unterstützt von
JQTouch

created by brainwave



zurück

Saal 1 11:00

zurück

erdgeist
Geraldine de Bastion
31C3 Opening Event




Saal 1 11:30

zurück

alecempire
31C3 Keynote


The 31C3 Keynote

A New Dawn

Saal 1 12:45

zurück

Martin Haase/maha
„Wir beteiligen uns aktiv an den Diskussionen“


Im Sommer 2014 wurde die sogenannte Digitale „Agenda“ vorgestellt, die als „netzpolitisches Regierungsprogramm“ bezeichnet wurde. Aus texttypologischer Sicht handelt es sich aber eher um einen PR-Text, der so aussieht, als sei er ein Auszug aus einer WahlkampfbroschĂŒre. Der Vortrag analysiert den Text zunĂ€chst inhaltlich, um zu zeigen, worum es im Einzelnen geht und wo WidersprĂŒche auftauchen, dann aus textkritischer und aus linguistischer Perspektive. Insbesondere werden bestimmte Interessen der Bundesregierung und anderer Akteure deutlich, die weniger offen thematisiert werden, aber doch sprachlich zu Tage treten.

Am 20. August 2014 wurde in Berlin die so genannte Digitale „Agenda“ der Bundesregierung vorgestellt. Das „netzpolitische Regierungsprogramm“ wurde begrĂŒĂŸt, aber viele Kritiker qualifizierten es als „zu wenig, zu spĂ€t“. Dabei ist wenigen aufgefallen, dass es sich in Bezug auf die Textsorte um einen PR-Text handelt, der wenig Ähnlichkeiten mit einem Regierungsprogramm hat, sondern eher so aussieht, als stamme er aus einer WahlkampfbroschĂŒre. Eine textkritische und eine linguistische Analyse ergeben, dass von einer „Agenda“ wenig zu spĂŒren ist, obwohl das Wort „aktiv“ sehr hĂ€ufig verwendet wird, allerdings in Kontexten, die nichts mit AktivitĂ€ten zu tun haben. Das ist nicht der einzige Widerspruch. Es zeigt sich wieder einmal, dass die Sprache des Textes auch versteckte Interessen an den Tag bringt.

Saal 1 14:00

zurück

Sergey Gordeychik
Aleksandr Timorin
SCADA StrangeLove: Too Smart Grid in da Cloud


For two years SCADA StrangeLove speaks about Industrial Control Systems and nuclear plants. This year we want to discuss Green Energy. Our hackers' vision of Green Energy, SmartGrids and Cloud IoT technology. We will also speak about the security problems of traditional "heavy" industrial solutions, about the things that Zurich Airport and Large Hadron Collider have in common On top of it you will learn about our new releases, some funny and not so funny stories about discovery and fixing of vulnerabilities and the latest news from the front struggling for the Purity of Essence.​

Our latest research was devoted to the analysis of the architecture and implementation of the most wide spread platforms for wind and solar energy generation which produce many gigawatts of it. It may seem (not) surprising but the systems which manage huge turbine towers and household PhotoVoltaic plants are not only connected to the internet but also prone to many well known vulnerabilities and low-hanging 0-days. Even if these systems cannot be found via Shodan, fancy cloud technologies leave no chances for security. We will also speak about the security problems of traditional "heavy" industrial solutions, about the things that Zurich Airport and Large Hadron Collider have in common and why one should not develop brand new web server. Specially for the specialists on the other side of the fences, we will show by example of one industry the link between information security and industrial safety and will also demonstrate how a root access gained in a few minutes can bring to nought all the years of efforts that were devoted to the improvement of fail-safety and reliability of the ICS system. On top of it you will learn about our new releases, some funny and not so funny stories about discovery and fixing of vulnerabilities and the latest news from the front struggling for the Purity of Essence.​

Saal 1 16:00

zurück

Andrea Barisani
Practical EMV PIN interception and fraud detection


This talks follows our previous EMV research uncovering new findings as well as a detailed analysis of Chip & PIN fraud markers in order to benefit cardholders, as well as issuing banks, in preventing wrongful liability for fraudulent charges.

The EMV global standard for electronic payments is widely used for inter-operation between chip equipped credit/debit cards, Point of Sales devices and ATMs. In 2011, our "Chip & PIN is definitely broken" presentation uncovered an EMV design flaw that, by means of chip skimmers, allows for arbitrary PIN harvesting. Since then, by consulting on EMV implementations and their behaviour under effective attacks, Inverse Path has assisted issuing banks, as well as cardholders, with successful resolution of cases involving wrongful liability for fraudulent charges. Our updated research effort identifies and verifies new interactions between previous EMV attacks, which even further affect the protection, or lack of, that EMV provides for the PIN. This presentation aims to fully empower both cardholders and issuers with an understanding of all applicable attacks, while also illustrating the relevant EMV fraud detection markers. Such information is vital to enable cardholders to request the correct and relevant information necessary to claim fraudulent charges and to enable issuers and processors to prevent fraud in the first place.

Saal 1 17:15

zurück

Tobias Engel
SS7: Locate. Track. Manipulate.


Companies are now selling the ability to track your phone number whereever you go. With a precision of up to 50 meters, detailed movement profiles can be compiled by somebody from the other side of the world without you ever knowing about it. But that is just the tip of the iceberg.

SS7 is the global telecommunications backbone network. You use it every time you make a call, receive a text message or use the mobile network's internet access. But to be reachable, the network has to know your location. And access to the SS7 network is getting easier and easier, without the security measures keeping up. As a follow-up to 25C3's "Locating Mobile Phones using SS7" this talk will offer a look at what has changed in the last six years. I will show how easy it is for intelligence services and criminals to circumvent the network's defenses to get the data they want, just based on your phone number.

Saal 1 18:30

zurück

Karsten Nohl
Mobile self-defense


We know that mobile networks can — and do — attack us on many fronts. As this talk will show, even 3G is attackable. It’s high time that we upgrade from complaining to self-defense.

Modern phones include all components necessary to block — or at least make visible — a large range of attacks including IMSI catchers, SIM exploits, and SMS attacks. The possibility of other attacks, such as passive intercept, can be inferred from measurements that normally remain hidden in a phone’s baseband. This talk details how these secrets were unlocked through reverse-engineering of the most widely deployed baseband family. We release tools that block or alert users to many common attacks. We also introduce and demonstrate new attack scenarios — hybrids between local and interconnect abuse — including the passive intercept and decryption of 3G traffic.

Saal 1 20:30

zurück

starbug
Ich sehe, also bin ich ... Du


Bei der Passworteingabe ĂŒber die Schultern schauen? Die Mateflasche klauen, um an FingerabdrĂŒcke zu kommen? Alles Technik von gestern. Der Vortrag zeigt, wie man heutzutage an Daten kommt, um Authentifizierungsmethoden zu ĂŒberwinden.

Dass man Menschen bei der Passworteingabe ĂŒber die Schulter gucken kann, ist bekannt. Und auch, dass man bestimmte biometrische Merkmale mit einer Kamera fotografieren kann oder Spuren der Merkmale an GegenstĂ€nden findet. Bisher ging man davon aus, dass man sich fĂŒr solche Angriffe in der unmittelbaren NĂ€he der auszuspĂ€henden Person befinden musste. Der Vortrag soll klar machen, dass dem nicht so ist. Wir stellen Ergebnisse von Untersuchungen vor, die zeigen, dass biometrische Merkmale und Passworteingaben auch aus großer Entfernung oder remote durch Kameras in Mobiltelefonen direkt oder indirekt (durch Reflexionen im Auge) ausgespĂ€ht werden können.

Saal 1 21:45

zurück

djb
Tanja Lange
ECCHacks


This talk will explain how to work with elliptic curves constructively to obtain secure and efficient implementations, and will highlight pitfalls that must be avoided when implementing elliptic-curve crypto (ECC). The talk will also explain what all the buzz in curve choices for TLS is about. This talk does not require any prior exposure to ECC.

ECC is rapidly becoming the public-key technology of choice for Internet protocols. ECC was introduced in 1985 and has a much stronger security record than RSA. ECC research has found new ways of attacking implementations but has also found nicer curves that avoid such attacks. As a followup to the Snowden revelations, the TLS working group of the IETF has recently asked the crypto research group (CFRG) to suggest new curves for use in TLS, and NIST has publicly announced that they are considering new curves. This talk gives a hands-on description of how to compute with elliptic curves. It shows different ways to write elliptic curves and the consequences of this representation for secure and efficient implementation. Algorithms will be presented as Python code snippets and will already be online before the talk at http://ecchacks.cr.yp.to. The talk will be given as a joint presentation by Daniel J. Bernstein and Tanja Lange.

Saal 1 23:00

zurück

Nadia Heninger
Julia Angwin
Laura Poitras
Jack Gillum
Crypto Tales from the Trenches


Julia Angwin, Jack Gillum, and Laura Poitras will tell us stories about how they use crypto and privacy-enhancing technologies as high-profile journalists, and rant in an entertaining way about how these tools have failed or are horribly inadequate for their needs. They will also talk about their rare crypto successes.

Cryptography and privacy-enhancing technologies are increasingly part of a modern journalist's spycraft. But what does it look like when a reporter actually tries to protect herself and her sources with the best tools that the hacker/academic/activist/cipherpunk/technologist communities have produced? Disaster, chaos, crashes, and UI-sponsored opsec fails. In this talk, Julia Angwin, Jack Gillum, and Laura Poitras will tell us highly entertaining and disturbing war stories of using crypto in the field as high-risk targets, and excoriate the crypto and developer communities for failing to meet their needs while claiming success and security for all. We will hear how the crypto-nerd's utopia of deniable poker over the phone with an honest-but-curious adversary becomes a set of barely usable implementations and user expectation mismatches. We hope to provide some clarity on what works and what doesn't for those who develop or aspire to develop secure applications, and also a rough guide to usable opsec right now for sources, journalists, and other nontechnical users worried about sophisticated adversaries.

Saal 1 00:00

zurück

Laura Poitras
Citizenfour


"Citizenfour" is Laura Poitras' documentary and a closeup view about blowing the whistle on the spooks at the NSA.

A portrait of Edward Snowden in the weeks he chooses to change our understanding of what governments know about us.

Saal 2 12:45

zurück

hannes
David Kaloper
Trustworthy secure modular operating system engineering


We present Mirage OS, a modular library operating system developed from scratch in the functional programming language OCaml. Each service, called unikernel, is an OCaml application using libraries such as a TCP/IP stack, DNS. It is either compiled to a Xen virtual machine image or to a Unix binary (for development). State in 2014 is that it runs on x86 and arm, we implemented a clean-slate TLS (1.0, 1.1, 1.2), X.509, ASN.1 stack, crypto primitives, Off-the-record. We also have TCP/IP, HTTP, a persistent branchable store (similar to git) - all implemented in OCaml. A virtual machine serving data via https is roughly 2MB in size - no libc inside :)

Mirage OS is a (BSD-licensed) research project at University of Cambridge and released in December 2013 a 1.0 version. In 2014, 2.0 got released with full support on arm, a clean-slate TLS implementation, and the branchable data store Irmin. We (Hannes and David) developed a TLS stack from scratch (including cryptographic primitives, X.509, ASN.1), which we will present. We intentionally breaks with the UNIX philosophy. Instead of using a programming language designed to replace platform-specific assembly code we use the functional programming language OCaml with higher-order functions, a composable module system, pattern matching, a sophisticated type system. Our developed TLS stack separates side effects, such as mutable memory, network input and output, etc., clearly from the pure functional core. This separation is not enforced on a language level, but by convention. A mirage unikernel runs either as a Xen guest or as native Unix application. Each unikernel runs in a single address space, and does not include layers over layers of abstraction (kernel, user space, file system, processes, language runtime, threads, ...). The performance is not too bad (see link below). Each unikernel only uses those libraries it really needs - e.g. a name server does not depend on a file system or user accounts. A common unikernel is rather small in binary size: a web server, including TCP/IP stack and the data to be served, is less than a megabyte in size, including the OCaml runtime. There is no libc included :) Modularity is the key for Mirage OS: the same application code can be compiled as a UNIX executable using the POSIX socket API, or as UNIX program using the userspace tun/tap interface and the TCP/IP stack written in OCaml, or as a Xen domU. This eases development, testing, debugging, and deployment. Our target platform is the cubieboard2, a small board with a dual-core ARM A7 CPU and ethernet (and various other unused interfaces). Code reviews, comments, contributions are always welcome.

Saal 2 14:00

zurück

Stefan Pelzer
Philipp Ruch
Mit Kunst die Gesellschaft hacken


Ein Mahnmal gegen die Vereinten Nationen, 25.000 Euro Kopfgeld auf eine deutsche WaffenhĂ€ndlerfamilie, eine falsche Kampagne fĂŒr das Familienministerium oder die Flucht der "Mauerkreuze" vom Reichstagsufer an die EU-Außengrenzen: wenn das Zentrum fĂŒr Politische Schönheit (ZPS) das Kriegsbeil ausgrĂ€bt, ist eine kontroverse Debatte garantiert.

Die Reaktionen reichen von Begeisterung bis Entsetzen. Das Feuilleton jauchzt, die Springer-Presse heult, die CDU ist tief erschĂŒttert, der Bundestag debattiert und Griechenland mobilisiert Spezialeinheiten der Polizei. Eins ist sicher: Das Thema schlĂ€gt mit aller Wucht auf der Agenda ein und wird bundesweit diskutiert. Wie kann Kunst die Gesellschaft hacken? Wie trifft man immer wieder den empfindlichen Nerv? Wie transportiert man am helllichten Tag eine ganze GedenkstĂ€tte ab, die nur 15 Meter vom Bundestag entfernt steht? Warum kann Theater so schlagkrĂ€ftig Politik machen? Und: Was ist eigentlich Politische Schönheit? Philipp Ruch und Stefan Pelzer reisen aus der sagenumworbenen "Zentrale" (O-TON "BILD"-Zeitung) des Zentrums fĂŒr Politische Schönheit an und nehmen Euch mit auf einen einstĂŒndigen Roadtrip an die EU-Außenmauern. Unterwegs suchen sie Antworten auf diese und andere Fragen; mit allerhand SkurilitĂ€ten und Annekdoten im GepĂ€ck. Außerdem prĂ€sentieren sie – in einer WelturauffĂŒhrung – den SMS-Verkehr mit Bundestagsabgeordneten der CDU/CSU Fraktion. Köpfe werden rollen. Und du kannst dabei mithelfen.

Saal 2 16:00

zurück

Sebastian Schinzel
Revisiting SSL/TLS Implementations


We present four new Bleichenbacher side channels, and three successful Bleichenbacher attacks against the Java Secure Socket Extension (JSSE) SSL/TLS implementation and against hardware security appliances using the Cavium NITROX SSL accelerator chip.

16 years ago, Daniel Bleichenbacher presented a protocol-level padding oracle attack against SSL/TLS. As a countermeasure, all TLS RFCs starting from RFC 2246 (TLS 1.0) propose "to treat incorrectly formatted messages in a manner indistinguishable from correctly formatted RSA blocks". In our recent paper [1] we show that this objective has not been achieved yet: We present four new Bleichenbacher side channels, and three successful Bleichenbacher attacks against the Java Secure Socket Extension (JSSE) SSL/TLS implementation and against hardware security appliances using the Cavium NITROX SSL accelerator chip. Three of these side channels are timing-based, and two of them provide the first timing-based Bleichenbacher attacks on SSL/TLS described in the literature. Our measurements confirmed that all these side channels are observable over a switched network, with timing differences between 1 and 23 microseconds. We were able to successfully recover the PreMasterSecret using three of the four side channels in a realistic measurement setup. Besides the academic relevance of breaking common SSL/TLS implementations, the timing attacks we performed are quite interesting for the hacking community. In our talk, we will thus focus on the challenges we had to solve during our attacks and on the challenges of fixing these issues. The talk extends the topics that I presented at 28c3 [2] and 29c3 [3]. [1]: Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks. Meyer, Somorovsky, Weiss, Schwenk, Schinzel, Tews. Usenix Security Symposium 2014. [2]: https://media.ccc.de/browse/congress/2011/28c3-4640-en-time_is_on_my_side.html [3]: https://media.ccc.de/browse/congress/2012/29c3-5044-en-time_is_not_on_your_side_h264.html

Saal 2 17:15

zurück

exide
Glitching For n00bs


Despite claims of its obsolescence, electrical glitching can be a viable attack vector against some ICs. This presentation chronicles a quest to learn what types of electrical transients can be introduced into an integrated circuit to cause a variety of circuit faults advantageous to an reverser. Several hardware platforms were constructed during the quest to aid in research, including old-skool & solderless breadboards, photo-etched & professional PCBs, FPGAs, and cheap & dirty homemade logic analyzers. The strengths and weaknesses of the various approaches will be discussed.

A shroud of mystery surrounds the topic of electrical glitching. Every now and then, you hear it thrown around as a possible attack vector - perhaps to aid in reverse-engineering efforts, or to understand an unknown cryptographic implementation. But what is glitching, exactly? And, more importantly, how can it be leveraged as a potentially powerful tool? This presentation chronicles a quest to learn what types of electrical transients can be introduced into an integrated circuit to cause a variety of circuit faults advantageous to an reverser. Several hardware platforms were constructed during the quest to aid in research, including old-skool & solderless breadboards, photo-etched & professional PCBs, FPGAs, and cheap & dirty homemade logic analyzers. The strengths and weaknesses of the various approaches will be discussed. Instead of covering a hypothetical "toy" implementation of a victim chip - such as where the researcher/reverser implements a cryptographic algorithm themselves as software in a common microcontroller, and then attempts to glitch the implementation - a successful blackbox attack against a production security IC will be discussed, including how the attack was mounted, how results were obtained, and approaches to interpret the results. Despite claims of its obsolescence, electrical glitching can be a viable attack vector against a variety of ICs, with a notable exception being some ultra-modern purpose-built security ICs. It is cheap to perform, you don't need an expensive laboratory, and if done properly, is non-destructive in nature. Glitching should be another tool in the reverser's arsenal, and can potentially provide results when other approaches have failed.

Saal 2 18:30

zurück

David Madlener
Sean
Rocket science – how hard can it be?


Three years have elapsed since the call for a "Hacker Space Program" during the Chaos Communication Camp 2011. In this lecture we will review the basics of space flight, discuss common problems and pitfalls encountered by a practitioner on the way to orbit, and report on the state of our sounding rocket program.

We are the Forschungsgemeinschaft Alternative Raumfahrt e. V. (Research Community on Alternative Space Travel) or FAR for short, and have been working on feasible ways into space since our foundation in August 2003. After extensive experimentation with solid and hybrid propulsion systems on the ground, we developed the sounding rocket family "Arguna". Since 2005 four different versions have been designed, built, and flown with different payloads. After a short review of basic rocket science and an outline of common propulsion technologies, we will report on the results of performed flights and experiments, especially of our latest sounding rocket Arguna IV.

Saal 2 20:30

zurück

Karsten Becker
Robert
Space Hacker


At the 26C3 we first presented our vision of sending a rover to the moon. We're still in the pursuit of doing this and are closer than ever. Many things have happened in the past 5 years and we want to share our story with you. But this talk is not just about us, it is also about you! You will have the possibility to contribute to our mission, just tune in to get all the details :)

In the past five years, we developed several lunar rovers. Each got more and more sophisticated and better suited for our mission. In this presentation we will also unveil our latest upgrade to the the well known R3 rover, as well as the latest camera technology. Those two allowed us to participate in an interims competition of the Google Lunar X Prize. This interims prize enables us to further pursue our dream of sending a rover to the moon. In our mission to the moon, we also have the ability to bring payloads up on the lunar surface for the first time in a few decades (unless you have some good connection to the chinese who were there last year). We are calling out to you, to develop an interesting payload, that we could potentially bring to the surface of the moon!

Saal 2 21:45

zurück

Rudolf Marek
AMD x86 SMU firmware analysis


You definitely should care. The aim of this talk is to provide insight to the security, architecture and yes you guessed it, vulnerability of the AMD System Management Unit (SMU) firmware found in modern AMD x86 processors.

Every modern x86 platform contains several other auxiliary processors, which kind of erase the line between pure hardware and software. How well are those processors secured? What is running on them? Is there a way to analyze them? Great attention had the Intel ME engine, but similar, although not so unfriendly processor(s) exists on the AMD platforms too. The aim of this talk is to provide insight to the security, architecture and vulnerability of the AMD SMU firmware found in modern AMD x86 processors. The SMU is designed to prevent unauthorized code execution, thus making it ideal candidate to verify if it is so. This is where the fun starts. The overall goal is to educate the audience enough that they may (and want to) start to tinker around various non-x86 firmwares found on x86 systems on their own.

Saal 2 23:00

zurück

tw
gadi
Rocket Kitten: Advanced Off-the-Shelf Targeted Attacks Against Nation States


Rocket Kitten is an advanced APT set of campaigns, with a twist - off-the-shelf malware that won’t shame a nation state. The talk will combine an assessment of the threat group’s modus operandi with a technical deep dive. Prepare for some hex dumps.

This talk will uncover a set of high profile espionage campaigns from 2014 that involve a commercial attack framework – a highly specialized tool that has not been publicly documented and remained undetected in multiple operations. We will discuss the framework's technical design and review its features and capabilities that make it a premium instrument for stealth intrusions. We will further discuss how the tool was delivered to victims and how the compromise was carried out.

Saal G 12:45

zurück

Julia Longtin
3D Casting Aluminum


We use microwaves to cast aluminum from 3D printed objects. This gives us the ability to cast high quality 6040 aluminum pieces using a 3D printer and commercially available consumer microwaves.

We manufacture microwave safe kilns for melting aluminum. We create microwave transparent molds that allow us to burn out plastic without heating the mold itself therefor creating a quicker method of accomplishing the lost PLA process.

Saal G 14:00

zurück

Mike Perry
Seth Schoen
Hans Steiner
Reproducible Builds


Software build reproducibility is the ability to use independent build machines to compile bit-identical binaries from program source code. In this talk, we will discuss the motivation for and the technical details behind software build reproducibility. We will describe the technical mechanisms used by the Tor Project to produce reproducible builds of the Tor Browser, and also introduce the early efforts of both F-Droid and Debian to achieve these same build integrity properties on a more wide-scale basis.

For the past several years, we've been seeing a steady increase in the weaponization, stockpiling, and the use of software exploits by many parties. In particular, there are an increasing number of vectors to "bridge the air gap" and exploit even disconnected machines. Software build systems make a worrisome target for these types of exploits, as they provide a stepping stone to compromise very large numbers of machines. To underscore this point, we will demonstrate a simple Linux rootkit that is capable of infecting the compilation process while otherwise leaving no traces on the machine. We will discuss a powerful solution to this problem: Build Reproducibility. We will focus on the build system used by The Tor Project to build Tor Browser - our Firefox-based browser. We will also touch upon current work by Debian, as well as by F-Droid and the Guardian Project for Android.

Saal G 16:00

zurück

Sylvain Munaut
osmo-gmr: What's up with sat-phones ?


At 28C3 we introduced the very first steps of the osmo-gmr projects. During this talk, we will present the various advances that have been made in this project on various aspects (voice codec, crypto algorithm, ...)

GMR-1 (GEO Mobile Radio) is a satellite phone protocol derived from GSM. The main operator using this protocol is Thuraya and is mainly active in the middle east and asia. osmo-gmr is a project of the osmocom family whose goal is to implement the various levels of a GMR stacks, starting from SDR signal acquisition up to the actual voice layer. At 28C3 we gave and introductory talk to the project which was pretty new at the time. On this talk, we will quickly summarize what was presented last time and then move on to the new stuff. The two main obstacles to implement a practical monitoring software for GMR-1 were the secret crypto algorithm and the unknown voice codec. Both obstacles have now been lifted and we will present the details of how that happened. We will also look toward the next steps and other aspects of the system that we're planning to dig into.

Saal G 17:15

zurück

josch
arche3000
Mein Bot, der Kombattant


Der Vortrag bietet eine sprachwissenschaftlich informierte Perspektive auf den Informationskrieg mit Fokus auf operative Kommunikation in sozialen Medien. Am Beispiel eines selbst entwickelten Bots werden wir linguistische Prozeduren zur Manipulation von Kommunikation mit dem Ziel der Beeinflussung von Wissen, Werten, GefĂŒhlen und Handlungsdispositionen vorstellen.

Der Meinungskampf im Netz wird professioneller: WĂ€hrend der Ukrainischen Maidan-Proteste sahen sich die Redaktionen von Online-Zeitungen mit einer Flut von russlandfreundlichen Kommentaren konfrontiert, die die Proteste als Werk amerikanischer Geheimdienste und die Regierung in Kiew als Nazi-Junta zu diskreditieren suchten. Verursacher war die "Agentur zur Analyse des Internets" aus St. Petersburg, die mutmaßlich von staatlichen Akteuren damit beauftragt wurde, die öffentliche Meinung in anderen LĂ€ndern durch verdeckte Operationen in sozialen Netzwerken zu beeinflussen. Und in SĂŒdkorea hat die Abteilung Psychologische Strategie des National Intelligence Service (NIS) mittels gefĂ€lschter Twitter-Accounts im Vorfeld der PrĂ€sendentschaftswahlen 1,2 Millionen Tweets versendet, um Stimmung fĂŒr Park Geun Hye, Kandidatin der konservativen Saenuri-Partei zu machen. Der digitale Informationskrieg ist also lĂ€ngst im Gang. Er zielt wie traditionelle Psychologische Operationen auf die Beeinflussung von Wissen, Werten, GefĂŒhlen und Handlungsdispositionen und will Agenda Setting in der gegnerischen Öffentlichkeit betreiben. Von den traditionellen PSYOPS unterscheidet ihn, dass er maschinell und klandestin gefĂŒhrt wird und statt massenkommunikativ zu agieren ĂŒber die Möglichkeit verfĂŒgt, jeden, der sich in sozialen Netzwerken bewegt, persönlich und mit einer individuellen Strategie anzusprechen. Der Bot ist ein Kombattant mit der Aufgabe, Menschen zu beeinflussen, konstruktive Diskussionen zu verhindern und Social-Media-Monitoring-Systeme und Aggregatoren zu manipulieren. Sein Medium ist in erster Linie die Sprache, die einordnen, bewerten, konfrontieren und ĂŒberzeugen will, die eine Wirklichkeit erschaffen will, in der das Handeln der eigenen Konfliktpartei als legitim, gerecht und zwingend und das des Feindes als falsch, unrecht und unwahrhaftig erscheint. In unserem Vortrag werden wir den Begriff der operativen Kommunikation aus sprachwissenschaftlicher Perspektive definieren, ihre rechtlichen Rahmenbedingungen im Informationskrieg bestimmen und die LegitimitĂ€t von operativer Kommunikation fĂŒr unterschiedliche Regimetypen diskutieren. Anhand eines selbst entwickelten einfachen Bots wollen wir im zweiten Teil des Vortrags Szenarien fĂŒr den operativen Einsatz in der semantischen Matrix vorstellen und die linguistischen Operationen illustrieren, die zur Manipulation von Kommunikation fĂŒhren können.

Saal G 18:30

zurück

Thomas Skowron
ubahnverleih
10 Jahre OpenStreetMap


Seit nun ĂŒber 10 Jahren gibt es OpenStreetMap. Besonders in den letzten drei Jahren war die Entwicklung ĂŒberwĂ€ltigend, sowohl was die Datenlage als auch das gesamte Ökosystem anbelangt. Wir wollen zeigen, was möglich ist und was in der Zukunft (hoffentlich) passieren wird.

Saal G 20:30

zurück

gannimo
Code Pointer Integrity


Programs are full of bugs, leading to vulnerabilities. We'll discuss power and limitations of code-pointer integrity (CPI), a strong but practical security policy that enforces memory safety for all code pointers, protecting against any form of control-flow hijack attack (e. g., ROP or JOP).

Systems code is often written in low-level languages like C/C++, which offer many benefits but also delegate memory management to programmers. This invites memory safety bugs that attackers can exploit to divert control flow and compromise the system. Deployed defence mechanisms (e. g., ASLR, DEP) are incomplete, and stronger defence mechanisms (e. g., CFI) often have high overhead and limited guarantees (and are therefore not generally deployed). In this talk we discuss code-pointer integrity (CPI), a strong security policy that guarantees the integrity of all code pointers in a program (e.g., function pointers, saved return addresses) and thereby prevents all control-flow hijack attacks, including return-oriented programming and jump-oriented programming. We also introduce code-pointer separation (CPS), a relaxation of CPI with better performance properties. Both CPI and CPS offer substantially better security-to-overhead ratios than the state of the art, they are practical (we protect a complete FreeBSD system and over 100 packages like apache and postgresql), effective (prevent all attacks in the RIPE benchmark), and efficient, resulting in very low to negligible performance overhead. We will also discuss technical challenges in the CPI prototype implementation, practical challenges we faced when protecting a full FreeBSD distribution, and give more details on the scope of protection which will be interesting to hackers. The full prototype implementation is open-source, all changes to FreeBSD are open-source and we're working on integrating the patches into LLVM.

Saal G 21:45

zurück

Caspar Bowden
The Cloud Conspiracy 2008-2014


In 2011 I started trying to warn EU institutions about what we now call PRISM, after working it out from open sources. Civil society, privacy regulators, and the Commission all did nothing. This is the story of exactly how they did nothing, and why, and what is happening now

There is one law (FISA 702) and one policy (EO12333) which authorizes the US government to conduct mass surveillance on "foreigners in foreign lands". These are drafted in terms which discriminate the privacy rights you have by the passport you hold - in fact there are no rights at all for non-Americans outside the US. It is obvious that this is a reasonably important dimension of the whole Snowden affair, because it starkly conflicts with ECHR norms that rights are universal and equal. The only possible resolution compatible with universal rights is data localization, or construction of a virtual zone in which countries have agreed mutual verifiable inspections that mass-surveillance is not occurring (and at present this seems unlikely). There is a widespread misconception that somehow the new GDPR privacy regulation will curb foreign spying, when in fact it is designed to widen loopholes into floodgates. This talk is multidisciplinary and will cover national and international surveillance and privacy law, Five Eyes SIGINT policy, technical security and economics.

Saal G 23:00

zurück

Friederike
From Maxwell to antenna arrays


Maxwell's equations are four differential equations which form the foundation of classical electrodynamics, classical optics, and electric circuits. This talk will take a look at the connection between these equations, wave propagation and antenna arrays.

Maxwell's equations describe how electric and magnetic fields are generated and altered by each other and by charges and currents. They are named after the Scottish physicist and mathematician James Clerk Maxwell, who published those equations exactly 150 years ago and form the foundation of classical electrodynamics. Actually Maxwell had 20 equations and it took another 20 years until they were understood and the self-taught British engineer, mathematician, and physicist Heaviside put the equations in their present form. Some years later Hertz brought the experimental prove of Maxwell's theory. Under a lot of simplifying boundary conditions wave propagation and antenna theory can be derived from this four equations. This talk will lead from Maxwell's equations to wave equations and nice antenna forms and arrays. Also some practical aspects will be evaluated. Why do low frequencies reach farther than higher frequencies? Why do radio astronomers spread their antenna arrays over whole continents? Or why is China Mobile building antenna arrays for mobile radio consisting of 128 antennas?

Saal 6 12:45

zurück

Silvia
Personal Tracking Devices and Online Identity


In the post-NSA world it is important to understand the magnitude of our online activities in order to take informative decisions on our ubiquitous shared lives. Personal Tracking Devices is the result of a two years long study on tracking technologies and the inherent nature of the web and telecommunication networks in general. The study, conducted as part of Ph.D. research in privacy and security at UPC Barcelona Tech, collected a large amount of metadata to raise awareness on the footprints left by users on the web and through mobile apps.

Personal tracking devices will visualise the online footprint of a user by looking at their metadata. A hypermedia model of the user footprint would then be introduced in order to better explore it. This model has been called hyperme. Hyperme is a hyperdata model of a user online footprint. The hyperme model links the user identities created across different services and the features associated with them. These features are attributes that compose an identity, such as email, date of birth, place of birth and so on. The hyperme model of the user identity permits the visualisation of the user expressed preferences, the content they have created and who or what can access this content. The model uses context between the user’s various identities and the signals produced, to create links between different objects, obtaining an explorable graph­-like structure. Links between data snippets are creating by exploring the keywords and categories used to describe the entities. These are provided by the user themselves through freeform annotations, particular use of language, location information, timestamps, social relationships and association with other entities such as companies and institutions. Explicit connections are also discovered by associating such keywords with Wikipedia concepts. By exploiting links between articles, it is possible to draw relations between different entities, providing a dictionary to build strong connections between different categories. If the identities created by a single user, and the signals generated are analysed at different levels, it would be possible to discover different subgraphs and sub­hypergraphs between the data object, therefore revealing a complex network of heterogeneous information shared across a number of services and with sets of different parties, being this social relationships or other applications and devices. Each party in fact enjoys a certain level of access to the different documents produced by the user, by the devices used and by the application authorised to access and produce content on their behalf. A hypergraph model therefore allows the possibility to explore the user’s different identities and the corresponding created content at different levels, exposing how different services or relationships contribute to protect or threaten the user privacy.

Saal 6 14:00

zurück

Hong Phuc Dang
Let’s build our own personalized open textile production line


The talk is about our project to develop software and hardware tools for a fair and environment friendly garment and textile production and how we break down the locks that exists on every level in the industry from design, to software, machines and distribution.

The talk is about our project to develop software and hardware tools for a fair and environment friendly garment and textile production and how we break down the locks that exists on every level in the industry from design, to software, machines and distribution. We want to set up our own personalized open textile production line and offer an alternative to the unethical ways most of our clothes are produced today. At the talk we will present the first successes of this endeavor in our community - Open Source pattern making software, sewing robots, next generation knitting machine upgrades - and challenges that are ahead. Democratizing digital textile production and offers the chance for a fair and environment friendly production of garments and textiles at home and in the industry. Just as 3D printers enable more and more people to become makers we want to enable digital garment makers to create their own clothes, share them online and produce it where-ever they are. Members of our projects include software developers, fashion designers, pattern creators, knitters, textile manipulators, hardware hackers, and even industry experts. We started a FashionTec Working Group about two years ago after the annual Libre Graphics meeting in Madrid. The traditional industry is in a state of complete lock on all levels: * digital fashion design locked to competing proprietary formats and software * production locked to machines of producers accepting formats * distribution lock - locked to existing large distribution channels in order to be a viable business The Free and Open Source community has taught us that it is possible to overcome a complete proprietary lock down. Let’s repeat this success in the textile and garment industry. We need Free and Open Source software, Open Formats and Open machines. With todays development tools successes are just a short step away. Our talk will give you insights and hopes to inspire more people.

Saal 6 16:00

zurück

Andreas Bihlmaier
How I Learned to Stop Reinventing and Love the Wheels


An introduction to the Robot Operating System (ROS) for the home/hackerspace roboticist (if it physically interacts with the world through code, call it robot).

All large, feature-rich and complex frameworks suck. True, but too short for a talk. Therefore the talk tries to make a point on why one should still us these frameworks (for robotics). At least so, if one wants to have fun with (home/hackerspace) robotics and do something cool, instead of getting stuck at the usual "trivial" (or low-level, sounds less judging) capabilities. In order to build robots one needs at least a basic understanding of mechanics, electronics and computer science. Obviously, more advanced robot features in each area, depend on more advanced roboticist skills – and equipment ... and money. The growing community of makers, the proliferation of hackerspaces (cooperators, equipment!) and highly useful consumer devices lessen the hardware related challenges. On the other hand, state-of-the-art open-source robotics software has been available for quite a few years already. Unfortunately, it is still somewhat neglected by the extended, i. e. non-academic, robotics community. The mindset and prejudices of too many hackerspace natives is opposed to using preexisting frameworks, especially large ones, in favor of starting from scratch. Bloat, ugly APIs, deprecated programming styles and of course bad code conventions ... good and good enough reasons to start over (I confess, too!). As a result many projects never get beyond the point of "finally fixed the bug by reflashing the microcontroller with code that sets register bar42=0xf00, now it moves – sort of". The famous "Re-inventing the Wheel" comic (http://www.willowgarage.com/sites/default/files/blog/201004/willow_p1_02s.jpg) posted by Willow Garage in 2010, does tell the life cycle of robotics in the PhD world, but not only that. Rather, unfortunately, it pertains to robotic and closely related projects in general. So in a nutshell, yet another 'Introduction to ROS' talk? Yes, an introduction to the Robot Operating System (ROS). However, for once without leaving behind the impression (in the hobbyists mind) that this is all cool stuff, but what to do with it when not owning a 100K dollar robot. The goal is to show a few basics (the Plumbing), as many of the tools and capabilities as time permits and a few words about the people side of things. (http://www.ros.org/wp-content/uploads/2013/12/ros_equation.png) Should the robot visually perceive the world? ROS + Webcam(s) / Kinect / Xtion. Hello, out of the box drivers, calibration, point clouds and object recognition. Should the robot drive around and navigate in the environment? ROS + Navigation stack. Hello, out of the box SLAM. Should the robot reach out and grasp something? ROS + MoveIt!. Hello, out of the box collision-free motion planning. Should the robot brain be distributed across multiple computers without changing a line of code? ROS. Hello, out of the box usable(!) middleware. Should the robot builders be able to create independent, yet compatible modules? ROS. Hello, out of the box modularity (well ok – at least kind of). Should the robot's world be easily understandable through interactive visualizations? ROS + Rviz / rqt. Hello, out of the box advanced 3D visualization for many types of data. Is this an advertisement? Yes, for great open source software – to make each of your lines of code do more _interesting_ stuff. Hello ROS world.

Saal 6 17:15

zurück

Norbert Braun
darthrake
The eXperimental Robot Project


The talk is on the eXperimental Robot Project (XRP), a project to develop an open-hardware humanoid robot. More precisely, we are focusing on the distinguishing feature of a humanoid robot - the ability to walk on two legs.

Humanoid robots fascinate us - they appear in nearly every science fiction universe. Compared to Mr. Data or C-3PO, humanoids in reality are rather disappointing. Not only do they lack anything resembling human-level intelligence, but even their walking is slow and fragile - most of them only work on perfectly even ground. While we still have to wait a long time for true artificial intelligence, the recent years have brought substantial progress with respect to motion. Unfortunately, most of that progress is proprietary - the leading groups, such as Schaft and Boston Dynamics, publish very little beyond Youtube videos. University projects are more open, but still usually do not publish source code or construction drawings. We think that bipedal robots are way too important to be left to the proprietary world, so we decided to learn from what is available and start to build our own, completely open one. In the talk, we will try to share what we have learned so far. The first part of the talk will be on simulation, which allows us to test control algorithms and to get an idea about the mechanical requirements without having to build actual hardware. We will introduce the basics of rigid body dynamics, discuss the physics of walking and show how a successful walking machine can be built, at least a virtual one. In the second part of the talk, we will discuss how a physical, human-size robot might be built without needing a 100,000+ € budget. We will present our plans and experiments on sensors, motor drivers and actuators.

Saal 6 18:30

zurück

Fiona KrakenbĂŒrger
Maria Reimer
Philipp Kalweit
Max Nagy
Lukas
Nico
Jugend hackt


Im September 2014 fand die Veranstaltung Jugend hackt statt: Ein Wochenende Hacken, Basteln und Programmieren mit 120 computerbegeisterten Jugendlichen. Wir als Organisatorinnen und Teilnehmer wollen von dem Event erzĂ€hlen und unsere Erfahrungen teilen. Der Talk richtet sich gleichermaßen an Jugendliche, die sich fĂŒr's Hacken begeistern, als auch an alle, die sich fĂŒr Code Literacy, MedienpĂ€dagogik oder den IT-Nachwuchs interessieren.

"In Deutschland lernen Kinder den Umgang mit Medien trotz Schule." Das ist das ernĂŒchternde Fazit eines Schulforschers, der dieses Jahr die nicht weniger desillusionierende International Computer and Information Literacy Studie vorstellte. Dabei ist ein grundlegendes VerstĂ€ndnis von Computertechnologien Voraussetzung dafĂŒr, sich in einer Welt der digitalen Technologien zurechtzufinden und sie mitgestalten zu können. Da sind sich alle einig, und es wird viel darĂŒber gesprochen. Doch die große Bildungsinitiative lĂ€sst auf sich warten, und Nachwuchstalente werden gesellschaftlich noch immer wenig beachtet und noch seltener aktiv gefördert. Wir von der gemeinnĂŒtzigen Open Knowledge Foundation Deutschland e.V. wollten nicht lĂ€nger warten und haben deswegen 2013 das Förderprogramm Jugend hackt ins Leben gerufen. Zuletzt kamen im September 2014 rund 120 Jugendliche aus ganz Deutschland in Berlin zusammen. Gemeinsam mit Gleichgesinnten haben sie an Software- und Hardwareprojekten rund um die Themen Überwachung, Bildung, Gesundheit, Gesellschaft, Freizeit und Umwelt gearbeitet. Die Jugendlichen, die zwischen 12 und 18 Jahre alt sind, entwickelten insgesamt 27 Projekte, mit denen sie ein deutliches Statement gegen das beliebte Narrativ der politisch desinteressierten Jugend setzten. Sie zeigten nicht nur, dass sie technisch versiert und kreativ mit Computern umgehen konnten, sondern auch einen wachsamen und kritischen Blick auf gesellschaftliche und politische Herausforderungen haben. Alle 27 Projektideen sind selbststĂ€ndig von den Jugendlichen erarbeitet und umgesetzt worden. FĂŒr Fragen standen den Jugendlichen erwachsene Softwareentwickler/innen zur Seite. Auf dem 31c3 wollen wir unsere Erfahrungen mit euch teilen. Zudem werden Teilnehmer von Jugend hackt ihre entstandenen Projekte vorstellen. Da ist z.B. "Awearness", ein Armband, das vibriert, wenn eine Überwachungskamera in der NĂ€he ist. Oder "Dapro", ein Datenschutzproxy, der ĂŒber aufgezeichnete Metadaten informiert. Oder die "intelligente Pillenbox", die Tabletten an demenzkranke Patienten ausgibt und bei Nicht-Einnahme einen Notruf an den Pfleger absetzt.

Saal 6 20:30

zurück

stars
Andy Isaacson
Towards General Purpose Reconfigurable Computing on Novena


The Novena open source laptop contains a FPGA, but free software support for FPGAs is lacking and requires root access to the hardware.

Our work is on providing a framework and a demonstration application for general purpose accelerator cores for Novena's FPGA.

Saal 6 21:45

zurück

ericfiliol
Paul Irolla
(In)Security of Mobile Banking


This talk presents a deep analysis of banking mobile apps available in the world. Based on static and dynamic analysis as well as on the analysis of the final source code we show that a vast majority of them are not respecting users' privacy and users' data protection. Worse a few of them contains critical bugs

Mobile banking is about to become the de facto standard for banking activities. Banking apps – on smartphones and tablets - are widespreading more and more and this evolution aims at strongly limiting the classical access to bank (physical, through PC browser, through ATM
). The aim is first to cut the cost but also to make the personal data explode. Then three critical issues arise. Since we entrust those mobile applications by feeding them with passwords, private information, and access to one of the most critical part of our like (money): ‱ Do those applications protect our private life and especially which kind of information is leaking to the bank? ‱ Are they containing vulnerabilities that could be exploited by attackers? In this talk, we are going to present a deep analysis of many banking apps collected in the world. We have performed static and dynamic analysis based on the binaries AND the source code. We will show that almost all apps are endangering our private data (sometimes severely) but in a few cases the presence of vulnerabilities are extremely concerning. While we tried to contact all the relevant banks for a free, detailed technical feedback and to help them fixing their apps, we will explain that a few of them did not care about this feedback and therefore did not want to take any security measure. This talk contains demos and operational results on existing apps.

Saal 6 23:00

zurück

Laurent Ghigonis
Alexandre De Oliveira
SS7map : mapping vulnerability of the international mobile roaming infrastructure


SS7 has been shown repeatedly as an insecure protocol: spoofing, faking, crash through fuzzing, fraud. The main question of our study is to determine how this insecurity is mitigated by network operator’s action to prevent compromise on both network exposure of infrastructure and privacy compromise of subscribers. It's why we wanted to come out with SS7map.

SS7 has been shown repeatedly as an insecure protocol: spoofing, faking, crash through fuzzing, fraud. The main question of our study is to determine how this insecurity is mitigated by network operator’s action to prevent compromise on both network exposure of infrastructure and privacy compromise of subscribers. The goal of SS7map is to provide a global overview by building the first SS7 signaling network world map revealing how vulnerable and exposed are telecom operators and their subscribers. We explain how it is possible for each mapped network to abuse legitimate signalling messages and call flows to discover and fingerprint equipment, intercept SMS messages, and perform massive location tracking of subscribers. More than pure analysis of vulnerability, this map rates and ranks the vulnerability of countries and operators showing discrepancies in the level and type of protection: SCCP screening, SS7 policing, MAP filtering, rate limiting, Network Element security configurations. We then conclude on the direction of signaling security and its current trend and development in the LTE world that shares many similar design insecurities with SS7. SS7map website: http://ss7map.p1sec.com/

Saal 1 11:30

zurück

Eireann Leverett
Switches Get Stitches


This talk will introduce you to Industrial Ethernet Switches and their vulnerabilities. These are switches used in industrial environments, like substations, factories, refineries, ports, or other other homes of industrial automation. In other words: DCS, PCS, ICS & SCADA switches. It is a very good companion talk to Damn Vulnerable Chemical Process? Own your own critical infrastructures today!

This talk will introduce you to Industrial Ethernet Switches and their vulnerabilities. These are switches used in industrial environments, like substations, factories, refineries, ports, or other other homes of industrial automation. In other words: DCS, PCS, ICS & SCADA switches. The researchers focus on attacking the management plane of these switches, because we all know that industrial system protocols lack authentication or cryptographic integrity. Thus, compromising any switch allows the creation of malicious firmwares for further MITM manipulation of a live process. Not only will vulnerabilities be disclosed for the first time (exclusively at 31C3), but the methods of finding those vulnerabilities will be shared. All vulnerabilities disclosed will be in the default configuration state of the devices. While these vulnerabilities have been responsibly disclosed to the vendors, SCADA/ICS patching in live environments tends to take 1-3 years. At least three vendors switches will be examined: Siemens, GE, Garrettcom. Therefore, this presentation matters to any hackers or anarchists, who believe they have a right to examine the resilience and security of the infrastructures that support their communities. Own your own critical infrastructures today!

Saal 1 12:45

zurück

saper
Beyond PNR: Exploring airline systems


Ever wondered what the cryptic QNY27R on your airline reservaton means? This talk explores typical computing environment as seen in the air transport industry. Discover ancient software, old communication protocols and cryptic systems. What data are stored and how they are exchanged to keep the air transport industry running.

Airport environment

Airline environment

Global Distribution Systems

Your data with the airline

No human is illegal

Communication networks and protocols

Typical airport workstation

Software enviroment

Saal 1 14:00

zurück

J. Alex Halderman
Security Analysis of Estonia's Internet Voting System


Estonia is the only country in the world that relies on Internet voting in a significant way for legally-binding national elections — up to 30% of all voters cast their ballots online. This makes the security of Estonia's Internet voting system of interest to technologists and citizens the world over. Over the past year, I helped lead the first rigorous, independent security evaluation of the system, based on election observation, code review, and laboratory testing. The findings are alarming: there are staggering gaps in Estonia's procedural and operational security, and the architecture of the system leaves it open to cyberattacks from foreign powers. Our investigation confirmed the viability of these attacks in the lab, but the Estonian government has chosen to downplay them. We urgently recommend that Estonia discontinue use of the system before the country suffers a major attack.

When Estonia introduced its online voting system in 2005, it became the first country to offer Internet voting nationally. Today, people around the world look to Estonia's example, and some wonder why they can't vote online too. Nevertheless, the system remains controversial. While many Estonians view Internet voting as a source of national pride, one major political party has repeatedly called for it to be abandoned. Over the past year, I took part in the first rigorous and fully independent security analysis of the Estonian Internet voting system. My team observed operations during the October 2013 and May 2014 elections, conducted interviews with the system developers and election officials, assessed the software through source code review and reverse engineering, and performed tests on a reproduction of the complete system in our lab. The threats facing national elections have shifted significantly since the Estonian system was designed more than a decade ago. State-level cyberattacks, once a largely hypothetical threat, has become a well documented reality, and attacks by foreign states are now a credible threat to a national online voting system. To test the feasibility of such attacks, we reproduced the I-voting system and played the role of a sophisticated attacker during a mock election. We developed client-side attacks that silently steal votes on voters' own computers We also demonstrated server-side attacks that target introduce malware into the vote counting server, allowing a foreign power or dishonest insider to shifting results in favor of their preferred candidate. These risks are even more serious because of deviations from procedure and serious lapses in operational security that we observed during real elections. Election workers downloaded security-critical software over unsecured Internet connections, typed server root passwords in full view of observers and public video cameras, and prepared election software for distribution to the public on insecure personal computers, among other examples. These actions indicate a dangerously inadequate level of professionalism in security administration that leaves the whole system open to attack and manipulation. When we made our study public in Estonia, government responses ranged from dismissive to absurd. Officials discounted them, and the President and Prime Minister insinuated that we had been bought off by a rival political party. We hope that the country can separate technical reality from politics in time to avert a major attack. For other countries that are considering adopting Internet voting, we hope that the weaknesses of the Estonian system can be an important cautionary lesson.

Saal 1 16:00

zurück

Sarah
Safer playing with lasers


How to play with lasers without injuring Yourself and others and how to design the safety circuits of a laser system.

This talk covers: Laser classification Laser safety Effects of laser radiation to tissue and eyes Real world don'ts Other dangers of laser systems What to do to be safe Technical implementation of safety systems Relevant standards

Saal 1 16:45

zurück

Sec
schneider
Iridium Pager Hacking


The chronicles of reversing the Iridium pager system.

The Iridium satellite system provides voice and data coverage to satellite phones, pagers and integrated transceivers over Earth's entire surface. It was built by Motorola over 15 years ago, and parts of it remain unchanged to this day. Iridium pagers are similar to other pager systems from that time (they are receive-only devices) with the benefit that they will work anywhere on earth. Additionally they work on a receiver-pays subscription model, and due to their age are probably not using cryptography. Broadcasting messages all over the world sounds interesting enough to take a closer look. As Iridium is a proprietary system, documentation is scarce and hard to come by. But with the rise of software defined radio we can take a peek at what happens over the air...

Saal 1 17:30

zurück

Anita Gohdes
Information Control and Strategic Violence


Simple access to social media and cell phone has widely been accepted as a positive tool for citizens to voice dissatisfaction with their government and coordinate protest. But why would rulers permit these tools if they merely pose a threat to their own survival? This talk will investigate how a government’s ability to censor and limit the flow of information feeds into its choice of violent responses to protest. I will talk about the conditions under which a government is likely to benefit more from surveilling the free flow of information, and under which conditions it is more likely to benefit from censorship.

A few weeks before the first mass protests ensued across Syria in March 2011, the Regime led by President Bashar Al-Assad lifted a large number of bans on social networking platforms, including Facebook and Youtube. Up to that point, the Regime had controlled the most regulated media landscape and telecommunications market in the Middle East, which is why the move towards providing access to social media sites not even permitted in China was not something to be expected. Why, after all these years of extreme censorship, does a government suddenly permit free access to, and generation of, information? The ability to connect via large social network platforms has been celebrated as an important way for ordinary citizens to collectively organise protest in light of repressive rulers. The revolutions in the Middle East and North Africa have spurred a new and important research area on the effects of digital communication technology on citizen’s propensity to voice dissent and organise protest and resistance. The fact that anyone with a working network connection can now access, generate, and exchange content on the internet has been termed a ‘game changer’ for authoritarian regimes intent on maintaining control in light of mass popular protest. What has remained largely unanswered, is how regimes resolved to stay in power can make use of their ability to surveil, censor, and limit the flow of information in an age where the majority of communication has been relegated to the inter- net and mobile phones. Understanding the way in which this new form of control feeds into more traditional means of repression, such as the use of extreme forms of physical coercion, is a crucial part of this process. In this talk, I will discuss under which conditions the free flow of information is likely to prove helpful in conducting effective state repression, and under which conditions the censoring of information access is likely to be more beneficial. Regimes intent on maintaining power against all adversaries have long since combined the use of censorship with physical violations of those deemed threatening to their position. The introduction of digital communication technology has, however, altered the costs and benefits of limiting the flow of information when conducting coercive campaigns. When Syria’s government decided to unblock social networking sites, it might thus have simultaneously increased its intelligence for counterinsurgency operations, while also providing new ways of collective action for the opposition. Investigating these changes and how they affect the tactics of state violence is a crucial first step in understanding how contemporary and future governments are likely to incorporate their control of communication technology into strategies of repression. I use supervised machine-learning to analyze over 60,000 records of killings perpetrated by the Syrian Regime in the ongoing conflict, and classify them according to their event circumstances, to arrive at a categorization between targeted and untargeted acts of repression. I find that higher levels of information accessibility are consistently linked to an increase in the proportion of targeted repression, whereas areas with little or no access witness more indiscriminate campaigns of violence.

Saal 1 18:15

zurück

ruedi
Vor Windows 8 wird gewarnt


Im Vortrag sollen technische und gesellschaftliche Konsequenzen der von Microsoft kontrollierten Windows-8-Secure-Boot-Architektur und mögliche Gegenmaßnahmen diskutiert werden.

Nachdem die EinfĂŒhrung einer Microsoft-kontrollierten Sicherheitsinfrastruktur durch politischen Widerstand lange aufgehalten werden konnte, hat Microsoft inzwischen ein weiteres Mal Fakten geschaffen. In den Hardwareanforderungen fĂŒr Windows 8 wird Secure Boot verpflichtend vorausgesetzt. Andere Betriebssysteme können in der Praxis bisher nur mit technisch und rechtlich problematischen Notkonstruktionen gestartet werden. FĂŒr die stark wachsende ARM-Prozessorwelt soll dem Nutzer sogar komplett die Kontrolle entzogen werden. Dies beinhaltet sogar eine Zwangsaktivierung und ein Verbot der Deaktivierung des Microsoft-kontrollierten Secure-Boot-Prozesses. Was vielen lange Zeit als der bekannte Kampf zwischen Hackern und Microsoft um die freie Nutzung unserer GerĂ€tschaften erschien, erhielt durch die politischen Entwicklungen höchste Brisanz fĂŒr die gesamte Industrie. Microsoft kann und hat auch schon ohne nachvollziehbare BegrĂŒndung konkurrierende Bootloader deaktiviert. Ein Szenario, dass Microsoft (möglicherweise durch US-Regierungsdruck) die Berechtigung fĂŒr die von Microsoft unterschriebene Bootloader fĂŒr Linux-Distributionen zurĂŒckzieht, will man sich insbesondere fĂŒr sicherheitskritische Systeme oder eingebettete Systeme nicht wirklich vorstellen. WĂ€hrend deutsche Behörden darĂŒber diskutieren, wie sehr vor Windows 8 gewarnt werden sollte, verbot China völlig die Verwendung von Windows 8 auf staatlichen Computern. Im Vortrag sollen weitere technische und gesellschaftliche Konsequenzen vom Microsoft-kontrollierten Sicherheitsinfrastrukturen und mögliche Gegenmaßnahmen diskutiert werden.

Saal 1 19:00

zurück

Aram Bartholl
»Hard Drive Punch«


In general data is stored on technically sensitive systems and can easily be lost. At the same time files today appear often as indestructible once uploaded to the Internet.

In this presentation I will talk about a variety of approaches on data destruction and how these connect to current events and questions in society. From professional hard drive punch systems and art projects to DIY thermite melting, the art of destroying data is a wide spread cultural phenomenon. Workshop: Bring your old hard drives to have them crushed with the IDEAL 0101 hard drive punch or cut the data platter yourself by hand. Competition: You think you can still recover files from this drive? Which methods are the best?

Saal 1 20:30

zurück

Jacob
Laura Poitras
Reconstructing narratives


Surveillance, cryptography, terrorism, malware, economic espionage, assassination, interventions, intelligence services, political prisoners, policing, transparency, justice and you.

Structural processes and roles are designed to create specific outcomes for groups. Externally facing narratives are often only one of many and they seek to create specific outcomes by shaping discourse. We will cover a wide range of popular narratives surrounding the so-called Surveillance State. We intend to discuss specific historical contexts as well as revealing new information as part of a longer term research project.

Saal 1 21:45

zurück

bunnie
Xobs
Fernvale: An Open Hardware and Software Platform, Based on the (nominally) Closed-Source MT6260 SoC


We introduce Fernvale, a reverse-engineered, open hardware and software platform based upon Mediatek's MT6260 value phone SoC. The MT6260 is the chip that powers many of the $10 GSM feature phones produced by the Shanzhai. Fernvale is made available as open-licensed schematics, board layouts, and an RTOS based upon the BSD-licensed NuttX, as well as a suite of open tools for code development and firmware upload. We discuss our technical reverse engineering efforts, as well as our methodology to lawfully import IP from the Shanzhai ecosystem into the Maker ecosystem. We hope to establish a repeatable, if not labor-intensive, model for opening up previously closed IP of interest, thereby outlining a path to leveling the playing field for lawful Makers.

There is a set of technology which Makers are legally allowed access, and there is a much larger set of technology which is used to make our every day gadgets. Access to the best closed-source technology is prevented via barriers such as copyright (limiting your ability to learn how it works), patent (limiting your ability to make something similar), and supply-chain (limiting your ability to buy it). As a result, open-licensed, Maker-friendly technologies have trailed closed-source technology in terms of cost, performance, and features. Makers operating under Western IP law are legally bound by these barriers, and are forced to settle for Arduinos, Beaglebones, Raspberry Pis and Novenae. However, all of these are a far cry in terms of cost, performance, and features from what consumers typically expect from boxes purchased in retail stores. Our research into the Chinese ecosystem indicates there is another way. Originally marginalized as outlaws and copycats, the Shanzhai of China – China's counterpart to the Western hacker-maker – exist in a realm where copyright and patent barriers are permeable, a state which we refer to as 'gongkai'. As a result, knowledge and access to state of the art closed source technology has diffused into the Shanzhai ecosystem. Today, they have moved beyond the rote copying of Nokia, Samsung, and Apple, and have created a thriving, vibrant ecosystem where mobile technology is rip/mix/burned; their products are mass-produced at a rate of millions per month for the “rest of the world”, e.g. emerging markets such as Africa, Brazil, India, Indonesia, and Russia. About a year ago, we did a tear-down of an example $12 phone, and contrasted it to the Arduino Uno. For $29, the Arduino Uno gets you a 16MHz, 8-bit CPU with 2.5k of RAM, and USB plus a smattering of GPIO as the sole interfaces. For $12, a phone out of the Chinese gongkai ecosystem gets you a 260 MHz, 32-bit CPU with 8MiB of RAM, with USB, microSD, SIM, quad-band GSM, Bluetooth, an OLED display and a battery. It begs the question of why, when Makers talk about IoT technologies in the West, they typically think of wifi-powered solutions in the $20-70 range, versus a GSM platform in the $10-$20 range. In this lecture, we disclose an attempt to short-circuit the disclosure barrier. We are releasing an open hardware and software solution built around the Mediatek MT6260. The MT6260 is a 32-bit ARM7EJ-S SoC with 8MiB of PSRAM in-package, as well as USB, LCD, touchscreen, audio, Bluetooth, quad-band GSM, dual-SIM, FM radio, UART, keypad, SD card, camera, and other peripherals integrated. The chip can be purchased on the over-the-counter market for about $2-3 in China. We call our solution built around this chip “Fernvale”. Fernvale is similar to the “LinkIt ONE” recently released by Mediatek and Seeed Studios, based upon the MT2502A SoC and targeted at IoT and wearables. LinkIt indicates a new direction for Mediatek and we are optimistic that their effort indicates a new pattern of openness toward Makers. At the time of this proposal's submission, the details of the LinkIt ONE platform are still unfolding, but the basic feature set looks comparable to that of Fernvale. However, it seems the LinkIt SDK is still based upon a closed-source Nucleus RTOS providing services to an open Arduino-like API. Unlike LinkIt ONE, Fernvale runs a port of NuttX, a small-footprint BSD-licensed RTOS that is Posix and ANSI compliant, and includes a partial set of drivers for the available hardware peripherals. The mainboard is laid out to function as either a SoM (system on module) or as a truncated Arduino shield (with the appropriate headers populated), and focuses on the computational abilities of the platform. In other words, Fernvale is not positioned as a mobile phone solution per se, but rather as an Engineering Development Kit (EDK) for embedded applications that can benefit from a highly-integrated, low-cost high-performance microcontroller solution such as the MT6260. As a result, the mainboard breaks out a selection of GPIO as well as the speaker, battery, USB, and SD card interfaces. The mainboard also serves as a base platform for rallying a larger community of developers who can aid with the task of reverse engineering and writing legally open drivers for its massive peripheral set. Two expansion headers are provided on the mainboard. A larger UX header can be used to attach a keypad + LCD + audio interface, for applications that require UI elements. A smaller analog header enables users to attach an RF front-end of their choosing, which could potentially enable GSM-compatible voice and data services, if drivers were to exist. This lecture will also discuss our experiences reverse engineering, and our approach to open-sourcing the MT6260. We had to reverse engineer significant portions of the system, including but not limited to circuit board layouts, hardware configuration options, bootloader protocols, partial register maps, and the internal boot ROM of the SoC. This reverse engineering effort was necessary to create a blob-free software implementation, and to give developers an alternative to Mediatek's proprietary firmware flashing utilities to upload code. It was also necessary to create schematics and circuit board maskworks which have an original copyright thereby giving us the right to pick an open license for the hardware designs. We took special pains to ensure our method was lawful and the resulting work is copyright-clean under U.S. law. We did review some non-open-licensed chip documentation and code examples available for download from open file-sharing sites. None of these materials were restricted by DRM. American copyright law contains a fair-use exception that allows limited copying and examination of such materials for the purpose of understanding the ideas and functional concepts embodied in them. We believe our download and review of those materials is fair use. Should potential copyright holders disagree with our interpretation, we invite any offended parties to engage us in rational discourse. We believe that Makers have for too long lived in the shadow of overbearing copyright laws. We need to develop an example of how to import ideas from less strict IP jurisdictions where innovation is flourishing; failing this, hardware Makers run the risk of being eternally behind the Shanzhai. Fernvale is our first attempt at developing a legal context for importing IP from the gongkai ecosystem into a fully open source solution; we hope our example will embolden other developers to pursue more ambitious targets. We also hope our work may, in the long term, catalyze meaningful Maker-friendly reform to Western IP law by raising awareness of the disparity between East and West, with the success of the Shanzhai serving as evidence of how permissive IP policy can be good for both grass-roots innovators (the Shanzhai) and big businesses (Mediatek and the phone network operators) alike.

Saal 1 23:00

zurück

Zakir Durumeric
The Matter of Heartbleed


The Heartbleed vulnerability took the Internet by surprise in April of this year. The vulnerability was one of the most consequential in the history of the Internet, since it allowed attackers to potentially steal login credentials, cryptographic keys, and other private data from up to half of all popular HTTPS sites. In this talk, we take a detailed look at Heartbleed and its aftermath, based on comprehensive measurements and analysis that our research team performed over the past six months. We began tracking Heartbleed's impact within hours of its disclosure using massive ZMap scans and large network telescopes. This allowed us to track which sites remained vulnerable, observe certificate revocations, and monitor for large scale attacks in close to real time. Based on this data, we also conducted one of the largest ever mass vulnerability notifications, informing the network administrators for all devices still susceptible to Heartbleed across the entire IPv4 address space. Finally, we investigated the question of whether attackers knew about and exploited Heartbleed prior to its public disclosure---and we will present new details about this question in the talk. We hope that by learning from the Heartbleed security disaster, our community can prepare to respond more effectively to such events in the future.

In March 2014, researchers found a catastrophic vulnerability in OpenSSL, the cryptographic library used to secure connections in popular servers including Apache and Nginx. The bug allowed attackers to extract cryptographic keys, login credentials, and other private data from an estimated 22-55% of HTTPS sites. Worsening its severity, the bug was both simple to understand and exploit.

We used ZMap to perform comprehensive scans of the IPv4 address space and popular web servers in the days and months following disclosure. We provide more extensive estimates on who was originally vulnerable, track who patched their sites, and replaced certificates. We will present exactly which server products and devices were vulnerable. We will further discuss how Heartbleed affected the HTTPS CA ecosystem. Worryingly, we find that only 10% of the known vulnerable sites replaced their certificates within the next month, and of those that did, 14% neglected to change the private key, gaining no protection from certificate replacement! We'll also present the shortcomings in the public key infrastructure that Heartbleed unearthed and problems our community needs to focus on moving forward.

We investigated widespread attempts to exploit Heartbleed post disclosure at four network sites. We will discuss the subsequent exploit attempts we observed from almost 700 sources and the Internet-wide scans that started post disclosure. We also investigated whether exploit attempts took place prior to Heartbleed's public disclosure, including examining suspicious network traces recorded months earlier. We will disclose new details of these traces and their implications in the talk.

Even with global publicity, Heartbleed patching plateaued after two weeks. To try to help, we notified network administrators responsible for more than 500,000 unpatched systems. While much of the security community (including us!) assumed that mass vulnerability notifications would be too difficult or ineffective, we found that it increased the Heartbleed patching rate by nearly 50%. We will discuss how we performed these notifications, the reactions of network operators, and prospects for performing automatic mass notifications based on Internet-wide scanning in future vulnerability events.

Throughout the talk, we will use real world data to frame what went well and what went poorly in the Internet's response to Heartbleed. The vulnerability's severe risks, widespread impact, and costly global cleanup qualify it as a security disaster. However, by understanding what went wrong and learning from it, the Internet security community can be better prepared to address major security failures in the future.

Saal 1 23:30

zurück

Nick Sullivan
Heartache and Heartbleed: The insider’s perspective on the aftermath of Heartbleed


Two weeks after the Heartbleed bug was announced, CloudFlare patched the Heartbleed bug, created a challenge to prove the bug could be used to find private keys (uncovering a second bug in OpenSSL) and turned its entire network into a giant honeypot. This session will discuss the specific steps taken to prevent early disclosure, creating and scaling the first public vulnerability test, how the CloudFlare Heartbleed challenge showed that you can reveal private SSL keys (how a second bug in OpenSSL made this possible) the incredible impact of revoking over 100,000 certificates in a single day, and the results of our honeypot revealing the proportion of attack traffic versus research traffic.

CloudFlare was notified about Heartbleed as soon as it was discovered--ahead its public announcement--and took extreme precaution to not reveal anything about the bug. This required communicating only over secure channels, restricting the visibility of the branch from which we built the workaround, and using secure software deployment methods. After the patch was announced, there was a rush to reverse engineer the bug and create an exploit. The cloudFlare team immediately started working proof of concept, and hosted it on a website allowing others to scan for vulnerable sites. Within minutes, the original site was flooded with requests. CloudFlare’s Nick Sullivan will share this process and the feats pulled off to make sure the site could scale and provide accurate results. He will go into the numbers and technical details of the PoC and speak about its bugs and how they were found. Statistics and anonymized raw data of the 70+ millions of results will be provided, giving an overview of the patching process over time. It was clear soon after the bug was revealed that the number of servers affected by this bug was massive. What wasn’t clear was the scope of data that was vulnerable to attack. In order to determine the risk to private keys from this vulnerability, his team launched the CloudFlare Heartbleed Challenge. They set up a site that was vulnerable to the attack, added logging and created a webpage to submit a signed proof of key ownership. In less than a day, there were several successful submissions. Nick will go over the naive (but successful) strategy used to extract keys and the more advanced technique based on Coppersmith’s Method. Finally he will discuss the *second* OpenSSL bug we discovered that allowed the private key to be extracted via Heartbleed. After the exploits were in the wild, his team added logging to see who was trying to exploit this bug. Nick will reveal the results of this analysis and cross-reference the results with the IPs of the test site. These numbers give new insight into how many people were attempting to maliciously exploit this flaw versus research done to probe vulnerable sites. Once the dust settled and the team worked out the details with our CA, we revoked over 80,000 of CloudFlare’s SSL certificates. This turned into an internet scaling nightmare, resulting in a constant flood of more than 40 gigabits per second of traffic to serve overgrown certificate revocation lists. Since CloudFlare provides caching for its CA, the team bore the brunt of this traffic. Their revocation lists would have DDoSed most sites (and some certificate authorities) off the internet. Nick will talk about caching CRLs, and how the revocation system was not designed for this scale of internet flaw. In conclusion we he will summarize the many ways this coding error revealed some of the deeper flaws in the internet, and discuss ways we can move forward. Nick will share actionable advice and the security strategies used by cloud service companies on how to monitor the way companies store keys internally. Attendees will leave with actionable advice on how to better secure their own systems against the next Heartbleed and the security strategies used by cloud service companies on how to monitor the way companies store keys internally.

Saal 1 00:15

zurück

frank
Fefe
Fnord News Show


Im Format einer lockeren Abendshow werden wir die Nachrichten-Highlights des Jahres prÀsentieren, die Meldungen zwischen den Meldungen, die subtilen Sensationen hinter den Schlagzeilen.

Kommen Sie, hören Sie, sehen Sie! Lassen Sie sich mitreißen!

Saal 2 11:30

zurück

Joscha
From Computation to Consciousness


How can the physical universe give rise to a mind? I suggest to replace this confusing question by another one: what kind of information processing system is the mind, and how is the mind computed? As we will see, even our ideas of the physical universe turn out to be computational. Let us explore some fascinating scenery of the philosophy underlying Artificial Intelligence.

How do minds work? In my view, this is the most interesting question of all, and our best bet at answering it lies in building theories that we can actually test in the form of computer programs, that is, in building Artificial Intelligence. Let us explore some of the philosophical ideas that explicitly or implicitly form the basis of Artificial Intelligence. The idea that minds are some kind of machine, mechanical contraptions, seems to be unconvincing, even offending to many people, even if they accept that the physical universe is a machine, and minds are part of that universe. Computer science has revolutionized our concept of machines, though: no longer do we see machines as mechanical arrangements of parts that pull and push against each other, but as arbitrary, stable causal arrangements that perform regular changes on their environment. We can think about mathematical machines, like cellular automatons, about financial, social or ecological machines. Machines do not have to be human-made artifacts, they are a way of conceptualizing regular processes and dynamic systems. In the case of conceptualizing the human mind, what matters is not biology, chemistry, or structural properties of the brain, but what these implement: a class of machine that is capable to process information, in very specific ways. The mind is not necessarily a mechanical machine, but certainly an information processing machine, a computational system. Computationalism is the notion that minds can and have to be modeled as computational, and in its strong form, it maintains that the mind actually _is_ a computer, implemented by a physical mechanism. But the ideas of computation have permeated our understanding of the world even further. Our understanding of physics no longer conforms to mechanical world views (i.e. parts and particles pulling and pushing against each other), but requires us to switch to the broader notion of how the universe processes information. The foundational theories of physics are concerned with how the universe is computed. In the view of universal computationalism, the question of what sort of thing minds are resolves into the question whether hypercomputation is possible, and if not, what classes of computation are involved in their functionality. Computationalism systematizes the intuitions we get naturally while we program computers, and it helps us understand some of the deepest questions of cosmology, epistemology and the nature of the mind in ways that did not exist in the past.

Saal 2 12:45

zurück

James Bamford
Tell no-one


For nearly one hundred years, the NSA and its predecessors have been engaging in secret, illegal deals with the American telecom industry, with both virtually immune from prosecution.

How did this begin? How does it work? How much have US presidents known? What happens when they get caught? Will it change after the Snowden revelations? A fascinating look at a hundred years of handshakes and backroom deals between the eavesdroppers and the telecom executives.

Saal 2 14:00

zurück

Joseph Tartaro
Matthew Halchyshak
Cyber Necromancy


Reverse engineering is not all binaries and byte-code. The black art also extends to networks and unobtainable game servers. In this talk we go into the gruesome details of how we dug through the graveyards of console binaries and mausoleums of forgotten network protocols in order to stitch together the pieces necessary to bring our favorite game Metal Gear Online back to life. We will be examining the process of reverse engineering the games custom network protocols in all angles from packet logs to low level disassembly of client code.

In this presentation we will be discussing the path we took to successfully develop our own private server for Metal Gear Online on the Sony PlayStation 2 and PlayStation 3 video game consoles. Interestingly enough this was a private server that was developed after the original was already taken offline, so we did not have a live active server to help with the reverse engineering. Due to this we ran into some issues but ultimately succeeded. We believe that the details of the techniques that we used will prove useful for anyone attempting similar actions in the future. The topics that we will discuss in this talk will cover a wide range of high and low level issues related to network protocol and binary reversing. We will begin with an overall survey of the general problems faced by anyone attempting this type of work. The talk will quickly delve from the high-level and simple issues into the more technical aspects of reverse engineering in the blind. We will be including the techniques we used to determine the protocol and payload responses that the client was expecting. Describing in detail how we honed in on common traits that we expected to see on the network, using open source knowledge and binary level reverse engineering of client code to determine the expected response. We expect the attendees of this talk to walk away with knowledge that will help them in the future when working on similar projects or any activities related to protocol reverse engineering.

Saal 2 16:00

zurück

Lothar Hotz
Das Transparenzportal Hamburg


Im Vortrag wird die technische Umsetzung des Transparenzportals Hamburg vorgestellt.

Die Inhalte des Portals werden durch das Hamburger Transparenzgesetz bestimmt. Aufgrund der Vielzahl der anzubindenden heterogenen Systeme wurde eine umfassende Architektur entwickelt, die es erlaubt, ĂŒber einen dezidierten Zugang alle angebundenen Systeme zu erreichen. Der Zugang besteht aus einem Webportal sowie einer API, die die maschinelle Abfrage der Portalinhalte erlaubt.

Saal 2 16:45

zurück

ruedi
Krypto fĂŒr die Zukunft


(K)ein kleiner Rant ĂŒber Elliptische Kurven, Quantencomputer, Bitcoins und die NSA et al.

1 Was wĂŒrde Ihrer Meinung nach passieren, wenn ein funktionierender Quantencomputer entwickelt wĂŒrde? Auf welche Arten von Kryptografie wĂŒrde sich das wie auswirken? Quantencomputer können mit Hilfe des Shor Algorithmus die gĂ€ngigen Public Key Verfahren, wie beispielsweise RSA und DSA, sehr effektiv attackieren. Aber auch die neueren Verfahren, welche Elliptische Kurven verwenden, sind betroffen. FĂŒr diese Angriffe benötigt man eine von der SchlĂŒssellĂ€nge abhĂ€ngigen Anzahl von qubits. Elliptisch Kurven Kryptosysteme nutzen deutlich kĂŒrzere SchlĂŒssel, im Falle von Bitcoin 256 bit. Das klassische RSA System verwendet in der heutigen Praxis mindestens 2048 bit. 2 WĂ€ren Bitcoins dann wertlos? Wenn ja, warum genau? Ein erfolgreicher Angriff gegen die in Bitcoin verwendete Signaturfunktion, wĂŒrde wegen des geschickten Design, nicht sofort alle Bitcoins wertlos machen. Bitcoin nutzt zunĂ€chst statt des eigentlichen öffentlichen SchlĂŒssels eine von diesem mit Hilfe von zwei verschiedenen Hashfunktionen abgeleiteten Adresse. Der Public Key wird erst bei einer Überweisung selbst enthĂŒllt. Dieses Vorgehen verkĂŒrzt die möglichen Angriffszeiten, falls nicht noch Geld auf dem Konto gelassen wird. Aus SicherheitsgrĂŒnden sollte fĂŒr jede Transaktion eine neue Adresse verwendet werden, was bisher nur aus DatenschutzgrĂŒnden empfohlen wurde. 3 Was sehen Sie an der bei Bitcoin verwendeten Kryptografie kritisch? Auch wenn man sicher an einigen Stellen aus Sicht der Kryptographieforschung die ein oder andere Verbesserung vorschlagen könnte, welche auch teilweise schon in alternativen Systemen erfolgreich eingesetzt werden, ist jedoch gerade die Einfachheit und Robustheit der eingesetzten Konstruktionen zu loben. Die Autoren verfĂŒgen ĂŒber ausgezeichnete Kryptographiekenntnisse. Die in bitcoin verwendete Kurve Secp256k1 wurde zwar begrĂŒndet ausgewĂ€hlt, bedarf jedoch einer intensiveren Beforschung. Die 256 bit SchlĂŒssellĂ€nge verschafft keinen beruhigenden Sicherheitsspielraum. Eine Wahl von 512 bit wĂ€re die bessere Wahl gewesen. Auch wĂŒrde eine Wahl von unterschiedlichen Kurven fĂŒr jede Transaktion stĂ€rker der Bitcoin-Philosophie entsprechen. 4 Können Sie grob einschĂ€tzen wie lange es noch dauert bis der erste echte funktionierende Quantencomputer entwickelt wird? Wie hoch ist Ihrer EinschĂ€tzung nach die Chance, dass das in den kommenden Jahrzehnten passiert? Es ist leider von außen sehr schwer einzuschĂ€tzten wie weit die amerikanischen Dienste bei der Entwicklung von Quantencomputern gekommen ist. Die EnthĂŒllung von Snowden zeigten, dass die US Regierung erhebliche Mittel zur Erforschung von neuartigen Angriffsmöglichkeiten aufwendet In jedem Falle erscheinen Public Key SchlĂŒssellĂ€ngen von mehr als die ĂŒblichen 256 bit empfehlenswert. 5 Warum wird heute PostQuantum-Kryptographie so gut wie noch nicht verwendet? Was sind die HĂŒrden beim Einsatz? WĂ€re es möglich Bitcoin auf PostQuantum-Kryptographie umzustellen, ohne dass dabei alle vorhanden Coins ihren Wert verlieren? PostQuantum-Kryptographie ist eine recht junge Forschungsrichtung. Die bisher vorgeschlagenen Verfahren können oftmals noch nicht hinsichtlich SchlĂŒssellĂ€ngen und AusfĂŒhrungsgeschwindigkeit mit den bisherigen AnsĂ€tzen konkurrieren. Es erscheint wegen der umfassenden GefĂ€hrdung der gesamten Internetkommunikation, die bei einem Quantencomputerdurchbruch sehr schnell eintreten wĂŒrde, unabdingbar mathematische Grundlagenforschung zur Entwicklung zukunftsicheren Verfahren stĂ€rker zu fördern. Bitcoin könnte auf PostQuantum-Kryptographie umgestellt werden, ohne dass dabei alle vorhanden Coins ihren Wert verlieren.

Saal 2 17:30

zurück

Andrea Barisani
Forging the USB armory


The presentation will cover the journey that we have taken to develop the USB armory board from scratch, explaining the lessons learned and its prospected applications.

Inverse Path recently introduced the USB armory project (http://inversepath.com/usbarmory), an open source hardware design, implementing a flash drive sized computer for security applications. The USB armory is a compact USB powered device that provides a platform for developing and running a variety of applications. The security features of the USB armory System on a Chip (SoC), combined with the openness of the board design, empower developers and users with a fully customizable USB trusted device for open and innovative personal security applications. The presentation will cover the journey that we have taken to develop the USB armory board from scratch, explaining the lessons learned and its prospected applications.

Saal 2 18:15

zurück

Reuben Binns
Privacy and Consumer Markets


The internet may be the nervous system of the 21st century, but its main business purpose is helping marketers work out how to make people buy stuff. This talk maps out a possible alternative, where consumers co-ordinate online, pooling their data and resources to match demand with supply.

The internet, perhaps the most incredible communications medium ever created, is fast becoming the nervous system of the 21st century. But right now its primary business function is to gather data about us, to categorise and sort us, to machine learn our most intimate secrets, all so that marketers can craft advertisements designed to extract as much money out of us as possible. As well as being the cause of our current privacy and surveillance woes, this business model is also a surprisingly inefficient way of matching consumers with stuff they actually want and need. A vast infrastructure of ad servers, data brokers, CRMs, and real-time bidding platforms exists in order to quietly nudge consumers to buy a different brand of soap. The problem is that we are easily nudged, and being a rational consumer in the modern economy requires an impossible amount of time, information and intelligence. Realistically, it is beyond the powers of human computation. The seeds of a technology-driven alternative are emerging in some corners of the economy. A range of new tools crunch through masses of pricing and product data to help consumers avoid getting ripped off, and find the products they really need. Collective buying schemes have enabled households to club together in their thousands to negotiate better, cheaper, more sustainable suppliers of home energy and other products. The growth of free software, peer production and decentralised systems demonstrate that technology for independence, co-operation and empowerment are possible outside of the traditional market model. Combining these trends suggests a possible future where ordinary people collectively pool their data, computation and buying power to drive the production and allocation of goods and services, rendering the surveillance-advertising business model redundant in the process.

Saal 2 19:00

zurück

Anonymous member of Tarnac Solidarity Committee
tarnac nine
The Invisible Committee Returns with "Fuck Off Google"


“There will be people who resist adopting and using technology, people who want nothing to do with virtual profiles, online data systems or smart phones. Yet a government might suspect that people who opt out completely have something to hide and thus are more likely to break laws, and as a counterterrorism measure, that government will build the kind of ‘hidden people’ registry we described earlier. If you don’t have any registered social-networking profiles or mobile subscriptions, and on-line references to you are unusually hard to find, you might be considered a candidate for such a registry. You might also be subjected to a strict set of new regulations that includes rigorous airport screening or even travel restrictions.”

The figure of the hacker contrasts point by point with the figure of the engineer, whatever the artistic, police-directed, or entrepreneurial efforts to neutralize him may be. Where the engineer would capture everything that functions in such a manner that everything functions better, in order to place it in the service of the system, the hacker asks himself “How does that work?” in order to find its flaws, but also to invent other uses, to experiment. Experimenting then means exploring what such and such a technique implies ethically. The hacker pulls techniques out of the technological system in order to free them. If we are slaves of technology, this is precisely because there is a whole ensemble of artifacts of our everyday existence that we take to be specifically “technical” and that we will always regard simply as black boxes of which we are the innocent users. The use of computers to attack the CIA attests rather clearly that cybernetics is no more the science of computers than astronomy is the science of telescopes. Understanding how any of the devices that surround us brings an immediate increase in power, giving us a purchase on what will then no longer appear as an environment, but as a world arranged in a certain way and one that we can shape. This is the hacker’s perspective on the world. These past few years, the hacker milieu has gained some sophistication politically, managing to identify friends and enemies more clearly. Several substantial obstacles stand in the way of its becoming-revolutionary, however. In 1986, “Doctor Crash” wrote: “Whether you know it or not, if you are a hacker you are a revolutionary. Don’t worry, you’re on the right side.” It’s not certain that this sort of innocence is still possible. In the hacker milieu there‘s an originary illusion according to which “freedom of information,” “freedom of the Internet,” or “freedom of the individual” can be set against those who are bent on controlling them. This is a serious misunderstanding. Freedom and surveillance, freedom and the panoptical belong to the same paradigm of government. Historically, the endless expansion of control procedures is the corollary of a form of power that is realized through the freedom of individuals. Liberal government is not one that is exercised directly on the bodies of its subjects or that expects a filial obedience from them. It’s a background power, which prefers to manage space and rule over interests rather than bodies. A power that oversees, monitors, and acts minimally, intervening only where the framework is threatened, against that which goes too far. Only free subjects, taken en masse, are governed. Individual freedom is not something that can be brandished against the government, for it is the very mechanism on which government depends, the one it regulates as closely as possible in order to obtain, from the amalgamation of all these freedoms, the anticipated mass effect. Ordo ab chao. Government is that order which one obeys “like one eats when hungry and covers oneself when cold,” that servitude which I coproduce at the same time that I pursue my happiness, that I exercise my “freedom of expression.” “Market freedom requires an active and extremely vigilant politics,” explained one of the founders of neoliberalism. For the individual, monitored freedom is the only kind there is. This is what libertarians, in their infantilism, will never understand, and it’s this incomprehension that makes the libertarian idiocy attractive to some hackers. A genuinely free being is not even said to be free. It simply is, it exists, deploys its powers according to its being. We say of an animal that it is en libertĂ©, “roaming free,” only when it lives in an environment that’s already completely controlled, fenced, civilized: in the park with human rules, where one indulges in a safari. “Friend” and “free” in English, and “Freund” and “frei” in German come from the same Indo-European root, which conveys the idea of a shared power that increases. Being free and having ties was one and the same thing. I am free because I have ties, because I am linked to a reality greater than me. In ancient Rome, the children of citizens were liberi : through them, it was Rome that was growing. Which goes to show how ridiculous and what a scam the individual freedom of “I do what I feel like doing” is. If they truly want to fight the government, the hackers have to give up this fetish. The cause of individual freedom is what prevents them from forming strong groups capable of laying down a real strategy, beyond a series of attacks; it’s also what explains their inability to form ties beyond themselves, their incapacity for becoming a historical force. A member of Telecomix alerts his colleagues in these terms: “What is certain is that the territory you’re living in is defended by persons you would do well to meet. Because they’re changing the world and they won’t wait for you.” Another obstacle for the hacker movement, as every new meeting of the Chaos Computer Club demonstrates, is in managing to draw a front line in its own ranks between those working for a better government, or even the government, and those working for its destitution. The time has come for taking sides. It’s this basic question that eludes Julian Assange when he says: “We high-tech workers are a class and it’s time we recognize ourselves as such.” France has recently exploited the defect to the point of opening a university for molding “ethical hackers.” Under DCRI supervision, it will train people to fight against the real hackers, those who haven’t abandoned the hacker ethic. These two problems merged in a case affecting us. After so many attacks that so many of us applauded, Anonymous/LulzSec hackers found themselves, like Jeremy Hammond, nearly alone facing repression upon getting arrested. On Christmas day, 2011, LulzSec defaced the site of Strafor, a “private intelligence” multinational. By way of a homepage, there was now the scrolling text of The Coming Insurrection in English, and $700,000 was transferred from the accounts of Stratfor customers to a set of charitable associations – a Christmas present. And we weren’t able to do anything, either before or after their arrest. Of course, it’s safer to operate alone or in a small group – which obviously won’t protect you from infiltrators – when one goes after such targets, but it’s catastrophic for attacks that are so political, and so clearly within the purview of global action by our party, to be reduced by the police to some private crime, punishable by decades of prison or used as a handle for pressuring this or that “Internet pirate” to turn into a government agent.

Saal 2 20:30

zurück

Rafal Wojtczuk
Corey Kallenberg
Attacks on UEFI security, inspired by Darth Venamis's misery and Speed Racer


On modern Intel based computers there exists two powerful and protected code regions: the UEFI firmware and System Management Mode (SMM). UEFI is the replacement for conventional BIOS and has the responsibility of initializing the platform. SMM is a powerful mode of execution on Intel CPUs that is even more privileged than a hypervisor. Because of their powerful positions, SMM and UEFI are protected by a variety of hardware mechanisms. In this talk, Rafal Wojtczuk and Corey Kallenberg team up to disclose several prevalent vulnerabilities that result in SMM runtime breakin as well as arbitrary reflash of the UEFI firmware.

In 2009 Rafal Wojtczuk and Alexander Tereshkin described the first publicly presented BIOS reflash exploit. Then in 2013 Corey Kallenberg presented the second instance of this class of vulnerability with an exploit targeting Dell BIOS. Now, in 2014, Rafal and Corey have joined forces to complete the destruction of the jedi^H^H BIOS. The UEFI firmware is normally the first code to execute on the CPU, putting it in a powerful position to subvert other components of the platform. Because of its security critical nature, the UEFI code resides on a flash chip that is protected against arbitrary writes via a number of chipset protection mechanisms. Besides initializing the platform and bootstrapping to an operating system, UEFI is also charged with instantiating the all powerful System Management Mode (SMM). SMM is neither readable or writeable by any other code on the platform. In fact, SMM has the ability to read and write hypervisor protected memory, but the converse is not true! These properties make SMM an ideal place to store a rootkit. Similar to the UEFI firmware, because of these security critical properties, there are hardware mechanisms that protect the integrity and confidentiality of SMM. This talk will explore attack surface against SMM and UEFI that has not previously been discussed. We will highlight a bug in one of the critical hardware protection mechanisms that results in a compromise of the firmware. We will also directly target a part of the UEFI specification that provides SMM exploitation opportunities. The vulnerabilities disclosed and their corresponding exploits are both prevalent among UEFI systems and reliably exploitable. The consequences of these vulnerabilities include hypervisor and TXT subversion, bricking of the victim platform, insertion of powerful rootkits, secure boot break, among other possibilities.

Saal 2 21:45

zurück

Bill Scannell
Inside Field Station Berlin Teufelsberg


Of all the NSA's Cold War listening posts, their intelligence facility on top of Berlin's Teufelsberg was their most secretive.

Field Station Berlin – its white tower and geodesic domes visible for miles around – was the epicenter of of the western intelligence community's most sensitive SIGINT operations. Now abandoned, the ghosts of "The Hill" know many stories left untold. Ever wondered how it was to work there at the height of the Cold War? What did people do there, anyway? And what it was really like inside the day Ronald Reagan said, "we begin bombing in five minutes"? Wonder no longer. As a young SIGINT analyst straight out of college in the 1980's, Bill Scannell was there and will tell (almost) all.

Saal 2 23:00

zurück

Sarah Harrison
Grace North
Doing right by sources, done right


Whistleblowing is becoming a progressively popular topic and ways to technically support anonymous submissions by journalistic sources are being increasingly discussed and developed. However, there is much more to protecting sources than the technical side. There is currently little discussion about the surrounding ethics, operational security and public protections of sources. Two women that have expertise in all areas of source protection; from submission, to publication, to after-care explain and discuss what source protection really means, issues that have arisen in recent years, often causing disastrous consequences, as well as the important lessons to learn from these and successful cases.

Speakers: Sarah Harrison: Courage Acting Director and WikiLeaks Investigations Editor and Grace North: Jeremy Hammond campaign manager With current technology the ability for journalists to be provided with large data sets securely is increasing. With the surveillance revelations from Snowden there is much talk about ways for the public and journalists to work online safely, and how this can be used to help protect sources. However, there are few to no discussions about a holistic attitude to source protection. In fact we can see in the past that its often not technical, but operational security issues that pose the greatest threat to source's ongoing safety, whether that is the source's or journalist's operational security, informants, or lack of after care. Source protection begins at the point of contact, and it doesn’t stop at publication - in some cases, the real work actually begins at publication. From the angle of investigations editor at WikiLeaks, a publishing organisation with a clean record of source protection, Harrison is well placed to explain the nuanced areas of source protection for media, from submission through to publication. But its not just within the publication process that source protection needs to be considered. Simply not printing a sources name is not enough. It’s irresponsible for journalists to speculate about sources they know little about, or to publicly speculate that an unnamed source is on the loose. Recently media outlets have suggested there is another NSA source, leaking information to the Intercept and elsewhere. What has that incurred? The US government launched an internal investigation to hunt out any other suspected sources, and we know well what the United States does to whistleblowers. And for media and the public alike there is an aftercare responsibility to sources that have risked so much for our right to know - how they are supported and spoken about. Both Harrison and North are experts in how media and the public have and should protect sources. Media generally abandons sources (they did in the case of Manning and Hammond in a devastating way), this can and should change. In addition public solidarity is vital for sources, we have this past year seen a growing trend in pitting sources against one another in the public domain: Harrison and North will discuss the dangers and consequences of this. While the use of the term “whistleblower” is increasingly used and understood, it doesn’t always describe a source. Courage uses the term ‘truthteller’ to encompass all people who bring secret truths to public light. Someone like Jeremy Hammond, who did not work for Stratfor or its clients, but knew its operations were of interest to the public at large, to the citizens of a government that subscribes to Stratfor’s services, is a truthteller. He is an outsider who worked, allegedly, to make important truths public, and thus a vital journalistic source, without whom we wouldn’t have hundreds upon hundreds of valuable news stories on the private intelligence industry. These lessons give us a better understanding of what has gone right and wrong with recent high-level sources, like Manning, Snowden and Hammond, but they should also be building blocks for an understanding of the principles involved and how we can employ them in the future. Courage wants to continue protecting the sources we know about, but we also work to engender a culture of support for whistleblowing, a knowledgeable and ethical media class, and a trust among sources that journalists will protect them from start to finish. We encourage whistleblowing as a key method to keeping governments and powerful corporations accountable to the public, but we must be responsible first. This talk will explain and highlight these lessons from a first hand perspective, giving an understanding of what real source protection means, and how the media and public can perform it. The speakers will take questions after.

Saal 2 00:15

zurück

Fefe
Frank Rieger
Fnord News Show (Stream)


Im Format einer lockeren Abendshow werden wir die Nachrichten-Highlights des Jahres prÀsentieren, die Meldungen zwischen den Meldungen, die subtilen Sensationen hinter den Schlagzeilen.

Kommen Sie, hören Sie, sehen Sie! Lassen Sie sich mitreißen!

Saal G 11:30

zurück

Arne Padmos
Why is GPG "damn near unusable"?


GPG has been correctly described as "damn near unusable". Why is this so? What does research into usable security tell us? This talk covers the history, methods, and findings of the research field, as well as proposed solutions and open questions.

With all the frustration around trying to get Glen Greenwald to use encryption [0,1], it is not surprising that Edward Snowden has described GPG as "damn near unusable" [2]. Such usability problems of end-to-end email encryption tools have been around for a long time. In 1999, a seminal study found that most participants were unable to use PGP 5.0 to encrypt an email when given 1.5 hours to do so [3]. Others have tried to solve these usability problems by automating the key exchange and encryption [4]. However, issues persist around a lack of end-user trust in the software [5], difficulties in getting encryption widely implemented, and having to deal with a general absence of understanding the email architecture [6]. Despite being almost 50 years old [7], email is still not widely encrypted on an end-to-end basis. In this year's SOUPS keynote (the major conference on usable security), Christopher Soghoian described how we as a community are not doing nearly enough to get security into the hands of consumers: we are mostly stuck with the same broken interface as PGP 5.0 from back in 1999, people still face the same conceptual barriers, and we still have crappy defaults [8]. While there has been renewed interest in end-to-end email encryption after the Snowden revelations [9], many projects do not take usability into account. This talk goes into some of the dos and don'ts gleaned from the usable security research field. Building on a discussion of the history, methodology, and findings of the research, the talk will cover topics including the constraints of humans, the need for clear mental models, and the usefulness of user testing. Some examples of successes and failures will be used to illustrate a range of usable security principles. Remaining pain points such as metadata protection, key management, and end-user understanding will be covered, including proposals for fixing these such as anonymous routing, more appropriate metaphors, and trust on first use. Various open questions will also be discussed, including: - Should we patch the existing email architecture or should we move towards new protocols? - How can the crypto community build subversion-resistant collaboration platforms? - Is there a way to standardise our cryptoplumbing to a restricted set of secure algorithms? - Can we provide developers with usable coding technologies to prevent nightmares like OpenSSL? - How should we involve end-users into the development cycle of open source software? - Can we empower end-users to take security back into their own hands?

Saal G 12:45

zurück

gedsic
Lightning Talks Day 2


Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick!

Saal G 16:00

zurück

Felix MĂŒtze
GIFs: Tod eines Mediums. Und sein Leben nach dem Tod.


Im Grunde sind GIFs Schnee von gestern. Es gibt zahlreiche Alternativen, die das, was ein GIF kann, besser können. Und trotzdem haben sich GIFs als Kulturtechnik durchgesetzt. Oder war es nur ein letzter Hype vor dem Tod? Wie kommt es, dass ein Medium, das schon in den 90ern veraltet war, sich noch zwei Jahrzehnte spĂ€ter bester Beliebtheit erfreut? Und was können wir daraus ĂŒber die Diskrepanz zwischen aktueller technischer Entwicklung einerseits und der tatsĂ€chlichen Nutzung von Technologie andererseits lernen?

In seiner langen Geschichte hat das Dateiformat GIF einiges an Auf und Ab erlebt. Mittlerweile ist es technisch völlig ĂŒberholt, wurde mehrfach totgesagt, teils aktiv bekĂ€mpft und wurde trotzdem nicht völlig von der technisch besseren Konkurrenz abgelöst. Zu verdanken ist diese Entwicklung neben einigen ZufĂ€llen vor allem den Internetnutzern selbst. Denn obwohl sich GIFs technisch seit 1998 nicht mehr verĂ€ndert haben, findet das Internet immer wieder neue Anwendungen fĂŒr die Zappelbilder. Der Vortrag blickt kurz auf die vielen Tode zurĂŒck, welche das GIF-Format schon gestorben ist – oder die ihm gewĂŒnscht wurden – und behandelt die aktuelle Entwicklung, bei der WebM angetreten ist, das Kapitel GIF zu beenden. Viel wichtiger ist jedoch der Blick auf die Seite der Nutzer. Anhand von Beispielen aus den letzten Jahrzehnten werden GrĂŒnde dafĂŒr analysiert, weshalb GIFs immer wieder belebt werden konnten. Am Ende bleibt die Frage, ob und wie sich das Erfolgsrezept GIF auf andere Medien und Technologien ĂŒbertragen lĂ€sst. Und: Ja, natĂŒrlich spielt auch Pr0n eine Rolle.

Saal G 16:45

zurück

Ben H.
Finding the Weak Crypto Needle in a Byte Haystack


Using the same stream cipher key twice is known to be a Very Bad Idea, but keystream-resuse vulnerabilities are still very much a thing of the present - both in legitimate software and in the malware landscape. We describe a heuristic algorithm which can detect vulnerabilities of this kind. We explain the inner workings of the algorithm and demonstrate a proof-of-concept attack on sevreral examples of vulnerable data, including files encrypted by the DirCrypt malware and encrypted traffic generated by malware such as variants of Zeus and Ramnit.

When operating a stream cipher, reusing a keystream introduces a critical weakness to the resulting ciphertext: the encryption becomes vulnerable to easy (and sometimes /very/ easy) cryptographic attacks. This is due to the encryption's linear nature - for instance, XORing a plaintext with the corresponding ciphertext yields keystream bytes. While key reuse is a widely known issue, it's an issue that keeps arising in practice. The soviets did it during WWII, Microsoft did it in the implementation of Word 2003 document encryption, and malware authors did it when designing variants of Zeus, DirCrypt and Ramnit. To exploit a vulnerability, you must first realize it's there. Unfortunately, many instances of homebrew crypto operate on the "security by obscurity" principle, and don't reveal their implementation details. As a result, detecting key reuse often requires trial and error, an accidental epiphany or a night spent reverse engineering - and in all these cases, luck and human effort. In this presentation we show an approach to automating this task - based on the linear properties of stream ciphers, redundancy in the text and Bayesian reasoning. Finally, we demonstrate the algorithm's operation in several real-world use cases. Math Ph.D. not required.

Saal G 17:30

zurück

Jeroen van der Ham
Hacking Ethics in Education


Ethics in Computer Science is now finally gaining some well deserved attention. At the University of Amsterdam, we have started an ethical committee for the System and Network Engineering Master. In this talk we describe how and why we started this committee, and also look back at our first results.

Ethics in Computer Science is now finally gaining some well deserved attention. With the advent of Big Data, Cloud Computing, and the Internet of Things, much of our daily life is happening through digital channels. As most of us have learned, developers do not consider security to be an important point, imagine how much they consider the social aspect of their product or code. This is a huge problem, not only because it presents security and privacy risks for the users, but also presents moral dilemmas for hackers and researchers. Since my PirateBay blocking study, I have become interested in ethics in computer science. In that study I gathered personally identifiable information, to be able to prove that the website blockade was ineffective. These kinds of moral dilemmas are hard to judge, and in computer science we have no history of teaching or awareness about this. At the University of Amsterdam, we have started an ethical committee for the System and Network Engineering Master. In this talk we describe how and why we started this committee, and also look back at our first results.

Saal G 18:15

zurück

Michael Carbone
Global Civil Society Under Attack


An update to our Reports from the Frontlines talk at OHM 2013, we will provide the latest stories and figures from Access' digital security helpline that provides security incident response and technical support to civil society groups and human rights defenders around the world.

Access runs a dedicated 24-hour digital security helpline for civil society groups out of three offices in Tunisia, Costa Rica, and the Philippines. We serve groups around the world in a variety of contexts, securing communications, providing website security support, incident response, and strategic security planning and training. In this talk we'll explore what trends we've seen on the helpline, both in reactive incident response and technical support requests by civil society groups. We'll also discuss the recent Digital First Aid Kit worked on by a number of organizations including Access, and some longer term initiatives and goals such as an official civil society CERT (CiviCERT).

Saal G 19:00

zurück

tbsprs
Internet of toilets


A toilet is a toilet is a toilet ... was a toilet. Nowadays hackers discover a larger interest in doing more with toilets then just what they were designed for in the first place. Within the "Internet of things" scene the sanitarian sphere claims a place of its own. This talk will present current projects, technologies used and research published.

This talk provides an overview of past and current hardware installations, services and publications that focus on the sanitarian territory. People track a wide variety of things: doors, water consumption, visiting times, paper usage and not to forget the habits of their pets. The range of implementations starts of with dedicated Twitter streams, exploratory websites and ends of with APIs, consumable services and extensive statistics which allow analysis over time. You will get to know the detailed installation architecture which allows building your own toilet tracking. Furthermore, the talk outlines the serious aspects of the Internet of toilets and its importance for the society. Hygiene facts and economic considerations are discussed. One of the motivations for this talk besides a general interest in the topic itself is the vision to realize such an installation for the congress in the near future (talking about 31c3).

Saal G 20:35

zurück

fabs
Mining for Bugs with Graph Database Queries


While graph databases are primarily known as the backbone of the modern dating world, this nerd has found a much more interesting application for them: program analysis. This talk aims to demonstrate that graph databases and the typical program representations developed in compiler construction are a match made in heaven, allowing large code bases to be mined for vulnerabilities using complex bug descriptions encoded in simple, and not so simple graph database queries.

This talk will bring together two well known but previously unrelated topics: static program analysis and graph databases. After briefly covering the "emerging graph landscape" and why it may be interesting for hackers, a graph representation of programs exposing syntax, control-flow, data-dependencies and type information is presented, designed specifically with bug hunting in mind. Our open-source program analysis platform Joern (http://mlsec.org/joern/) is then introduced, which implements these ideas and has been successfully used to uncover various vulnerabilities in the Linux kernel. Capabilities and limitations of the system will then be demonstrated live as we craft queries for buffer overflows, memory disclosure bugs and integer-related vulnerabilities.

Saal G 21:45

zurück

Rejo Zenger
Thomas Lohninger
net neutrality: days of future past?


Our talk will highlight the current debates surrounding net neutrality in Europe, the United States and other parts of the world. We will look at the results of the SaveTheInternet.eu campaign which was lunched a year ago on 30c3. We will discuss various legal protections for net neutrality, look closer at the experience of the Netherlands and we will give an overview of all important open ends of the debate.

Since two years net neutrality is on the agenda of politicians world wide. These are important debates, as net neutrality became one of the central questions about our freedom on the internet. With different faces around the globe we see a trend towards more violations of the neutrality principle which the internet was founded upon. The efforts of telecommunication companies to find new ways to monetize their networks and us users within them are countered in some countries with legislation preventing this new business models. In 2010, after two years of preparation and a fierce battle, the Dutch parliament accepted a change to the Telecommunications Act which made net neutrality a principle that was protected by law. In this talk we will take stock after two years of legal protection of net neutrality in The Netherlands. Did it work and do the Dutch now have undiscriminated access to all services on the internet? Has the doomsday scenario of the providers, that subscriptions would become outrageously expensive, become reality? In which cases was the Dutch law enforced? Are there any loopholes in the Dutch implementation? If others are to fight for net neutrality, what are the pitfalls to avoid? And, on a more meta-level, is it enough? Will net neutrality protect your freedom to access websites and services, or do we need a broader type neutrality?

Saal G 23:00

zurück

David Kriesel
Traue keinem Scan, den du nicht selbst gefÀlscht hast


Kopierer, die spontan Zahlen im Dokument verĂ€ndern: Im August 2013 kam heraus, dass so gut wie alle Xerox-Scankopierer beim Scannen Zahlen und Buchstaben einfach so durch andere ersetzen. Da man solche Fehler als Benutzer so gut wie nicht sehen kann, ist der Bug extrem gefĂ€hrlich und blieb lange unentdeckt: Er existiert ĂŒber acht Jahre in freier Wildbahn.

Das gemeine ist, dass die gefĂ€lschten Zahlen perfekt in die gescannte Textseite hineinlayoutet sind. Das klingt so gemein wie unglaublich, es ist aber wahr (siehe Beispielbilder im Originalartikel-Link rechts). Der Bug existiert auf hunderttausenden Xerox-Scankopierern weltweit. Die Problematik hat nichts mit OCR zu tun, die Zahlenersetzung passiert hart in den Pixeldaten. So ein perfekt getarntes Kompressionsartefakt kann ein Benutzer nicht sehen. Das ist lebensgefĂ€hrlich, wenn man eine AutobahnbrĂŒcke oder eine Medikamentendosierung scannt oder die Lithiumakkus der Boing 787 vielleicht doch fĂŒr die 767 gedacht waren. Der Vortrag hat drei rote FĂ€den. Spread the word! Aller Wahrscheinlichkeit nach existieren immer noch hunderttausende nummernvertauschende Scankopierer. Euer Kommen ist wichtig.

Saal 6 11:30

zurück

Peter Laackmann
Marcus Janke
Uncaging Microchips


An entertaining, thrilling and educational journey through the world of chip preparation. Deep insight into amateur- as well as professional methods and equipment is given, for the first, most important steps for analysis and attacks on dedicated hardware.

Marcus Janke and Dr. Peter Laackmann focus on the first challenge a smart card hacker would encounter – the appropriate preparation of a microchip from its environment for further analysis and attacks. The direct sight on microchips, especially on their secured variants, is not only impressive and informative, but will also open up interesting opportunities for various security attacks, like demonstrated in their 30C3 overview "25 Years of Smart Card Attacks".Therefore, useful ways of releasing the chips from their packages are needed in order to get access to the chip's surface without destroying the device. The authors open up their bag of tricks, filled with physical and chemical methods that can be used to carefully liberate the silicon from its environment. These packages include smart cards, tags as well as standard packages for microcontrollers and special enclosures. Creative methods for amateurs and inexpensive ways for "domestic use" are depicted, including the manufacture of specialized devices and the production of dedicated preparation chemicals. For comparison, professional methods are presented in parallel, giving insight into today's industrial processes of chip preparation for reverse engineering. The authors look back to over 25 years of private security research and nearly 20 years of professional engagement. They held their first chipcard talks and workshops 1991-93 at the CCC congress in the EidelstĂ€dter BĂŒrgerhaus.

Saal 6 12:45

zurück

Elektra
Andrea Behrendt - read & delete
SerenitĂ€t – Anleitung zum GlĂŒcklichsein


Die radikalen philosophischen Texte von Elektra W. haben das Ziel - seien wir offen und direkt - einen Headcrash des Ich-Erlebens herbeizufĂŒhren, das sich im Laufe unserer Enkulturation und Erziehung im Vorderlappen des Großhirns breit gemacht hat.

'Echtes Denken ist eine Sache, die das Gehirn selbstĂ€ndig per Autopilot erledigt.' Der Vortrag bringt Texte aus dem Buch 'SerenitĂ€t – Anleitung zum GlĂŒcklichsein' der Edition 'Operation Mindcrash' zum Klingen. Elektra trĂ€gt die Texte vor, wĂ€hrend Andi B. auf dem Keyboard dazu improvisiert. Durch die Kombination von Text und Musik kann man entspannt zuhören und sich dabei in eine heitere, gelassene Stimmung versetzen lassen. SerenitĂ€t – ein deutsches Wort, dass vermutlich aus der französischen Sprache ĂŒbernommen wurde, ist heute vergessen. Es passt auch gar nicht so recht zur deutschen MentalitĂ€t. Überliefert ist, dass im 18. Jahrhundert im deutschen Sprachraum Personen höchsten Respekts als 'Ihre SerenitĂ€t' angesprochen wurden, im Sinne von 'Ihre Erhabenheit' oder 'Durchlaucht'. Im Französischen und Englischen ist der Begriff dagegen gelĂ€ufiger und bedeutet Heiterkeit, Gelassenheit, Erhabenheit, Klarheit, innere Ruhe, Frieden mit sich selbst. Hinter dem Buch steckt eine radikale materialistische Philosophie ĂŒber das Gehirn und das Denken. Es geht um - oder besser gegen – die innere Narration der eigenen Heldengeschichte, durch die viele Menschen heute Ordnung in ihr inneres Erleben bringen wollen, indem sie sich selbst in ihrem Kopf eine Fabel, das MĂ€rchen ihres Lebens erzĂ€hlen. Der Vortrag geht an die Wurzel des Strukturmodells der menschlichen Psyche. Assoziationen mit dem Science-Fiction-Klassiker 'Snowcrash' von Neal Stephenson sind nicht ganz zufĂ€llig, aber nicht beabsichtigt. Wer Angst davor hat, dass sich in seinem Leben etwas Ă€ndert, sollte diesem Programm besser nicht beiwohnen. Zu Wort kommen auch Franz Kafka, Friedrich Hölderlin, Epikur, Julien Offray de La Mettrie, Jiddu Krishnamurti und Max Stirner. Vor allem letzterer hat es Elektra angetan. Über Stirner haben einige Philosophen gesagt, dass der Untergang des Menschengeschlechtes bevor stĂŒnde, wenn sich seine Gedanken gegen die Entfremdung der Menschen verbreiten wĂŒrden. Um Kopfschmerzen oder Schlimmeres zu vermeiden, sollte man nicht ĂŒber den Inhalt des Vortrags nachdenken. Echtes Denken ist eine Sache, die das Gehirn selbstĂ€ndig per Autopilot erledigt. Machen Sie sich daher keine Sorgen! Nur echtes Denken hilft in Zeiten der Krise!

Saal 6 14:00

zurück

raichoo
Programming with dependent types in Idris


Idris is a relatively young research programming languages that attempts to bring dependent types to general purpose programming. In this talk I will introduce the concept of dependent types and the Curry-Howard isomorphism and how these can be applied to prove properties about software and eradicate whole classes of bugs and security issues.

Building robust software is a hard task these days. As software gets more complex it gets increasingly hard to reason about it, this leads to a larger attack surface for bugs and security flaws. Some of these bugs can be completely eliminated with the introduction of type systems that keep our values at runtime in check. Type systems are in fact the most widespread mechanism to verify correctness properties of programs, with dependent types we take this to the next level. While most dependently typed systems (e.g. Coq and Agda) aim to be proof assistants rather than programming languages. Idris tries to answer the question how a general purpose programming language with dependent types could look like, it also enables us to produce self contained binaries as well as JavaScript applications today. In this talk I will introduce techniques for programming with dependent types as well as interaction with the programming language itself. Examples will present resource tracking in the type system e.g. tracking file handles and yielding compilation errors on resource leaks, modeling specifications of protocols as types and enforcing them. I argue that functional programming and dependently typed programming languages provide various exciting opportunities to the programmer, including a powerful mental model, compositionality and machine assisted programming through interactive editing capabilities. The presentation software for this talk will be a web application written in Idris which compiles to JavaScript using a compiler backend written by the lecturer.

Saal 6 16:00

zurück

Jimmy Schulz
Dr. RĂŒdiger Hanig
The automobile as massive data gathering source and the consequences for individual privacy


We report about a LOAD e. V. study regarding data collection of cars, future developments of this technology field, how this data is accessed and secured and what the stakeholders (car manufacturers, car owners and users) positions are on this data gathering. In a summary we outline necessary consequences.

We present a LOAD-study regarding car data. Aspects within the study are: - Car data gathering today and expected developments, - Data security and privacy of this data, - Car manufacturers position regarding data ownership and access to this data, - Survey results regarding current knowledge and understanding of car data gathering from car owners and users. Aim of the study is to highlight current issues with car data gathering and outlining necessary consequences. Über LOAD e. V. : Das Internet ist ein Versprechen von Freiheit. LOAD ist der Zusammenschluss von Menschen, die sich gemeinsam fĂŒr den Schutz dieser Freiheit einsetzen. LOAD ist Denkfabrik und Interessenvertretung und fördert die aktuellen und zukĂŒnftigen NetzbĂŒrgerinnen und NetzbĂŒrger bei der Verwirklichung ihrer Grundrechte. Wir werden den gesellschaftlichen digitalen Wandel konstruktiv unterstĂŒtzen. Unsere Grundwerte sind Freiheit, Eigenverantwortung und das vorurteilsfreie Interesse an Neuerungen.

Saal 6 16:45

zurück

Sacha van Geffen
Long war tactics


Referring to the seminal talk Dymaxion gave at the closing of the NoisySquare at OHM in 2013. This talk will explore what has happened and what has not in the mean time on the "battle ground". An overview will be presented on the technical, legal, political and social battles going on and will provide pointers to further tactics. Finally we will look at how to make sure we keep ourselves safe and sane.

In many ways people have tried to rise against the extensive spying and logging of the five eyes and their allies. This talk tries to summarize the actions that have happened in different domains. From this we will look forward to things that need to be done, effective tactics that we have seen from other domains and how to rewrite the rulebook. This talk is meant to keep morale up and celebrate some of our victories, while at the same time proposing some tactics for future victories.

Saal 6 17:30

zurück

Teja Philipp
Philipp Engel
Mr Beam goes Kickstarter


Mr Beam was started as a hobby project aiming to get more experience in 3D printing. For fun we put it on Kickstarter and ended up in kind of a roller coaster.

After many years as a all purpose developer in several startups, I decided to explore the shiny new world of 3D printing. Laser cutting seemed to be cool, useful and fun. The idea of reusing a dvd burner laser was nice and budget saving, some weeks later the first prototype wrote "hello world" on a piece of wood. After spending another two month of improvements two friends joined and the idea of kickstarting a mini series production was born. Finally the Kickstarter campaign was the reason for a lot of travel: Erfurt, Berlin, Barcelona, Tiflis, Vienna, Rome, Austin, San Francisco. On the road were awesome highlights as well as deep depressions. All in all we didn't get rich in the end, but we got lots of experience in many different areas. We believe that crowdfunding is a huge opportunity to develop things that otherwise never would have been done. We are happy to share all the lessons learned on our way. Hopefully other projects cause less headache with this knowledge.

Saal 6 18:15

zurück

MeTaMiNd EvoLuTioN
Open-BCI DIY-Neuroscience Maker-Art Mind-Hacking


leading hackers and researchers from the worldwide hackerspace, universitiy, and DIY artist community, explain current technological possibilites in BCI, and show ways to use open source hardware and software for hackers, makers, artists, personal development, citizen science, providing a framework for alternative culture and free expression balancing the soon coming commercial expansion in "Neurogaming", "Neuromarketing" and "eHealth" talk will illustrate the mutually beneficial relationship between "hacking" and science, with the example of hacking BCIs, as well as an overview into the new field of "BCI Mind-Hacking", such as exploiting remote consumer Neuroheadsets, and Data-Mining the human-brain for sensitive data during casual use.

31C3-Assembly MindHacker-NeuroVillage the talk is envisioned with 3-4 speakers: 1 x hacker / artist / visionary (15 years chaos-angel) 1 x university BCI Phd-candidate (Neuroscience) 1 x electronics engineer working 40 years in EEG and can therefore include various aspects of this topic: artistic, political, scientific, technological, instructional, etc ... + + + talk will also illustrate the mutually beneficial relationship between "hacking" and science, with the example of hacking BCI systems. + + + LINK: MeTaMiNd EvoLuTioN (facebook) LINK: MeTaVoLuT1oN photo gallery + + + Exploiting consumer brain-computer-interfaces A talk about future applications of consumer EEG devices, reflecting security risks, such as ways to leak private user information (health conditions, PIN-codes, known people and locations, EEG biometrics), and how to avoid this from happening. We introduce different exploit approaches that also have been proposed by academia. We will evaluate security risks by considering a few, conceivable scenarios coming up the next decade. Finally, a call for participation: we would like to discuss a possible open-source platform to exchange EEG data anonymously, suggested neurofeedback protocols, as well as machine learning powered EEG pattern simulations, covering some of the most prominent cognitive processes. ~ ~ ~ we are from the original non-commercial and fully open-source project wWw.Open-BCI.ORG, as has been present at congress since 2007, and publicly introduced with a talk at 28C3: LINK: 28C3 Open-BCI talk video
- - - -
+ + + Danc und GruC "MeTaMiNd EvoLuT1oN" ~MeTA | OfficerOfTheSpacestation c-base web: wWw.MeTa-MiNd.dE | www.Open-BCI.org http://www.flickr.com/photos/metavolution/sets http://www.open-bci.org/pix-promo-press http://www.facebook.com/metavolution http://twitter.com/metavolution/ youtube: http://bit.ly/ZijrIv

Saal 6 20:30

zurück

Ange Albertini
Preserving arcade games


Old-school arcade games were so protected that hacking is the only way to preserve them before all boards are dead, and the games are lost.

- an overview of famous old-school arcade games - their incredible hardware - the permanent piracy - the awesome protections (designed to commit suicide !) - what was required to preserve some of them from being lost for ever. This talk is a homage to Michael Steil's Ultimate Commodore 64 presentation at 25c3: you should watch it, it's inspiring in content and quality !

Saal 6 21:45

zurück

Lior Oppenheim
Shahar Tal
Too Many Cooks - Exploiting the Internet-of-TR-069-Things


TL;DR We unravel the story of a bug that would become one of the most important vulnerabilities released this year. Also, we have free cookies. The findings we published earlier this year demystified the voodoo that is TR-069, demonstrated how mass pwnage can be achieved via server-side attacks, and proved the landscape is ripe for harvesting. We will continue where we left off to explore TR-069 client-side vulnerabilities; we analyze client implementations, pour some insight into mysterious results from our internet-wide scans, and follow to mass pwnage through remote code execution on millions of online devices. again.

TR-069 is the de-facto standard remote management protocol that ISPs surreptitiously use to control consumer-premises equipment (these would be your home routers, set-top boxes, VoIP phones etc.), rumored to be a well-thought conspiracy devised by Internet Service Provider secret societies since the 17th century. Since its establishment in 2004, there has been a growing trend of endorsement and deployment of the CWMP/TR-069 protocol in global carriers and service providers. Despite the rising popularity of this black magic, it is often overlooked in penetration tests and security assessments of Internet gateway device attack surfaces, and wrongly so. Would they reconsider if they knew TR-069 the second most popular service openly listening on the Internet (after HTTP)? This talk will begin by describing our previous efforts presented this summer (DEF CON 22 & more), where our group revealed critically vulnerable TR-069 server deployments and discussed the incomprehensible asymmetry between the trust instated in this protocol and the measures taken to protect it (or lack thereof). Subsequently, we decided to go after clients – exposing a critical attack surface by design, listening on 0.0.0.0 with a publicly available IP address. While centralized servers are rather easily patched to close security holes, clients may take more effort
 We will conclude with the shocking unveiling of one of the year's security stories, walking the audience through the discovery and exploitation of a memory corruption vulnerability in an extremely popular client implementation. Our weapon of choice this round would be embedded device reverse engineering (some soldering required), leading us all the way to remote code execution on millions of devices.

Saal 6 23:00

zurück

Ben Dalton
Superheroes Still Need Phoneboxes


This talk asks how we might plan for the continuation of a privacy sustaining internet in light of growing trends in enforced identity checking and demonisation of everyday anonymity. It presents a 'free phonebox' project, which was tested at the FutureEverything art and technology festival in 2014, as an example of a social-technical system that promotes identity ambiguity in communication through the sharing of 'free' mobile phone minutes between strangers.

The project presented in this talk uses a computer running debian to connect a USB handset to one of a number of 'donor' mobile phones by acting as a bluetooth handsfree headset to each of the mobiles. The project is based on No Hands a GPLv2 implementation of the Bluetooth HFP 1.5 Hands Free Protocol. A free phonebox that randomly assigns calls made to one of the participating mobiles nearby acts a little like a low-tech remailer (mix network node). Lending strangers your phone creates 'data chaff' that helps to muddy the call record metadata logs that otherwise tie your device to you as a form of identification and tracking. It provides (some) deniability for any calls made while nearby the phonebox. Borrowing a stranger's phone lets you call someone without revealing yourself through caller-id. The close range of bluetooth, imposes a geographic limit on users. This talk considers why a project like a free phonebox may be useful in countering growing moves to criminalise anonymous communication. People generally see the 'free time' in their mobile cell phone call plans as something that belongs to them. Lending someone in need your phone is also seen as charitable and positive. Therefore, a system that shares phone minutes between strangers provides an easier forum for debate around preservation of anonymity in communication than a similar project lending wifi connectivity. Open wifi has been gradually characterised as a tool for malicious hackers, unethical pirates and tech-savvy criminals despite the significant advantages universal connectivity could offer. Historical examples of anonymising connectivity including phoneboxes and postal systems are discussed. The public phonebox in particular has long been associated with elements of privacy, secrecy and anonymity. The physical box affords a semi-private space in a public setting. Sound is difficult to overhear, but the caller is still in view of those nearby. Phoneboxes have historically used an anonymous payment system of coins, and require no identity authentication for access. In many countries policies of regulating call costs and mandating maintained phonebox coverage have established phoneboxes as anonymous connectivity commons. Many accounts of phoneboxes in popular culture portray them as valued resources of personal independence. Phoneboxes often provide the backdrop for narratives of family contact, emergency assistance or first kisses. The cheap and near universal nature of the phonebox makes them a recognisable anchor of reliability in new situations and locations. I would argue it is no coincidence that Superman turns to the phonebox for a moment of privacy when changing from one pseudonym to another. Ben Dalton is an artist and academic researcher trained in physics, electronics and communication design, who has worked on projects on distributed sensor networks and ubiquitous computing at the MIT Media Lab, USA, big screens and pocket screens in public space at Leeds Beckett University, UK, the aesthetic, ethical and spatial dimensions of the politics of data at the National Academy of Art & Design in Bergen (KHiB), Norway, and digital pseudonymity at the Royal College of Art, UK. He has presented recent work on identity and pseudonmyity at the Institute of Contemporary Art (ICA) London, Foundation for Art and Creative Technology (FACT) Liverpool, FutureEverything Manchester, Today's Art The Hague, Abandon Normal Devices Liverpool, World Wide Web Conference (WWW2013) Rio de Janeiro, Sensuous Knowledge Bergen, and Designing Interactive Systems (DIS) Newcastle.

Saal 1 11:30

zurück

Richard Stallman
Freedom in your computer and in the net


For freedom in your own computer, the software must be free. For freedom on the internet, we must organize against surveillance, censorship, SaaSS and the war against sharing.

To control your computing, you need to control the software that does it. That means it must be _free software_, free as in freedom. Nonfree software is inherently unjust, and nowadays is often malware too. We developed the GNU system as a way to avoid nonfree software on our computers. That assumes you're running your own copy of the programs. That means shunning Service as a Software Substitute, where someone else's copy in someone else's server does your computing. Beyond that, we face the danger of censorship, and surveillance both on and off the internet. Lurking behind them is the menace of the War on Sharing, the publishers' decades-long campaign to control what we do in our computers. Increasingly, computer hardware itself is becoming malicious. This talk will discuss these threats and the possible solutions.

Saal 1 12:45

zurück

Frank Rieger
erdgeist
Linus Neumann
heckpiet
Constanze Kurz
JahresrĂŒckblick des CCC


Auch das Jahr 2014 geht irgendwann vorbei. Deshalb werfen wir einen Blick zurĂŒck auf die fĂŒr uns besonders relevanten Themen und versuchen abzuschĂ€tzen, was im Jahr 2015 auf uns zukommen könnte.

Saal 1 16:00

zurück

Katharina Nocun
Maritta Strasser
Deine Rechte sind in diesen Freihandelsabkommen nicht verfĂŒgbar


Die Kritik am Freihandelsabkommen TTIP und CETA auf die ChlorhĂŒhnchen zu beschrĂ€nken, greift viel zu kurz. Denn bei den beiden Abkommen zwischen der EU und den USA und der EU und Kanada steht noch viel mehr auf dem Spiel. Egal ob Datenschutz, Demokratie oder Urheberrecht – Abkommen, an denen Konzerne unter Ausschluss der Öffentlichkeit mitschreiben können, sind selten eine gute Idee. Sitzungsdokumente mit “unverbindlichen” Lobby-VorschlĂ€gen und Leaks der Vertragstexte lassen wenig Gutes erwarten. Datenschutzstandards laufen Gefahr zu Handelshemmnissen erklĂ€rt zu werden. Konzerne pochen darauf, Staaten vor außerstaatlichen Schiedsgerichten auf Schadensersatz verklagen zu können. Was die BĂŒrger wollen, wurde im ganzen Verhandlungsprozess der beiden Freihandelsabkommen nicht einmal gefragt. Doch “Klicktivismus” war gestern – neue Strategien und Tools halfen dabei, eine Welle des dezentralen Protests loszutreten.

Es blieb nicht bei Online-Appellen mit zusammen fast einer Million Unterzeichnern. Über das Netz wurden Flashmobs auf Wahlkampfevents der EU-Spitzenkandidaten organisiert. 6,5 Millionen “Denkzettel” wurden vor der EU-Wahl bundesweit an TĂŒren gehĂ€ngt – koordiniert ĂŒber eine Software, die Verteilungsgebiete der Freiwilligen koordiniert. Ein breiter Protest sorgte dafĂŒr, dass TTIP zu einem der großen Themen im EU-Wahlkampf wurde. 230 Organisationen aus ganz Europa reichten im Sommer 2014 schließlich eine gemeinsame europĂ€ische BĂŒrgerinitiative gegen TTIP und CETA bei der EU-Kommission ein. Ein europĂ€ischer Dachverband wurde gegrĂŒndet, eine Stelle ausgeschrieben und besetzt und fĂŒr die Fertigstellung der Open-Source-Software fĂŒr die gemeinsame Petition fehlten nur noch wenige Code-Zeilen. Die fĂŒr den Protest gegen TTIP und CETA entwickelten Petitions-Software soll außerdem auch fĂŒr zukĂŒnftigen BĂŒndnisse nutzbar sein. Doch dann trat das Unvorstellbare ein: Die EU-Kommission will die EuropĂ€ische BĂŒrgerinitiative nicht zulassen. Doch die Bewegung gegen TTIP und CETA hat ihr Pulver noch lange nicht verschossen. Wir zeigen, an welchen Stellen sich die Abkommen TTIP und CETA auf Netzpolitik, Datenschutz und Demokratie auswirken können, wie der kreative Protest sich mit digitalen Mitteln organisiert hat und und wie andere Kampagnen von diesen Erfahrungen möglicherweise profitieren können – und selbstverstĂ€ndlich auch, was die nĂ€chsten Schritte sein werden.

Saal 1 17:15

zurück

Ian Goldberg
George Danezis
Nikita Borisov
DP5: PIR for Privacy-preserving Presence


In the wake of the Snowden revelations and the explicit targetting of address book and buddy list information, social service providers may wish to actively avoid learning which of its users are friends. In this talk, we will introduce the workings of a surprising technology called private information retrieval, or PIR. Then, we will describe its use in DP5, a new suite of privacy-preserving presence protocols that allow people to determine when their friends are online (and to establish secure communications with them), without a centralized provider ever learning who is friends with whom.

Presenters:

Description:

"We kill people based on metadata."
— General Michael Hayden

People like to know when their social contacts are online. Typically, this is done by a central server keeping track of who is online and offline, as well as of the complete friend graph of users. However, the Snowden revelations have shown that address book and buddy list information is routinely targetted for mass interception. Hence, some social service providers, such as activist organizations, do not want to even possess this information about their users, lest it be taken or compelled from them.

Private information retrieval, or PIR, allows clients to download information from online databases without revealing to the database operators what information is being requested. In this talk, we will introduce the workings of this counterintuitive technology. Then, we will describe its use in DP5, a new suite of privacy-preserving presence protocols that allow people to determine when their friends are online (and to establish secure communications with them), without a centralized provider ever learning who is friends with whom.

Bios:

Nikita Borisov is an Associate Professor of Electrical and Computer Engineering at the University of Illinois at Urbana-Champaign. His research focuses on privacy and anonymity of online communications, as well as protecting the Internet from censorship. With Goldberg, he invented the Off-the-Record Messaging; his research has also influenced the design of the Tor network and the 802.11 security suite.

George Danezis is a Reader in Security and Privacy Engineering at University College London (UK). In the past he has been doing security research at the University of Cambridge, KU Leuven and Microsoft Research. His research focuses on designing and analysing the privacy properties of anonymous communications systems, doing traffic analysis and understanding privacy technologies. He was the co-designer of the Mixminion remailer protocol, and proposed some of the first indirect traffic analysis, and DoS-based attacks against Tor.

Ian Goldberg is an Associate Professor of Computer Science at the University of Waterloo, currently visiting the University of Cambridge. His research focuses on developing usable and useful technologies to help Internet users maintain their security and privacy. Once the Chief Scientist and Head Cypherpunk of Zero-Knowledge Systems, he is currently the chair of the board of directors of the Tor Project, Inc., one of the inventors of Off-the-Record Messaging, and a winner of the Electronic Frontier Foundation's Pioneer Award.

Saal 1 18:30

zurück

Trammell Hudson
Thunderstrike: EFI bootkits for Apple MacBooks


In this presentation we demonstrate Thunderstrike, a vulnerability that allows the installation of persistent firmware modifications into the EFI boot ROM of Apple's popular MacBooks. The bootkit can be easily installed by an evil-maid via the externally accessible Thunderbolt ports and can survive reinstallation of OSX as well as hard drive replacements. Once installed, it can prevent software attempts to remove it and could spread virally across air-gaps by infecting additional Thunderbolt devices.

It is possible to use a Thunderbolt Option ROM to circumvent the cryptographic signature checks in Apple's EFI firmware update routines. This allows an attacker with physical access to the machine to write untrusted code to the SPI flash ROM on the motherboard and creates a new class of firmware bootkits for the MacBook systems. There are neither hardware nor software cryptographic checks at boot time of firmware validity, so once the malicious code has been flashed to the ROM, it controls the system from the very first instruction. It could use SMM and other techniques to hide from attempts to detect it. Our proof of concept bootkit also replaces Apple's public RSA key in the ROM and prevents software attempts to replace it that are not signed by the attacker's private key. Since the boot ROM is independent of the operating system, reinstallation of OS X will not remove it. Nor does it depend on anything stored on the disk, so replacing the harddrive has no effect. A hardware in-system-programming device is the only way to restore the stock firmware. Additionally, Thunderbolt devices' Option ROMs are writable from code that runs during the early boot and the bootkit could write copies of itself to new Thunderbolt devices. The devices remain functional, which would allow a stealthy bootkit to spread across air-gap security perimeters through shared Thunderbolt devices. While the two year old Option ROM vulnerability that this attack uses can be closed with a few byte patch to the firmware, the larger issue of Apple's EFI firmware security and secure booting with no trusted hardware is more difficult to fix.

Saal 1 20:30

zurück

Stefan Wehrmeyer
IFG – Mit freundlichen GrĂŒĂŸen


Die interessantesten IFG-Geschichten des Jahres mit Anfragen und Ablehnungen, Klagen und Kampagnen. Außerdem: wie wir mit Hilfe des Journalismus der Informationsfreiheit neuen Antrieb geben werden!

Nach dem Veröffentlichen eines Dokuments auf dem 30C3 fing 2014 fĂŒr FragDenStaat.de mit einer Abmahnung und mehreren AntrĂ€gen auf einstweilige VerfĂŒgung an. Der erste Rechtsstreit „Bundesrepublik Deutschland gegen FragDenStaat.de“! Einige weitere schöne Geschichten rund um das Informationsfreiheitsgesetz veranschaulichen den Zustand des IFG unter der neuen Bundesregierung und der neuen Informationsfreiheitsbeauftragten. Außerdem möchte ich die ersten Ergebnisse der Kooperation zwischen FragDenStaat.de und dem gemeinnĂŒtzigen RecherchebĂŒro Correctiv.org vorstellen, die Informationsfreiheit bekannter und schlagkrĂ€ftiger macht.

Saal 1 21:15

zurück

Leslie Dunton-Downer
The Magical Secrecy Tour


June 5, 2014 marked one year since leaks by NSA whistleblower Edward Snowden began to be introduced to a worldwide public. On this date, transmediale teamed up with N.K. Projekt and Leslie Dunton-Downer, 2014 fellow at The American Academy in Berlin, for the Magical Secrecy Tour, a bus journey exploring Berlin as the global capital of informed response to mass surveillance. This inside look at the project features first-ever screening of footage shot by filmmaker Simon Klose (TPB AFK) for his documentary about the tour.

Saal 1 22:00

zurück

Netanel Rubin
The Perl Jam: Exploiting a 20 Year-old Vulnerability


tl;dr EXPLOIT ALL THE PERL. We chained several of Perl’s ridiculous syntax quirks in order to create a surprisingly powerful attack, bringing down some of the most popular Perl-based projects in the world to their knees. Brace yourselves, RCE exploits are coming.

Deemed ‘the write-only programming language’ by many, Perl has well-served its purpose as a successful subject for less successful programmer jokes. It’s self-obfuscating ‘TMTOWTDI’ syntax is one of the top reasons for sysadmin PTSD, nervous breakdowns, and marriage problems. Sadly, it is 2014 and Perl still maintains a top-10 position in programming language popularity indexes – sometimes higher than JavaScript. This can be attributed to the fact it is the underlying platform running many applications still widespread today such as ‘cPanel’ or ‘Bugzilla’, as well as high-profile web sites such as Craigslist, IMDb, Slashdot, DuckDuckGo and TicketMaster, among others. This talk will spawn a wormhole 20 years into the past, and dive into some of the more hazardous and fundamental language quirks (WAT-style), walking the audience through the discovery of vulnerable core modules and the implementation of a new exploitation technique (branding and logo included!). Using this technique, we unleash a Pandora’s box of exploits to vulnerabilities hidden under the surface for years, in some of the most popular Perl-based projects in the world. Hilarity ensuance guaranteed.

Saal 1 22:45

zurück

Tonimir Kisasondi
UNHash - Methods for better password cracking


This talk will show a new method for password cracking called UNHash. UNHash as a tool uses rulefiles that are something in between of a DSL (Domain specific language) and a python script to describe the password cracking process. This talk will show how to mix web service abuse, knowledge of human nature and data mining to enable far better attacks against passwords. We will be focusing on a few features: cracking default passwords on network systems with minimal effort, testing for embedded backdoors and offline attacks by data mining and modeling about 33 million user account to gain insight in how users choose their passwords and how can we use that knowledge to speed up password cracking for 20% more gain for non pseudorandom passwords.

This talk will show a new method for password cracking called UNHash. UNHash as a tool uses rulefiles that are something in between of a DSL (Domain specific language) and a python script to describe the password cracking process. That way, we have the possibility to describe complex password cracking rules that contain dictionaries, rules, bruteforcing, joining, combining and other patterns in a language that is easily human readable and extensible. To stop reinventing the wheel, UNHash generates candidate passwords for john the ripper, hashcat or a lot of other tools that can read stdin. The usage of "slow" hashes like bcrypt and scrypt will require us to try a smaller quantity of possible passwords, but with more detailed targeting. The concept behind UNHash is to enable such attacks against modern slow hashes or to enable better targeting and be faster and easier then traditional methods. To make use of the new "language", we need set of rules. To generate rulesets, we will show a new machine learning algorithm that can analyze plaintext passwords and generate rules for UNHash. The machine learning algorithm shows a classifier network heuristic that we call the sieve algorithm that can classify passwords and show how users generate their passwords. Training the classifier on about 30+ million unique passwords, can yield interesting rules that describe how users pick their passwords. Since we are already classified passwords, why not use the effort to collect all password elements like words (and see which languages do they belong), strings, numbers and mutations so we can use that as a cornerstone for a new set of dictionaries. Since we already said said that we want to identify words and their languages, we needed to create a linguistic dictionary for word the use in the classifier algorithm. We will show how to create custom dictionaries for various languages or from a specific domain by parsing wikipedia database backups or by abusing really popular web services. A small portion of the talk will show why it is useful to scrape password dumps or obtain them via low interaction honeypots in order to collect known backdoor passwords. We will skip the science and get to the practical part - How can you use UNHash for better password cracking and how to implement more classifiers so we can have a better models of how users create their passwords.

Saal 1 23:30

zurück

Walter van Holst
Infocalypse now: P0wning stuff is not enough


This speech about how the hacker scene is failing its own ideals and what questions must be addressed to make a real difference.

Every year Chaos Congress is a venerable display of ingenuity in the hacker scene. Every year there are more visitors, more and often better talks on security issues, society, culture and technology in general. At the same time the social and political clouds that appeared on the horizon are now overhead and are even darker than expected. Discussing last year's big exploits and congratulating each other on our ingenuity in finding them is not enough. We have to wipe the smug grins from our faces and take a long hard look into the mirror. Because there are several questions that are often unasked because we may not have the answer to them. Not solving these puzzles also means that we cannot prevent the infocoalypse of big data, the internet of things, the military-industrial-surveillance complex as well as organised crime mucking up our lives. So let us talk about our failures to: - explain general purpose computing to laypersons; - preventing security weaknesses from happening; - articulate security risks to everyday people and politicians alike; - educate fellow tech people about them, And why they are failures and why there is an urgent need to fix them.

Saal 1 00:15

zurück

Jöran Muuß-Merholz
Ralf Appelt
Blanche Fabri
it4n6
Martin Krönke
Googlequiz – 2015er Edition


Beim Googlequiz spielen max. 7 Teams mit je max. 7 Spielern gegeneinander. Sie dĂŒrfen dabei nicht Google benutzen. Es ist eine recht spaßorientierte Angelegenheit, so dass auch Zuschauer willkommen sind.

Beim Googlequiz werden Aufgaben gestellt, fĂŒr die man im Kopf bzw. im Team Lösungen sucht. Google oder ĂŒberhaupt das Internet darf dafĂŒr nicht genutzt werden. Vorkenntnisse braucht man nicht. Das Googlequiz war 2014 schon ziemlich gut. FĂŒr 2015 bauen wir eine komplette Neuauflage. Die Vorbilder, von denen die 2015er Edition inspiriert ist, heißen: Der Preis ist heiß, GlĂŒcksrad, Eins-Zwei-oder-Drei, Familienduell, Ruck-Zuck, Wikipedia. Die Dinge, die beim #30c3 neu und gut waren, werden ausgebaut: laute, irritierende Musik sowie laute, irritierende Luftballons.

Saal 2 11:30

zurück

Erich Moechel
NSA Points of Presence in AT


- Station VIENNA in der US-Botschaft 1090 Wien - VIENNA ANNEX beim UNO-Sitz in Wien 1220 - Legacy Standort „NSA-Villa“ Wien 1180 - Relaystation Exelberg,Breitbandnetz von NSA/SCS ĂŒber Wien - Equipment und Funktion der FORNSAT-Station Königswarte.

Die weitaus grĂ¶ĂŸte Installation der US-Dienste befindet sich auf der Königswarte an der slowakischen Grenze. Zu Zeiten des Kalten Kriegs diente die Königswarte den Allierten als vorgeschobener Horchposten am Eisernen Vorhang bei Hainburg, um analoge Funkstrecken der Telekoms und militĂ€rische Kommunikation im Ostern abzuhören. Ab 2001 begannen neue, andersartige Antennen auf dem Areal der Königswartezu wachsen, enorme Parabolspiegel, die gen Himmel gerichtet sind. Die grĂ¶ĂŸten dieser Hochleistungsspiegel haben einen Durchmesser von mehr als zehn Metern, mittlerweile sind es 18 StĂŒck, die allesamt zivile Kommunikationsatelliten anvisieren. Unter der Königswarte befindet sich ein enormes subterranes Rechenzentrum, das geht aus den Luftaufnahmen eindeutig hervor. Dazu wurde eine weitere, bis dato nicht dokumentierte US-"Kommunikationsstation" am Dach eines Hochhauses direkt neben der UNO-City entdeckt. Beide finden sich unter ihren Decknamen in den von Edward Snowden geleakten Dokumenten. Welche Art von Daten an diesen und den anderen Standorten - US-Botschaft in Wien und "NSA-Villa" - abgefangen, verarbeitet und abtransportiert werden lĂ€sst sich nun bereits abschĂ€tzen.

Saal 2 12:45

zurück

Andreas Dewes
Let's build a quantum computer!


I will explain why quantum computing is interesting, how it works and what you actually need to build a working quantum computer. I will use the superconducting two-qubit quantum processor I built during my PhD as an example to explain its basic building blocks. I will show how we used this processor to achieve so-called quantum speed-up for a search algorithm that we ran on it. Finally, I will give a short overview of the current state of superconducting quantum computing and Google's recently announced effort to build a working quantum computer in cooperation with one of the leading research groups in this field.

Google recently announced that it will partner up with John Martinis -one of the leading researchers on superconducting quantum computing- to build a working quantum processor. This announcement has sparked a lot of renewed interest in a topic that was mainly of academic interest before. So, if Google thinks it's worth the hassle to build quantum computers then there surely must be something about them after all? With this talk, I want to provide a better understanding of why quantum computing is interesting and how we might actually build a working quantum computer one day. As an example, I will discuss the two-qubit chip that I built during my PhD thesis as a realization of a basic, functional two-qubit quantum processor. I will explain the building blocks of this processor and show how we can manipulate the qubits, read out their state with high fidelity and couple them to each other in order to realize two-qubit gate operations. I will then show how we used this processor to demonstrate the concept of "quantum speed-up" by implementing and running the so-called Grover quantum search algorithm on it. Finally, I will give a brief overview of the current state of quantum computing and explain the (likely) approach followed by Google and John Martinis to realize a working, large-scale quantum processor, as well as some problems they will have to overcome on their way.

Saal 2 14:00

zurück

Julia Reda
Correcting copywrongs


After years of debate, EU copyright law is finally being revisited. The Commission will present a proposal for reform within 4 months of 31c3. And it's high time: There has never been a bigger discrepancy between the technical feasibility to share information and knowledge across all physical borders and the legal restrictions to actually do so. This talk outlines the unique opportunity and the challenge to bring copyright into the 21st century that lies in front of us. Hackers ensured that people were heard during last winter's public consultation. Can they now also ensure a progressive outcome of the reform process?

When copyright was last reformed on an EU level, YouTube and Facebook didn't exist, smartphones were unheard of. Last winter, the European Commission finally started a public consultation aimed at identifying all the ways in which the current copyright regime has been outdated by technological developments. Through projects such as Copywrongs.eu, which was developed at a workshop at 30c3, activists took it upon themselves to open the consultation to a wider audience and ensure that end users were heard. The tools they developed for that purpose, published under free licences, were even picked up by collecting societies to mobilise their members for replying to the consultation. The resulting over 9000 responses, half of which came from end users, reveal a deep divide: Individuals, cultural institutions such as libraries and scientists are calling for Europe-wide reform, whereas rightsholders are trying to defend the status quo. But the answers also point at some surprising similarities in the views of some respondents that can lead to new alliances and a copyright reform that truly finds a balance between competing societal goals. The new EU commission was tasked by their president to present a proposal for copyright reform within 4 months of 31c3. After years of debate, 2001's copyright directive is finally being revisited. Promisingly, the mandate for copyright legislation in the new Commission has been moved from a directorate concerned mostly with economic issues to the one for “Digital Society & Culture”. The last Commissioner responsible for this field, Neelie Kroes, ended her mandate with a passionate call for copyright reform, describing the current legal framework in the EU as "fragmented, inflexible, and often irrelevant". But what can we expect from the responsible Commissioner Guenter Oettinger, who's clearly not a digital native, and who has to answer to Commission Vice-President Andrus Ansip, formerly a fervent supporter of the Anti-Counterfeiting Trade Agreement ACTA? I'll explain what the new structure of the Commission means for copyright reform, who the players are, the expected timeline, what we may hope to achieve and how you can help ensure an ambitious, progressive and user-friendly outcome. This talk is also a call for hackers to involve themselves in traditional arenas of policy-making and to become more political in their demands and activities.

Saal 2 16:00

zurück

René Freingruber
EMET 5.1 - Armor or Curtain?


EMET (Enhanced Mitigation Experience Toolkit) is an application which can be used to further harden a Windows system by adding additional security protections to running processes. These protections include several ROP (Return-Oriented-Programming) checks, shellcode detection mechansims, heap-spray mitigations and many more. The talk covers techniques to bypass EMET 5.1 (the current version) and shows the audience how hard/easy it is for an attacker to accomplish this.

The Enhanced Mitigation Experience Toolkit (EMET) is an application developed by Microsoft which adds an additional layer of security to applications to prevent attackers exploiting vulnerabilities in them. It can be used to globally enable system mitigation techniques such as Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP) or Structured Exception Handler Overwrite Protection (SEHOP). In addition special per-process protections can be added such as various Return-Oriented-Programming (ROP) protections (LoadLibrary, MemProt, Caller, SimExecFlow, StackPivot), Export Address Table Access Filtering (EAF and EAF+) to prevent execution of shellcode, pre-allocations to defeat heap spraying and kernel exploitation, additional randomization (bottom-up randomization and mandatory ASLR) and advanced mitigations (deep hooks, anti detours and banned functions) to prevent different types of attacks. If an application supports DEP together with full ASLR the difficulty to write a reliable exploit increases dramatically. The typical approach to defeat DEP is to use ROP to disable it. ROP builds on the idea to return (or jump) to small so-called gadgets (which are equal to already existing code from the code-section which end with a return or jump instruction) to chain these gadgets together to build new logic (like logic to disable DEP). If ASLR is supported by all modules of the application this approach can't be applied because the address of such gadgets is randomized by ASLR and thus unknown by the attacker. In such a case the vulnerability must be turned into an information disclosure vulnerability to first disclose an address to defeat ASLR. Techniques to accomplish this (e.g. partial overwrites, overwriting the length field of strings, ...) have already been discussed in the past and thus will not be focus of this talk. Instead further techniques will be discussed which can be used to bypass the additional per-process protections of EMET. To apply these techniques a vulnerability which allows code execution as well as leaking information (to bypass ASLR) is required. These requirements are satisfied per default because otherwise writing an exploit for a not-EMET protected application would be impossible. The aim of this talk is to demonstrate new and more reliable exploitation techniques as well as discussing in which situations already existing techniques can be applied in a reliable way. An important approach of exploit developers is to write bypasses in a way that they can easily be ported to other exploits. For example, if a technique requires jumping to already existing code a dumb approach would be to build it application specific. Instead the technique can be built on top of the EMET library which gets injected into all protected applications and thus is a good target to minimize work load because the code for the bypass must only be written one time. To apply such techniques various methods to identify the presence, retrieving the imagebase as well as the version of EMET will be shown. EMET also supports none memory corruption related protection techniques (like Attack Surface Reduction ASR and certificate pinning), however these will not be discussed during the talk because the focus of the talk is on memory corruption exploitation (e.g. buffer overflows, use-after-free bugs, type confusion attacks and so on). All techniques are implemented and demonstrated in a real-world Firefox exploit. Even if the vulnerability is older (we at SEC Consult don't want to publish reliable working exploit code for applications which are still in-use these days) it is a very interesting vulnerability to study and together with a highly configurable exploit it's easy to see the different techniques in action. The exploit works reliable against any Windows operating system (Windows XP, Windows Vista, Windows 7, Windows 8, Server 2003, Server 2008, Server 2012, ...), on 32-bit as well as on 64-bit architectures and is able to bypass EMET in all versions (EMET 4.1, 5.0 and 5.1) with all protections enabled. Microsoft as well as other vendors typically suggest as a workaround for new memory corruption vulnerabilities to install EMET to protect the application. The aim of the presentation is to show the audience that attackers can still exploit such protected applications by using one of the many existing techniques. We at SEC Consult do not believe in putting additional security layers like EMET, DEP, ASLR, application firewalls and so on on top of applications. Rather we demand from software developers and especially from the software industry itself to focus on secure software development instead of forcing their customers to create a chain of security layers to protect their software product. Protections such as EMET, DEP and ASLR are useful to add an additional hurdle for attackers but are not unbreakable.

Saal 2 17:15

zurück

Michael BĂŒker
What Ever Happened to Nuclear Weapons?


An overview of 70 years of nuclear weapons, focusing on some of the underlying physics, the international politics that surround the topic, modern technology for nuclear weapons detection and monitoring, and what everyone can do to help nuclear disarmament.

With the end of the Cold War, the sense of imminent danger from nuclear weapons quickly faded. But the weapons never went away: Today, half the world's population lives in countries with nuclear weapons. Roughly 15,000 nuclear warheads, each powerful enough to destroy a city, are in the hands of nine countries. The most important international treaty on nuclear weapons states that only five countries can ‘legally’ have them. But over the last 50 years, eight other countries have come into their posession, four of which are established nuclear powers today. How did that happen? Moreover, nuclear tests of different kinds are banned by a multitude of international treaties. An impressive global measurement network of hundreds of seismic, hydroacoustic, infrasound and radionuclide measurement stations has been set up to detect nuclear tests. However, a treaty to finally ban all sorts of nuclear explosions, signed by 183 countries, is on the brink of failing. What is up with that? This talk aims to provide a broad physical, technical and historical overview of the topic of nuclear weapons, and explain where international politics and verification technology stand today.

Saal 2 18:30

zurück

Natalia Lukaszewicz
The Maker movement meets patent law


The Maker movement and patent law are like two planets moving on the orbit of innovations. Occasionally, they collide 
 because the Maker planet moves too fast. But, back on the Earth. Encounters with patent law can be of many reasons, e.g. filing a patent application or being blocked in making by a patent (or much worse, being accused of a patent infringement). The latter motivated the question of the permissible uses of patented inventions. The talk explains which activities on patents are lawful and keep Makers safe in their making.

The Maker Movement does not need to be presented. Even the White House has expressed its gratitude and admiration for individual inventors – single heroes; and the World Bank has recognised their potential. But the daily life of Makers is not (always) that sweet and victorious. As they get more technologically advanced, they face new challenges: financial, resource-related or legal. The project focuses on the legal aspects, specifically on patent law. There are two ways Makers meet with patents: 1) they want to obtain a patent for their solution, 2) they get confronted with a patent infringement claim. The latter led to the question of the efficacy of patent flexibilities (“patent windows”) that reduce the patent exclusivity over the use of an invention. They provide both the freedom to operate and enable defence in patent infringement lawsuits. The project also contributes to the ongoing discussion on the reform of patent law, and suggests the re-consideration of certain legal tools in the light of the Maker phenomenon. Beyond any doubt, Makers deserve special attention in the legal field for a number of reasons: 1) their technological contributions, 2) popularisation of democratic ideas: participation, trust and responsibility, 3) for making a part of this world better. (The patent system shared once the same principles 
 before it has changed into a money-making machine.) The reference point for the research is collective making: when an idea leaves the safe private harbour (adverbial basements and garages) and enters open waters of knowledge dissemination and commercialisation, where a patent infringement may easily occur. Against this background I analyse the scope of patent windows (statutory provisions and doctrines) stipulated in four legal systems: Germany, the UK, the USA, and Japan. I present the main construction lines and apply them to the Maker environment. There are measures, e.g. private and non-commercial use or experimental use, that work in “making” but under certain reservations. The talk serves advising and increasing the awareness of the scope of the permissible uses on patented solutions.

Saal 2 20:30

zurück

Anja Drephal
Living Drones


During World War I, homing pigeons were used to carry messages and take photographs over enemy territory. Today, experiments are being conducted to remote-control insects for similar purposes. This talk intends to give an overview of 100 years of living drones, speculate on future developments in the field, and question the ethical implications of the practice.

Long before man-made aerial vehicles were invented and perfected, pigeons have been employed to carry messages over long distances. Their homing instinct, the ability to find their way back to their home loft from as far as 1,000 miles away, has been known and used by mankind since ancient times. While regular pigeon post had been established since the Middle Ages, it was during World War I that pigeons were used extensively for military purposes: radio communication was still crude and unreliable, but pigeons were fast and dependable means of delivering messages from behind enemy lines. With the advancement of photography, they were even employed as aerial surveillance drones, equipped with small automatic cameras. Although the US and British armies disbanded their pigeon sections in the 1950s, carrier pigeons are being used for communication purposes until today. Taking the idea of connecting flying animals with communication technology one step further, as of 2014, experiments are being conducted in wiring and remote-controlling moths, effectively turning them into biobots to be used for search and rescue missions – and possibly for military and surveillance purposes?

Saal 2 21:15

zurück

Will Scott
Computer Science in the DPRK


This talk will reflect on teaching Computer Science in Pyongyang over the last two years, and look at how technology has been integrated into civilian life in the DPRK. Remaining an extremely isolated country, many people would be surprised to hear that cellphones have become commonplace within the capitol, let alone that the country invests in custom hardware and software. I'll talk through the current state of desktop and mobile technology in pyongyang, and what's changing.

From redstar OS, a custom redhat-derived linux desktop and server environment, to the arirang cellphone and tablet, technology in the DPRK is different from what you are likely to see anywhere else in the world. Most systems are not widely available, and exist as much in rumor as reality. Partially from language barrier, and partially due to restrictive import, export, and communication policies, there are large gaps and large amounts of misinformation around most aspects of the country. I've spent the last two falls teaching Computer Science, specifically Operating Systems and Databases, to undergraduates at the Pyongyang University of Science and Technology. In the course of life in Pyongyang, I've been able to observe the growing prevalence of mobile technology, and get a firsthand look at the state of consumer technology in the country. In this talk I'll provide a demonstration of redstar 3.0, the current generation of the desktop operating system, and offer the caveat that it is seldom used in practice. I will also bring a samjiyong android tablet, to demonstrate the state of mobile technology. I'll focus the talk on discussing what international technology is and isn't applicable to the country, and the opportunities going forwards.

Saal 2 22:00

zurück

Maria Xynou
Claudio àż“ vecna
Trackography


Have you ever wondered who is watching while you are reading your favourite media online? Whether we are reading the Guardian, the New York Times, the Hindu or any other news website, third party trackers are collecting data about our online behaviour. This lecture will present Tactical Tech's new project, Trackography, which shows that we are all part of a global tracking business.

When we access websites, third parties are able to track our online behaviour, aggregate our data, link it to other data collected about us and subsequently create profiles. These profiles tell a story about us – which may or may not be true - and can include our political beliefs, gender, sexual orientation, economic status, habits, interests, affiliations and much more. And while this might all appear to be harmless, we largely have very little control over how and when our data is collected, how our profiles are created, whether they are accurate, who they are subsequently shared with, who has access to them, what they are used for, where they are stored and for how long. The global data industry has been very opaque... until now. Trackography illustrates which companies track our data when we read the news online, which countries our data travels to and how our data is handled everytime we access a media website within a period of time. We developed Trackography to increase transparency about the data collection industry. We hope it will start a discussion on unseen and unconsented data collection and on the politics of data. Come to our lecture, learn about Trackography and help us track the trackers!

Saal 2 22:45

zurück

KĂ©vin Redon
MegaCode to facility gates


How do garage gate remotes work? It turns out the ones from MegaCode simply send a individual fixed code. And with little efforts if was possibly to clone them, send arbitrary codes, and record them all.

Garage gate remotes are not particularly well known for their security. And cloning them generally isn't a difficult task. The MegaCode system from Linear LLC is no exception to it. It did not take long to find out each remote sends a unique but fixed code over the radio interface. The rest was straight forward: record the signal using a Software Defined Radio, decode the signal, modify another remote to send this code, modify a receiver to collect even more codes, and record even more codes. In this talk I will show how this simple system was reverse engineered. If you always wanted to play with software defined radio, electronics, micro-controllers, or solder components but you had no idea where to start, or thought that it would be to complicated because these are unknown grounds, this should motivate you. The tools and techniques are accessible for newcomers and should motivate you to also start playing with hardware.

Saal 2 23:30

zurück

Matthias Herz
Michael Johann
Snowden Effect vs. Privacy Paradox


"Vertrauen ist gut - Kontrolle ist besser." Dieses Idiom gilt mehr denn je, sofern man die AktivitĂ€ten von Geheimdiensten bewerten mag. Wie seit einiger Zeit bekannt ist, ist die MĂ€r der massenhaften Überwachung des Einzelnen RealitĂ€t. Ob und inwieweit dies Auswirkungen auf die RealitĂ€t des Einzelnen hat, steht im Fokus der vorliegenden Studie.

Der NSA-Skandal hat gerade in der jĂŒngeren Vergangenheit gezeigt, dass konkrete Einstellungen zu Überwachung, Internetnutzung und Datensicherheit globale Themen sind, die gerade im Lichte der EnthĂŒllungen Edward Snowdens vielfach eine Neubewertung erfahren. Aktuelle Studien zeigen, dass der NSA-Skandal die Einstellung von Internetnutzern zu diesen Themen, insbesondere in den Bereichen Online-Shopping, Cloud-Computing, E-Government und Sozialen Online-Netzwerken verĂ€ndert hat. (BITKOM, 2013; Fittkau & Maaß, 2013; Fritz, 2013; Krempl, 2013; Wilkens, 2013). Die vorliegende Studie nutzt ein Multimethoden-Design, um Einstellungen hierzu und um das Nutzungsverhalten von Facebook-Nutzern zu analysieren. Dabei stehen u.a. generationale Effekte und unterschiedliche Nutzertypen im Fokus. Ziel der Studie ist es zu ermitteln, ob mit zunehmendem Wissen ĂŒber Überwachungspraktiken eine VerĂ€nderung des Nutzungsverhaltens in Sozialen Online-Netzwerken einhergeht, oder: Ob gegenwĂ€rtig der Snowden-Effekt oder die Manifestation des Privacy Paradox zu beobachten ist.

Saal G 11:30

zurück

Eric Wustrow
Hovav Shacham
Security Analysis of a Full-Body X-Ray Scanner


Full-body scanners, also known as "naked scanners", are used in airports and other government facilities to detect metallic and nonmetallic objects hidden beneath people's clothes. In many countries, they play a critical part in airline security, but they have also been criticized for being unsafe, ineffective, and an invasion of privacy. To shed scientific lights on these questions, we conducted the first rigorous, independent security evaluation of such a system. We bought a government-surplus Rapiscan Secure 1000 full-body scanner on eBay and extensively tested it in our lab. We found that it's possible to conceal knives, guns, and explosives from detection by exploiting properties of the device's backscatter X-ray technology. We also investigated computer security threats: malicious software and hardware that can compromise the effectiveness, safety, and privacy of the machine. In this talk, we'll explain how full-body scanners work, describe the results of our experiments, and draw lessons to inform transportation security, embedded systems security, and the public debate over secretive and privacy invasive government technologies.

In response to evolving terrorist threats, including non-metallic explosive devices and weapons, the U.S. TSA has adopted full-body scanners as the primary passenger screening method at nearly 160 airports nationwide at a cost exceeding $1 billion. Although full-body scanners play a critical role in transportation security, they have generated considerable controversy, including claims that the devices are unsafe, violate privacy and civil liberties, and are ineffective. Furthermore, these scanners are complex embedded systems that raise important computer security questions. Despite such concerns, neither the manufacturers nor the government have disclosed enough technical details to allow for rigorous independent evaluation, on the grounds that such information could benefit attackers, or is a trade secret. To help advance the public debate, we purchased a government-surplus Rapiscan Secure 1000 full-body scanner and performed a detailed security evaluation of its hardware and software. We tested the Secure 1000's effectiveness by experimenting with different methods of concealing contraband. While the device performs well against naive attackers, fundamental limitations of its backscatter X-ray technology allow more clever attackers to defeat it. We show that an adaptive adversary can confidently smuggle contraband past the scanner by carefully arranging it on his body, obscuring it with other materials, or properly shaping it. Using these techniques, we are able to hide firearms, knives, plastic explosive simulants, and detonators in our tests. These attacks suggest a failure on the part of the Secure 1000's designers and the TSA to think adversarially. We also evaluated the security of the Secure 1000 as a cyberphysical system. We show how malware infecting the operator's console could selectively render contraband invisible to screeners. We also attempt (with limited success) to use software-based attacks to bypass the scanner's safety interlocks and deliver an elevated X-ray radiation dose. Lastly, we show how an external device carried by an attacker can capture naked images of the subject being scanned. Our results suggest that the Secure 1000 is not able to guarantee effectiveness or privacy against attackers who are knowledgeable about its inner workings, and that such knowledge is easy to obtain for an attacker with modest resources. We believe this study reinforces the message that security systems must be subjected to testing that is rigorous, adversarial, and public before they can be deemed safe for critical applications. Warning: Nudity. We plan to show unmodified scanner images in order to demonstrate the privacy implications of full-body scanning.

Saal G 12:45

zurück

Theresa
Lightning Talks Day 3


Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick!

Saal G 16:00

zurück

Philipp Jovanovic
aumasson
CAESAR and NORX


"Nearly all of the symmetric encryption modes you learned about in school, textbooks, and Wikipedia are (potentially) insecure." -- Matthew Green In recent history, we saw time and again (to some extent catastrophic) failures of cryptographic constructions for authenticated encryption (AE) due to bad design choices, implementation errors and a lack of reliable standards. After an introduction providing some background information on these topics, we present CAESAR, a new cryptographic competition which aims to find solutions to the problems mentioned above. In the second part of the talk, we introduce NORX, a new and next-generation AE scheme and our candidate for CAESAR.

CAESAR is the Competition for Authenticated Encryption: Security, Applicapility, andRobustness, and the latest crypto contest after AES, eSTREAM, SHA-3, and PHC. CAESAR aims to identify a portfolio of authenticated encryption (AE) schemes with support for associated data (AD). Compared to ciphers like AES-CBC or Salsa20, protects not only confidentiality, but also authenticity and integrity of the processed data. Before we give an introduction to CAESAR, we present the motivations behind the competition, like the importance to protect in-transit data, a lack of reliable AE(AD) standards or the repeated crypto failures in recent history that led, for example, to the cracking of WEP (aircrackng), and to attacks on (D)TLS, like BEAST and Lucky13.

In the second part, we talk about NORX, our CAESAR candidate: NORX is a user-oriented cipher, engineered to take advantage of modern CPUs and to scale to different levels of parallelism. NORX relies on trusted building blocks, adapted to meet our design goals:

We explain how we selected NORX's operations and parameters to achieve maximized security and efficiency in both soft- and hardware. We also report on detailed benchmark results showing that NORX is among the fastest CAESAR candidates on various platforms, from ARM and x86 to ASICs. For example, on Intel's Haswell microarchitecture, NORX achieves 2.51 cycles per byte (more than 1 gigabyte per second), exploiting local parallelism provided by AVX2 instructions.

Saal G 17:15

zurück

Aylin
greenie
Rebekah Overdorf
Source Code and Cross-Domain Authorship Attribution


Stylometry is the study of linguistic style found in text. Stylometry existed long before computers but now the field is dominated by artificial intelligence techniques. Writing style is a marker of identity that can be found in a document through linguistic information to perform authorship recognition. Authorship recognition is a threat to anonymity but knowing ways to identify authors provides methods for anonymizing authors as well. Even basic stylometry systems reach high accuracy in classifying authors correctly. Stylometry can also be used in source code to identify the author of a program. In this talk, we investigate methods to de-anonymize source code authors of C++ and authors across different domains. Source code authorship attribution could provide proof of authorship in court, automate the process of finding a cyber criminal from the source code left in an infected system, or aid in resolving copyright, copyleft and plagiarism issues in the programming fields. Programmers can obfuscate their variable or function names, but not the structures they subconsciously prefer to use or their favorite increment operators. Following this intuition, we create a new feature set that reflects coding style from properties derived from abstract syntax trees. We reach 99% accuracy in attributing 36 authors each with ten files. We experiment with many different sized datasets leading to high true positive rates. Such a unique representation of coding style has not been used as a machine learning feature to attribute authors and therefore this is a valuable contribution to the field. We also examine the need for cross-domain stylometry, where the documents of known authorship and the documents in question are written in different contexts. Specifically, we look at blogs, Twitter feeds, and Reddit comments. While traditional methods in stylometry that work well within one domain fail to identify authors across domains, we are able to improve the accuracy of cross-domain stylometry to as high as 80%. Being able to identify authors across domains facilitates linking identities across the Internet making this a key privacy concern; users can take other measures to ensure their anonymity, but due to their unique writing style, they may not be as anonymous as they believe.

Anonymity is a topic researched in detail at the Privacy, Security, and Automation Lab at Drexel University. We study how to effectively identify the author of text with unknown authors and how to anonymize text of known authorship. In our previous talks at CCC, we have presented methods to identify authors of regular text, translated text and users a.k.a cyber-criminals of online underground forums. We introduced our authorship anonymization framework ‘Anonymouth’. Many times, we received questions on how applying de-anonymization techniques would work on source code and different domains. In this year’s talk, we will focus on identifying the authors of source code and cross-domain stylometry. Can the authors of source code be identified automatically through features of their programming style? Do they leave coding “footprints”? Holding important implications for protecting intellectual property as well as for identifying malware authors and tracking how malware spreads and evolves, this question spurred a cross-cutting research project involving NLP and machine learning. Code stylometry requires features unique to coding and to the programming language. Source code has different properties than common writing, such as the lineage, keywords, comments, the way functions and variables are created, and the grammar of the program. Aware that methods from text analytics can strengthen cyber analytics, this project sought to advance the potential of automated linguistic-type analysis, or stylometry, for authorship attribution of source code. A corpus of tens of thousands of users was built by scraping Google Code Jam Competition dataset. Specifically investigated were new ways of representing coding style through NLP-inspired syntactic, lexical and layout features. Random forests with 300 hundred trees were used along with less than ten decision features per tree. The main dataset had 173 authors each with six source code files with less then 100 lines of C++ code. A series of experiments was performed to discover the feature set that yielded the highest recognition accuracy: 91%. 57% of the features with information gain were syntactic and the rest were lexical and layout features. Tests on a validation dataset of exact same size showed 86% accuracy with the same features. The features that had information gain in the validation experiments all had information gain in the original dataset, which shows that the method and feature set are robust and abstract syntax trees show best promise. Source code is just one domain studied in authorship attribution. We also study the problem of domain adaption in stylometry. Can we identify the author of an anonymous blog from a suspect group of Twitter accounts? The ability to do so would lead to the ability to link accounts and identities across the Internet. We can achieve high accuracy at identifying authors of documents within the same domain, including blogs, Twitter feeds, and Reddit comments, even when classifying with up to 200 authors. Identifying the author of a group of tweets from among 200 tweeters yields an accuracy of 94% and identifying the author of a blog entry from among 200 bloggers yields an accuracy of 71%. When we try to identify to author of a collection of tweets based on a collection of blogs from 200 authors, however, accuracy drops to 7% using the same method and features. We are able to increase the accuracy, however, by applying an augmented version of doppelganger finder, a stylometric approach for multiple account detection that can handle small stylistic changes. This provides significant improvements in each of the cross-domain cases. Advances in authorship attribution offer both positive and negative repercussions for security. However, it is important to understand the assumptions that underlie these results. Blind application of stylometric methods could be dangerous if the domain is not understood. This work shows that stylometric methods are domain dependent. Whether used defensively or offensively, this is certain to impact user account security.

Saal G 18:30

zurück

cyphunk / nathan fain
"Exploit" in theater


3 theater projects that illustrate the false "California Ideology" and ask us to look at our slip into neoliberalism through the backdoor of technology and to consider the ethics in the protocol.

We are moving the responsibility for the construction of social behaviour and good citizenry from the hands of policy makers to the hands of engineers. Trading spaces of the commons for those of market will. And the architects (standards bodies) are hardly concerned. Followers of the "California Ideology" present as their argument fluid consensus, provided through technology, as a reason to trust this neoliberal future. I will present 3 collaborations in theater that I feel question this ideology.

Saal G 20:30

zurück

Johannes Taelman
Axoloti


Axoloti is an integrated platform for digital audio: its graphical editor is an easy-to-use toolbox for creating sound synthesis or processing algorithms. The audio processing runs on a microcontroller board, and runs standalone after editing.

Axoloti creates compilable c++ code from a graphical network of objects and connections, and automates the compilation, upload and execution of the resulting code on the target hardware. While running, parameters (presented as controls on objects in the document) can be tweaked from the host computer, and variables are read back (presented as numbers, virtual LEDs, graphs...) on the objects, in real time. The Axoloti hardware has standard audio and MIDI in- and output, but also general purpose I/O, enabling easy development of custom "new" musical instruments.

Saal G 21:15

zurück

Kai Kunze
Eye Wear Computing


The talk gives an overview about the emerging field of smart glasses and how they can be used to augment our mind (e.g. how to improve our brain with technology). The talk will focus mostly on how to quantify cognitive tasks in real world environments. I also present a first application scenarios on how to use smart eyewear (e.g. google glass or JINS MEME) for short term memory augmentation and cognitive activity recognition.

Considering the last centuries, major scientific breakthroughs aimed at overcoming our pyhsical limitations (faster transportation, higher buildings, longer, more comfortable lifes). Yet, I believe the coming big scientific breakthroughs will focus on overcoming our cognitive limitations. Smart glasses can play a vital role in 1. understanding our cognitive actions and limitations by quantifying them 2. helping us design interventions to improve our mind. The talk will focus mostly on the first point, what kind of cognitve tasks can we track already with the smart glasses that are available in the market and what will happen in the near future. I will discuss application examples for Google Glass and J!NS MEME. J!NS MEME is the first consumer level device measuring eye movements using electrodes also called Electrooculography (EOG). The MEME glasses not a general computing platform. They can only stream sensor data to a computer (e.g. smart phone, laptop, desktop) using Bluetooth LE. Sensor data includes vertical and horizontal EOG channels and accelerometer + gyroscope data. The runtime of the device is 8 hours enabling long term recording and, more important, long term real-time streaming of eye and head movement. They are unobtrusive and look mostly like normal glasses. For Google Glass I present an open sensor-logging platform (including the infrared sensor to count eye blinks) and a fast interface to do lifelogging. We will discuss which eye movements correlate with brain functions and how this fact can be used to estimate the cognitive task a user is performing, from fatigue detection, over reading segmentation to cognitive workload and the advances to track attention and concentration. Challenges discussed in the talk include how to get ground truth and how to evaluate performance in general.

Saal G 22:00

zurück

timobaumann
Arne Köhn
Automatically Subtitling the C3


Transcribing a talk comes relatively easy to fast typists, whereas turning a transcript into time-aligned subtitles for a video requires a much larger human effort. In contrast, speech recognition performance (especially for open-source-based solutions), is still poor on open-domain topics, but speech technology is able to align a given text to the corresponding speech with high accuracy. Let's join forces to generate superior subtitling with little effort, and to improve future open-source-based speech recognizers, at the same time!

We present the ongoing work of an student project in informatics at UniversitÀt Hamburg in which we combine the strengths of human transcription performance and automatic alignment of these transcriptions to produce high quality video subtitles. We believe that our work can help the C3 community in generating video subtitles with less manual effort, and we hope to provide subtitles for all 31C3 talks (as long as you provide the transcriptions). However, we're not just a service provider to the C3. There is a shortage of training material for free and open-source speech recognizers and the acoustic models they employ. Thus, we plan to prepare an aligned audio corpus of C3 talks which will help to advance open-source speech recognition. Be a part of this by helping us with your transcriptions -- we'll repay with subtitlings and better open-source speech recognition in the future!

Saal G 22:45

zurück

BeAnotherLab
The Machine To Be Another


The Machine To Be Another is an open-source interactive system designed to explore the relationship between identity and empathy through interdisciplinary performance-experiments drawing from neuroscience, VR, storytelling and art. Through research collaborations we have been developing applications in contexts of conflict resolution, the arts and healthcare.

Imagine the possibility of creating stories that can be felt through the audience's own body as something real. For example, what would it mean for the world if citizens from opposite sides of a war could swap bodies and feel what it is like to be part of the family of their own enemy? What if every school child could experience, in full immersion, the life of another young person half way around the world? How would this impact our ability to share our pain, address the challenges we share, resolve conflicts and build empathy, or even improve our emotional resilience as individuals? We developed a system that allows users to enter the body of a different person and inhabit each other’s experiences in a radically different way; a way of sharing that transports us to a place of preverbal, embodied empathy. The Machine to Be Another is a Creative Commons interactive system designed as a tool for embodied-immersive storytelling. We merge interaction protocols from neuroscience research in embodiment with performance, storytelling and virtual reality hardware to create in users the illusion of feeling themselves in the body of another person. Embodied simulation mechanisms, in particular of actions, emotions and corporeal sensations have been recently proposed as having deep implications in the understanding of empathy and social cognition, perception of one’s body, neural plasticity but also in the formation of concepts .For example, studies conducted by EventLab in Barcelona suggest the effectiveness of inducing body ownership for reducing implicit racial bias. This “body swap illusion” is so strong that a person can experience being in another’s body when facing her own body and shaking hands with “themselves”. For two years we have been working with an extended community of researchers, artists, activists and members of the public to create performance-experiments related to the understanding of the other and the self. Through this processes we have explored issues such as mutual respect, immigration and physical disability bias, gender identity, conflict resolution, body extension and embodied dance performances.

Saal G 23:30

zurück

Magnus
Higher-Dimensional Geometry and Fractals


Extending the common 3-space-to-2-space projections to 4D and higher and how certain types of fractals can be presented using these expansions. After that we'll have a closer look at Fractal Flames as used in Electric Sheep.

This talk will be split into 3 parts; first: extending the common 3D-to-2D projections - used by libraries such as OpenGL - to also allow projecting hypothetical 4D or higher constructs to a 2D screen. Second: making pretty fractal pictures by rendering iterated function systems with affine transformations in 4D and higher. This part explains how the chaos game works and how to do an alternate, discrete render which works better in higher dimensions than 2D. The third and final part takes a look at the Fractal Flames by Scott Draves, a different kind of iterated function system used in the Electric Sheep screen saver. The original algorithm for this is inherently 2D, but parts of it can be extended to higher dimensions, producing interesting results. Due to time constraints, it is assumed that the audience is already roughly familiar with - or willing to believe in - the general method for 3D projections, including vector and matrix maths. There will also be pretty pictures. The presentation will have live demo segments mixed in, which make use of a F/OSS 4D+ primitive and fractal renderer called "Topologic" (see links, below).

Saal 6 11:30

zurück

Alexis
Why do we need an open food information platform


We from EveryCook are building an open source computerized cooking device. At 29c3 I presented the idea of digital cooking and people gave me an awesome feedback. Now, 2 years later the industry giants have realised that connecting computers and kitchen devices can do awesome things. But do they create open standards? Of course not! They create little black boxes speaking strange languages that you can't integrate in an ecosystem that wasn't designed by the manufacturers themselves. We still want an open ecosystem for free exchange of information about food and recipes. We came closer to our goal. Let me tell you...

There are bluetooth thermometers for meat. Can I use them with my computer? Nope, because they only talk to one dedicated app. There are cooking devices with touch screen, built-in recipes and sometimes even networking capabilities. But do we know how to talk to them? We seem to be the only ones believing in the power of open standards. EveryCook is open source since the beginnings. Because we look at the large picture. We want to use ALL available data for cooking. Even data from WWF about sustainability or data from scientific research about nutrients. And we want to show how we treat this data. We want our database open for all useful input. As we do for our Hardware. If you see a weak part in our designs you can tell us and we'll change it if needed. I will tell you what we learned making 4 generations of digital cooking devices. And I would like to explain you why we believe that there should be open standards for cooking software. What is now done "in the market" is that many companies develop many, many apps and some kitchen devices and none of them is made to interact with it's neighbors. Why? "because my data is my data!" and "my hardware design is mine!" Isn't that a huge waste of resources? Everyone re-inventing the wheel and then adding some little special sauce to claim the whole thing as "unique". Having all data about food available is not a need, it is a human right. Having additional data on how to prepare food in machine readable form is a nice extra. Having both together in a database is the technically best solution because of the many synergies. Let's form the future of digital cooking before someone else does!

Saal 6 12:45

zurück

Marmusha
Damn Vulnerable Chemical Process


So you want to author a next Stuxnet (or even cooler than that). Here is the success recipe: forget what you have known about cyber security. When an attack transitions from control of a digital system to control of a physical process, physics and time become controlling factors instead of the digital rules encoded into your microcontroller. The holly CIA trinity is meaningless in the physical world. The uncontrollable but still running process is not really available; process dynamics does not stop simply because the controlling equipment is DoSed; electronically segregated components can still communicate over physical media (the process) and a physical phenomenon can be measured terribly wrongly (so that the wrong measurement will be proudly delivered to the digital application in a totally secure way). Where physics plays a governing role, IT security concepts are rendered useless. Please welcome a new arrival in the "damn"-frameworks series - Damn Vulnerable Chemical Process. Come to the lecture and learn what it takes to exploit a physical process: how to find vulnerabilities and how to exploit them with minimal cost and maximum impact. Get astonished about the gazillion of uncertainties you will have to face on your way to disruptive goal and realize that the TIME is ONLY what matters while designing your attack . Make sure to visit local library and refresh your knowledge on physics, chemistry, mechanics, control theory, signal processing and algorithms. The lecture will teach you how to apply this knowledge in the exciting world of cyber-physical exploitation.

Attackers and researchers have shown numerous ways to compromise and control the digital systems involved in process control (plants, grids, cars). Little information is available what to actually do with those controls. A single bit flip can engage the burner under a tank of chemicals, but the reaction will still take hours to complete regardless of the state of the controller outputs. Changing the state of the outputs does not immediately put the process into a vulnerable state. An attacker needs to take into account the timing and state of the system and act when the process is in the vulnerable state. Designing an attack on a cyber-physical systems leads to unconventional hacking and interesting computer science challenges. Thus, DoS attacks on controlls in the physical domain do not deny process dynamics. In fact, if timed wisely, DoS attack allow manipulation of the process at will. Whoever thinks that cryptography will safe the world is wrong. Due to the specifics of controll principles and their implementation in the equipment, DoS attacks allow manipulation of process controls even if the communication is authenticated. On the example of the DoS attacks on controller inputs and outputs at the level of communication links the lecture will take the audience through all the stages and details of (i) designing and (ii) implementing such attacks to cause physical damage. The experiments are conducted on the realistic model of a chemical plant used in process engineering research.

Saal 6 14:00

zurück

Ange Albertini
Funky File Formats


Binary tricks to evade identification, detection, to exploit encryption and hash collisions.

* artistic binaries - why they are possible, how they work. - quines - polyglots & chimeras - schizophrenic - AngeCryption - hash collisions * challenges and failures

Saal 6 16:00

zurück

olia lialina
The Only Thing We Know About Cyberspace Is That Its 640x480


Since 10 years I write about Vernacular Web and Digital Folklore, about early days of the web and web design before it became a profession. It is not that easy to find pages that were made in 93-97 and are still online or look the same. Things changed in 2009, when Yahoo announced that they are closing Geocities, number one free hosting service of the last century, "myspace of the 90es", first home for many web users and a jest for "professional web" In half a year yahoo gave its users to copy their data, Archive Team managed to partly rescue the pages and release one terabyte torrent of it. In 2010 my partner Dragan Espenschied and I started to download the files. In the middle of 2011 Dragan restored the archive and we started to go through the profiles: collecting, tagging, comparing, analyzing. One Terabyte of Kilobyte Age project started. We don't only collect and restore but bring this culture of the 90es back to the web, using contemporary infrastructure. It is http://oneterabyteofkilobyteage.tumblr.com/ that posts a screenshot of a page every 20 minutes since February 2013. Or my channel on Vine, that allows to see those pages animated and with sound. And of course the blog http://contemporary-home-computing.org/1tb/ where we describe the findings. In my HIGHLY ILLUSTRATED talk I'd like to introduce to the audience pearls of the early web culture, going much deeper than usual Under Construction signs and animated GIFs nostalgia. Will show what did it mean to make a web page technically, philosophically and ideologically. Will also talk about our unique technical setting for emulating the pages and what digital preservation really means. And last but not least will talk about newer cases of deleted social networks and social services.

Saal 6 17:15

zurück

Mareike Foecking
Die Krise der Bilder ist die Krise der Politik


Im Rahmen meiner Forschungsarbeit "Das Bild im digitalen Wandel" beschĂ€tige ich mich mit der VerĂ€nderung der Bilder im Rahmen der VerĂ€nderung der medialen Anwendung und Vermittlung von Bildern. DarĂŒber wĂŒrde ich gerne sprechen.

Mit welchen Bildern wird die Zukunft beschrieben, mit welchen Bildern wird Wahlkampf gemacht, mit welchen Bildern werden Nachrichten vermittelt und visualisiert? Bilder kommunizieren oft direkter als Texte und aus ihnen entstehen wiederum neue Bilder. Inwieweit ist das Selfie ein gesellschaftliches Dispositiv, das zu einem kollektiv verordneten Handeln aufruft und Menschen vereinheitlicht? Wieso gibt es fĂŒr die Überwachung keine wirklichen Bilder und warum bedient Angela Merkel nicht nur ein Bild, sondern viele? Inwieweit ist die Politik eine Inszenierung oder die Inszenierung selbst die Politik bezĂŒglich der Bilder, mit denen sie kommuniziert? In einer essayartigen Aneinanderreihung von visuellen Beispielen wird sich dieser Vortrag mit verschiedenen Fragen beschĂ€ftigen, die zum Teil beantwortet werden, zum Teil selbst wiederum neue Fragen stellen.

Saal 6 18:30

zurück

Robert Verch
Eva Olivin
ES GIBT VIEL ZU TUN - HAU'N WIR AB.


Eine Mietwohnung ist seit circa 20 Jahren verlassen, ihr Bewohner nicht auffindbar. UnverĂ€nderte Möblierung, Ausstattung und persönliche Hinterlassenschaften sind jedoch noch vorhanden und unberĂŒhrt.

Anhand dieser Situation verhandeln Besucher*innen in einem kĂŒnstlerisch-technischem Reallabor die Grenzen von Neugier und Voyeurismus. Ihr Verhalten wird fĂŒr die Öffentlichkeit kĂŒnstlerisch reflektiert und inszeniert. Auf dieser Grundlage wird die Frage nach der Möglichkeit empathischer Wahrnehmung ĂŒber digitale KanĂ€le aufgeworfen und zur Diskussion gebracht.

Saal 6 20:30

zurück

Richard Marggraf Turley
Agri-tech and the Arts: From Barns to D-Space


What do the arts and literature have to contribute to urgent debates about the technization of food production? What can a play from 1605 tell us about fairer distribution of natural resources today? Equally, how might a cyber thriller from 2011 help us debate contentious issues such as gene-based technologies and utopian visions of knowledge-led society? This talk considers agri-tech and food security across a wide sweep of social and political terrain, from the Arab Spring to the European horsemeat scandal, from Shakespeare to Daniel Suarez. It argues that the arts and sciences need to cooperate to deepen understanding about, and define actions on, the big challenges facing a needy world. Finally, it suggests ways in which the arts and technology can assist us in arriving at a model of society in which resources are distributed not only more efficiently, but also more equitably.

We are facing a crisis of food that threatens to overwhelm households, communities and even entire states. Inequality of access to sustenance has been exacerbated by soaring prices, corporate sharp practice and wide “food fraud” – including 2013’s UK horsemeat scandal, and Europol’s exposĂ© of “fake” and “substandard” food in Europe in 2013-14. Riots and political unrest that appear to have little connection with food, on closer inspection turn out to have dimensions associated with sustenance. For example, the first shop to be looted in 2011’s London Uprising was not a branded trainers outlet or flat-screen TV centre, but the Clarence Convenience Store, raided for chocolate bars and bottled water. In its first moments, then, the unrest in Britain’s capital took the form of a traditional “food riot”. Similarly, the first wave of protest that gave rise to the Arab Spring was initiated by the self-immolation of a street vendor who made his living selling fruit and vegetables from a cart in Tunis. As a result of food-related political unrest, food security has risen on the agendas of governments and international agencies around the world. Agri-tech has come to be regarded as the panacea to food constraint. MEP Julie Girling is not alone in arguing that “technological advancement will be the only way that we can meet the coming growth in demand”. Certainly, the technization of food production and distribution – advances in gene-based technologies, synthetic biology, agri-robots, remote sensing, agri-infomatics and just-in-time (JIT) algorithms – offers a compelling vision of knowledge-led development. However, as this talk argues, technology is only one part of the story. Until the quality of public engagement is improved around agri-tech, the nature of our food, where it comes from, and the conditions in which it is produced, programmes aimed at establishing a more equitable, ethical, sustainable future society worth living will be compromised. In this regard, the arts can open a shared spae of imagination. This talk develops findings from my forthcoming interdisciplinary book, co-authored with literary scholar Dr Jayne Archer and plant scientist Professor Howard Thomas, Food and the Literary Imagination. Our argument is that vital, deep knowledge about food, technology and society is to be found in art and literature, both historical and contemporary. In this talk, I explore what art and literature, as heuristic media, can tell us about our relation to food technology, what they can contribute to global debates about the ethics and mechanics of food production, and their role in helping us to imagine a society in which resources are distributed not only more efficiently, but also more equitably. Part 1 considers former systems consultant Daniel Suarez’s 2011 novel Freedom TM (German title, Darknet), popular among hacker communities for its kinetic scenes of “D-space” cyber combat. At the novel’s radical centre, however, is a vivid portrait of an utopian agricultural society founded on tech-led solutions to food supply. Suarez’s “darknet farms” of the future represent a serious intervention into the politics of C21 agri-tech and food security. In this respect, Freedom TM belongs to a long tradition of the arts exploring contemporary food politics, stretching back to include Shakespeare’s play King Lear (c. 1605), key sections of which are set – modern directors often forget – in a wheatfield, and John Constable’s The Hay Wain (1821), widely misunderstood as a themepark fantasy of rural life and the origins of food, regularly voted Britain’s “best loved” painting. Part 2 discusses three projects in which I am involved, each aimed at improving public dialogue around food and food politics at local and regional levels: (1) a creative commons project, “Edible Wales” (funded by CEWN/AHRC); (2) the Welsh Govt/EU-funded “Food Engagement Wales”; and (3) a project being developed with a major UK supermarket to examine practical ways in which literature can be used to promote public understanding of food as we search for a sustainable, resilient, more equitable future society.

Saal 6 21:15

zurück

c-atre
The Time is Right


Das c-atre collectivdrama prĂ€sentiert THE TIME IS RIGHT, ein Science-Fiction-TheaterstĂŒck nach einer Idee von yetzt. „Es geht um das große Ganze! Die Bewahrung von freiem Wissen, freier Kultur – ohne Copyright-Mafiosi, die jeden Pups, der dir entfleucht, lizenzieren wollen!“ (Jo) Als die Aktivisten Mo und Jo bei einer ihrer geheim-gefĂ€hrlichen Widerstandsaktionen gegen die drohende Allmacht der Verwertungsgesellschaften von dieser sonderbaren jungen Frau, die wie aus dem Nichts erscheint, ĂŒberrascht werden, ahnt noch niemand, welche weitreichenden Folgen diese Begegnung im Kampf fĂŒr die Kunst der Zukunft gehabt haben wird.

THE TIME IS RIGHT Schauspieler/innen: Carolin Meyer Gero Nagel Jens Ohlig Josefine Matthey Martine „authmillenon“ Lenders Mirko „macro“ Fichtner Pierre Pronchery Sebastian „epunc“ Marg Sigi Oepke Merle von Wittich Elisabeth KrĂŒger Carolina Rocha Schauspielerische Leitung: Josefine Matthey Dramaturgie: Carolin Meyer Text: das c-atre in Zusammenarbeit mit yetzt Musik/Sound/Komposition: Dirk Geier BĂŒhnenbild: Peter Stoltz Sebastian Marg KostĂŒm: das c-atre Maske: Vivien Pöltl Technik: Sven Wagner UA: 03. Juli 2014, c-base Berlin

Saal 1 11:30

zurück

Alexa OÂŽBrien
Nancy Hollander
Ahmed Ghappour
Chase Strangio
The case of Chelsea Manning


A discussion with U.S. Army private Chelsea Manning's attorneys Nanny Hollander, Ahmed Ghappour, and Chase Strangio. Moderated by journalist Alexa O'Brien.

In the Summer of 2013, Manning was convicted under the Espionage and Computer Fraud and Abuse Acts and sentenced to 35 years in prison for disclosing battlefield reports from the wars in Iraq and Afghanistan, Guantanamo prison camp detainee profiles, and U.S. diplomatic correspondence. She currently is imprisoned at the U.S. Disciplinary Barracks at Fort Leavenworth, Kansas. During her pretrial confinement before her trial, the U.N. Special Rapporteur on Torture ruled Manning'treatment at Quantico Brig was cruel and unusual. She is now suing the Department of Defense to provide adequate medical care for her gender dysphoria, which she was diagnoised with four years ago before her arrest by a U.S. Army doctor. Manning is now appealing her conviction in the U.S. Army Court of Criminal Appeals. This discussion will explain Manning's current situation and legal fights and how you can help this brave military whistleblower.

Saal 1 12:45

zurück

Peter Sewell
Why are computers so @#!*, and what can we do about it?


Computers have become ubiquitous and essential, but they remain massively error-prone and insecure - as if we were back in the early days of the industrial revolution, with steam engines exploding left, right, and centre. Why is this, and can we do better? Is it science, engineering, craft, or bodgery? I'll talk about attempts to mix better engineering methods from a cocktail of empiricism and logic, with examples from network protocols, programming languages, and (especially) the concurrency behaviour of programming languages and multiprocessors (from the ARMs in your phone to x86 and IBM Power servers), together with dealings with architects and language standards groups.

For more details of the underlying research and the many people who have contributed, see: http://www.cl.cam.ac.uk/~pes20/

Saal 1 14:00

zurück

Jacob
arma
State of the Onion


The current state of the Tor network and community, covering important updates, discussions of the ecosystem of software, and include a longer Q&A than previous CCC talks!

The State of the Onion covers technical, social, economic, political and cultural issues pertaining to anonymity, the Tor Project and the ecosystem surrounding our communities. Important topics include the following issues: - XKEYSCORE rules - The shift from 3 guards to 1 guard - Blackhat / cert talk and responsible Tor research in general - Russian funding for Tor research - Heartbleed - New hidden service R&D funding - Helping Internet services accept anonymous users - Meek and new pluggable transports - Tor Browser integration - Tor and EFF Tor relay challenge - OrFox - Incentives to relay - Spoiled onions paper amongst others - A summary and fact checking of important media coverage - Tor Weekly news - Art and anonymity in culture

Saal 1 15:45

zurück

Alexander Lehmann
Premiere: We love surveillance


Premiere of the English version of the shortfilm "We love surveillance".

The shortfilm will be available online at 16.00 (CET).

Saal 1 16:00

zurück

the_no
absolem
Paypals War on Terror


We are the PayPal 14. For the last several years we've been restricted in what we could or couldn't say about our court case. Our sentencing is on December 4th, ending the legal restrictions on what we can share about our story.

The panel will consist of four PayPal 14 defendants: Mercedes "no" Haefer, Josh "Absolem""t0x1c" Covelli, and an unyet decided attorney. We will be discussing the legal, political, and ethical issues surrounding the PayPal14 courtcase.

Saal 1 17:15

zurück

frank
Ron
Security Nightmares


Was hat sich im letzten Jahr im Bereich IT-Sicherheit getan? Welche neuen Entwicklungen haben sich ergeben? Welche neuen Buzzwords und Trends waren zu sehen?

Wie immer wagen wir den IT-Security-Alptraum-Ausblick auf das Jahr 2015 und darĂŒberhinaus. Denn was wir wirklich wissen wollen, ist ja schließlich: Was kriecht, krabbelt und fliegt in Zukunft auf uns zu und in unseren digitalen Implants herum? Im Zuge von noch mehr Transparenz, Kritik & Selbstkritik und kontinuierlicher nachhaltiger Optimierung aller Prozesse werden wir außerdem frĂŒhere Voraussagen hinsichtlich des Eintreffens unserer Weissagungen prĂŒfen.

Saal 1 18:30

zurück

tomate
dodger
31C3 Closing Event




Saal 2 11:30

zurück

polygon
Low Cost High Speed Photography


Capturing the splash of a water balloon, the snap of a mouse trap or the impact of a bullet results in exciting pictures. Best of all, it doesn't require expensive equipment. This talk covers the theory of high speed photography, the required hardware, microcontroller hacking and setting up an improvised studio in the shower.

A camera, a flash, a microcontroller and a soldering iron is all it takes to create high speed photos of splashing water balloons and other fast moving action. This talk gives a walkthrough from zero to final results. Starting with initial thoughts on the speed limits of common cameras and how to circumvent them, then going over the configuration of camera and flash. I explain how to use a microcontroller for precise timing of the exposure and how to wire it up to the rest of the setup. Using the example of a splashing water balloon I'll share ideas on using black fabric and duct tape to turn a shower into an improvised studio and finally take that shot.

Saal 2 12:45

zurück

Jonas Öberg
Attribution revolution


Re-using works licensed under Creative Commons seems pretty simple, but it can often be quite time consuming. One image might be okay, but keeping track of the license and attribution of a thousand images in your mashup, or when quoting from massively crowdsourced data sets such as Wikipedia? Whoah! Don’t we have computers to do that for us!? We do – but there’s no widespread support for including licensing or author information when sharing or reusing digital works. This session will discuss how this should work in the open knowledge environment.

Re-using works licensed under Creative Commons seems pretty simple, but it can often be quite time consuming. One image might be okay, but keeping track of the license and attribution of a thousand images in your mashup, or when quoting from massively crowdsourced data sets such as Wikipedia? Whoah! Don’t we have computers to do that for us!? We do – but there’s no widespread support for including licensing or author information when sharing or reusing digital works. This session will discuss how this should work in the open knowledge environment, and could it be that many problems regarding copyright and "piracy" in our digital society could be solved with the right technology? Let's take a step back and consider how we perceive photographs that we see, online and offline. Didn't you ever want to know who took that awesome photo that you scrolled past in a blog? Or find out more about where that image on Twitter or Facebook comes from? Finding this information for digital photographs can be a daunting task! Sometimes I don't even remember myself where a photograph I took was taken! Most people have a drawer of black and white photographs at home, a collection of the family history. A very natural reaction when you take a photo, which most people can also relate to, is to turn it over and look at the back of it, hoping that someone -- a parent or grandparent perhaps -- have written on the back of the photo when it was taken, where and who's pictured. The information scribbled on the back represent the context of a piece of art; it's what gives the photograph meaning and value. Metadata is the digital equivalent of your grandmothers handwriting -- giving meaning to pieces of art. By persistently associating the metadata of a photograph with the photograph itself -- making the metadata "stick" -- we can even make sure that your grandmothers handwriting stays with the photograph, even when someone photocopies just one side of it. Assuming the technology makes this easy, of course. Very recently, we've seen the emergence of technology enabling someone to copy a photograph from a web site, insert it into an editor, and have that editor automatically pick up the associated metadata and provide the correct attribution and licensing information. This has been made possible with the Creative Commons Rights Expression Language (CC-REL), other RDFa metadata, and a clever way of passing information between applications on the clipboard. In order to relate effectively to the digital works we see online, attribution (who made or built something) matters. It is obvious that proper attribution is the currency of the information age, and it's the start of being able to explore digital works online in their right context. This talk will focus on the philosophical background of why attribution matters, the benefits that technology can bring to the way we work with pieces of art (lolcats and Shakespeare alike), and where we're heading in the future.

Saal 2 14:00

zurück

Seth Schoen
Let's Encrypt


As we've called for widespread use of HTTPS, the cost and complexity of the certificate system has been an obstacle.

In 2015, a certificate authority, trusted by mainstream web browsers, will issue certificates for web servers automatically at no charge in under a minute. This CA will automatically perform Domain Validation (DV) to verify applicants' control over domain names. The associated software can optionally reconfigure their web servers and deploy the new certificates immediately. We'll take a look at how the Let's Encrypt CA works, our ACME protocol for requesting and issuing certs, and the client software that can automate the process. And we'll demonstrate what the experience of getting a cert from the new CA may look like for webmasters (don't look away, or you might miss it!). We'll also talk about who's behind Let's Encrypt and some of the measures we're considering for preventing misissuance of certs. Of course, you're invited to test and help perfect the process.

Saal 2 16:00

zurück

Varac
Ryan Lackey
Andres Erbsen
Jurre van Bergen
Ladar Levison
equinox
Daniel Ziegler
gedsic
Now I sprinkle thee with crypto dust


When the Internet was designed, it was thought to be meadows full of daisies. As we now know, it's a dark place, where communication is monitored and subverted. This session presents both developments in known solutions, as well as novel suggestions, to liberally apply crypto to improve the foundations of Internet communications.

Trusting servers you can't touch by Ryan Lackey: Servers for Internet applications are usually deployed at a distance from both the end users of the service and the administrators of the system, often controlled by third parties. Even when they're hardware vs. virtualized/cloud, it's rare for admins to have direct physical control of the servers. Yet, most applications require a high degree of trust in the integrity of servers. We describe a variety of technologies and solutions to this problem, and a framework to best protect your applications and your users.dename: decentralized, secure, usable PKI by Andreas Erbsen: A major challenge for private online communication is public key distribution. Trusted authorities have failed to be secure, and the web of trust has failed to build the network effect it gravely requires to be usable. This talk proposes a new PKI system built on a cryptographic consensus protocol. A set of directory servers updates and signs a mapping from public keys to names. Anyone can run their own server, strengthening the security guarantee for all clients that know it. We have an open-source implementation that can be easily integrated with systems that currently rely on manual key verification, including secure messaging, host authentication, and software distribution.New development in OTR by Jurre van Bergen Jurre van Bergen will speak about new developments in the world of `off-the-record` messaging. What is going on? Where are we going? In addition we will address frequently answered questions by developers and users.Secure email communication - LEAP Encryption Access Project & Pixelated Your Right to by Varac This presentation will introduce two new secure communication tools under development that help guarantee the right to digitally whisper – LEAP and Pixelated. Dark Mail by Ladar Levision Since Ladar Levison shuttered Lavabit during the summer of 2013, he has been working to solve the email privacy problems that made it technologically possible for an American court to demand unfettered access to the email messages for all of Lavabit’s worldwide customers. After a year of hard work, the Dark Internet Mail Environment (DIME) is a standards based, collaborative effort to create an elegant technical solution capable of protecting the privacy of everyone’s email. It is focused on making end-to-end email encryption automatic, while providing message confidentiality, author verification, and minimizing the leakage of metadata. DIME capable systems reduce the amount of trust users must place in their service provider. Automating the key exchange process while keeping the system resistant to manipulation by sophisticated threats is an ongoing challenge. This talk offers a compressed discussion of the DIME standards, highlighting key portions and will be followed by a project update, where we hope to showcase a DIME capable client and server implementation. TLS ♄ DNS ♄ Tor by equinox Replacing 100 CA hierarchies with the single DNS hierarchy, and how the bite reflex against the latter is coming at the cost of less secure identities.

Saal 2 17:15

zurück

Dr Gareth Owen
Tor: Hidden Services and Deanonymisation


This talk presents the results from what we believe to be one of the largest studies into Tor Hidden Services (The Darknet) to date.

There is no public list of onion addresses available; instead, over a period of 6 months, we ran a large number of Tor relays to infiltrate the Distributed Hash Table which Hidden Services publish to. From this, we were able to collect the list of Tor onion addresses AND the number of requests for each site (e.g. loosely analogous to the number of visitors). We then used a custom web crawler to crawl all the hidden services and pull a large set of information from each. From this, in this talk, we present a the information we found, from the list of the top onion addresses by content type and by popularity to estimates on size and turnover. We will also present what the largest proportion of Tor Hidden Service traffic is (it isn't pretty, and it's not drugs/silk road!). Finally, I will explain the main classes of attacks useful for deanonymising the Hidden Services and Tor users. Sadly, it's easier than the Tor user-base at large think and thus far, there have been no patches or fixes for these attacks and there isn't likely to be because they exploit fundamental weaknesses in the way Tor works.

Saal G 12:45

zurück

breakthesystem
Lightning Talks Day 4


Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick!

Saal G 16:00

zurück

Leon
31C3 Infrastructure Review




Saal G 17:15

zurück

Madonius
Telescope Making


In this talk an introduction to amateur telescope making (ATM) will be provided. Starting from grinding the mirror, testing it and building the telescope around it.

Why to take the effort to make your own telescope? Because it's custom and many times even cheaper. How-To grind your own mirror, lens, test its optical properties and build the telescope around that optics. The focus will be on newtonian telescopes but other types will be outlined as well. Grinding the optical components is the trickiest part, here the techniques and methods are explained, especially how to make high precission optics with your own hands. Testing those is very critical especially in the late manufaturing process, but optical testbenches can be made for as much as 30-50€ The most time consuming part is the building of the telescope itself, here many aspects have to be considered and taken into account.

Saal 6 11:30

zurück

Tor E. BjĂžrstad
The rise and fall of Internet voting in Norway


In the parliamentary elections of September 2013, more than 250 000 Norwegians in selected municipalities were able to vote from home. They were taking part in a national trial of Internet voting, building on an advanced cryptographic protocol.

The Norwegian e-vote project started in 2008, and was used for live election trials in 2011 and 2013. By using cutting-edge cryptography and committing to a high degree of openness in all parts of the execution, the project aimed to overcome public concerns about security risks and lack of verifiability. To promote security, the entire voting system was implemented using a complex and verifiable cryptographic protocol, with no assumed trust between different system functions. To promote openness, the entire election system source code is publicly available, as well as most project documentation. The voting system would published the SHA-256 hashes of encrypted ballots on GitHub every hour, and detailed instructions were provided to voters on how to verify that their vote had been submitted. In the run-up to the 2013 elections, the author audited the cryptographic Java implementation of the back-end election system, making a number of surprising findings. During the actual elections, a major encryption bug was discovered in the Javascript frontend code, potentially revealing the preferences of a large number of voters. Most hackers and cryptographers are highly sceptical of Internet voting, due to legitimate security concerns. Even so, insufficient technical security, or even the perception of such, does not appear to be a main reason for why the project was discontinued. The aim of this talk is twofold. First, we shall look at Norway's Internet voting project in its social and political context, highlighting the reasons why it came to be, and some of the key forces shaping the project throughout. Secondly, we discuss the findings, experiences and lessons learned from attempting to audit a large, public, complex and security-critical code base.

Saal 6 12:45

zurück

Nicolas Wöhrl
Diamonds are a quantum computer’s best friend


The next revolution in data processing is Quantum computing. This talk is an entertaining “tour de force” starting with a brief introduction to the fascinating yet strange theories of quantum physics, the concepts of using these in quantum computing and the latest results on qubits in devices made out of real diamonds. If you want to learn about the machines that decrypt your passwords in the coming years and how you can actually grow diamonds in your microwave oven (and who wouldn’t?) this talk is for you!

Quantum computing uses quantum phenomena directly such as superposition and entanglement to perform data processing. However, applying these quantum concepts to macroscopic devices such as computers is an enormous challenge for information scientists and physicists alike. What does it make so hard? Well, scientists have to find a material in which they are able to store and manipulate quantum bits (qubits). Since quantum states are very fickle and thus hard to abide the most important task is to find materials in which qubits can be stored for a sufficient long time. Surprisingly they found these properties in diamond. More specific, scientists are investigating defect centers in diamond to be used as qubits. Although quantum computing in 2014 is still in its infancy first experiments have already been carried out that give hope that these computational concepts will become reality. This talk is an entertaining “tour de force” starting with a brief introduction to the fascinating yet strange theories of quantum physics, the concepts of using these in quantum computing and the latest results on qubits in devices made out of diamond. Moreover this presentation is given by a physicist who was working on diamond for various other applications for years - who suddenly realized that he has the material for the next IT revolution right in his lab. If you want to learn about the machines that decrypt your passwords in the coming years and how you can actually grow diamonds in your microwave oven (and who wouldn’t?) this talk is for you!

Saal 6 16:00

zurück

Tamas K Lengyel
Thomas Kittel
Virtual Machine Introspection


New methods and approaches for securing cloud environments are becoming increasingly more critical as traditional host security strategies are not well integrated into virtual environments. For example, antivirus scans are a critical component of layered defense-in-depth, but in the cloud they rapidly exhaust available CPU and memory. The cloud environment nevertheless offers a unique opportunity: the ability to peer into a running operating system from an outside perspective, known as virtual machine introspection (VMI). More interestingly, it is also possible to alter the behavior of the virtualized components to help protect virtual systems in real-time. In this talk we will explore the open-source LibVMI library which over the last year, as part of the DARPA Cyber Fast Track program, has been significantly extended to ease the process of developing cloud security solutions.

New methods and approaches for securing cloud environments are becoming increasingly more critical now that virtual environments are being widely adopted by the businesses sector. Despite the fact that virtualization itself is not inherently insecure, the majority of virtual systems are less secure than those physical systems they replace. This curious state arises primarily because traditional host security strategies are not well integrated into virtual environments: as an example, typical antivirus scans are a critical component of layered defense-in-depth, but they rapidly exhaust available CPU and memory when protecting a large number of virtual machines. Some antivirus vendors have taken a small step into virtualization by adapting their existing products to scan the disks of VMs from an external perspective, but this gain in efficiency does not fully realize the potential for protection and monitoring of a virtual environment. In addition, weakly implemented ”self-defense” techniques leave themselves vulnerable to being neutralized by undetected or zero-day attacks. This ”one opportunity” for success is a critical handicap for existing protective measures. Virtualization nevertheless also offers a unique opportunity: the ability to peer into a running operating system from an outside perspective, known as introspection (VMI). It is possible to observe the memory, storage, CPUs, processes, and kernel of a running virtual machine from a safe vantage point. More interestingly, it is also possible to alter the behavior of all of these components to help protect virtual systems. The open-source LibVMI library has been designed specifically for this purpose, to look at 32-bit or 64-bit virtual machines, both on x86 and ARM. Over the last year, as part of DARPA's Cyber Fast Track program, LibVMI has been significantly extended by our team to ease the process of developing secure intrusion detection and intrusion prevention systems for the cloud. Utilizing Xen's advanced memory access system and the latest virtualization extensions available on Intel processors, LibVMI now offers unique capabilities for instrumenting, inspecting and controlling the execution of hosted guest operating systems and applications. Further combined with Xen's Security Modules, cloud security applications can be now tailored to provide a multi-tiered security environment required for multi-tenant cloud deployments. In this talk we will explore the finer details how these features can be utilized for the detection of advanced rootkits techniques, while providing a stealthy, tamper resistant environment. Our talk will explore the disaggregation of Xen's trusted computed base (TCB) with the use of the FLASK policy engine, and the changes our team implemented and contributed to Xen and the Linux kernel, to make secure cross-domain introspection part of a coherent mandatory access control system. Diving deeper into the virtualization details of the x86 architecture we will discuss advanced instrumentation techniques via the Extended Page Tables and via software breakpoint injection, and how these features are now accessible via the LibVMI API. We will also discuss critical details of live memory introspection and highlight common pitfalls in developing secure applications without relying on untrusted and potentially compromised data-sources. We will explore how mapping in-memory Linux and Windows kernels is performed by LibVMI, and compare it to other forensics tools, such as Volatility and Rekall. Our talk will further explore how to use existing forensics tools on live virtual machine to analyze modern malwares. At last, we will briefly discuss open challenges in virtualization security and some of the new CPU features proposed by Intel.

Saal 6 17:15

zurück

Frank Rieger
Ron
Security Nightmares (Stream)


Was hat sich im letzten Jahr im Bereich IT-Sicherheit getan? Welche neuen Entwicklungen haben sich ergeben? Welche neuen Buzzwords und Trends waren zu sehen?

Wie immer wagen wir den IT-Security-Alptraum-Ausblick auf das Jahr 2015 und darĂŒberhinaus. Denn was wir wirklich wissen wollen, ist ja schließlich: Was kriecht, krabbelt und fliegt in Zukunft auf uns zu und in unseren digitalen Implants herum? Im Zuge von noch mehr Transparenz, Kritik & Selbstkritik und kontinuierlicher nachhaltiger Optimierung aller Prozesse werden wir außerdem frĂŒhere Voraussagen hinsichtlich des Eintreffens unserer Weissagungen prĂŒfen.

Day 1 - 2014-12-27

zurück

SAAL 1

SAAL 2

SAAL G

SAAL 6

Day 2 - 2014-12-28

zurück

SAAL 1

SAAL 2

SAAL G

SAAL 6

Day 3 - 2014-12-29

zurück

SAAL 1

SAAL 2

SAAL G

SAAL 6

Day 4 - 2014-12-30

zurück

SAAL 1

SAAL 2

SAAL G

SAAL 6

31C3 - A New Dawn

Über

Fahrplan