3)

Thu, 29 Dec 2016 17:15:00 +0100

James Bridle is a British writer and artist living in Greece. His work explores the impact of technology on society, law, geography, politics, and culture. His Drone Shadow installations have appeared on city streets worldwide, he has mapped deportation centres with CGI, designed new kinds of citizenship based on online behaviour. and used neural networks and satellite images to predict election results. A New Dark Age is an exploration of what we can no longer know about the world, and what we can do about it. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8163.html

No Love for the US Gov. (33c3)

Thu, 29 Dec 2016 18:30:00 +0100

Lauri Love has never set foot in the United States, yet he is facing a potential century in jail if extradited for his alleged involvement in #OpLastResort, an Anonymous-related protest action that occurred in response to the death of Aaron Swartz. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8438.html

Decoding the LoRa PHY (33c3)

Thu, 29 Dec 2016 18:30:00 +0100

LoRa is an emerging Low Power Wide Area Network, a new class of wireless technology designed to connect everything from streetlights to intelligent mousetraps. I will discuss the design and security implications of LPWANs, dive deep into the LoRa PHY, and demonstrate sniffing and injection with an open source LoRa transceiver built on commodity Software Defined Radio tools. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/7945.html

Hochsicherheits-Generalschlüssel Marke Eigenbau (33c3)

Thu, 29 Dec 2016 18:30:00 +0100

Die Verfügbarkeit preiswerter Maschinentechnik und Open Source CAD-Software hat den Aufwand des Herstellens eigener mechanischer Schlüssel signifikant abgesenkt, die wir noch vor zehn Jahren als „sicher“ bezeichnet haben. Klassische Zylinderschlösser sind in der Vergangenheit bereits ausführlich analysiert worden, doch wie sieht die Situation bei anspruchsvolleren mechanischen Schließsystemen aus? Wir zeigen, wie man den Generalschlüssel einer hoch präzisen, hochpreisigen Schließanlage ermittelt. Weiterhin präsentieren wir unseren Workflow der Software und Mechanik, mit dem man Rohlinge und Schlüssel eines Hochsicherheitssystem mit einer „Low Cost“ CNC-Fräse herstellen kann. Im Gegensatz zum 3D-Drucken bietet uns dies eine deutlich höhere Präzision und mechanische Stabilität - und das für unter 2 Euro pro Schlüssel. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8139.html

An Elevator to the Moon (and back) (33c3)

Thu, 29 Dec 2016 18:30:00 +0100

Why is it so hard to go to the Moon? The curse of Newtonian Mechanics and Tsiolkovsky's Rocket Equation force us to build huge rockets to achieve any meaningful activity on the Moon. There are two strategies to hack the laws of celestial mechanics: making fuel on the Moon and using cables to climb out of the gravity well. Here we focus on the latter, which is the Moon version of the famous space elevator. The difference to an Earth elevator is - anelevator to the Moon's surface is realistic with today's materials. In the talk an introduction to the general problem is given and a starting point for a discussion is given that can easily lead to a sustainable access to the Moon if there is demand to do so. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8407.html

How do we know our PRNGs work properly? (33c3)

Thu, 29 Dec 2016 11:30:00 +0100

Pseudo-random number generators (PRNGs) are critical pieces of security infrastructure. Yet, PRNGs are surprisingly difficult to design, implement, and debug. The PRNG vulnerability that we recently found in GnuPG/Libgcrypt (CVE-2016-6313) survived 18 years of service and several expert audits. In this presentation, we not only describe the details of the flaw but, based on our research, explain why the current state of PRNG implementation and quality assurance downright provokes incidents. We also present a PRNG analysis method that we developed and give specific recommendations to implementors of software producing or consuming pseudo-random numbers to ensure correctness. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8099.html

radare demystified (33c3)

Thu, 29 Dec 2016 11:30:00 +0100

radare is a libre framework and a set of tools to ease several tasks related to reverse engineering, exploiting, forensics, binary patching, .. this year, the project gets 10 year old. In the process, the design evolved and several new functionalities has appeared, defining better development rules, improving code reviews and introducing RDD and fuzzing as part of the development process. Constant refactoring, writing usage examples and documentation and giving talks, to enlarge the community has been key elements to reach the great user base and health the project lives nowadays. This year, in order to celebrate the 10th anniversary, the author organized the first r2con, a congress around the tool that aims to be an excuse for sharing knowledge, tools, scripts about what different parties and people is doing with it. The congress was pretty successful and allowed to meet developers, users and other interested parties for learning more about the future of the tool and understanding its capabilities. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8095.html

Million Dollar Dissidents and the Rest of Us (33c3)

Thu, 29 Dec 2016 11:30:00 +0100

In August 2016, Apple issued updates to iOS and macOS that patched three zero-day vulnerabilities that were being exploited in the wild to remotely install persistent malcode on a target’s device if they tapped on a specially crafted link. We linked the vulnerabilities and malcode to US-owned, Israel-based NSO Group, a government-exclusive surveillance vendor described by one of its founders as “a complete ghost”. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8115.html

Eine kleine Geschichte der Parlamentsschlägerei (33c3)

Thu, 29 Dec 2016 00:15:00 +0100

Der Vortrag gibt einen Abriss über die Geschichte der Parlamentsschlägerei, ordnet diese politisch und geografisch ein - um dann die verschiedenen Typen und Formen anhand von Videomaterial zu zeigen und gemeinsam zu analysieren. Die beiden Vortragenden betreiben seit 2010 gemeinsam das weltweit einzige Fachblog für Parlamentsschlägereien. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8021.html

SpiegelMining – Reverse Engineering von Spiegel-Online (33c3)

Wed, 28 Dec 2016 21:45:00 +0100

Seit Mitte 2014 hat David fast 100.000 Artikel von Spiegel-Online systematisch gespeichert. Diese Datenmasse wird er in einem bunten Vortrag vorstellen und erforschen. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/7912.html

ATMs how to break them to stop the fraud (33c3)

Wed, 28 Dec 2016 23:00:00 +0100

How to stop the ATMs fraud? How to protect ATMs from attacks such as black box jackpotting? How to prevent network hijacking such as rogue processing center or MiTM? Some of these issues can be fixed by configuration means, some fixed by compensation measures, but many only by vendor. We will tell you about what bank can do now and what we as a community of security specialists should force to vendors. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8273.html

Code BROWN in the Air (33c3)

Wed, 28 Dec 2016 23:00:00 +0100

The talk is about the paging system, an old technology in the 90's, used in healthcare, ICS and government, a systematic review of security impacts that it brought to us in the age of SDR, covering the United States, Canada, England and Japan. By sniffing known pager frequencies in the general vicinity of hospitals, factories and public facilities with a $20 DVB-T, we discovered that not only is pager technology alive and kicking, but much of the traffic is not encrypted, resulting in violation of privacy laws and more importantly, leaks of sensitive information. The talk is not about the protocol nor the hardware device. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8042.html

Fnord-Jahresrückblick (33c3)

Thu, 29 Dec 2016 00:45:00 +0100

Wenn mal wieder der Zensor pinkeln war, wenn DAMIT ja wohl NIEMAND rechnen konnte, wenn es um demokratisch legitimiertes Baumanagement oder um Stahlbälle geht, dann ist es wieder an der Zeit für eine lockere Abendshow mit den High- und Lowlights des Jahres. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/7960.html

Durchmarsch von Rechts (33c3)

Wed, 28 Dec 2016 23:00:00 +0100

Seit einigen Jahren formieren sich am rechten Rand der Gesellschaft explosionsartig neue rassistische, völkisch-nationalistische und offen nazistische Strömungen, Gruppen und Parteien. Einen erschreckenden Verstärker findet das neue braune Getöse in den sozialen Medien und sein Resonanzraum reicht inzwischen bis weit in die Mitte der Gesellschaft. Teil des Problems sind institutioneller Rassismus in den Behörden und unkontrollierbare Geheimdienste, die den Mob gewähren lassen: Dafür bietet der NSU-Komplex ein erschütterndes Beispiel. Vor dem neuen, sehr lauten, in der Tendenz aber auch gewalttätigen und terroristischen Phänomen rechter Formierung stehen Linke und bürgerliche Mitte ziemlich verdattert und hilflos. Jetzt kommt es darauf an, diese Hilflosigkeit zu überwinden, das Geschehen zu analysieren und sich Gegenstrategien einfallen zu lassen. Das ist „unser“ Job. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8439.html

Intercoms Hacking (33c3)

Wed, 28 Dec 2016 21:45:00 +0100

To break into a building, several methods have already been discussed, such as trying to find the code paths of a digicode, clone RFID cards, use some social engineering attacks, or the use of archaic methods like lockpicking a door lock or breaking a window.

New methods are now possible with recent intercoms. Indeed, these intercoms are used to call the tenants to access the building. But little study has been performed on how these boxes communicate to request and grant access to the building.

In the past, they were connected with wires directly to apartments. Now, these are more practical and allow residents to open doors not only from their classic door phone, but to forward calls to their home or mobile phone. Private houses are now equipped with these new devices and its common to find these “connected” intercoms on recent and renovated buildings.

In this short paper we introduce the Intercoms and focus on one particular device that is commonly installed in buildings today. Then we present our analysis on an interesting attack vector, which already has its own history. After this analysis, we present our environment to test the intercoms, and show some practical attacks that could be performed on these devices. During this talks, the evolution of our mobile lab and some advances on the 3G intercoms, and M2M intercoms attacks will be also presented.

about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8027.html

Build your own NSA (33c3)

Wed, 28 Dec 2016 20:30:00 +0100

When thinking about surveillance, everyone worries about government agencies like the NSA and big corporations like Google and Facebook. But actually there are hundreds of companies that have also discovered data collection as a revenue source. We decided to do an experiment: Using simple social engineering techniques, we tried to get the most personal you may have in your procession. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8034.html

Shining some light on the Amazon Dash button (33c3)

Wed, 28 Dec 2016 23:00:00 +0100

This talk will explore the hard- and software of the Amazon Dash button. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8398.html

The Untold Story of Edward Snowden’s Escape from Hong Kong (33c3)

Wed, 28 Dec 2016 18:30:00 +0100

On June 9, 2013, Edward Snowden revealed massive civil rights abuses by the NSA. On June 10, Snowden didn’t know where to hide. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8416.html

SpinalHDL : An alternative hardware description language (33c3)

Wed, 28 Dec 2016 21:45:00 +0100

Since too long we use VHDL and Verilog to describe hardware. SpinalHDL is an alternative language which does its best to prove that it is time to do a paradigm shift in hardware description. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/7873.html

Downgrading iOS: From past to present (33c3)

Wed, 28 Dec 2016 20:30:00 +0100

This talk is about the iOS secure boot chain and how it changed throughout different iOS versions, while focusing on downgrading despite countermesures. It will explain basics like what SHSH blobs and APTickets are and how IMG3 and IMG4 file format works. Also a new technique called "prometheus" will be introduced which allows for the first time downgrading 64bit devices. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/7888.html

A world without blockchain (33c3)

Wed, 28 Dec 2016 18:30:00 +0100

Instant money transfer, globally without borders and 24/7. That’s one of the promises of Bitcoin. But how does national and international money transfer work in the world of banks? about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8315.html

Lightning Talks Day 2 (33c3)

Wed, 28 Dec 2016 12:45:00 +0100

about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8087.html

Copywrongs 2.0 (33c3)

Wed, 28 Dec 2016 16:00:00 +0100

EU copyright reform plans threaten freedom of expression: Commissioner Günther Oettinger wants to make sharing even the tiniest snippets of news content subject to costly licensing, and obligate internet platforms to monitor all user uploads. We can still stop these proposals – if you join the fight now. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8229.html

Stopping law enforcement hacking (33c3)

Wed, 28 Dec 2016 18:30:00 +0100

We didn’t win the second crypto wars. Governments merely made a strategic retreat and they’ll be back. Although they will likely give up on trying to regulate or prohibit encryption, we should expect that malware and law enforcement hacking will play a starring role in the next battle in the crypto wars. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8136.html

Searchwing - Mit Drohnen leben retten (33c3)

Wed, 28 Dec 2016 17:15:00 +0100

Refugees are dying in the Mediterranean Sea. Thousands of them. We are building fixed wing drones, autonomously searching for refugee-vessels in a radius of 50km around a base-ship. The association "Seawatch e.V." has bought two well equipped Ships to help and rescue those people. But to help them we first have to find them. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/7963.html

Einführung zu Blockchains (33c3)

Wed, 28 Dec 2016 17:15:00 +0100

Blockchain ist die Technologie welche moderne Kryptowährungen ermöglicht. In dem Vortrag wird die Funktionsweise von Blockchains ganz allgemein erklärt. Anhand der Bitcoin Blockchain wird ausserdem gezeigt, wie diese Funktionen in einem echten System umgesetzt werden können. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/7824.html

Formal Verification of Verilog HDL with Yosys-SMTBMC (33c3)

Wed, 28 Dec 2016 17:15:00 +0100

Yosys is a free and open source Verilog synthesis tool and more. It gained prominence last year because of its role as synthesis tool in the Project IceStorm FOSS Verilog-to-bitstream flow for iCE40 FPGAs. This presentation however dives into the Yosys-SMTBMC formal verification flow that can be used for verifying formal properties using bounded model checks and/or temporal induction. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/7922.html

On the Security and Privacy of Modern Single Sign-On in the Web (33c3)

Wed, 28 Dec 2016 18:30:00 +0100

Many web sites allow users to log in with their Facebook or Google account. This so-called Web single sign-on (SSO) often uses the standard protocols OAuth and OpenID Connect. How secure are these protocols? What can go wrong?

OAuth and OpenID Connect do not protect your privacy at all, i.e., your identity provider (e.g., Facebook or Google) can always track, where you log in. Mozilla tried to create an authentication protocol that aimed to prevent tracking: BrowserID (a.k.a. Persona). Did their proposition really solve the privacy issue? What are the lessons learned and can we do better?

about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/7827.html

3 Years After Snowden: Is Germany fighting State Surveillance? (33c3)

Wed, 28 Dec 2016 17:15:00 +0100

Germany has a good reputation for strong data protection. It also features the only parliamentary inquiry committee investigating the Snowden revelations. But what are actual results of parliamentary, journalistic and public engagement?

about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8117.html

Die Sprache der Populisten (33c3)

Wed, 28 Dec 2016 16:00:00 +0100

Mit dem Erstarken der Rechtspopulisten (nicht nur in Deutschland) werden populistische Positionen immer häufiger hingenommen, obwohl es sich dabei um vermeintliche "Gewissenheiten" handelt, die bei näherer Betrachtung inakzeptabel sind. Solche Positionen beruhen nicht auf einer nachvollziehbaren Argumentation, sondern auf sprachlich-rhetorischen Tricks, die im Grunde leicht zu durchschauen sind, denen jedoch immer mehr Menschen auf den Leim gehen. Dieser Vortrag soll zeigen, welche Tricks das sind und wie Populisten demaskiert werden können. Dabei wird deutlich werden, dass nicht nur eine Partei für populistische Parolen anfällig ist. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8037.html

Hacking Reality (33c3)

Wed, 28 Dec 2016 16:00:00 +0100

Inspired by a long history of bold reality hacks this talk considers the kinds of potentials opening up through emerging Virtual Reality (VR) and Mixed Reality technologies. In this current moment of climate crisis and structural metamorphosis how can we work with powerful immersive technologies to understand our own perceptual systems, to radically communicate and to innovate new ways of being together? about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8317.html

No USB? No problem. (33c3)

Wed, 28 Dec 2016 16:00:00 +0100

How to get USB running on an ARM microcontroller that has no built in USB hardware. We'll cover electrical requirements, pin assignments, and microcontroller considerations, then move all the way up the stack to creating a bidirectional USB HID communications layer entirely in software. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8031.html

Space making/space shaping (33c3)

Tue, 27 Dec 2016 16:00:00 +0100

What are the politics and aesthetics of mapping? An introduction how cartography shapes cities and landscapes, creates borders and determines the perception of our environment. How an evolving mix of high-resolution satellite imagery, algorithm-based mappings and the huge amount of data of digitized cities will enhance these effects? And in contrast, how can maps be designed, that question the “objectivity” and “correctness” of conventional cartography? about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/7958.html

Recount 2016: An Uninvited Security Audit of the U.S. Presidential Election (33c3)

Wed, 28 Dec 2016 14:30:00 +0100

The 2016 U.S. presidential election was preceded by unprecedented cyberattacks and produced a result that surprised many people in the U.S. and abroad. Was it hacked? To find out, we teamed up with scientists and lawyers from around the country—and a presidential candidate—to initiate the first presidential election recounts motivated primarily by e-voting security concerns. In this talk, we will explain how the recounts took place, what we learned about the integrity of the election, and what needs to change to ensure that future U.S. elections are secure. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8074.html

Lockpicking in the IoT (33c3)

Tue, 27 Dec 2016 21:45:00 +0100

"Smart" devices using BTLE, a mobile phone and the Internet are becoming more and more popular. We will be using mechanical and electronic hardware attacks, TLS MitM, BTLE sniffing and App decompilation to show why those devices and their manufacturers aren't always that smart after all. And that even AES128 on top of the BTLE layer doesn't have to mean "unbreakable". Our main target will be electronic locks, but the methods shown apply to many other smart devices as well... about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8019.html

Welcome to the Anthropocene? (33c3)

Wed, 28 Dec 2016 13:00:00 +0100

The Anthropocene is widely understood to mean the current "period of Earth's history during which humans have a decisive influence on the state, dynamics and future" of this planet. For several years, scientists in the Working Group on the 'Anthropocene' (AWG) have worked (and voted!) on defining the beginning of the Anthropocene in geochemical terms. The mid-20^th century provides an obvious geochemical 'timestamp': fallout from nuclear weapons detonations. Which other chemicals and timestamps are being considered for marking the Anthropocene's start? How is 'define-by-committee' even working out for geological epochs? This talk boils the scientific background of the Anthropocene debate down for non-stratigraphers. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/7860.html

Von Kaffeeriechern, Abtrittanbietern und Fischbeinreißern (33c3)

Wed, 28 Dec 2016 14:30:00 +0100

Aus ihrem Buch „Von Kaffeeriechern, Abtrittanbietern und Fischbeinreißern – Berufe aus vergangenen Zeiten“: es geht darin um Berufe, die einfach verschwunden sind, deren Bezeichnung bereits in Bedeutungslosigkeit versunken sind. Aber was machte z.B. ein Kaffeeriecher? Er war kein Hipster-Barista, sondern ein Auswuchs der Politik von Friedrich II.: durch den Schmuggel von Kaffeebohnen sah sich Friedrich II genötigt, ausgediente Kriegsveteranen durch Berlin zu schicken. Sie durften in die Häuser der Bürger eindringen, um unversteuerten Kaffee aufzufinden. Sie verletzten dabei die Privatsphäre und schnüffelten buchstäblich nach einem Vergehen. Anders als die Überwachung im Netz heute waren sie laut und derb und nicht unsichtbar. Den Bürgern waren sie so verhasst, dass sie sich gegen sie aufbäumten. Nach nur acht Jahre war der Spuk vorbei, die Kaffeeriecher wurden durch Protest des Volkes ausrangiert. Wäre es heute nur so einfach. Akribisch nach Fakten, Formen und Verbindungen suchend, entstand auch die Auftragsarbeit „Altes Handwerk“ , für die Stiftung Preußischer Kulturbesitz: ein Jahr lang wühlte Michaela Vieser in den Archiven des BPK: zum Teil lagen die Bilder in einer alten Kegelbahn in einem Offizierskasino in Charlottenburg. Die Fotografien stammen aus einer Zeit, als der Fotograf selbst noch Handwerker war. Anhand der Bilder lassen sich Ästhetik und Funktionalität des neuen Berufes klar erkennen. Das Buch wurde gemeinsam in einem Interview mit dem Bundesarbeitsminister im Radio vorgestellt, es war über zwei Jahre lang das wichtigste Buch des Verlags Braun editions. Im Folgewerk „Das Zeitalter der Maschinen – Von der Industrialisierung des Lebens“ geht es um den Übergang in die Industrielle Revolution: „Die Zeit“ schreibt: „Seit der Industrialisierung bestimmen Maschinen unseren Alltag – damals waren sie aus Eisen und Stahl, und manche überlebensgroß. Heute denken wir über die winzigen Chips schon gar nicht mehr nach, die Smartphones oder Autos steuern. Doch damals revolutionierten die Maschinen nicht nur die Wirtschaft, sondern das ganze Leben. Ein neuer Bildband vermittelt einen Eindruck davon, wie sehr.“ Michaela Vieser zieht im Vorwort die Parallele zur Digitalen Revolution. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8418.html

Haft für Whistleblower? (33c3)

Wed, 28 Dec 2016 14:30:00 +0100

Der neue Straftatbestand der Datenhehlerei gem. § 202d StGB kriminalisiert Whistleblower und droht mit Haftstrafe bis zu drei Jahren oder Geldstrafe. Das schwächt die Zivilgesellschaft und verhindert wichtige demokratische Aufklärungsprozesse. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8181.html

Wheel of Fortune (33c3)

Wed, 28 Dec 2016 13:45:00 +0100

Secure random number generators play a crucial role in the wider security ecosystem. In the absence of a dedicated hardware True Random Number Generator (TRNG), computer systems have to resort to a software (cryptographically secure) Pseudo-Random Number Generator (CSPRNG). Since the (secure) design of a CSPRNG is an involved and complicated effort and since randomness is such a security-critical resource, many operating systems provide a CSPRNG as a core system service and many popular security software products assume their presence. The constraints imposed by the embedded world, however, pose a variety of unique challenges to proper OS (CS)PRNG design and implementation which have historically resulted in security failures. In this talk we will discuss these challenges, how they affect the quality of (CS)PRNGs in embedded operating systems and illustrate our arguments by means of the first public analysis of the OS random number generators of several popular embedded operating systems. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/7949.html

In Search of Evidence-Based IT-Security (33c3)

Wed, 28 Dec 2016 13:45:00 +0100

Applied IT security is largely a science-free field. The IT-Security industry is selling a range of products with often very questionable and sometimes outright ridiculous claims. Yet it's widely accepted practice among users and companies that protection with security appliances, antivirus products and firewalls is a necessity. There are no rigorous scientific studies that try to evaluate the effectiveness of most security products or strategies. Evidence-based IT security could provide a way out of the security nihilism that's often dominating the debate – however it doesn't exist yet. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8169.html

Gone in 60 Milliseconds (33c3)

Wed, 28 Dec 2016 13:45:00 +0100

More and more businesses are moving away from monolithic servers and turning to event-driven microservices powered by cloud function providers like AWS Lambda. So, how do we hack in to a server that only exists for 60 milliseconds?

This talk will show novel attack vectors using cloud event sources, exploitabilities in common server-less patterns and frameworks, abuse of undocumented features in AWS Lambda for persistent malware injection, identifying valuable targets for pilfering, and, of course, how to exfiltrate juicy data out of a secure Virtual Private Cloud.

about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/7865.html

You can -j REJECT but you can not hide: Global scanning of the IPv6 Internet (33c3)

Tue, 27 Dec 2016 23:00:00 +0100

In this talk we will explore and present various IPv6 scanning techniques that allow attackers to peek into IPv6 networks. With the already known difference between IPv4 and IPv6 firewalling (the latter is worse... ) we then demonstrate how these techniques can be combined and used to obtain a large-scale view on the state of IPv6 in infrastructures and data centers. To give the whole issue a somewhat more fun dimension, we will also look at some (security) sensitive applications of this technique. Complimentary code-snippets will be provided. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8061.html

Der 33 Jahrerückblick (33c3)

Wed, 28 Dec 2016 11:30:00 +0100

The proper relationship of technology and politics have been the subject of an evergreen debate on the floor of the Chaos Communication Congress. Rather than taking a position in this debate, we are asking how the two have been co-articulated in practice so far by CCC participants? about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8266.html

Hacking the World (33c3)

Wed, 28 Dec 2016 13:00:00 +0100

In this lecture I wish to reflect on the maturation of the security and hacking communities and their role in larger societal and political participation. We'll reflect on the predominant role that technology has been growing into our lives, and the responsibilities we have in nurturing it. After having spent the last years in researching, exposing, and preventing the electronic targeting of dissidents and journalists, I hope to synthesize my experience and suggest how to reconsider our tactics, the successes, and the failures, and hopefully draw some inspiration for a brighter future. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8349.html

Tapping into the core (33c3)

Wed, 28 Dec 2016 13:00:00 +0100

Engaging universally available deep debug functionality of modern Intel cores, with zero software or hardware modifications required on the target side. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8069.html

Syrian Archive (33c3)

Wed, 28 Dec 2016 12:15:00 +0100

Journalists and human rights groups need to find and use verified visual evidence in order to accurately report about what’s happening in conflict zones. In the case of Syria, there are more hours of online footage online than there have been hours of conflict. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/7909.html

How physicists analyze massive data: LHC + brain + ROOT = Higgs (33c3)

Wed, 28 Dec 2016 12:15:00 +0100

Physicists are not computer scientists. But at CERN and worldwide, they need to analyze petabytes of data, efficiently. Since more than 20 years now, ROOT helps them with interactive development of analysis algorithms (in the context of the experiments' multi-gigabyte software libraries), serialization of virtually any C++ object, fast statistical and general math tools, and high quality graphics for publications. I.e. ROOT helps physicists transform data into knowledge. The presentation will introduce the life of data, the role of computing for physicists and how physicists analyze data with ROOT. It will sketch out how some of us foresee the development of data analysis given that the rest of the world all of a sudden also has big data tools: where they fit, where they don't, and what's missing. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8083.html

The Clash of Digitalizations (33c3)

Wed, 28 Dec 2016 12:15:00 +0100

This talk discusses the representation of Arab males in video games and the adverse effect it has on the collective political imagination. Anonymous military-aged Arab men become increasingly the exception to the laws of human rights, and become default targets for conventional and unmanned drone attacks. This devolution is seen through the lens of the changing nature of conflict through digitalization, the collapse of the nation state in Iraq and Syria, and the future of war. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8419.html

A look into the Mobile Messaging Black Box (33c3)

Wed, 28 Dec 2016 11:30:00 +0100

Most of us use mobile messaging every day. We use certain apps that we chose for a number of factors, like our friends using it, good press, privacy promises, or simply their feature sets. This talk aims to enable more of us to reason about the privacy and security of messaging apps. We will try to present simple analogies translating abstract security and privacy expectations into concrete feature sets. We will illustrate these features using the the popular messaging app Threema. Our analysis of its protocol is based on our own reverse-engineering efforts and a re-implementation of the Threema protocol that we will release during the talk. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8062.html

International exchange of tax information (33c3)

Wed, 28 Dec 2016 11:30:00 +0100

The Common Reporting Standard is a multinational agreement signed by more than 80 nations, including all EU member states. The signatories promised to exchange bank account information on foreigners. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/7880.html

Es sind die kleinen Dinge im Leben (33c3)

Wed, 28 Dec 2016 11:30:00 +0100

Jeder weiß ungefähr was ein Mikroskop ist und vielleicht hat man auch mal davon gehört das da immernoch dran geforscht wird – Stichwort Hochauflösungsmikroskopie (Nobelpreis 2014 in Chemie). Es gibt deutlich mehr Mikroskope in der professionellen Forschung als es Teleskope gibt, deutlich mehr – und da könnte man sich jetzt fragen: "Warum sehe ich so viele Bilder von Sterne, aber kaum Mikroskopiebilder von öffentlichen Einrichtungen und Stellen?". Um diese Frage zu beantworten will ich kurz in die Welt der Hochauflösungsmikroskopie einführen und die Techniken erklären. Ein bisschen über die Community erzählen und versuchen klar zu machen, warum es hier mit der Offenheit noch etwas hapert. UND: Es soll auch mikroskopiert werden. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8237.html

Nicht öffentlich. (33c3)

Wed, 28 Dec 2016 00:15:00 +0100

Der NSA-Untersuchungsausschuss im Bundestag soll aufklären, was die NSA in Deutschland tut und wie deutsche Geheimdienste in diese Aktivitäten verwickelt sind. Fast wie in einer Gerichtsverhandlung – doch es gibt eine Besonderheit: Der Zeuge ist der BND, ein Geheimdienst. Und der tut alles dafür, nichts zu verraten. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8116.html

Woolim – Lifting the Fog on DPRK’s Latest Tablet PC (33c3)

Tue, 27 Dec 2016 23:00:00 +0100

Last year we have been talking about DPRK’s operating system Red Star OS and its surveillance features. We have identified a watermarking mechanism and gave an insight on the internals of the operating system itself. This year we will be talking about one of DPRK’s Tablet PCs, called Woolim. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8143.html

Visiting The Bear Den (33c3)

Tue, 27 Dec 2016 23:00:00 +0100

Sednit, a.k.a Fancy Bear/APT28/Sofacy, is a group of attackers operating since at least 2004 and whose main objective is to steal confidential information from specific targets. Over the past two years, this group's activity increased significantly, in particular with numerous attacks against foreign affairs ministries and embassies all over the world. They are supposedly behind the DNC hack, and the WADA hack, which happened earlier this year. This talk presents the results of a two-year hunt after Sednit, during which we dug up and analyzed many of their software. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8094.html

Console Hacking 2016 (33c3)

Tue, 27 Dec 2016 23:00:00 +0100

Last year, we demonstrated Linux running on the PS4 in a lightning talk - presented on the PS4 itself. But how did we do it? In a departure from previous Console Hacking talks focusing on security, this year we're going to focus on the PS4 hardware, what makes it different from a PC, and how we reverse engineered it enough to get a full-blown Linux distro running on it, complete with 3D acceleration. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/7946.html

Netzpolitik in der Schweiz 2016 (33c3)

Tue, 27 Dec 2016 20:30:00 +0100

Ein Überblick zur netzpolitischen Situation in der Schweiz. Wir geben einen umfassenden Rückblick auf das ereignissreiche Jahr 2016, in dem die Schweizer Bevölkerung über gleich zwei Massenüberwachungsgesetze entschieden hat. Die netzpolitischen Gruppierungen haben mit viel Einsatz gegen die Gesetze gekämpft . Wir berichten darüber, wie wir das angengangen sind, wie es ausgegangen ist und was wir dabei gelernt haben. Zudem machen wir einen Ausblick auf kommende netzpolitische Herausforderungen. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8264.html

Netzpolitik in Österreich (33c3)

Tue, 27 Dec 2016 21:45:00 +0100

Die Netzpolitik der österreichischen Bundesregierung hat sich im Jahr 2016 nicht besser dargestellt als die Jahre davor: Neue Überwachungsgesetze, (bislang erfolgreich verhinderte) Versuche eine staatliche Spionagesoftware (Bundestrojaner) einzuführen, der ewige Kampf um ein Transparenzgesetz, eine scheinheilige Simulation demokratischer Partizipation und das totglaubte E-Voting sind brennende Themen und bedürfen einer breiten gesellschaftlichen Diskussion. Der AKVorrat zeigt in einem netzpolitischen Jahresrückblick, was wir dagegen tun können und zeigt, dass Zivilgesellschaft wirkt. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8293.html

Deploying TLS 1.3: the great, the good and the bad (33c3)

Tue, 27 Dec 2016 21:45:00 +0100

Transport Layer Security (TLS) 1.3 is almost here. The protocol that protects most of the Internet secure connections is getting the biggest ever revamp, and is losing a round-trip. We will explore differences between TLS 1.3 and previous versions in detail, focusing on the security improvements of the new protocol as well as some of the challenges we face around securely implementing new features such as 0-RTT resumption. At Cloudflare we will be the first to deploy TLS 1.3 on a wide scale, and we’ll be able to discuss the insights we gained while implementing and deploying this protocol. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8348.html

What's It Doing Now? (33c3)

Tue, 27 Dec 2016 18:15:00 +0100

Legend has it that most airline pilots will at one time have uttered the sentence "What's it Doing now?", whenever the autopilot or one of its related systems did something unexpected. I will be exploring some high-profile accidents in which wrong expectations of automation behaviour contributed to the outcome. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8033.html

Where in the World Is Carmen Sandiego? (33c3)

Tue, 27 Dec 2016 21:45:00 +0100

Travel booking systems are among the oldest global IT infrastructures, and have changed surprisingly little since the 80s. The personal information contained in these systems is hence not well secured by today's standards. This talk shows real-world hacking risks from tracking travelers to stealing flights. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/7964.html

Dieselgate – A year later (33c3)

Tue, 27 Dec 2016 19:00:00 +0100

At 32C3 we gave an overview on the organizational and technical aspects of Dieselgate that had just broken public three months before. In the last year we have learned a lot and spoken to hundreds of people. Daniel gives an update on what is known and what is still to be revealed. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8131.html

Nintendo Hacking 2016 (33c3)

Tue, 27 Dec 2016 20:30:00 +0100

This talk will give a unique insight of what happens when consoles have been hacked already, but not all secrets are busted yet. This time we will not only focus on the Nintendo 3DS but also on the Wii U, talking about our experiences wrapping up the end of an era. We will show how we managed to exploit them in novel ways and discuss why we think that Nintendo has lost the game. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8344.html

Software Defined Emissions (33c3)

Tue, 27 Dec 2016 20:30:00 +0100

A technical talk on how to reverse-engineer electronic control units in order to document what was left apparently intentionally undocumented by the vendor – including how Volkswagen tweaked their cycle detection code while already being investigated by the EPA, how different the Volkswagen approach is really to the rest of the industry, and of course some trivia on how the „acoustic function“ got its name. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/7904.html

Make Wi-Fi fast again (33c3)

Tue, 27 Dec 2016 20:30:00 +0100

Mit steigendem Datenaufkommen und einer immer größer werdenden Zahl von Geräten muss auch das WLAN wachsen. Nach "ur WiFi sucks!!1!" ist dieser Talk eine kleine Einführung in die Neuerungen, welche mit dem 802.11ac-Standard gekommen sind und gibt eine Erklärung, wie sie funktionieren. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/7911.html

Untrusting the CPU (33c3)

Tue, 27 Dec 2016 18:15:00 +0100

It is a sad fact of reality that we can no longer trust our CPUs to only run the things we want and to not have exploitable flaws. I will provide an proposal for a system to restore (some) trust in communication secrecy and system security even in this day and age without compromising too much the benefits in usability and speed modern systems provide. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8014.html

Keys of Fury (33c3)

Tue, 27 Dec 2016 19:00:00 +0100

Keys Of Fury is a brutalist storytelling about technology and keystrokes where text is used unadorned and roughcast, like concrete. I define my practice as KYBDslöjd (drawing by Type In) who uses the Commodore 64 computer, Teletext technologies and Typewriter. Brutalism has an unfortunate reputation of evoking a raw dystopia and KYBDslöjd evokes an “object of nostalgia”. But nostalgic‬, ‪retro‬, obsolete or ‪limited‬ are rhetoric qualities earn by constant repetition. We live in a time where hardware and software become obsolete before most of the users have learned how to use them or disappear into pure functionality. The obedience to standards who made us passive observers and consumers. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8408.html

A Data Point Walks Into a Bar (33c3)

Tue, 27 Dec 2016 18:15:00 +0100

tl;dr: Mother Teresa said "If I look at the mass I will never act. If I look at the one, I will." I'll present ways that make us act when looking at the mass. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/7999.html

Bonsai Kitten waren mir lieber - Rechte Falschmeldungen in sozialen Netzwerken (33c3)

Tue, 27 Dec 2016 19:00:00 +0100

Auf der Hoaxmap werden seit vergangenem Februar Gerüchte über Geflüchtete und deren Widerlegungen gesammelt, sortiert und in Kartenform präsentiert. Die Themen sind dabei so vielfältig wie die Erzählformen. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8288.html

Make the Internet Neutral Again (33c3)

Tue, 27 Dec 2016 18:15:00 +0100

After three years the EU has for the first time new Net Neutrality rules. What do they mean in practice? Which commercial practices by ISPs are allowed and which have to be punished by the telecom regulator. We give an overview about three years of campaign and where we go from here. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8076.html

Geolocation methods in mobile networks (33c3)

Tue, 27 Dec 2016 17:30:00 +0100

This talk presents the results of the technical analysis for the German Parliamentary Committee investigating the NSA spying scandal on geolocation methods in mobile networks. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/7966.html

A Story of Discrimination and Unfairness (33c3)

Tue, 27 Dec 2016 16:45:00 +0100

Artificial intelligence and machine learning are in a period of astounding growth. However, there are concerns that these technologies may be used, either with or without intention, to perpetuate the prejudice and unfairness that unfortunately characterizes many human institutions. We show for the first time that human-like semantic biases result from the application of standard machine learning to ordinary language—the same sort of language humans are exposed to every day. We replicate a spectrum of standard human biases as exposed by the Implicit Association Test and other well-known psychological studies. We replicate these using a widely used, purely statistical machine-learning model—namely, the GloVe word embedding—trained on a corpus of text from the Web. Our results indicate that language itself contains recoverable and accurate imprints of our historic biases, whether these are morally neutral as towards insects or flowers, problematic as towards race or gender, or even simply veridical, reflecting the status quo for the distribution of gender with respect to careers or first names. These regularities are captured by machine learning along with the rest of semantics. In addition to our empirical findings concerning language, we also contribute new methods for evaluating bias in text, the Word Embedding Association Test (WEAT) and the Word Embedding Factual Association Test (WEFAT). Our results have implications not only for AI and machine learning, but also for the fields of psychology, sociology, and human ethics, since they raise the possibility that mere exposure to everyday language can account for the biases we replicate here. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8026.html

Routerzwang und Funkabschottung (33c3)

Tue, 27 Dec 2016 17:30:00 +0100

Nach drei Jahren wurde endlich die nutzerunfreundliche Praxis des Routerzwangs („Compulsory Routers“) gesetzlich für unzulässig erklärt, und aktuell treibt uns die EU-Funkabschottung („Radio Lockdown Directive“) um. Um was geht es dabei? Und was können wir daraus für andere Fälle lernen? about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8024.html

Pegasus internals (33c3)

Tue, 27 Dec 2016 17:30:00 +0100

This talk will take an in-depth look at the technical capabilities and vulnerabilities used by Pegasus. We will focus on Pegasus’s features and the exploit chain Pegasus used called Trident. Attendees will learn about Pegasus’s use of 0-days, obfuscation, encryption, function hooking, and its ability to go unnoticed. We will present our detailed technical analysis that covers each payload stage of Pegasus including its exploit chain and the various 0-day vulnerabilities that the toolkit was using to jailbreak a device. After this talk attendees will have learned all of the technical details about Pegasus and Trident and how the vulnerabilities we found were patched. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/7901.html

Kampf dem Abmahnunwesen (33c3)

Tue, 27 Dec 2016 16:45:00 +0100

Im Spannungsfeld zwischen der Vorderfront der Computertechnik und einem Spezialbereich des Urheberrechts hat sich eine Industrie eine Nische geschaffen, in der sie durch Hochspezialisierung und Automatisierung ein einträgliches Geschäft aufgezogen haben. Dabei nehmen sie als Kollateralschaden in Kauf, dass Unschuldige durch die Drohkulisse zum Zahlen bewegt und zum Schließen ihres offenen Netzwerks gebracht werden. Wir beschreiben, was man dagegen tun kann und was wir dagegen schon getan haben. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8388.html

Shut Up and Take My Money! (33c3)

Tue, 27 Dec 2016 16:45:00 +0100

FinTechs increasingly cut the ground from under long-established banks’ feet. With a "Mobile First" strategy, many set their sights on bringing all financial tasks—checking the account balance, making transactions, arranging investments, and ordering an overdraft—on your smartphone. In a business area that was once entirely committed to security, Fintechs make a hip design and outstanding user experience their one and only priority. Even though this strategy is rewarded by rapidly increasing customer numbers, it also reveals a flawed understanding of security. With the example of the pan-European banking startup N26 (formerly Number26), we succeeded independently from the used device to leak customer data, manipulate transactions, and to entirely take over accounts to ultimately issue arbitrary transactions—even without credit. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/7969.html

Anthropology for kids - What is privacy? (33c3)

Tue, 27 Dec 2016 16:45:00 +0100

I would like to present my project called Anthropology for kids and a specific book, that I am working on in the larger framework of this project. This book will look like an ordinary school notebook in which a teacher checks a student if the lesson had been learnt. But it is actually not! I gathered this collection of historical and anthropological notes, so that together with school kids we can think about how the very idea of privacy was developed in different countries and in different historical epochs. In ancient Babylon wealthy women were allowed to cover their faces and their bodies, but the poor ones were not. In the Soviet Union during Stalin times it was dangerous to tell a political joke even in the group of close friends. One of them may report a joke to the authorities. Punishment for a political joke could be a prison sentence. Today more or less all our online communication is watched or recorded by authorities. How does our present relate to other times in history, how is the western notion of privacy related to the ideas in other cultures. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8420.html

Law Enforcement Are Hacking the Planet (33c3)

Tue, 27 Dec 2016 16:00:00 +0100

In early 2015, the Federal Bureau of Investigation hacked computers in Austria, Denmark, Chile, Colombia, Greece, and likely the United Kingdom and Turkey too. In all, the agency used a Tor Browser exploit to target over 4000 computers spread across the world based on a single, arguably illegal warrant. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8018.html

The Nibbletronic (33c3)

Tue, 27 Dec 2016 16:00:00 +0100

The NibbleTronic is a MIDI wind controller that features a novel user interface resulting in a unique tonal range. The standard configuration allows to precisely play a bit more than four full octaves including semitones with only one hand. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/7925.html

Check Your Police Record! (33c3)

Tue, 27 Dec 2016 16:00:00 +0100

Polizeibehörden und Geheimdienste sammeln Daten der Bürger – mehr als je zuvor. Der Bestand an unterschiedlichen Datenbanken ist enorm gewachsen und geradezu unübersichtlich geworden. Aufgrund datenschutzrechtlicher Regelungen gibt es für etliche dieser Datenbanken einen gesetzlichen Auskunftsanspruch des Bürgers. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/7939.html

Predicting and Abusing WPA2/802.11 Group Keys (33c3)

Tue, 27 Dec 2016 14:00:00 +0100

We analyze the generation and management of WPA2 group keys. These keys protect broadcast and multicast Wi-Fi traffic. We discovered several issues and illustrate their importance by decrypting all group (and unicast) traffic of a typical Wi-Fi network. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8195.html

Zwischen Technikbegeisterung und kritischer Reflexion: Chaos macht Schule (33c3)

Tue, 27 Dec 2016 14:00:00 +0100

Die Lebenswelt von Kindern und Jugendlichen sowie die der Schulen könnte in Bezug auf die Digitalisierung kaum gegensätzlicher sein: Schülerinnen und Schüler leben und entfalten sich begeistert in der digitalen Welt, aber die Schule ist kaum in der Lage, Schülern ihre drängenden Fragen rund um die komplexe digitale Welt zu beantworten. In unserem Talk möchten wir anhand unserer Erfahrungen aus dem Projekt "Chaos macht Schule" u.a. diskutieren, wie man die heranwachsende Generation u. a. für Themen wie Datenschutz und Überwachung sensibilisieren und gleichzeitig Technikbegeisterung bei jungen Menschen fördern kann. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8262.html

Bootstraping a slightly more secure laptop (33c3)

Tue, 27 Dec 2016 14:00:00 +0100

Heads is an open source custom firmware and OS configuration for laptops and servers that aims to provide slightly better physical security and protection for data on the system. Unlike Tails, which aims to be a stateless OS that leaves no trace on the computer of its presence, Heads is intended for the case where you need to store data and state on the computer. It targets specific models of commodity hardware and takes advantage of lessons learned from several years of vulnerability research. This talk provides a high level overview of Heads, a demo of installing it on a Thinkpad and a tour of some of the attacks that it protects against. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8314.html

What could possibly go wrong with ? (33c3)

Tue, 27 Dec 2016 11:30:00 +0100

Hardware is often considered as an abstract layer that behaves correctly, just executing instructions and outputting a result. However, the internal state of the hardware leaks information about the programs that are executing. In this talk, we focus on how to extract information from the execution of simple x86 instructions that do not require any privileges. Beyond classical cache-based side-channel attacks, we demonstrate how to perform cache attacks without a single memory access, as well as how to bypass kernel ASLR. This talk does not require any knowledge about assembly. We promise. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8044.html

The DROWN Attack (33c3)

Tue, 27 Dec 2016 14:00:00 +0100

We present DROWN, a novel cross-protocol attack on TLS that uses a server supporting SSLv2 as an oracle to decrypt modern TLS connections. Using Internet-wide scans, we find that 33% of all HTTPS servers are vulnerable to this protocol-level attack. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/7821.html

The Fight for Encryption in 2016 (33c3)

Tue, 27 Dec 2016 12:45:00 +0100

Both strong end-to-end communications encryption and device encryption are legal in most jurisdictions today, and remain widely available. Yet software programmers and hardware producers are increasingly under pressure from law enforcement and policy makers around the world to include so-called backdoors in encryption products. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8295.html

Exploiting PHP7 unserialize (33c3)

Tue, 27 Dec 2016 12:45:00 +0100

PHP-7 is a new version of the most prevalent server-side language in use today. Like previous version, this version is also vulnerable to memory corruptions. However, the language has gone through extensive changes and none of previous exploitation techniques are relevant. In this talk, we explore the new memory internals of the language from exploiters and vulnerability researchers point of view. We will explain newly found vulnerabilities in the 'unserialize' mechanism of the language and present re-usable primitives for remote exploitation of these vulnerabilities. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/7858.html

Building a high throughput low-latency PCIe based SDR (33c3)

Tue, 27 Dec 2016 12:45:00 +0100

Software Defined Radios (SDRs) became a mainstream tool for wireless engineers and security researches and there are plenty of them available on the market. Most if not all SDRs in the affordable price range are using USB2/USB3 as a transport, because of implementation simplicity. While being so popular, USB has limited bandwidth, high latency and is not really suitable for embedded applications. PCIe/miniPCIe is the only widespread bus which is embedded friendly, low latency and high bandwidth at the same time. But implementing PCIe/miniPCIe is not for the faint of heart - you have to write your own FPGA code, write your own Linux kernel driver and ensure compatibility with different chipsets, each with its own quirks. In this talk we will look at the requirements for a high performance SDR like XTRX, how this leads to certain design decisions and share pitfalls and gotchas we encountered (and solved). about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8338.html

How Do I Crack Satellite and Cable Pay TV? (33c3)

Tue, 27 Dec 2016 12:45:00 +0100

Follow the steps taken to crack a conditional access and scrambling system used in millions of TV set-top-boxes across North America. From circuit board to chemical decapsulation, optical ROM extraction, glitching, and reverse engineering custom hardware cryptographic features. This talk describes the techniques used to breach the security of satellite and cable TV systems that have remained secure after 15+ years in use. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8127.html

Everything you always wanted to know about Certificate Transparency (33c3)

Tue, 27 Dec 2016 11:30:00 +0100

Certificate transparency - what is it, and what can be done with it? about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8167.html

Reverse engineering Outernet (33c3)

Tue, 27 Dec 2016 11:30:00 +0100

Outernet is a company whose goal is to ease worldwide access to internet contents by broadcasting files through geostationary satellites. Most of the software used for Outernet is open source, but the key parts of their receiver are closed source and the protocols and specifications of the signal used are secret. I have been able to reverse engineer most of the protocols, and a functional open source receiver is now available. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8399.html

The Global Assassination Grid (33c3)

Tue, 27 Dec 2016 11:30:00 +0100

As they say in the Air Force, ‚No comms no bombs‘, – A technician’s insight into the invisible networks governing military drones and the quest for accountability about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8425.html

33C3 Opening Ceremony (33c3)

Tue, 27 Dec 2016 11:00:00 +0100

about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8429.html