created by brainwave
Geraldine de Bastion
31C3 Opening Event
alecempireThe 31C3 Keynote
A New Dawn
Martin Haase/mahaIm Sommer 2014 wurde die sogenannte Digitale âAgendaâ vorgestellt, die als ânetzpolitisches Regierungsprogrammâ bezeichnet wurde. Aus texttypologischer Sicht handelt es sich aber eher um einen PR-Text, der so aussieht, als sei er ein Auszug aus einer WahlkampfbroschĂŒre. Der Vortrag analysiert den Text zunĂ€chst inhaltlich, um zu zeigen, worum es im Einzelnen geht und wo WidersprĂŒche auftauchen, dann aus textkritischer und aus linguistischer Perspektive. Insbesondere werden bestimmte Interessen der Bundesregierung und anderer Akteure deutlich, die weniger offen thematisiert werden, aber doch sprachlich zu Tage treten.
âWir beteiligen uns aktiv an den Diskussionenâ
Am 20. August 2014 wurde in Berlin die so genannte Digitale âAgendaâ der Bundesregierung vorgestellt. Das ânetzpolitische Regierungsprogrammâ wurde begrĂŒĂt, aber viele Kritiker qualifizierten es als âzu wenig, zu spĂ€tâ. Dabei ist wenigen aufgefallen, dass es sich in Bezug auf die Textsorte um einen PR-Text handelt, der wenig Ăhnlichkeiten mit einem Regierungsprogramm hat, sondern eher so aussieht, als stamme er aus einer WahlkampfbroschĂŒre. Eine textkritische und eine linguistische Analyse ergeben, dass von einer âAgendaâ wenig zu spĂŒren ist, obwohl das Wort âaktivâ sehr hĂ€ufig verwendet wird, allerdings in Kontexten, die nichts mit AktivitĂ€ten zu tun haben. Das ist nicht der einzige Widerspruch. Es zeigt sich wieder einmal, dass die Sprache des Textes auch versteckte Interessen an den Tag bringt.
Sergey GordeychikFor two years SCADA StrangeLove speaks about Industrial Control Systems and nuclear plants. This year we want to discuss Green Energy. Our hackers' vision of Green Energy, SmartGrids and Cloud IoT technology.
We will also speak about the security problems of traditional "heavy" industrial solutions, about the things that Zurich Airport and Large Hadron Collider have in common
On top of it you will learn about our new releases, some funny and not so funny stories about discovery and fixing of vulnerabilities and the latest news from the front struggling for the Purity of Essence.â
SCADA StrangeLove: Too Smart Grid in da Cloud
Our latest research was devoted to the analysis of the architecture and implementation of the most wide spread platforms for wind and solar energy generation which produce many gigawatts of it.
It may seem (not) surprising but the systems which manage huge turbine towers and household PhotoVoltaic plants are not only connected to the internet but also prone to many well known vulnerabilities and low-hanging 0-days. Even if these systems cannot be found via Shodan, fancy cloud technologies leave no chances for security.
We will also speak about the security problems of traditional "heavy" industrial solutions, about the things that Zurich Airport and Large Hadron Collider have in common and why one should not develop brand new web server.
Specially for the specialists on the other side of the fences, we will show by example of one industry the link between information security and industrial safety and will also demonstrate how a root access gained in a few minutes can bring to nought all the years of efforts that were devoted to the improvement of fail-safety and reliability of the ICS system.
On top of it you will learn about our new releases, some funny and not so funny stories about discovery and fixing of vulnerabilities and the latest news from the front struggling for the Purity of Essence.â
Andrea BarisaniThis talks follows our previous EMV research uncovering new findings as well as a detailed analysis of Chip & PIN fraud markers in order to benefit cardholders, as well as issuing banks, in preventing wrongful liability for fraudulent charges.
Practical EMV PIN interception and fraud detection
The EMV global standard for electronic payments is widely used for
inter-operation between chip equipped credit/debit cards, Point of Sales devices and ATMs.
In 2011, our "Chip & PIN is definitely broken" presentation uncovered an EMV design flaw that, by means of chip skimmers, allows for arbitrary PIN harvesting.
Since then, by consulting on EMV implementations and their behaviour under effective attacks, Inverse Path has assisted issuing banks, as well as cardholders, with successful resolution of cases involving wrongful liability for fraudulent charges.
Our updated research effort identifies and verifies new interactions between previous EMV attacks, which even further affect the protection, or lack of, that EMV provides for the PIN.
This presentation aims to fully empower both cardholders and issuers with an understanding of all applicable attacks, while also illustrating the relevant EMV fraud detection markers.
Such information is vital to enable cardholders to request the correct and relevant information necessary to claim fraudulent charges and to enable issuers and processors to prevent fraud in the first place.
Tobias EngelCompanies are now selling the ability to track your phone number whereever you go. With a precision of up to 50 meters, detailed movement profiles can be compiled by somebody from the other side of the world without you ever knowing about it. But that is just the tip of the iceberg.
SS7: Locate. Track. Manipulate.
SS7 is the global telecommunications backbone network. You use it every time you make a call, receive a text message or use the mobile network's internet access. But to be reachable, the network has to know your location. And access to the SS7 network is getting easier and easier, without the security measures keeping up.
As a follow-up to 25C3's "Locating Mobile Phones using SS7" this talk will offer a look at what has changed in the last six years. I will show how easy it is for intelligence services and criminals to circumvent the network's defenses to get the data they want, just based on your phone number.
Karsten NohlWe know that mobile networks can â and do â attack us on many fronts. As this talk will show, even 3G is attackable. Itâs high time that we upgrade from complaining to self-defense.
Modern phones include all components necessary to block â or at least make visible â a large range of attacks including IMSI catchers, SIM exploits, and SMS attacks. The possibility of other attacks, such as passive intercept, can be inferred from measurements that normally remain hidden in a phoneâs baseband.
This talk details how these secrets were unlocked through reverse-engineering of the most widely deployed baseband family. We release tools that block or alert users to many common attacks.
We also introduce and demonstrate new attack scenarios â hybrids between local and interconnect abuse â including the passive intercept and decryption of 3G traffic.
starbugBei der Passworteingabe ĂŒber die Schultern schauen? Die Mateflasche klauen, um an FingerabdrĂŒcke zu kommen? Alles Technik von gestern. Der Vortrag zeigt, wie man heutzutage an Daten kommt, um Authentifizierungsmethoden zu ĂŒberwinden.
Ich sehe, also bin ich ... Du
Dass man Menschen bei der Passworteingabe ĂŒber die Schulter gucken kann, ist bekannt. Und auch, dass man bestimmte biometrische Merkmale mit einer Kamera fotografieren kann oder Spuren der Merkmale an GegenstĂ€nden findet. Bisher ging man davon aus, dass man sich fĂŒr solche Angriffe in der unmittelbaren NĂ€he der auszuspĂ€henden Person befinden musste. Der Vortrag soll klar machen, dass dem nicht so ist. Wir stellen Ergebnisse von Untersuchungen vor, die zeigen, dass biometrische Merkmale und Passworteingaben auch aus groĂer Entfernung oder remote durch Kameras in Mobiltelefonen direkt oder indirekt (durch Reflexionen im Auge) ausgespĂ€ht werden kĂ¶nnen.
djbThis talk will explain how to work with elliptic curves constructively to obtain secure and efficient implementations, and will highlight pitfalls that must be avoided when implementing elliptic-curve crypto (ECC). The talk will also explain what all the buzz in curve choices for TLS is about. This talk does not require any prior exposure to ECC.
ECC is rapidly becoming the public-key technology of choice for Internet protocols. ECC was introduced in 1985 and has a much stronger security record than RSA. ECC research has found new ways of attacking implementations but has also found nicer curves that avoid such attacks.
As a followup to the Snowden revelations, the TLS working group of the IETF has recently asked the crypto research group (CFRG) to suggest new curves for use in TLS, and NIST has publicly announced that they are considering new curves.
This talk gives a hands-on description of how to compute with elliptic curves. It shows different ways to write elliptic curves and the consequences of this representation for secure and efficient implementation. Algorithms will be presented as Python code snippets and will already be online before the talk at http://ecchacks.cr.yp.to.
The talk will be given as a joint presentation by Daniel J. Bernstein and Tanja Lange.
Nadia HeningerJulia Angwin, Jack Gillum, and Laura Poitras will tell us stories about how they use crypto and privacy-enhancing technologies as high-profile journalists, and rant in an entertaining way about how these tools have failed or are horribly inadequate for their needs. They will also talk about their rare crypto successes.
Crypto Tales from the Trenches
Cryptography and privacy-enhancing technologies are increasingly part of a modern journalist's spycraft. But what does it look like when a reporter actually tries to protect herself and her sources with the best tools that the hacker/academic/activist/cipherpunk/technologist communities have produced? Disaster, chaos, crashes, and UI-sponsored opsec fails.
In this talk, Julia Angwin, Jack Gillum, and Laura Poitras will tell us highly entertaining and disturbing war stories of using crypto in the field as high-risk targets, and excoriate the crypto and developer communities for failing to meet their needs while claiming success and security for all. We will hear how the crypto-nerd's utopia of
deniable poker over the phone with an honest-but-curious adversary becomes a set of barely usable implementations and user expectation mismatches.
We hope to provide some clarity on what works and what doesn't for those who develop or aspire to develop secure applications, and also a rough guide to usable opsec right now for sources, journalists, and
other nontechnical users worried about sophisticated adversaries.
Laura Poitras"Citizenfour" is Laura Poitras' documentary and a closeup view about blowing the whistle on the spooks at the NSA.
A portrait of Edward Snowden in the weeks he chooses to change our understanding of what governments know about us.
hannesWe present Mirage OS, a modular library operating system developed from scratch in the functional programming language OCaml. Each service, called unikernel, is an OCaml application using libraries such as a TCP/IP stack, DNS. It is either compiled to a Xen virtual machine image or to a Unix binary (for development). State in 2014 is that it runs on x86 and arm, we implemented a clean-slate TLS (1.0, 1.1, 1.2), X.509, ASN.1 stack, crypto primitives, Off-the-record. We also have TCP/IP, HTTP, a persistent branchable store (similar to git) - all implemented in OCaml. A virtual machine serving data via https is roughly 2MB in size - no libc inside :)
Trustworthy secure modular operating system engineering
Mirage OS is a (BSD-licensed) research project at University of Cambridge and released in December 2013 a 1.0 version. In 2014, 2.0 got released with full support on arm, a clean-slate TLS implementation, and the branchable data store Irmin. We (Hannes and David) developed a TLS stack from scratch (including cryptographic primitives, X.509, ASN.1), which we will present.
We intentionally breaks with the UNIX philosophy. Instead of using a programming language designed to replace platform-specific assembly code we use the functional programming language OCaml with higher-order functions, a composable module system, pattern matching, a sophisticated type system. Our developed TLS stack separates side effects, such as mutable memory, network input and output, etc., clearly from the pure functional core. This separation is not enforced on a language level, but by convention.
A mirage unikernel runs either as a Xen guest or as native Unix application. Each unikernel runs in a single address space, and does not include layers over layers of abstraction (kernel, user space, file system, processes, language runtime, threads, ...). The performance is not too bad (see link below). Each unikernel only uses those libraries it really needs - e.g. a name server does not depend on a file system or user accounts. A common unikernel is rather small in binary size: a web server, including TCP/IP stack and the data to be served, is less than a megabyte in size, including the OCaml runtime. There is no libc included :)
Modularity is the key for Mirage OS: the same application code can be compiled as a UNIX executable using the POSIX socket API, or as UNIX program using the userspace tun/tap interface and the TCP/IP stack written in OCaml, or as a Xen domU. This eases development, testing, debugging, and deployment.
Our target platform is the cubieboard2, a small board with a dual-core ARM A7 CPU and ethernet (and various other unused interfaces).
Code reviews, comments, contributions are always welcome.
Stefan PelzerEin Mahnmal gegen die Vereinten Nationen, 25.000 Euro Kopfgeld auf eine
deutsche WaffenhĂ€ndlerfamilie, eine falsche Kampagne fĂŒr das
Familienministerium oder die Flucht der "Mauerkreuze" vom Reichstagsufer
an die EU-AuĂengrenzen: wenn das Zentrum fĂŒr Politische SchĂ¶nheit (ZPS)
das Kriegsbeil ausgrĂ€bt, ist eine kontroverse Debatte garantiert.
Mit Kunst die Gesellschaft hacken
Die Reaktionen reichen von Begeisterung bis Entsetzen. Das Feuilleton
jauchzt, die Springer-Presse heult, die CDU ist tief erschĂŒttert, der
Bundestag debattiert und Griechenland mobilisiert Spezialeinheiten der
Eins ist sicher: Das Thema schlĂ€gt mit aller Wucht auf der Agenda ein
und wird bundesweit diskutiert.
Wie kann Kunst die Gesellschaft hacken?
Wie trifft man immer wieder den empfindlichen Nerv?
Wie transportiert man am helllichten Tag eine ganze GedenkstĂ€tte ab, die
nur 15 Meter vom Bundestag entfernt steht?
Warum kann Theater so schlagkrĂ€ftig Politik machen?
Und: Was ist eigentlich Politische SchĂ¶nheit?
Philipp Ruch und Stefan Pelzer reisen aus der sagenumworbenen "Zentrale"
(O-TON "BILD"-Zeitung) des Zentrums fĂŒr Politische SchĂ¶nheit an und
nehmen Euch mit auf einen einstĂŒndigen Roadtrip an die EU-AuĂenmauern.
Unterwegs suchen sie Antworten auf diese und andere Fragen; mit
allerhand SkurilitĂ€ten und Annekdoten im GepĂ€ck. AuĂerdem prĂ€sentieren
sie â in einer WelturauffĂŒhrung â den SMS-Verkehr mit
Bundestagsabgeordneten der CDU/CSU Fraktion. KĂ¶pfe werden rollen. Und du
kannst dabei mithelfen.
Sebastian SchinzelWe present four new Bleichenbacher side channels, and three successful Bleichenbacher attacks against the Java Secure Socket Extension (JSSE) SSL/TLS implementation and against hardware security appliances using the Cavium NITROX SSL accelerator chip.
Revisiting SSL/TLS Implementations
16 years ago, Daniel Bleichenbacher presented a protocol-level padding oracle attack against SSL/TLS. As a countermeasure, all TLS RFCs starting from RFC 2246 (TLS 1.0) propose "to treat incorrectly formatted messages in a manner indistinguishable from correctly formatted RSA blocks".
In our recent paper  we show that this objective has not been achieved yet: We present four new Bleichenbacher side channels, and three successful Bleichenbacher attacks against the Java Secure Socket Extension (JSSE) SSL/TLS implementation and against hardware security appliances using the Cavium NITROX SSL accelerator chip. Three of these side channels are timing-based, and two of them provide the first timing-based Bleichenbacher attacks on SSL/TLS described in the literature. Our measurements confirmed that all these side channels are observable over a switched network, with timing differences between 1 and 23 microseconds. We were able to successfully recover the PreMasterSecret using three of the four side channels in a realistic measurement setup.
Besides the academic relevance of breaking common SSL/TLS implementations, the timing attacks we performed are quite interesting for the hacking community. In our talk, we will thus focus on the challenges we had to solve during our attacks and on the challenges of fixing these issues.
The talk extends the topics that I presented at 28c3  and 29c3 .
: Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks.
Meyer, Somorovsky, Weiss, Schwenk, Schinzel, Tews.
Usenix Security Symposium 2014.
exideDespite claims of its obsolescence, electrical glitching can be a viable attack vector against some ICs. This presentation chronicles a quest to learn what types of electrical transients can be introduced into an integrated circuit to cause a variety of circuit faults advantageous to an reverser. Several hardware platforms were constructed during the quest to aid in research, including old-skool & solderless breadboards, photo-etched & professional PCBs, FPGAs, and cheap & dirty homemade logic analyzers. The strengths and weaknesses of the various approaches will be discussed.
Glitching For n00bs
A shroud of mystery surrounds the topic of electrical glitching. Every now and then, you hear it thrown around as a possible attack vector - perhaps to aid in reverse-engineering efforts, or to understand an unknown cryptographic implementation. But what is glitching, exactly? And, more importantly, how can it be leveraged as a potentially powerful tool?
This presentation chronicles a quest to learn what types of electrical transients can be introduced into an integrated circuit to cause a variety of circuit faults advantageous to an reverser. Several hardware platforms were constructed during the quest to aid in research, including old-skool & solderless breadboards, photo-etched & professional PCBs, FPGAs, and cheap & dirty homemade logic analyzers. The strengths and weaknesses of the various approaches will be discussed.
Instead of covering a hypothetical "toy" implementation of a victim chip - such as where the researcher/reverser implements a cryptographic algorithm themselves as software in a common microcontroller, and then attempts to glitch the implementation - a successful blackbox attack against a production security IC will be discussed, including how the attack was mounted, how results were obtained, and approaches to interpret the results.
Despite claims of its obsolescence, electrical glitching can be a viable attack vector against a variety of ICs, with a notable exception being some ultra-modern purpose-built security ICs. It is cheap to perform, you don't need an expensive laboratory, and if done properly, is non-destructive in nature. Glitching should be another tool in the reverser's arsenal, and can potentially provide results when other approaches have failed.
David MadlenerThree years have elapsed since the call for a "Hacker Space Program" during the Chaos Communication Camp 2011. In this lecture we will review the basics of space flight, discuss common problems and pitfalls encountered by a practitioner on the way to orbit, and report on the state of our sounding rocket program.
Rocket science â how hard can it be?
We are the Forschungsgemeinschaft Alternative Raumfahrt e. V. (Research Community on Alternative Space Travel) or FAR for short, and have been working on feasible ways into space since our foundation in August 2003. After extensive experimentation with solid and hybrid propulsion systems on the ground, we developed the sounding rocket family "Arguna". Since 2005 four different versions have been designed, built, and flown with different payloads. After a short review of basic rocket science and an outline of common propulsion technologies, we will report on the results of performed flights and experiments, especially of our latest sounding rocket Arguna IV.
Karsten BeckerAt the 26C3 we first presented our vision of sending a rover to the moon. We're still in the pursuit of doing this and are closer than ever. Many things have happened in the past 5 years and we want to share our story with you.
But this talk is not just about us, it is also about you! You will have the possibility to contribute to our mission, just tune in to get all the details :)
In the past five years, we developed several lunar rovers. Each got more and more sophisticated and better suited for our mission.
In this presentation we will also unveil our latest upgrade to the the well known R3 rover, as well as the latest camera technology. Those two allowed us to participate in an interims competition of the Google Lunar X Prize.
This interims prize enables us to further pursue our dream of sending a rover to the moon.
In our mission to the moon, we also have the ability to bring payloads up on the lunar surface for the first time in a few decades (unless you have some good connection to the chinese who were there last year).
We are calling out to you, to develop an interesting payload, that we could potentially bring to the surface of the moon!
Rudolf MarekYou definitely should care. The aim of this talk is to provide insight to the security, architecture and yes you guessed it, vulnerability of the AMD System Management Unit (SMU) firmware found in modern AMD x86 processors.
AMD x86 SMU firmware analysis
Every modern x86 platform contains several other auxiliary processors, which kind of erase the line between pure hardware and software. How well are those processors secured? What is running on them? Is there a way to analyze them?
Great attention had the Intel ME engine, but similar, although not so unfriendly processor(s) exists on the AMD platforms too. The aim of this talk is to provide insight to the security, architecture and vulnerability of the AMD SMU firmware found in modern AMD x86 processors.
The SMU is designed to prevent unauthorized code execution, thus making it ideal candidate to verify if it is so. This is where the fun starts.
The overall goal is to educate the audience enough that they may (and want to) start to tinker around various non-x86 firmwares found on x86 systems on their own.
twRocket Kitten is an advanced APT set of campaigns, with a twist - off-the-shelf malware that wonât shame a nation state. The talk will combine an assessment of the threat groupâs modus operandi with a technical deep dive. Prepare for some hex dumps.
Rocket Kitten: Advanced Off-the-Shelf Targeted Attacks Against Nation States
This talk will uncover a set of high profile espionage campaigns from 2014 that involve a commercial attack framework â a highly specialized tool that has not been publicly documented and remained undetected in multiple operations. We will discuss the framework's technical design and review its features and capabilities that make it a premium instrument for stealth intrusions. We will further discuss how the tool was delivered to victims and how the compromise was carried out.
Julia LongtinWe use microwaves to cast aluminum from 3D printed objects. This gives us the ability to cast high quality 6040 aluminum pieces using a 3D printer and commercially available consumer microwaves.
3D Casting Aluminum
We manufacture microwave safe kilns for melting aluminum. We create microwave transparent molds that allow us to burn out plastic without heating the mold itself therefor creating a quicker method of accomplishing the lost PLA process.
Mike PerrySoftware build reproducibility is the ability to use independent build machines to compile bit-identical binaries from program source code. In this talk, we will discuss the motivation for and the technical details behind software build reproducibility. We will describe the technical mechanisms used by the Tor Project to produce
reproducible builds of the Tor Browser, and also introduce the early efforts of both F-Droid and Debian to achieve these same build integrity properties on a more wide-scale basis.
For the past several years, we've been seeing a steady increase in the weaponization, stockpiling, and the use of software exploits by many parties. In particular, there are an increasing number of vectors to "bridge the air gap" and exploit even disconnected machines. Software build systems make a worrisome target for these types of exploits, as they provide a stepping stone to compromise very large numbers of machines.
To underscore this point, we will demonstrate a simple Linux rootkit that is capable of infecting the compilation process while otherwise leaving no traces on the machine.
We will discuss a powerful solution to this problem: Build Reproducibility. We will focus on the build system used by The Tor Project to build Tor Browser - our Firefox-based browser. We will also touch upon current work by Debian, as well as by F-Droid and the Guardian Project for Android.
Sylvain MunautAt 28C3 we introduced the very first steps of the osmo-gmr projects. During this talk, we will present the various advances that have been made in this project on various aspects (voice codec, crypto algorithm, ...)
osmo-gmr: What's up with sat-phones ?
GMR-1 (GEO Mobile Radio) is a satellite phone protocol derived from GSM. The main operator using this protocol is Thuraya and is mainly active in the middle east and asia.
osmo-gmr is a project of the osmocom family whose goal is to implement the various levels of a GMR stacks, starting from SDR signal acquisition up to the actual voice layer.
At 28C3 we gave and introductory talk to the project which was pretty new at the time. On this talk, we will quickly summarize what was presented last time and then move on to the new stuff.
The two main obstacles to implement a practical monitoring software for GMR-1 were the secret crypto algorithm and the unknown voice codec. Both obstacles have now been lifted and we will present the details of how that happened. We will also look toward the next steps and other aspects of the system that we're planning to dig into.
joschDer Vortrag bietet eine sprachwissenschaftlich informierte Perspektive auf den Informationskrieg mit Fokus auf operative Kommunikation in sozialen Medien. Am Beispiel eines selbst entwickelten Bots werden wir linguistische Prozeduren zur Manipulation von Kommunikation mit dem Ziel der Beeinflussung von Wissen, Werten, GefĂŒhlen und Handlungsdispositionen vorstellen.
Mein Bot, der Kombattant
Der Meinungskampf im Netz wird professioneller: WĂ€hrend der Ukrainischen Maidan-Proteste sahen sich die Redaktionen von Online-Zeitungen mit einer Flut von russlandfreundlichen Kommentaren konfrontiert, die die Proteste als Werk amerikanischer Geheimdienste und die Regierung in Kiew als Nazi-Junta zu diskreditieren suchten. Verursacher war die "Agentur zur Analyse des Internets" aus St. Petersburg, die mutmaĂlich von staatlichen Akteuren damit beauftragt wurde, die Ă¶ffentliche Meinung in anderen LĂ€ndern durch verdeckte Operationen in sozialen Netzwerken zu beeinflussen. Und in SĂŒdkorea hat die Abteilung Psychologische Strategie des National Intelligence Service (NIS) mittels gefĂ€lschter Twitter-Accounts im Vorfeld der PrĂ€sendentschaftswahlen 1,2 Millionen Tweets versendet, um Stimmung fĂŒr Park Geun Hye, Kandidatin der konservativen Saenuri-Partei zu machen.
Der digitale Informationskrieg ist also lĂ€ngst im Gang. Er zielt wie traditionelle Psychologische Operationen auf die Beeinflussung von Wissen, Werten, GefĂŒhlen und Handlungsdispositionen und will Agenda Setting in der gegnerischen Ăffentlichkeit betreiben. Von den traditionellen PSYOPS unterscheidet ihn, dass er maschinell und klandestin gefĂŒhrt wird und statt massenkommunikativ zu agieren ĂŒber die MĂ¶glichkeit verfĂŒgt, jeden, der sich in sozialen Netzwerken bewegt, persĂ¶nlich und mit einer individuellen Strategie anzusprechen. Der Bot ist ein Kombattant mit der Aufgabe, Menschen zu beeinflussen, konstruktive Diskussionen zu verhindern und Social-Media-Monitoring-Systeme und Aggregatoren zu manipulieren. Sein Medium ist in erster Linie die Sprache, die einordnen, bewerten, konfrontieren und ĂŒberzeugen will, die eine Wirklichkeit erschaffen will, in der das Handeln der eigenen Konfliktpartei als legitim, gerecht und zwingend und das des Feindes als falsch, unrecht und unwahrhaftig erscheint.
In unserem Vortrag werden wir den Begriff der operativen Kommunikation aus sprachwissenschaftlicher Perspektive definieren, ihre rechtlichen Rahmenbedingungen im Informationskrieg bestimmen und die LegitimitĂ€t von operativer Kommunikation fĂŒr unterschiedliche Regimetypen diskutieren. Anhand eines selbst entwickelten einfachen Bots wollen wir im zweiten Teil des Vortrags Szenarien fĂŒr den operativen Einsatz in der semantischen Matrix vorstellen und die linguistischen Operationen illustrieren, die zur Manipulation von Kommunikation fĂŒhren kĂ¶nnen.
Thomas SkowronSeit nun ĂŒber 10 Jahren gibt es OpenStreetMap. Besonders in den letzten drei Jahren war die Entwicklung ĂŒberwĂ€ltigend, sowohl was die Datenlage als auch das gesamte Ăkosystem anbelangt. Wir wollen zeigen, was mĂ¶glich ist und was in der Zukunft (hoffentlich) passieren wird.
10 Jahre OpenStreetMap
gannimoPrograms are full of bugs, leading to vulnerabilities. We'll discuss power and limitations of code-pointer integrity (CPI), a strong but practical security policy that enforces memory safety for all code pointers, protecting against any form of control-flow hijack attack (e. g., ROP or JOP).
Code Pointer Integrity
Systems code is often written in low-level languages like C/C++, which offer many benefits but also delegate memory management to programmers. This invites memory safety bugs that attackers can exploit to divert control flow and compromise the system. Deployed defence mechanisms (e. g., ASLR, DEP) are incomplete, and stronger defence mechanisms (e. g., CFI) often have high overhead and limited guarantees (and are therefore not generally deployed).
In this talk we discuss code-pointer integrity (CPI), a strong security policy that guarantees the integrity of all code pointers in a program (e.g., function pointers, saved return addresses) and thereby prevents all control-flow hijack attacks, including return-oriented programming and jump-oriented programming. We also introduce code-pointer separation (CPS), a relaxation of CPI with better performance properties. Both CPI and CPS offer substantially better
security-to-overhead ratios than the state of the art, they are practical (we protect a complete FreeBSD system and over 100 packages like apache and postgresql), effective (prevent all attacks in the RIPE benchmark), and efficient, resulting in very low to negligible performance overhead.
We will also discuss technical challenges in the CPI prototype implementation, practical challenges we faced when protecting a full FreeBSD distribution, and give more details on the scope of protection which will be interesting to hackers. The full prototype implementation is open-source, all changes to FreeBSD are open-source and we're working on integrating the patches into LLVM.
Caspar BowdenIn 2011 I started trying to warn EU institutions about what we now call PRISM, after working it out from open sources. Civil society, privacy regulators, and the Commission all did nothing. This is the story of exactly how they did nothing, and why, and what is happening now
The Cloud Conspiracy 2008-2014
There is one law (FISA 702) and one policy (EO12333) which authorizes the US government to conduct mass surveillance on "foreigners in foreign lands". These are drafted in terms which discriminate the privacy rights you have by the passport you hold - in fact there are no rights at all for non-Americans outside the US.
It is obvious that this is a reasonably important dimension of the whole Snowden affair, because it starkly conflicts with ECHR norms that rights are universal and equal.
The only possible resolution compatible with universal rights is data localization, or construction of a virtual zone in which countries have agreed mutual verifiable inspections that mass-surveillance is not occurring (and at present this seems unlikely). There is a widespread misconception that somehow the new GDPR privacy regulation will curb foreign spying, when in fact it is designed to widen loopholes into floodgates.
This talk is multidisciplinary and will cover national and international surveillance and privacy law, Five Eyes SIGINT policy, technical security and economics.
FriederikeMaxwell's equations are four differential equations which form the foundation of classical electrodynamics, classical optics, and electric circuits. This talk will take a look at the connection between these equations, wave propagation and antenna arrays.
From Maxwell to antenna arrays
Maxwell's equations describe how electric and magnetic fields are generated and altered by each other and by charges and currents. They are named after the Scottish physicist and mathematician James Clerk Maxwell, who published those equations exactly 150 years ago and form the foundation of classical electrodynamics. Actually Maxwell had 20 equations and it took another 20 years until they were understood and the self-taught British engineer, mathematician, and physicist Heaviside put the equations in their present form. Some years later Hertz brought the experimental prove of Maxwell's theory.
Under a lot of simplifying boundary conditions wave propagation and antenna theory can be derived from this four equations. This talk will lead from Maxwell's equations to wave equations and nice antenna forms and arrays. Also some practical aspects will be evaluated. Why do low frequencies reach farther than higher frequencies? Why do radio astronomers spread their antenna arrays over whole continents? Or why is China Mobile building antenna arrays for mobile radio consisting of 128 antennas?
SilviaIn the post-NSA world it is important to understand the magnitude of our online activities in order to take informative decisions on our ubiquitous shared lives.
Personal Tracking Devices is the result of a two years long study on tracking technologies and the inherent nature of the web and telecommunication networks in general.
The study, conducted as part of Ph.D. research in privacy and security at UPC Barcelona Tech, collected a large amount of metadata to raise awareness on the footprints left by users on the web and through mobile apps.
Personal Tracking Devices and Online Identity
Personal tracking devices will visualise the online footprint of a user by looking at their metadata.
A hypermedia model of the user footprint would then be introduced in order to better explore it. This model has been called hyperme.
Hyperme is a hyperdata model of a user online footprint. The hyperme model links the user identities created across different services and the features associated with them. These features are attributes that compose an identity, such as email, date of birth, place of birth and so on.
The hyperme model of the user identity permits the visualisation of the user expressed preferences, the content they have created and who or what can access this content.
The model uses context between the userâs various identities and the signals produced, to create links between different objects, obtaining an explorable graphÂ-like structure.
Links between data snippets are creating by exploring the keywords and categories used to describe the entities. These are provided by the user themselves through freeform annotations, particular use of language, location information, timestamps, social relationships and association with other entities such as companies and institutions.
Explicit connections are also discovered by associating such keywords with Wikipedia concepts. By exploiting links between articles, it is possible to draw relations between different entities, providing a dictionary to build strong connections between different categories.
If the identities created by a single user, and the signals generated are analysed at different levels, it would be possible to discover different subgraphs and subÂhypergraphs between the data object, therefore revealing a complex network of heterogeneous information shared across a number of services and with sets of different parties, being this social relationships or other applications and devices.
Each party in fact enjoys a certain level of access to the different documents produced by the user, by the devices used and by the application authorised to access and produce content on their behalf.
A hypergraph model therefore allows the possibility to explore the userâs different identities and the corresponding created content at different levels, exposing how different services or relationships contribute to protect or threaten the user privacy.
Hong Phuc DangThe talk is about our project to develop software and hardware tools for a fair and environment friendly garment and textile production and how we break down the locks that exists on every level in the industry from design, to software, machines and distribution.
Letâs build our own personalized open textile production line
The talk is about our project to develop software and hardware tools for a fair and environment friendly garment and textile production and how we break down the locks that exists on every level in the industry from design, to software, machines and distribution.
We want to set up our own personalized open textile production line and offer an alternative to the unethical ways most of our clothes are produced today. At the talk we will present the first successes of this endeavor in our community - Open Source pattern making software, sewing robots, next generation knitting machine upgrades - and challenges that are ahead.
Democratizing digital textile production and offers the chance for a fair and environment friendly production of garments and textiles at home and in the industry. Just as 3D printers enable more and more people to become makers we want to enable digital garment makers to create their own clothes, share them online and produce it where-ever they are.
Members of our projects include software developers, fashion designers, pattern creators, knitters, textile manipulators, hardware hackers, and even industry experts. We started a FashionTec Working Group about two years ago after the annual Libre Graphics meeting in Madrid.
The traditional industry is in a state of complete lock on all levels:
* digital fashion design locked to competing proprietary formats and software
* production locked to machines of producers accepting formats
* distribution lock - locked to existing large distribution channels in order to be a viable business
The Free and Open Source community has taught us that it is possible to overcome a complete proprietary lock down. Letâs repeat this success in the textile and garment industry. We need Free and Open Source software, Open Formats and Open machines. With todays development tools successes are just a short step away. Our talk will give you insights and hopes to inspire more people.
Andreas BihlmaierAn introduction to the Robot Operating System (ROS) for the home/hackerspace roboticist (if it physically interacts with the world through code, call it robot).
How I Learned to Stop Reinventing and Love the Wheels
All large, feature-rich and complex frameworks suck. True, but too short for a talk. Therefore the talk tries to make a point on why one should still us these frameworks (for robotics). At least so, if one wants to have fun with (home/hackerspace) robotics and do something cool, instead of getting stuck at the usual "trivial" (or low-level, sounds less judging) capabilities.
In order to build robots one needs at least a basic understanding of mechanics, electronics and computer science. Obviously, more advanced robot features in each area, depend on more advanced roboticist skills â and equipment ... and money. The growing community of makers, the proliferation of hackerspaces (cooperators, equipment!) and highly useful consumer devices lessen the hardware related challenges. On the other hand, state-of-the-art open-source robotics software has been available for quite a few years already. Unfortunately, it is still somewhat neglected by the extended, i. e. non-academic, robotics community. The mindset and prejudices of too many hackerspace natives is opposed to using preexisting frameworks, especially large ones, in favor of starting from scratch. Bloat, ugly APIs, deprecated programming styles and of course bad code conventions ... good and good enough reasons to start over (I confess, too!). As a result many projects never get beyond the point of "finally fixed the bug by reflashing the microcontroller with code that sets register bar42=0xf00, now it moves â sort of".
The famous "Re-inventing the Wheel" comic (http://www.willowgarage.com/sites/default/files/blog/201004/willow_p1_02s.jpg) posted by Willow Garage in 2010, does tell the life cycle of robotics in the PhD world, but not only that. Rather, unfortunately, it pertains to robotic and closely related projects in general.
So in a nutshell, yet another 'Introduction to ROS' talk? Yes, an introduction to the Robot Operating System (ROS).
However, for once without leaving behind the impression (in the hobbyists mind) that this is all cool stuff, but what to do with it when not owning a 100K dollar robot.
The goal is to show a few basics (the Plumbing), as many of the tools and capabilities as time permits and a few words about the people side of things.
Should the robot visually perceive the world? ROS + Webcam(s) / Kinect / Xtion. Hello, out of the box drivers, calibration, point clouds and object recognition.
Should the robot drive around and navigate in the environment? ROS + Navigation stack. Hello, out of the box SLAM.
Should the robot reach out and grasp something? ROS + MoveIt!. Hello, out of the box collision-free motion planning.
Should the robot brain be distributed across multiple computers without changing a line of code? ROS. Hello, out of the box usable(!) middleware.
Should the robot builders be able to create independent, yet compatible modules? ROS. Hello, out of the box modularity (well ok â at least kind of).
Should the robot's world be easily understandable through interactive visualizations? ROS + Rviz / rqt. Hello, out of the box advanced 3D visualization for many types of data.
Is this an advertisement? Yes, for great open source software â to make each of your lines of code do more _interesting_ stuff. Hello ROS world.
Norbert BraunThe talk is on the eXperimental Robot Project (XRP), a project to develop an open-hardware humanoid robot. More precisely, we are focusing on the distinguishing feature of a humanoid robot - the ability to walk on two legs.
The eXperimental Robot Project
Humanoid robots fascinate us - they appear in nearly every science fiction universe. Compared to Mr. Data or C-3PO, humanoids in reality are rather disappointing. Not only do they lack anything resembling human-level intelligence, but even their walking is slow and fragile - most of them only work on perfectly even ground. While we still have to wait a long time for true artificial intelligence, the recent years have brought substantial progress with respect to motion.
Unfortunately, most of that progress is proprietary - the leading groups, such as Schaft and Boston Dynamics, publish very little beyond Youtube videos. University projects are more open, but still usually do not publish source code or construction drawings. We think that bipedal robots are way too important to be left to the proprietary world, so we decided to learn from what is available and start to build our own, completely open one. In the talk, we will try to share what we have learned so far.
The first part of the talk will be on simulation, which allows us to test control algorithms and to get an idea about the mechanical requirements without having to build actual hardware. We will introduce the basics of rigid body dynamics, discuss the physics of walking and show how a successful walking machine can be built, at least a virtual one.
In the second part of the talk, we will discuss how a physical, human-size robot might be built without needing a 100,000+ âŹ budget. We will present our plans and experiments on sensors, motor drivers and actuators.
Fiona KrakenbĂŒrgerIm September 2014 fand die Veranstaltung Jugend hackt statt: Ein Wochenende Hacken, Basteln und Programmieren mit 120 computerbegeisterten Jugendlichen. Wir als Organisatorinnen und Teilnehmer wollen von dem Event erzĂ€hlen und unsere Erfahrungen teilen. Der Talk richtet sich gleichermaĂen an Jugendliche, die sich fĂŒr's Hacken begeistern, als auch an alle, die sich fĂŒr Code Literacy, MedienpĂ€dagogik oder den IT-Nachwuchs interessieren.
"In Deutschland lernen Kinder den Umgang mit Medien trotz Schule." Das ist das ernĂŒchternde Fazit eines Schulforschers, der dieses Jahr die nicht weniger desillusionierende International Computer and Information Literacy Studie vorstellte. Dabei ist ein grundlegendes VerstĂ€ndnis von Computertechnologien Voraussetzung dafĂŒr, sich in einer Welt der digitalen Technologien zurechtzufinden und sie mitgestalten zu kĂ¶nnen. Da sind sich alle einig, und es wird viel darĂŒber gesprochen. Doch die groĂe Bildungsinitiative lĂ€sst auf sich warten, und Nachwuchstalente werden gesellschaftlich noch immer wenig beachtet und noch seltener aktiv gefĂ¶rdert.
Wir von der gemeinnĂŒtzigen Open Knowledge Foundation Deutschland e.V. wollten nicht lĂ€nger warten und haben deswegen 2013 das FĂ¶rderprogramm Jugend hackt ins Leben gerufen. Zuletzt kamen im September 2014 rund 120 Jugendliche aus ganz Deutschland in Berlin zusammen. Gemeinsam mit Gleichgesinnten haben sie an Software- und Hardwareprojekten rund um die Themen Ăberwachung, Bildung, Gesundheit, Gesellschaft, Freizeit und Umwelt gearbeitet.
Die Jugendlichen, die zwischen 12 und 18 Jahre alt sind, entwickelten insgesamt 27 Projekte, mit denen sie ein deutliches Statement gegen das beliebte Narrativ der politisch desinteressierten Jugend setzten. Sie zeigten nicht nur, dass sie technisch versiert und kreativ mit Computern umgehen konnten, sondern auch einen wachsamen und kritischen Blick auf gesellschaftliche und politische Herausforderungen haben. Alle 27 Projektideen sind selbststĂ€ndig von den Jugendlichen erarbeitet und umgesetzt worden. FĂŒr Fragen standen den Jugendlichen erwachsene Softwareentwickler/innen zur Seite.
Auf dem 31c3 wollen wir unsere Erfahrungen mit euch teilen. Zudem werden Teilnehmer von Jugend hackt ihre entstandenen Projekte vorstellen. Da ist z.B. "Awearness", ein Armband, das vibriert, wenn eine Ăberwachungskamera in der NĂ€he ist. Oder "Dapro", ein Datenschutzproxy, der ĂŒber aufgezeichnete Metadaten informiert. Oder die "intelligente Pillenbox", die Tabletten an demenzkranke Patienten ausgibt und bei Nicht-Einnahme einen Notruf an den Pfleger absetzt.
starsThe Novena open source laptop contains a FPGA, but free software support for FPGAs is lacking and requires root access to the hardware.
Towards General Purpose Reconfigurable Computing on Novena
Our work is on providing a framework and a demonstration application for general purpose accelerator cores for Novena's FPGA.
ericfiliolThis talk presents a deep analysis of banking mobile apps available in the world. Based on static and dynamic analysis as well as on the analysis of the final source code we show that a vast majority of them are not respecting users' privacy and users' data protection. Worse a few of them contains critical bugs
(In)Security of Mobile Banking
Mobile banking is about to become the de facto standard for banking activities. Banking apps â on smartphones and tablets - are widespreading more and more and this evolution aims at strongly limiting the classical access to bank (physical, through PC browser, through ATMâŠ). The aim is first to cut the cost but also to make the personal data explode.
Then three critical issues arise. Since we entrust those mobile applications by feeding them with passwords, private information, and access to one of the most critical part of our like (money):
âą Do those applications protect our private life and especially which kind of information is leaking to the bank?
âą Are they containing vulnerabilities that could be exploited by attackers?
In this talk, we are going to present a deep analysis of many banking apps collected in the world. We have performed static and dynamic analysis based on the binaries AND the source code. We will show that almost all apps are endangering our private data (sometimes severely) but in a few cases the presence of vulnerabilities are extremely concerning. While we tried to contact all the relevant banks for a free, detailed technical feedback and to help them fixing their apps, we will explain that a few of them did not care about this feedback and therefore did not want to take any security measure.
This talk contains demos and operational results on existing apps.
Laurent GhigonisSS7 has been shown repeatedly as an insecure protocol: spoofing, faking, crash through fuzzing, fraud. The main question of our study is to determine how this insecurity is mitigated by network operatorâs action to prevent compromise on both network exposure of infrastructure and privacy compromise of subscribers. It's why we wanted to come out with SS7map.
Alexandre De Oliveira
SS7map : mapping vulnerability of the international mobile roaming infrastructure
SS7 has been shown repeatedly as an insecure protocol: spoofing, faking, crash through fuzzing, fraud. The main question of our study is to determine how this insecurity is mitigated by network operatorâs action to prevent compromise on both network exposure of infrastructure and privacy compromise of subscribers.
The goal of SS7map is to provide a global overview by building the first SS7 signaling network world map revealing how vulnerable and exposed are telecom operators and their subscribers. We explain how it is possible for each mapped network to abuse legitimate signalling messages and call flows to discover and fingerprint equipment, intercept SMS messages, and perform massive location tracking of subscribers. More than pure analysis of vulnerability, this map rates and ranks the vulnerability of countries and operators showing discrepancies in the level and type of protection: SCCP screening, SS7 policing, MAP filtering, rate limiting, Network Element security configurations. We then conclude on the direction of signaling security and its current trend and development in the LTE world that shares many similar design insecurities with SS7.
SS7map website: http://ss7map.p1sec.com/
Eireann LeverettThis talk will introduce you to Industrial Ethernet Switches and their vulnerabilities. These are switches used in industrial environments, like substations, factories, refineries, ports, or other other homes of industrial automation. In other words: DCS, PCS, ICS & SCADA switches. It is a very good companion talk to Damn Vulnerable Chemical Process? Own your own critical infrastructures today!
Switches Get Stitches
This talk will introduce you to Industrial Ethernet Switches and their vulnerabilities. These are switches used in industrial environments, like substations, factories, refineries, ports, or other other homes of industrial automation. In other words: DCS, PCS, ICS & SCADA switches.
The researchers focus on attacking the management plane of these switches, because we all know that industrial system protocols lack authentication or cryptographic integrity. Thus, compromising any switch allows the creation of malicious firmwares for further MITM manipulation of a live process.
Not only will vulnerabilities be disclosed for the first time (exclusively at 31C3), but the methods of finding those vulnerabilities will be shared. All vulnerabilities disclosed will be in the default configuration state of the devices. While these vulnerabilities have been responsibly disclosed to the vendors, SCADA/ICS patching in live environments tends to take 1-3 years. At least three vendors switches will be examined: Siemens, GE, Garrettcom.
Therefore, this presentation matters to any hackers or anarchists, who believe they have a right to examine the resilience and security of the infrastructures that support their communities.
Own your own critical infrastructures today!
saperEver wondered what the cryptic
Beyond PNR: Exploring airline systems
QNY27R on your airline reservaton means? This talk explores typical computing environment as seen in the air transport industry. Discover ancient software, old communication protocols and cryptic systems. What data are stored and how they are exchanged to keep the air transport industry running.
- Air traffic control systems
- Flight information systems (FIDS)
- Terminal environment
- Baggage control
- Access control
- Networks and networks
- Airline inventory
- Departure control (check-in)
- Flight management
- Load control
- In-flight entertainment
Global Distribution Systems
Your data with the airline
- Passenger Name Record
- Departure control data
- Electronic Ticket
- Frequent Travel Data
No human is illegal
- APIS data
- PAXLST message
- PNR data exported to the US
Communication networks and protocols
- SITA network
- AIRIMP manual
Typical airport workstation
- Terminal emulated on PC
- Boarding pass printers (thermal)
- Bag tag printers
- Document printers (dot matrix)
- Device standarization
- Direct terminal access
- (Java-based) Terminal emulators
- CUTE enviroment
- Departure from direct mainframe access: EDI
J. Alex HaldermanEstonia is the only country in the world that relies on Internet voting in a significant way for legally-binding national elections â up to 30% of all voters cast their ballots online. This makes the security of Estonia's Internet voting system of interest to technologists and citizens the world over. Over the past year, I helped lead the first rigorous, independent security evaluation of the system, based on election observation, code review, and laboratory testing. The findings are alarming: there are staggering gaps in Estonia's procedural and operational security, and the architecture of the system leaves it open to cyberattacks from foreign powers. Our investigation confirmed the viability of these attacks in the lab, but the Estonian government has chosen to downplay them. We urgently recommend that Estonia discontinue use of the system before the country suffers a major attack.
Security Analysis of Estonia's Internet Voting System
When Estonia introduced its online voting system in 2005, it became the first country to offer Internet voting nationally. Today, people around the world look to Estonia's example, and some wonder why they can't vote online too. Nevertheless, the system remains controversial. While many Estonians view Internet voting as a source of national pride, one major political party has repeatedly called for it to be abandoned.
Over the past year, I took part in the first rigorous and fully independent security analysis of the Estonian Internet voting system. My team observed operations during the October 2013 and May 2014 elections, conducted interviews with the system developers and election officials, assessed the software through source code review and reverse engineering, and performed tests on a reproduction of the complete system in our lab.
The threats facing national elections have shifted significantly since the Estonian system was designed more than a decade ago. State-level cyberattacks, once a largely hypothetical threat, has become a well documented reality, and attacks by foreign states are now a credible threat to a national online voting system. To test the feasibility of such attacks, we reproduced the I-voting system and played the role of a sophisticated attacker during a mock election. We developed client-side attacks that silently steal votes on voters' own computers We also demonstrated server-side attacks that target introduce malware into the vote counting server, allowing a foreign power or dishonest insider to shifting results in favor of their preferred candidate.
These risks are even more serious because of deviations from procedure and serious lapses in operational security that we observed during real elections. Election workers downloaded security-critical software over unsecured Internet connections, typed server root passwords in full view of observers and public video cameras, and prepared election software for distribution to the public on insecure personal computers, among other examples. These actions indicate a dangerously inadequate level of professionalism in security administration that leaves the whole system open to attack and manipulation.
When we made our study public in Estonia, government responses ranged from dismissive to absurd. Officials discounted them, and the President and Prime Minister insinuated that we had been bought off by a rival political party. We hope that the country can separate technical reality from politics in time to avert a major attack. For other countries that are considering adopting Internet voting, we hope that the weaknesses of the Estonian system can be an important cautionary lesson.
SarahHow to play with lasers without injuring Yourself and others and how to design the safety circuits of a laser system.
Safer playing with lasers
This talk covers:
Effects of laser radiation to tissue and eyes
Real world don'ts
Other dangers of laser systems
What to do to be safe
Technical implementation of safety systems
SecThe chronicles of reversing the Iridium pager system.
Iridium Pager Hacking
The Iridium satellite system provides voice and data coverage to satellite phones, pagers and integrated transceivers over Earth's entire surface. It was built by Motorola over 15 years ago, and parts of it remain unchanged to this day.
Iridium pagers are similar to other pager systems from that time (they are receive-only devices) with the benefit that they will work anywhere on earth. Additionally they work on a receiver-pays subscription model, and due to their age are probably not using cryptography.
Broadcasting messages all over the world sounds interesting enough to take a closer look. As Iridium is a proprietary system, documentation is scarce and hard to come by. But with the rise of software defined radio we can take a peek at what happens over the air...
Anita GohdesSimple access to social media and cell phone has widely been accepted as a positive tool for citizens to voice dissatisfaction with their government and coordinate protest. But why would rulers permit these tools if they merely pose a threat to their own survival? This talk will investigate how a governmentâs ability to censor and limit the flow of information feeds into its choice of violent responses to protest. I will talk about the conditions under which a government is likely to benefit more from surveilling the free flow of information, and under which conditions it is more likely to benefit from censorship.
Information Control and Strategic Violence
A few weeks before the first mass protests ensued across Syria in March 2011, the Regime led by President Bashar Al-Assad lifted a large number of bans on social networking platforms, including Facebook and Youtube. Up to that point, the Regime had controlled the most regulated media landscape and telecommunications market in the Middle East, which is why the move towards providing access to social media sites not even permitted in China was not something to be expected. Why, after all these years of extreme censorship, does a government suddenly permit free access to, and generation of, information?
The ability to connect via large social network platforms has been celebrated as an important way for ordinary citizens to collectively organise protest in light of repressive rulers. The revolutions in the Middle East and North Africa have spurred a new and important research area on the effects of digital communication technology on citizenâs propensity to voice dissent and organise protest and resistance. The fact that anyone with a working network connection can now access, generate, and exchange content on the internet has been termed a âgame changerâ for authoritarian regimes intent on maintaining control in light of mass popular protest.
What has remained largely unanswered, is how regimes resolved to stay in power can make use of their ability to surveil, censor, and limit the flow of information in an age where the majority of communication has been relegated to the inter- net and mobile phones. Understanding the way in which this new form of control feeds into more traditional means of repression, such as the use of extreme forms of physical coercion, is a crucial part of this process. In this talk, I will discuss under which conditions the free flow of information is likely to prove helpful in conducting effective state repression, and under which conditions the censoring of information access is likely to be more beneficial.
Regimes intent on maintaining power against all adversaries have long since combined the use of censorship with physical violations of those deemed threatening to their position. The introduction of digital communication technology has, however, altered the costs and benefits of limiting the flow of information when conducting coercive campaigns. When Syriaâs government decided to unblock social networking sites, it might thus have simultaneously increased its intelligence for counterinsurgency operations, while also providing new ways of collective action for the opposition. Investigating these changes and how they affect the tactics of state violence is a crucial first step in understanding how contemporary and future governments are likely to incorporate their control of communication technology into strategies of repression.
I use supervised machine-learning to analyze over 60,000 records of killings perpetrated by the Syrian Regime in the ongoing conflict, and classify them according to their event circumstances, to arrive at a categorization between targeted and untargeted acts of repression. I find that higher levels of information accessibility are consistently linked to an increase in the proportion of targeted repression, whereas areas with little or no access witness more indiscriminate campaigns of violence.
ruediIm Vortrag sollen technische und gesellschaftliche Konsequenzen der von Microsoft kontrollierten Windows-8-Secure-Boot-Architektur und mĂ¶gliche GegenmaĂnahmen diskutiert werden.
Vor Windows 8 wird gewarnt
Nachdem die EinfĂŒhrung einer Microsoft-kontrollierten Sicherheitsinfrastruktur durch politischen Widerstand lange aufgehalten werden konnte, hat Microsoft inzwischen ein weiteres Mal Fakten geschaffen. In den Hardwareanforderungen fĂŒr Windows 8 wird Secure Boot verpflichtend vorausgesetzt. Andere Betriebssysteme kĂ¶nnen in der Praxis bisher nur mit technisch und rechtlich problematischen Notkonstruktionen gestartet werden.
FĂŒr die stark wachsende ARM-Prozessorwelt soll dem Nutzer sogar komplett die Kontrolle entzogen werden. Dies beinhaltet sogar eine Zwangsaktivierung und ein Verbot der Deaktivierung des Microsoft-kontrollierten Secure-Boot-Prozesses.
Was vielen lange Zeit als der bekannte Kampf zwischen Hackern und Microsoft um die freie Nutzung unserer GerĂ€tschaften erschien, erhielt durch die politischen Entwicklungen hĂ¶chste Brisanz fĂŒr die gesamte Industrie. Microsoft kann und hat auch schon ohne nachvollziehbare BegrĂŒndung konkurrierende Bootloader deaktiviert.
Ein Szenario, dass Microsoft (mĂ¶glicherweise durch US-Regierungsdruck) die Berechtigung fĂŒr die von Microsoft unterschriebene Bootloader fĂŒr Linux-Distributionen zurĂŒckzieht, will man sich insbesondere fĂŒr sicherheitskritische Systeme oder eingebettete Systeme nicht wirklich vorstellen.
WĂ€hrend deutsche BehĂ¶rden darĂŒber diskutieren, wie sehr vor Windows 8 gewarnt werden sollte, verbot China vĂ¶llig die Verwendung von Windows 8 auf staatlichen Computern.
Im Vortrag sollen weitere technische und gesellschaftliche Konsequenzen vom Microsoft-kontrollierten Sicherheitsinfrastrukturen und mĂ¶gliche GegenmaĂnahmen diskutiert werden.
Aram BarthollIn general data is stored on technically sensitive systems and can easily be lost. At the same time files today appear often as indestructible once uploaded to the Internet.
Â»Hard Drive PunchÂ«
In this presentation I will talk about a variety of approaches on data destruction and how these connect to current events and questions in society. From professional hard drive punch systems and art projects to DIY thermite melting, the art of destroying data is a wide spread cultural phenomenon.
Workshop: Bring your old hard drives to have them crushed with the IDEAL 0101 hard drive punch or cut the data platter yourself by hand.
Competition: You think you can still recover files from this drive? Which methods are the best?
JacobSurveillance, cryptography, terrorism, malware, economic espionage, assassination, interventions, intelligence services, political prisoners, policing, transparency, justice and you.
Structural processes and roles are designed to create specific outcomes for groups. Externally facing narratives are often only one of many and they seek to create specific outcomes by shaping discourse. We will cover a wide range of popular narratives surrounding the so-called Surveillance State. We intend to discuss specific historical contexts as well as revealing new information as part of a longer term research project.
bunnieWe introduce Fernvale, a reverse-engineered, open hardware and software platform based upon Mediatek's MT6260 value phone SoC. The MT6260 is the chip that powers many of the $10 GSM feature phones produced by the Shanzhai.
Fernvale is made available as open-licensed schematics, board layouts, and an RTOS based upon the BSD-licensed NuttX, as well as a suite of open tools for code development and firmware upload. We discuss our technical reverse engineering efforts, as well as our methodology to lawfully import IP from the Shanzhai ecosystem into the Maker ecosystem. We hope to establish a repeatable, if not labor-intensive, model for opening up previously closed IP of interest, thereby outlining a path to leveling the playing field for lawful Makers.
Fernvale: An Open Hardware and Software Platform, Based on the (nominally) Closed-Source MT6260 SoC
There is a set of technology which Makers are legally allowed access, and there is a much larger set of technology which is used to make our every day gadgets. Access to the best closed-source technology is prevented via barriers such as copyright (limiting your ability to learn how it works), patent (limiting your ability to make something similar), and supply-chain (limiting your ability to buy it). As a result, open-licensed, Maker-friendly technologies have trailed closed-source technology in terms of cost, performance, and features.
Makers operating under Western IP law are legally bound by these barriers, and are forced to settle for Arduinos, Beaglebones, Raspberry Pis and Novenae. However, all of these are a far cry in terms of cost, performance, and features from what consumers typically expect from boxes purchased in retail stores.
Our research into the Chinese ecosystem indicates there is another way. Originally marginalized as outlaws and copycats, the Shanzhai of China â China's counterpart to the Western hacker-maker â exist in a realm where copyright and patent barriers are permeable, a state which we refer to as 'gongkai'. As a result, knowledge and access to state of the art closed source technology has diffused into the Shanzhai ecosystem. Today, they have moved beyond the rote copying of Nokia, Samsung, and Apple, and have created a thriving, vibrant ecosystem where mobile technology is rip/mix/burned; their products are mass-produced at a rate of millions per month for the ârest of the worldâ, e.g. emerging markets such as Africa, Brazil, India, Indonesia, and Russia.
About a year ago, we did a tear-down of an example $12 phone, and contrasted it to the Arduino Uno. For $29, the Arduino Uno gets you a 16MHz, 8-bit CPU with 2.5k of RAM, and USB plus a smattering of GPIO as the sole interfaces. For $12, a phone out of the Chinese gongkai ecosystem gets you a 260 MHz, 32-bit CPU with 8MiB of RAM, with USB, microSD, SIM, quad-band GSM, Bluetooth, an OLED display and a battery. It begs the question of why, when Makers talk about IoT technologies in the West, they typically think of wifi-powered solutions in the $20-70 range, versus a GSM platform in the $10-$20 range.
In this lecture, we disclose an attempt to short-circuit the disclosure barrier. We are releasing an open hardware and software solution built around the Mediatek MT6260. The MT6260 is a 32-bit ARM7EJ-S SoC with 8MiB of PSRAM in-package, as well as USB, LCD, touchscreen, audio, Bluetooth, quad-band GSM, dual-SIM, FM radio, UART, keypad, SD card, camera, and other peripherals integrated. The chip can be purchased on the over-the-counter market for about $2-3 in China. We call our solution built around this chip âFernvaleâ.
Fernvale is similar to the âLinkIt ONEâ recently released by Mediatek and Seeed Studios, based upon the MT2502A SoC and targeted at IoT and wearables. LinkIt indicates a new direction for Mediatek and we are optimistic that their effort indicates a new pattern of openness toward Makers. At the time of this proposal's submission, the details of the LinkIt ONE platform are still unfolding, but the basic feature set looks comparable to that of Fernvale. However, it seems the LinkIt SDK is still based upon a closed-source Nucleus RTOS providing services to an open Arduino-like API.
Unlike LinkIt ONE, Fernvale runs a port of NuttX, a small-footprint BSD-licensed RTOS that is Posix and ANSI compliant, and includes a partial set of drivers for the available hardware peripherals. The mainboard is laid out to function as either a SoM (system on module) or as a truncated Arduino shield (with the appropriate headers populated), and focuses on the computational abilities of the platform. In other words, Fernvale is not positioned as a mobile phone solution per se, but rather as an Engineering Development Kit (EDK) for embedded applications that can benefit from a highly-integrated, low-cost high-performance microcontroller solution such as the MT6260. As a result, the mainboard breaks out a selection of GPIO as well as the speaker, battery, USB, and SD card interfaces. The mainboard also serves as a base platform for rallying a larger community of developers who can aid with the task of reverse engineering and writing legally open drivers for its massive peripheral set.
Two expansion headers are provided on the mainboard. A larger UX header can be used to attach a keypad + LCD + audio interface, for applications that require UI elements. A smaller analog header enables users to attach an RF front-end of their choosing, which could potentially enable GSM-compatible voice and data services, if drivers were to exist.
This lecture will also discuss our experiences reverse engineering, and our approach to open-sourcing the MT6260. We had to reverse engineer significant portions of the system, including but not limited to circuit board layouts, hardware configuration options, bootloader protocols, partial register maps, and the internal boot ROM of the SoC. This reverse engineering effort was necessary to create a blob-free software implementation, and to give developers an alternative to Mediatek's proprietary firmware flashing utilities to upload code. It was also necessary to create schematics and circuit board maskworks which have an original copyright thereby giving us the right to pick an open license for the hardware designs.
We took special pains to ensure our method was lawful and the resulting work is copyright-clean under U.S. law. We did review some non-open-licensed chip documentation and code examples available for download from open file-sharing sites. None of these materials were restricted by DRM. American copyright law contains a fair-use exception that allows limited copying and examination of such materials for the purpose of understanding the ideas and functional concepts embodied in them. We believe our download and review of those materials is fair use. Should potential copyright holders disagree with our interpretation, we invite any offended parties to engage us in rational discourse.
We believe that Makers have for too long lived in the shadow of overbearing copyright laws. We need to develop an example of how to import ideas from less strict IP jurisdictions where innovation is flourishing; failing this, hardware Makers run the risk of being eternally behind the Shanzhai. Fernvale is our first attempt at developing a legal context for importing IP from the gongkai ecosystem into a fully open source solution; we hope our example will embolden other developers to pursue more ambitious targets. We also hope our work may, in the long term, catalyze meaningful Maker-friendly reform to Western IP law by raising awareness of the disparity between East and West, with the success of the Shanzhai serving as evidence of how permissive IP policy can be good for both grass-roots innovators (the Shanzhai) and big businesses (Mediatek and the phone network operators) alike.
Zakir DurumericThe Heartbleed vulnerability took the Internet by surprise in April of this year. The vulnerability was one of the most consequential in the history of the Internet, since it allowed attackers to potentially steal login credentials, cryptographic keys, and other private data from up to half of all popular HTTPS sites. In this talk, we take a detailed look at Heartbleed and its aftermath, based on comprehensive measurements and analysis that our research team performed over the past six months. We began tracking Heartbleed's impact within hours of its disclosure using massive ZMap scans and large network telescopes. This allowed us to track which sites remained vulnerable, observe certificate revocations, and monitor for large scale attacks in close to real time. Based on this data, we also conducted one of the largest ever mass vulnerability notifications, informing the network administrators for all devices still susceptible to Heartbleed across the entire IPv4 address space. Finally, we investigated the question of whether attackers knew about and exploited Heartbleed prior to its public disclosure---and we will present new details about this question in the talk. We hope that by learning from the Heartbleed security disaster, our community can prepare to respond more effectively to such events in the future.
The Matter of Heartbleed
In March 2014, researchers found a catastrophic vulnerability in OpenSSL, the cryptographic library used to secure connections in popular servers including Apache and Nginx. The bug allowed attackers to extract cryptographic keys, login credentials, and other private data from an estimated 22-55% of HTTPS sites. Worsening its severity, the bug was both simple to understand and exploit.
We used ZMap to perform comprehensive scans of the IPv4 address space and popular web servers in the days and months following disclosure. We provide more extensive estimates on who was originally vulnerable, track who patched their sites, and replaced certificates. We will present exactly which server products and devices were vulnerable. We will further discuss how Heartbleed affected the HTTPS CA ecosystem. Worryingly, we find that only 10% of the known vulnerable sites replaced their certificates within the next month, and of those that did, 14% neglected to change the private key, gaining no protection from certificate replacement! We'll also present the shortcomings in the public key infrastructure that Heartbleed unearthed and problems our community needs to focus on moving forward.
We investigated widespread attempts to exploit Heartbleed post disclosure at four network sites. We will discuss the subsequent exploit attempts we observed from almost 700 sources and the Internet-wide scans that started post disclosure. We also investigated whether exploit attempts took place prior to Heartbleed's public disclosure, including examining suspicious network traces recorded months earlier. We will disclose new details of these traces and their implications in the talk.
Even with global publicity, Heartbleed patching plateaued after two weeks. To try to help, we notified network administrators responsible for more than 500,000 unpatched systems. While much of the security community (including us!) assumed that mass vulnerability notifications would be too difficult or ineffective, we found that it increased the Heartbleed patching rate by nearly 50%. We will discuss how we performed these notifications, the reactions of network operators, and prospects for performing automatic mass notifications based on Internet-wide scanning in future vulnerability events.
Throughout the talk, we will use real world data to frame what went well and what went poorly in the Internet's response to Heartbleed. The vulnerability's severe risks, widespread impact, and costly global cleanup qualify it as a security disaster. However, by understanding what went wrong and learning from it, the Internet security community can be better prepared to address major security failures in the future.
Nick SullivanTwo weeks after the Heartbleed bug was announced, CloudFlare patched the Heartbleed bug, created a challenge to prove the bug could be used to find private keys (uncovering a second bug in OpenSSL) and turned its entire network into a giant honeypot. This session will discuss the specific steps taken to prevent early disclosure, creating and scaling the first public vulnerability test, how the CloudFlare Heartbleed challenge showed that you can reveal private SSL keys (how a second bug in OpenSSL made this possible) the incredible impact of revoking over 100,000 certificates in a single day, and the results of our honeypot revealing the proportion of attack traffic versus research traffic.
Heartache and Heartbleed: The insiderâs perspective on the aftermath of Heartbleed
CloudFlare was notified about Heartbleed as soon as it was discovered--ahead its public announcement--and took extreme precaution to not reveal anything about the bug. This required communicating only over secure channels, restricting the visibility of the branch from which we built the workaround, and using secure software deployment methods.
After the patch was announced, there was a rush to reverse engineer the bug and create an exploit. The cloudFlare team immediately started working proof of concept, and hosted it on a website allowing others to scan for vulnerable sites. Within minutes, the original site was flooded with requests. CloudFlareâs Nick Sullivan will share this process and the feats pulled off to make sure the site could scale and provide accurate results. He will go into the numbers and technical details of the PoC and speak about its bugs and how they were found. Statistics and anonymized raw data of the 70+ millions of results will be provided, giving an overview of the patching process over time.
It was clear soon after the bug was revealed that the number of servers affected by this bug was massive. What wasnât clear was the scope of data that was vulnerable to attack. In order to determine the risk to private keys from this vulnerability, his team launched the CloudFlare Heartbleed Challenge. They set up a site that was vulnerable to the attack, added logging and created a webpage to submit a signed proof of key ownership. In less than a day, there were several successful submissions. Nick will go over the naive (but successful) strategy used to extract keys and the more advanced technique based on Coppersmithâs Method. Finally he will discuss the *second* OpenSSL bug we discovered that allowed the private key to be extracted via Heartbleed.
After the exploits were in the wild, his team added logging to see who was trying to exploit this bug. Nick will reveal the results of this analysis and cross-reference the results with the IPs of the test site. These numbers give new insight into how many people were attempting to maliciously exploit this flaw versus research done to probe vulnerable sites.
Once the dust settled and the team worked out the details with our CA, we revoked over 80,000 of CloudFlareâs SSL certificates. This turned into an internet scaling nightmare, resulting in a constant flood of more than 40 gigabits per second of traffic to serve overgrown certificate revocation lists. Since CloudFlare provides caching for its CA, the team bore the brunt of this traffic. Their revocation lists would have DDoSed most sites (and some certificate authorities) off the internet. Nick will talk about caching CRLs, and how the revocation system was not designed for this scale of internet flaw.
In conclusion we he will summarize the many ways this coding error revealed some of the deeper flaws in the internet, and discuss ways we can move forward. Nick will share actionable advice and the security strategies used by cloud service companies on how to monitor the way companies store keys internally.
Attendees will leave with actionable advice on how to better secure their own systems against the next Heartbleed and the security strategies used by cloud service companies on how to monitor the way companies store keys internally.
frankIm Format einer lockeren Abendshow werden wir die Nachrichten-Highlights des Jahres prĂ€sentieren, die Meldungen zwischen den Meldungen, die subtilen Sensationen hinter den Schlagzeilen.
Fnord News Show
Kommen Sie, hĂ¶ren Sie, sehen Sie! Lassen Sie sich mitreiĂen!
JoschaHow can the physical universe give rise to a mind? I suggest to replace this confusing question by another one: what kind of information processing system is the mind, and how is the mind computed? As we will see, even our ideas of the physical universe turn out to be computational. Let us explore some fascinating scenery of the philosophy underlying Artificial Intelligence.
From Computation to Consciousness
How do minds work? In my view, this is the most interesting question of all, and our best bet at answering it lies in building theories that we can actually test in the form of computer programs, that is, in building Artificial Intelligence. Let us explore some of the philosophical ideas that explicitly or implicitly form the basis of Artificial Intelligence.
The idea that minds are some kind of machine, mechanical contraptions, seems to be unconvincing, even offending to many people, even if they accept that the physical universe is a machine, and minds are part of that universe. Computer science has revolutionized our concept of machines, though: no longer do we see machines as mechanical arrangements of parts that pull and push against each other, but as arbitrary, stable causal arrangements that perform regular changes on their environment. We can think about mathematical machines, like cellular automatons, about financial, social or ecological machines. Machines do not have to be human-made artifacts, they are a way of conceptualizing regular processes and dynamic systems. In the case of conceptualizing the human mind, what matters is not biology, chemistry, or structural properties of the brain, but what these implement: a class of machine that is capable to process information, in very specific ways. The mind is not necessarily a mechanical machine, but certainly an information processing machine, a computational system.
Computationalism is the notion that minds can and have to be modeled as computational, and in its strong form, it maintains that the mind actually _is_ a computer, implemented by a physical mechanism. But the ideas of computation have permeated our understanding of the world even further. Our understanding of physics no longer conforms to mechanical world views (i.e. parts and particles pulling and pushing against each other), but requires us to switch to the broader notion of how the universe processes information. The foundational theories of physics are concerned with how the universe is computed.
In the view of universal computationalism, the question of what sort of thing minds are resolves into the question whether hypercomputation is possible, and if not, what classes of computation are involved in their functionality.
Computationalism systematizes the intuitions we get naturally while we program computers, and it helps us understand some of the deepest questions of cosmology, epistemology and the nature of the mind in ways that did not exist in the past.
James BamfordFor nearly one hundred years, the NSA and its predecessors have been engaging in secret, illegal deals with the American telecom industry, with both virtually immune from prosecution.
How did this begin? How does it work? How much have US presidents known? What happens when they get caught? Will it change after the Snowden revelations? A fascinating look at a hundred years of handshakes and backroom deals between the eavesdroppers and the telecom executives.
Joseph TartaroReverse engineering is not all binaries and byte-code. The black art also extends to networks and unobtainable game servers. In this talk we go into the gruesome details of how we dug through the graveyards of console binaries and mausoleums of forgotten network protocols in order to stitch together the pieces necessary to bring our favorite game Metal Gear Online back to life.
We will be examining the process of reverse engineering the games custom network protocols in all angles from packet logs to low level disassembly of client code.
In this presentation we will be discussing the path we took to successfully develop our own private server for Metal Gear Online on the Sony PlayStation 2 and PlayStation 3 video game consoles. Interestingly enough this was a private server that was developed after the original was already taken offline, so we did not have a live active server to help with the reverse engineering. Due to this we ran into some issues but ultimately succeeded. We believe that the details of the techniques that we used will prove useful for anyone attempting similar actions in the future. The topics that we will discuss in this talk will cover a wide range of high and low level issues related to network protocol and binary reversing.
We will begin with an overall survey of the general problems faced by anyone attempting this type of work. The talk will quickly delve from the high-level and simple issues into the more technical aspects of reverse engineering in the blind. We will be including the techniques we used to determine the protocol and payload responses that the client was expecting. Describing in detail how we honed in on common traits that we expected to see on the network, using open source knowledge and binary level reverse engineering of client code to determine the expected response.
We expect the attendees of this talk to walk away with knowledge that will help them in the future when working on similar projects or any activities related to protocol reverse engineering.
Lothar HotzIm Vortrag wird die technische Umsetzung des Transparenzportals Hamburg vorgestellt.
Das Transparenzportal Hamburg
Die Inhalte des Portals werden durch das Hamburger Transparenzgesetz bestimmt. Aufgrund der Vielzahl der anzubindenden heterogenen Systeme wurde eine umfassende Architektur entwickelt, die es erlaubt, ĂŒber einen dezidierten Zugang
alle angebundenen Systeme zu erreichen. Der Zugang besteht aus einem Webportal sowie einer API, die die maschinelle Abfrage der Portalinhalte erlaubt.
ruedi(K)ein kleiner Rant ĂŒber Elliptische Kurven, Quantencomputer, Bitcoins und die NSA et al.
Krypto fĂŒr die Zukunft
1 Was wĂŒrde Ihrer Meinung nach passieren, wenn ein funktionierender
Quantencomputer entwickelt wĂŒrde? Auf welche Arten von Kryptografie
wĂŒrde sich das wie auswirken?
Quantencomputer kĂ¶nnen mit Hilfe des Shor Algorithmus die gĂ€ngigen
Public Key Verfahren, wie beispielsweise RSA und DSA, sehr effektiv
attackieren. Aber auch die neueren Verfahren, welche Elliptische
Kurven verwenden, sind betroffen. FĂŒr diese Angriffe benĂ¶tigt man eine
von der SchlĂŒssellĂ€nge abhĂ€ngigen Anzahl von qubits. Elliptisch Kurven
Kryptosysteme nutzen deutlich kĂŒrzere SchlĂŒssel, im Falle von Bitcoin
256 bit. Das klassische RSA System verwendet in der heutigen Praxis
mindestens 2048 bit.
2 WĂ€ren Bitcoins dann wertlos? Wenn ja, warum genau?
Ein erfolgreicher Angriff gegen die in Bitcoin verwendete
Signaturfunktion, wĂŒrde wegen des geschickten Design, nicht sofort
alle Bitcoins wertlos machen.
Bitcoin nutzt zunĂ€chst statt des eigentlichen Ă¶ffentlichen SchlĂŒssels
eine von diesem mit Hilfe von zwei verschiedenen Hashfunktionen
abgeleiteten Adresse. Der Public Key wird erst bei einer Ăberweisung
selbst enthĂŒllt. Dieses Vorgehen verkĂŒrzt die mĂ¶glichen
Angriffszeiten, falls nicht noch Geld auf dem Konto gelassen wird. Aus
SicherheitsgrĂŒnden sollte fĂŒr jede Transaktion eine neue Adresse
verwendet werden, was bisher nur aus DatenschutzgrĂŒnden empfohlen
3 Was sehen Sie an der bei Bitcoin verwendeten Kryptografie kritisch?
Auch wenn man sicher an einigen Stellen aus Sicht der
Kryptographieforschung die ein oder andere Verbesserung vorschlagen
kĂ¶nnte, welche auch teilweise schon in alternativen Systemen
erfolgreich eingesetzt werden, ist jedoch gerade die Einfachheit und
Robustheit der eingesetzten Konstruktionen zu loben. Die Autoren
verfĂŒgen ĂŒber ausgezeichnete Kryptographiekenntnisse.
Die in bitcoin verwendete Kurve Secp256k1 wurde zwar begrĂŒndet
ausgewĂ€hlt, bedarf jedoch einer intensiveren Beforschung. Die 256 bit
SchlĂŒssellĂ€nge verschafft keinen beruhigenden Sicherheitsspielraum.
Eine Wahl von 512 bit wĂ€re die bessere Wahl gewesen. Auch wĂŒrde eine
Wahl von unterschiedlichen Kurven fĂŒr jede Transaktion stĂ€rker der
4 KĂ¶nnen Sie grob einschĂ€tzen wie lange es noch dauert bis der erste
echte funktionierende Quantencomputer entwickelt wird? Wie hoch ist
Ihrer EinschĂ€tzung nach die Chance, dass das in den kommenden
Es ist leider von auĂen sehr schwer einzuschĂ€tzten wie weit die
amerikanischen Dienste bei der Entwicklung von Quantencomputern
gekommen ist. Die EnthĂŒllung von Snowden zeigten, dass die US
Regierung erhebliche Mittel zur Erforschung von neuartigen
AngriffsmĂ¶glichkeiten aufwendet In jedem Falle erscheinen Public Key
SchlĂŒssellĂ€ngen von mehr als die ĂŒblichen 256 bit empfehlenswert.
5 Warum wird heute PostQuantum-Kryptographie so gut wie noch nicht
verwendet? Was sind die HĂŒrden beim Einsatz? WĂ€re es mĂ¶glich Bitcoin auf
PostQuantum-Kryptographie umzustellen, ohne dass dabei alle vorhanden
Coins ihren Wert verlieren?
PostQuantum-Kryptographie ist eine recht junge Forschungsrichtung. Die
bisher vorgeschlagenen Verfahren kĂ¶nnen oftmals noch nicht
hinsichtlich SchlĂŒssellĂ€ngen und AusfĂŒhrungsgeschwindigkeit mit den
bisherigen AnsĂ€tzen konkurrieren.
Es erscheint wegen der umfassenden GefĂ€hrdung der gesamten
Internetkommunikation, die bei einem Quantencomputerdurchbruch sehr
schnell eintreten wĂŒrde, unabdingbar mathematische Grundlagenforschung
zur Entwicklung zukunftsicheren Verfahren stĂ€rker zu fĂ¶rdern.
Bitcoin kĂ¶nnte auf PostQuantum-Kryptographie umgestellt werden, ohne
dass dabei alle vorhanden Coins ihren Wert verlieren.
Andrea BarisaniThe presentation will cover the journey that we have taken to develop the USB armory board from scratch, explaining the lessons learned and its prospected applications.
Forging the USB armory
Inverse Path recently introduced the USB armory project (http://inversepath.com/usbarmory), an open source hardware design, implementing a flash drive sized computer for security applications. The USB armory is a compact USB powered device that provides a platform for developing and running a variety of applications.
The security features of the USB armory System on a Chip (SoC), combined with the openness of the board design, empower developers and users with a fully customizable USB trusted device for open and innovative personal security applications.
The presentation will cover the journey that we have taken to develop the USB armory board from scratch, explaining the lessons learned and its prospected applications.
Reuben BinnsThe internet may be the nervous system of the 21st century, but its main business purpose is helping marketers work out how to make people buy stuff. This talk maps out a possible alternative, where consumers co-ordinate online, pooling their data and resources to match demand with supply.
Privacy and Consumer Markets
The internet, perhaps the most incredible communications medium ever created, is fast becoming the nervous system of the 21st century. But right now its primary business function is to gather data about us, to categorise and sort us, to machine learn our most intimate secrets, all so that marketers can craft advertisements designed to extract as much money out of us as possible.
As well as being the cause of our current privacy and surveillance woes, this business model is also a surprisingly inefficient way of matching consumers with stuff they actually want and need. A vast infrastructure of ad servers, data brokers, CRMs, and real-time bidding platforms exists in order to quietly nudge consumers to buy a different brand of soap. The problem is that we are easily nudged, and being a rational consumer in the modern economy requires an impossible amount of time, information and intelligence. Realistically, it is beyond the powers of human computation.
The seeds of a technology-driven alternative are emerging in some corners of the economy. A range of new tools crunch through masses of pricing and product data to help consumers avoid getting ripped off, and find the products they really need. Collective buying schemes have enabled households to club together in their thousands to negotiate better, cheaper, more sustainable suppliers of home energy and other products. The growth of free software, peer production and decentralised systems demonstrate that technology for independence, co-operation and empowerment are possible outside of the traditional market model. Combining these trends suggests a possible future where ordinary people collectively pool their data, computation and buying power to drive the production and allocation of goods and services, rendering the surveillance-advertising business model redundant in the process.
Anonymous member of Tarnac Solidarity CommitteeâThere will be people who resist adopting and using technology, people who want nothing to do with virtual profiles, online data systems or smart phones. Yet a government might suspect that people who opt out completely have something to hide and thus are more likely to break laws, and as a counterterrorism measure, that government will build the kind of âhidden peopleâ registry we described earlier. If you donât have any registered social-networking profiles or mobile subscriptions, and on-line references to you are unusually hard to find, you might be considered a candidate for such a registry. You might also be subjected to a strict set of new regulations that includes rigorous airport screening or even travel restrictions.â
The Invisible Committee Returns with "Fuck Off Google"
The figure of the hacker contrasts point by point with the figure of the engineer, whatever the artistic, police-directed, or entrepreneurial efforts to neutralize him may be. Where the engineer would capture everything that functions in such a manner that everything functions better, in order to place it in the service of the system, the hacker asks himself âHow does that work?â in order to find its flaws, but also to invent other uses, to experiment. Experimenting then means exploring what such and such a technique implies ethically. The hacker pulls techniques out of the technological system in order to free them. If we are slaves of technology, this is precisely because there is a whole ensemble of artifacts of our everyday existence that we take to be specifically âtechnicalâ and that we will always regard simply as black boxes of which we are the innocent users. The use of computers to attack the CIA attests rather clearly that cybernetics is no more the science of computers than astronomy is the science of telescopes. Understanding how any of the devices that surround us brings an immediate increase in power, giving us a purchase on what will then no longer appear as an environment, but as a world arranged in a certain way and one that we can shape. This is the hackerâs perspective on the world.
These past few years, the hacker milieu has gained some sophistication politically, managing to identify friends and enemies more clearly. Several substantial obstacles stand in the way of its becoming-revolutionary, however. In 1986, âDoctor Crashâ wrote: âWhether you know it or not, if you are a hacker you are a revolutionary. Donât worry, youâre on the right side.â Itâs not certain that this sort of innocence is still possible. In the hacker milieu thereâs an originary illusion according to which âfreedom of information,â âfreedom of the Internet,â or âfreedom of the individualâ can be set against those who are bent on controlling them. This is a serious misunderstanding. Freedom and surveillance, freedom and the panoptical belong to the same paradigm of government.
Historically, the endless expansion of control procedures is the corollary of a form of power that is realized through the freedom of individuals. Liberal government is not one that is exercised directly on the bodies of its subjects or that expects a filial obedience from them. Itâs a background power, which prefers to manage space and rule over interests rather than bodies. A power that oversees, monitors, and acts minimally, intervening only where the framework is threatened, against that which goes too far. Only free subjects, taken en masse, are governed. Individual freedom is not something that can be brandished against the government, for it is the very mechanism on which government depends, the one it regulates as closely as possible in order to obtain, from the amalgamation of all these freedoms, the anticipated mass effect. Ordo ab chao.
Government is that order which one obeys âlike one eats when hungry and covers oneself when cold,â that servitude which I coproduce at the same time that I pursue my happiness, that I exercise my âfreedom of expression.â âMarket freedom requires an active and extremely vigilant politics,â explained one of the founders of neoliberalism. For the individual, monitored freedom is the only kind there is. This is what libertarians, in their infantilism, will never understand, and itâs this incomprehension that makes the libertarian idiocy attractive to some hackers. A genuinely free being is not even said to be free. It simply is, it exists, deploys its powers according to its being. We say of an animal that it is en libertĂ©, âroaming free,â only when it lives in an environment thatâs already completely controlled, fenced, civilized: in the park with human rules, where one indulges in a safari. âFriendâ and âfreeâ in English, and âFreundâ and âfreiâ in German come from the same Indo-European root, which conveys the idea of a shared power that increases. Being free and having ties was one and the same thing. I am free because I have ties, because I am linked to a reality greater than me. In ancient Rome, the children of citizens were liberi : through them, it was Rome that was growing. Which goes to show how ridiculous and what a scam the individual freedom of âI do what I feel like doingâ is. If they truly want to fight the government, the hackers have to give up this fetish. The cause of individual freedom is what prevents them from forming strong groups capable of laying down a real strategy, beyond a series of attacks; itâs also what explains their inability to form ties beyond themselves, their incapacity for becoming a historical force. A member of Telecomix alerts his colleagues in these terms: âWhat is certain is that the territory youâre living in is defended by persons you would do well to meet. Because theyâre changing the world and they wonât wait for you.â
Another obstacle for the hacker movement, as every new meeting of the Chaos Computer Club demonstrates, is in managing to draw a front line in its own ranks between those working for a better government, or even the government, and those working for its destitution. The time has come for taking sides. Itâs this basic question that eludes Julian Assange when he says: âWe high-tech workers are a class and itâs time we recognize ourselves as such.â France has recently exploited the defect to the point of opening a university for molding âethical hackers.â Under DCRI supervision, it will train people to fight against the real hackers, those who havenât abandoned the hacker ethic.
These two problems merged in a case affecting us. After so many attacks that so many of us applauded, Anonymous/LulzSec hackers found themselves, like Jeremy Hammond, nearly alone facing repression upon getting arrested. On Christmas day, 2011, LulzSec defaced the site of Strafor, a âprivate intelligenceâ multinational. By way of a homepage, there was now the scrolling text of The Coming Insurrection in English, and $700,000 was transferred from the accounts of Stratfor customers to a set of charitable associations â a Christmas present. And we werenât able to do anything, either before or after their arrest. Of course, itâs safer to operate alone or in a small group â which obviously wonât protect you from infiltrators â when one goes after such targets, but itâs catastrophic for attacks that are so political, and so clearly within the purview of global action by our party, to be reduced by the police to some private crime, punishable by decades of prison or used as a handle for pressuring this or that âInternet pirateâ to turn into a government agent.
Rafal WojtczukOn modern Intel based computers there exists two powerful and protected code regions: the UEFI firmware and System Management Mode (SMM). UEFI is the replacement for conventional BIOS and has the responsibility of initializing the platform. SMM is a powerful mode of execution on Intel CPUs that is even more privileged than a hypervisor. Because of their powerful positions, SMM and UEFI are protected by a variety of hardware mechanisms. In this talk, Rafal Wojtczuk and Corey Kallenberg team up to disclose several prevalent vulnerabilities that result in SMM runtime breakin as well as arbitrary reflash of the UEFI firmware.
Attacks on UEFI security, inspired by Darth Venamis's misery and Speed Racer
In 2009 Rafal Wojtczuk and Alexander Tereshkin described the first publicly presented BIOS reflash exploit. Then in 2013 Corey Kallenberg presented the second instance of this class of vulnerability with an exploit targeting Dell BIOS. Now, in 2014, Rafal and Corey have joined forces to complete the destruction of the jedi^H^H BIOS.
The UEFI firmware is normally the first code to execute on the CPU, putting it in a powerful position to subvert other components of the platform. Because of its security critical nature, the UEFI code resides on a flash chip that is protected against arbitrary writes via a number of chipset protection mechanisms. Besides initializing the platform and bootstrapping to an operating system, UEFI is also charged with instantiating the all powerful System Management Mode (SMM). SMM is neither readable or writeable by any other code on the platform. In fact, SMM has the ability to read and write hypervisor protected memory, but the converse is not true! These properties make SMM an ideal place to store a rootkit. Similar to the UEFI firmware, because of these security critical properties, there are hardware mechanisms that protect the integrity and confidentiality of SMM.
This talk will explore attack surface against SMM and UEFI that has not previously been discussed. We will highlight a bug in one of the critical hardware protection mechanisms that results in a compromise of the firmware. We will also directly target a part of the UEFI specification that provides SMM exploitation opportunities. The vulnerabilities disclosed and their corresponding exploits are both prevalent among UEFI systems and reliably exploitable.
The consequences of these vulnerabilities include hypervisor and TXT subversion, bricking of the victim platform, insertion of powerful rootkits, secure boot break, among other possibilities.
Bill ScannellOf all the NSA's Cold War listening posts, their intelligence facility on top of Berlin's Teufelsberg was their most secretive.
Inside Field Station Berlin Teufelsberg
Field Station Berlin â its white tower and geodesic domes visible for miles around â was the epicenter of of the western intelligence community's most sensitive SIGINT operations. Now abandoned, the ghosts of "The Hill" know many stories left untold.
Ever wondered how it was to work there at the height of the Cold War? What did people do there, anyway? And what it was really like inside the day Ronald Reagan said, "we begin bombing in five minutes"?
Wonder no longer. As a young SIGINT analyst straight out of college in the 1980's, Bill Scannell was there and will tell (almost) all.
Sarah HarrisonWhistleblowing is becoming a progressively popular topic and ways to technically support anonymous submissions by journalistic sources are being increasingly discussed and developed. However, there is much more to protecting sources than the technical side. There is currently little discussion about the surrounding ethics, operational security and public protections of sources. Two women that have expertise in all areas of source protection; from submission, to publication, to after-care explain and discuss what source protection really means, issues that have arisen in recent years, often causing disastrous consequences, as well as the important lessons to learn from these and successful cases.
Doing right by sources, done right
Speakers: Sarah Harrison: Courage Acting Director and WikiLeaks Investigations Editor and Grace North: Jeremy Hammond campaign manager
With current technology the ability for journalists to be provided with large data sets securely is increasing. With the surveillance revelations from Snowden there is much talk about ways for the public and journalists to work online safely, and how this can be used to help protect sources. However, there are few to no discussions about a holistic attitude to source protection. In fact we can see in the past that its often not technical, but operational security issues that pose the greatest threat to source's ongoing safety, whether that is the source's or journalist's operational security, informants, or lack of after care.
Source protection begins at the point of contact, and it doesnât stop at publication - in some cases, the real work actually begins at publication. From the angle of investigations editor at WikiLeaks, a publishing organisation with a clean record of source protection, Harrison is well placed to explain the nuanced areas of source protection for media, from submission through to publication.
But its not just within the publication process that source protection needs to be considered. Simply not printing a sources name is not enough. Itâs irresponsible for journalists to speculate about sources they know little about, or to publicly speculate that an unnamed source is on the loose. Recently media outlets have suggested there is another NSA source, leaking information to the Intercept and elsewhere. What has that incurred? The US government launched an internal investigation to hunt out any other suspected sources, and we know well what the United States does to whistleblowers.
And for media and the public alike there is an aftercare responsibility to sources that have risked so much for our right to know - how they are supported and spoken about. Both Harrison and North are experts in how media and the public have and should protect sources. Media generally abandons sources (they did in the case of Manning and Hammond in a devastating way), this can and should change. In addition public solidarity is vital for sources, we have this past year seen a growing trend in pitting sources against one another in the public domain: Harrison and North will discuss the dangers and consequences of this.
While the use of the term âwhistleblowerâ is increasingly used and understood, it doesnât always describe a source. Courage uses the term âtruthtellerâ to encompass all people who bring secret truths to public light. Someone like Jeremy Hammond, who did not work for Stratfor or its clients, but knew its operations were of interest to the public at large, to the citizens of a government that subscribes to Stratforâs services, is a truthteller. He is an outsider who worked, allegedly, to make important truths public, and thus a vital journalistic source, without whom we wouldnât have hundreds upon hundreds of valuable news stories on the private intelligence industry.
These lessons give us a better understanding of what has gone right and wrong with recent high-level sources, like Manning, Snowden and Hammond, but they should also be building blocks for an understanding of the principles involved and how we can employ them in the future. Courage wants to continue protecting the sources we know about, but we also work to engender a culture of support for whistleblowing, a knowledgeable and ethical media class, and a trust among sources that journalists will protect them from start to finish. We encourage whistleblowing as a key method to keeping governments and powerful corporations accountable to the public, but we must be responsible first. This talk will explain and highlight these lessons from a first hand perspective, giving an understanding of what real source protection means, and how the media and public can perform it. The speakers will take questions after.
FefeIm Format einer lockeren Abendshow werden wir die Nachrichten-Highlights des Jahres prĂ€sentieren, die Meldungen zwischen den Meldungen, die subtilen Sensationen hinter den Schlagzeilen.
Fnord News Show (Stream)
Kommen Sie, hĂ¶ren Sie, sehen Sie! Lassen Sie sich mitreiĂen!
Arne PadmosGPG has been correctly described as "damn near unusable". Why is this so? What does research into usable security tell us? This talk covers the history, methods, and findings of the research field, as well as proposed solutions and open questions.
Why is GPG "damn near unusable"?
With all the frustration around trying to get Glen Greenwald to use encryption [0,1], it is not surprising that Edward Snowden has described GPG as "damn near unusable" . Such usability problems of end-to-end email encryption tools have been around for a long time. In 1999, a seminal study found that most participants were unable to use PGP 5.0 to encrypt an email when given 1.5 hours to do so . Others have tried to solve these usability problems by automating the key exchange and encryption . However, issues persist around a lack of end-user trust in the software , difficulties in getting encryption widely implemented, and having to deal with a general absence of understanding the email architecture .
Despite being almost 50 years old , email is still not widely encrypted on an end-to-end basis. In this year's SOUPS keynote (the major conference on usable security), Christopher Soghoian described how we as a community are not doing nearly enough to get security into the hands of consumers: we are mostly stuck with the same broken interface as PGP 5.0 from back in 1999, people still face the same conceptual barriers, and we still have crappy defaults . While there has been renewed interest in end-to-end email encryption after the Snowden revelations , many projects do not take usability into account.
This talk goes into some of the dos and don'ts gleaned from the usable security research field. Building on a discussion of the history, methodology, and findings of the research, the talk will cover topics including the constraints of humans, the need for clear mental models, and the usefulness of user testing. Some examples of successes and failures will be used to illustrate a range of usable security principles. Remaining pain points such as metadata protection, key management, and end-user understanding will be covered, including proposals for fixing these such as anonymous routing, more appropriate metaphors, and trust on first use. Various open questions will also be discussed, including:
- Should we patch the existing email architecture or should we move towards new protocols?
- How can the crypto community build subversion-resistant collaboration platforms?
- Is there a way to standardise our cryptoplumbing to a restricted set of secure algorithms?
- Can we provide developers with usable coding technologies to prevent nightmares like OpenSSL?
- How should we involve end-users into the development cycle of open source software?
- Can we empower end-users to take security back into their own hands?
gedsicLightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick!
Lightning Talks Day 2
Felix MĂŒtzeIm Grunde sind GIFs Schnee von gestern. Es gibt zahlreiche Alternativen, die das, was ein GIF kann, besser kĂ¶nnen. Und trotzdem haben sich GIFs als Kulturtechnik durchgesetzt. Oder war es nur ein letzter Hype vor dem Tod? Wie kommt es, dass ein Medium, das schon in den 90ern veraltet war, sich noch zwei Jahrzehnte spĂ€ter bester Beliebtheit erfreut? Und was kĂ¶nnen wir daraus ĂŒber die Diskrepanz zwischen aktueller technischer Entwicklung einerseits und der tatsĂ€chlichen Nutzung von Technologie andererseits lernen?
GIFs: Tod eines Mediums. Und sein Leben nach dem Tod.
In seiner langen Geschichte hat das Dateiformat GIF einiges an Auf und Ab erlebt. Mittlerweile ist es technisch vĂ¶llig ĂŒberholt, wurde mehrfach totgesagt, teils aktiv bekĂ€mpft und wurde trotzdem nicht vĂ¶llig von der technisch besseren Konkurrenz abgelĂ¶st. Zu verdanken ist diese Entwicklung neben einigen ZufĂ€llen vor allem den Internetnutzern selbst. Denn obwohl sich GIFs technisch seit 1998 nicht mehr verĂ€ndert haben, findet das Internet immer wieder neue Anwendungen fĂŒr die Zappelbilder.
Der Vortrag blickt kurz auf die vielen Tode zurĂŒck, welche das GIF-Format schon gestorben ist â oder die ihm gewĂŒnscht wurden â und behandelt die aktuelle Entwicklung, bei der WebM angetreten ist, das Kapitel GIF zu beenden.
Viel wichtiger ist jedoch der Blick auf die Seite der Nutzer. Anhand von Beispielen aus den letzten Jahrzehnten werden GrĂŒnde dafĂŒr analysiert, weshalb GIFs immer wieder belebt werden konnten.
Am Ende bleibt die Frage, ob und wie sich das Erfolgsrezept GIF auf andere Medien und Technologien ĂŒbertragen lĂ€sst.
Und: Ja, natĂŒrlich spielt auch Pr0n eine Rolle.
Ben H.Using the same stream cipher key twice is known to be a Very Bad Idea, but keystream-resuse vulnerabilities are still very much a thing of the present - both in legitimate software and in the malware landscape. We describe a heuristic algorithm which can detect vulnerabilities of this kind. We explain the inner workings of the algorithm and demonstrate a proof-of-concept attack on sevreral examples of vulnerable data, including files encrypted by the DirCrypt malware and encrypted traffic generated by malware such as variants of Zeus and Ramnit.
Finding the Weak Crypto Needle in a Byte Haystack
When operating a stream cipher, reusing a keystream introduces a critical weakness to the resulting ciphertext: the encryption becomes vulnerable to easy (and sometimes /very/ easy) cryptographic attacks. This is due to the encryption's linear nature - for instance, XORing a plaintext with the corresponding ciphertext yields keystream bytes. While key reuse is a widely known issue, it's an issue that keeps arising in practice. The soviets did it during WWII, Microsoft did it in the implementation of Word 2003 document encryption, and malware authors did it when designing variants of Zeus, DirCrypt and Ramnit.
To exploit a vulnerability, you must first realize it's there. Unfortunately, many instances of homebrew crypto operate on the "security by obscurity" principle, and don't reveal their implementation details. As a result, detecting key reuse often requires trial and error, an accidental epiphany or a night spent reverse engineering - and in all these cases, luck and human effort. In this presentation we show an approach to automating this task - based on the linear properties of stream ciphers, redundancy in the text and Bayesian reasoning. Finally, we demonstrate the algorithm's operation in several real-world use cases.
Math Ph.D. not required.
Jeroen van der HamEthics in Computer Science is now finally gaining some well deserved attention. At the University of Amsterdam, we have started an ethical committee for the System and Network Engineering Master. In this talk we describe how and why we started this committee, and also look back at our first results.
Hacking Ethics in Education
Ethics in Computer Science is now finally gaining some well deserved attention. With the advent of Big Data, Cloud Computing, and the Internet of Things, much of our daily life is happening through digital channels. As most of us have learned, developers do not consider security to be an important point, imagine how much they consider the social aspect of their product or code. This is a huge problem, not only because it presents security and privacy risks for the users, but also presents moral dilemmas for hackers and researchers.
Since my PirateBay blocking study, I have become interested in ethics in computer science. In that study I gathered personally identifiable information, to be able to prove that the website blockade was ineffective. These kinds of moral dilemmas are hard to judge, and in computer science we have no history of teaching or awareness about this.
At the University of Amsterdam, we have started an ethical committee for the System and Network Engineering Master. In this talk we describe how and why we started this committee, and also look back at our first results.
Michael CarboneAn update to our Reports from the Frontlines talk at OHM 2013, we will provide the latest stories and figures from Access' digital security helpline that provides security incident response and technical support to civil society groups and human rights defenders around the world.
Global Civil Society Under Attack
Access runs a dedicated 24-hour digital security helpline for civil society groups out of three offices in Tunisia, Costa Rica, and the Philippines. We serve groups around the world in a variety of contexts, securing communications, providing website security support, incident response, and strategic security planning and training.
In this talk we'll explore what trends we've seen on the helpline, both in reactive incident response and technical support requests by civil society groups. We'll also discuss the recent Digital First Aid Kit worked on by a number of organizations including Access, and some longer term initiatives and goals such as an official civil society CERT (CiviCERT).
tbsprsA toilet is a toilet is a toilet ... was a toilet. Nowadays hackers discover a larger interest in doing more with toilets then just what they were designed for in the first place. Within the "Internet of things" scene the sanitarian sphere claims a place of its own. This talk will present current projects, technologies used and research published.
Internet of toilets
This talk provides an overview of past and current hardware installations, services and publications that focus on the sanitarian territory. People track a wide variety of things: doors, water consumption, visiting times, paper usage and not to forget the habits of their pets. The range of implementations starts of with dedicated Twitter streams, exploratory websites and ends of with APIs, consumable services and extensive statistics which allow analysis over time. You will get to know the detailed installation architecture which allows building your own toilet tracking.
Furthermore, the talk outlines the serious aspects of the Internet of toilets and its importance for the society. Hygiene facts and economic considerations are discussed.
One of the motivations for this talk besides a general interest in the topic itself is the vision to realize such an installation for the congress in the near future (talking about 31c3).
fabsWhile graph databases are primarily known as the backbone of the modern dating world, this nerd has found a much more interesting application for them: program analysis. This talk aims to demonstrate that graph databases and the typical program representations developed in compiler construction are a match made in heaven, allowing large code bases to be mined for vulnerabilities using complex bug descriptions encoded in simple, and not so simple graph database
Mining for Bugs with Graph Database Queries
This talk will bring together two well known but previously unrelated
topics: static program analysis and graph databases. After briefly
covering the "emerging graph landscape" and why it may be interesting for hackers, a graph representation of programs exposing syntax, control-flow, data-dependencies and type information is presented, designed specifically with bug hunting in mind. Our open-source program analysis platform Joern (http://mlsec.org/joern/) is then introduced, which implements these ideas and has been successfully used to uncover various vulnerabilities in the Linux kernel. Capabilities and limitations of the system will then be demonstrated live as we craft queries for buffer overflows, memory disclosure bugs and integer-related vulnerabilities.
Rejo ZengerOur talk will highlight the current debates surrounding net neutrality in Europe, the United States and other parts of the world. We will look at the results of the SaveTheInternet.eu campaign which was lunched a year ago on 30c3. We will discuss various legal protections for net neutrality, look closer at the experience of the Netherlands and we will give an overview of all important open ends of the debate.
net neutrality: days of future past?
Since two years net neutrality is on the agenda of politicians world wide. These are important debates, as net neutrality became one of the central questions about our freedom on the internet. With different faces around the globe we see a trend towards more violations of the neutrality principle which the internet was founded upon. The efforts of telecommunication companies to find new ways to monetize their networks and us users within them are countered in some countries with legislation preventing this new business models.
In 2010, after two years of preparation and a fierce battle, the Dutch
parliament accepted a change to the Telecommunications Act which made net neutrality a principle that was protected by law. In this talk we will take stock after two years of legal protection of net neutrality in The Netherlands. Did it work and do the Dutch now have undiscriminated access to all services on the internet? Has the doomsday scenario of the providers, that subscriptions would become outrageously expensive, become reality? In which cases was the Dutch law enforced?
Are there any loopholes in the Dutch implementation? If others are to
fight for net neutrality, what are the pitfalls to avoid? And, on a more
meta-level, is it enough? Will net neutrality protect your freedom to
access websites and services, or do we need a broader type neutrality?
David KrieselKopierer, die spontan Zahlen im Dokument verĂ€ndern: Im August 2013 kam heraus, dass so gut wie alle Xerox-Scankopierer beim Scannen Zahlen und Buchstaben einfach so durch andere ersetzen. Da man solche Fehler als Benutzer so gut wie nicht sehen kann, ist der Bug extrem gefĂ€hrlich und blieb lange unentdeckt: Er existiert ĂŒber acht Jahre in freier Wildbahn.
Traue keinem Scan, den du nicht selbst gefĂ€lscht hast
Das gemeine ist, dass die gefĂ€lschten Zahlen perfekt in die gescannte Textseite hineinlayoutet sind. Das klingt so gemein wie unglaublich, es ist aber wahr (siehe Beispielbilder im Originalartikel-Link rechts). Der Bug existiert auf hunderttausenden Xerox-Scankopierern weltweit.
Die Problematik hat nichts mit OCR zu tun, die Zahlenersetzung passiert hart in den Pixeldaten. So ein perfekt getarntes Kompressionsartefakt kann ein Benutzer nicht sehen. Das ist lebensgefĂ€hrlich, wenn man eine AutobahnbrĂŒcke oder eine Medikamentendosierung scannt oder die Lithiumakkus der Boing 787 vielleicht doch fĂŒr die 767 gedacht waren.
Der Vortrag hat drei rote FĂ€den.
Spread the word!
- Auseinandersetzung mit Xerox. In diesem Vortrag erzĂ€hlt David auf unterhaltsame Weise, wie er diese UrgroĂmutter aller Bugs entdeckt hat. Die Geschichte ging von seinem Blog aus durch die Weltpresse, was zu einem unterhaltsamen Ă¶ffentlichen Schlagabtausch zwischen Xerox und ihm fĂŒhrte. Xerox musste einen Patch fĂŒr einen riesigen GerĂ€tepark liefern. Die Folgen von acht Jahren an subtil falschen Dokumentenproduktionen in zigtausenden Institutionen weltweit sind bis heute unabsehbar. "Xerox Can Fix Number-Switching Scanners, but Not Altered Docs", titelte das Wirtschaftsmagazin "Businessweek" treffend.
- FĂŒr die Aktivisten unter euch leitet David konkrete Regeln ab, wie man einen GroĂkonzern zum Handeln zwingt, und wie das fĂŒr einen selbst aussieht. Er skizziert genau, wie er vorgegangen ist, wo er Angst hatte, und wo er aus seinen Fehlern lernen muĂte.
- FĂŒr die VerschwĂ¶rungstheoretiker wird verraten, was der Bug mit Barack Obamas Geburtsurkunde zu tun hat.
Aller Wahrscheinlichkeit nach existieren immer noch hunderttausende nummernvertauschende Scankopierer. Euer Kommen ist wichtig.
Peter LaackmannAn entertaining, thrilling and educational journey through the world of chip preparation. Deep insight into amateur- as well as professional methods and equipment is given, for the first, most important steps for analysis and attacks on dedicated hardware.
Marcus Janke and Dr. Peter Laackmann focus on the first challenge a smart card hacker would encounter â the appropriate preparation of a microchip from its environment for further analysis and attacks.
The direct sight on microchips, especially on their secured variants, is not only impressive and informative, but will also open up interesting opportunities for various security attacks, like demonstrated in their 30C3 overview "25 Years of Smart Card Attacks".Therefore, useful ways of releasing the chips from their packages are needed in order to get access to the chip's surface without destroying the device.
The authors open up their bag of tricks, filled with physical and chemical methods that can be used to carefully liberate the silicon from its environment. These packages include smart cards, tags as well as standard packages for microcontrollers and special enclosures.
Creative methods for amateurs and inexpensive ways for "domestic use" are depicted, including the manufacture of specialized devices and the production of dedicated preparation chemicals. For comparison, professional methods are presented in parallel, giving insight into today's industrial processes of chip preparation for reverse engineering.
The authors look back to over 25 years of private security research and nearly 20 years of professional engagement. They held their first chipcard talks and workshops 1991-93 at the CCC congress in the EidelstĂ€dter BĂŒrgerhaus.
ElektraDie radikalen philosophischen Texte von Elektra W. haben das Ziel - seien wir offen und direkt - einen Headcrash des Ich-Erlebens herbeizufĂŒhren, das sich im Laufe unserer Enkulturation und Erziehung im Vorderlappen des GroĂhirns breit gemacht hat.
Andrea Behrendt - read & delete
SerenitĂ€t â Anleitung zum GlĂŒcklichsein
'Echtes Denken ist eine Sache, die das Gehirn selbstĂ€ndig per Autopilot erledigt.'
Der Vortrag bringt Texte aus dem Buch 'SerenitĂ€t â Anleitung zum GlĂŒcklichsein' der Edition 'Operation Mindcrash' zum Klingen. Elektra trĂ€gt die Texte vor, wĂ€hrend Andi B. auf dem Keyboard dazu improvisiert. Durch die Kombination von Text und Musik kann man entspannt zuhĂ¶ren und sich dabei in eine heitere, gelassene Stimmung versetzen lassen.
SerenitĂ€t â ein deutsches Wort, dass vermutlich aus der franzĂ¶sischen Sprache ĂŒbernommen wurde, ist heute vergessen. Es passt auch gar nicht so recht zur deutschen MentalitĂ€t. Ăberliefert ist, dass im 18. Jahrhundert im deutschen Sprachraum Personen hĂ¶chsten Respekts als 'Ihre SerenitĂ€t' angesprochen wurden, im Sinne von 'Ihre Erhabenheit' oder 'Durchlaucht'. Im FranzĂ¶sischen und Englischen ist der Begriff dagegen gelĂ€ufiger und bedeutet Heiterkeit, Gelassenheit, Erhabenheit, Klarheit, innere Ruhe, Frieden mit sich selbst.
Hinter dem Buch steckt eine radikale materialistische Philosophie ĂŒber das Gehirn und das Denken. Es geht um - oder besser gegen â die innere Narration der eigenen Heldengeschichte, durch die viele Menschen heute Ordnung in ihr inneres Erleben bringen wollen, indem sie sich selbst in ihrem Kopf eine Fabel, das MĂ€rchen ihres Lebens erzĂ€hlen.
Der Vortrag geht an die Wurzel des Strukturmodells der menschlichen Psyche. Assoziationen mit dem Science-Fiction-Klassiker 'Snowcrash' von Neal Stephenson sind nicht ganz zufĂ€llig, aber nicht beabsichtigt. Wer Angst davor hat, dass sich in seinem Leben etwas Ă€ndert, sollte diesem Programm besser nicht beiwohnen.
Zu Wort kommen auch Franz Kafka, Friedrich HĂ¶lderlin, Epikur, Julien Offray de La Mettrie, Jiddu Krishnamurti und Max Stirner. Vor allem letzterer hat es Elektra angetan. Ăber Stirner haben einige Philosophen gesagt, dass der Untergang des Menschengeschlechtes bevor stĂŒnde, wenn sich seine Gedanken gegen die Entfremdung der Menschen verbreiten wĂŒrden.
Um Kopfschmerzen oder Schlimmeres zu vermeiden, sollte man nicht ĂŒber den Inhalt des Vortrags nachdenken. Echtes Denken ist eine Sache, die das Gehirn selbstĂ€ndig per Autopilot erledigt. Machen Sie sich daher keine Sorgen! Nur echtes Denken hilft in Zeiten der Krise!
raichooIdris is a relatively young research programming languages that attempts to bring dependent types to general purpose programming. In this talk I will introduce the concept of dependent types and the Curry-Howard isomorphism and how these can be applied to prove properties about software and eradicate whole classes of bugs and security issues.
Programming with dependent types in Idris
Building robust software is a hard task these days. As software gets more complex it gets increasingly hard to reason about it, this leads to a larger attack surface for bugs and security flaws.
Some of these bugs can be completely eliminated with the introduction of type systems that keep our values at runtime in check. Type systems are in fact the most widespread mechanism to verify correctness properties of programs, with dependent types we take this to the next level.
In this talk I will introduce techniques for programming with dependent types as well as interaction with the programming language itself. Examples will present resource tracking in the type system e.g. tracking file handles and yielding compilation errors on resource leaks, modeling specifications of protocols as types and enforcing them.
Jimmy SchulzWe report about a LOAD e. V. study regarding data collection of cars, future developments of this technology field, how this data is accessed and secured and what the stakeholders (car manufacturers, car owners and users) positions are on this data gathering. In a summary we outline necessary consequences.
Dr. RĂŒdiger Hanig
The automobile as massive data gathering source and the consequences for individual privacy
We present a LOAD-study regarding car data. Aspects within the study are:
- Car data gathering today and expected developments,
- Data security and privacy of this data,
- Car manufacturers position regarding data ownership and access to this data,
- Survey results regarding current knowledge and understanding of car data gathering from car owners and users.
Aim of the study is to highlight current issues with car data gathering and outlining necessary consequences.
Ăber LOAD e. V. :
Das Internet ist ein Versprechen von Freiheit. LOAD ist der Zusammenschluss von Menschen, die sich gemeinsam fĂŒr den Schutz dieser Freiheit einsetzen. LOAD ist Denkfabrik und Interessenvertretung und fĂ¶rdert die aktuellen und zukĂŒnftigen NetzbĂŒrgerinnen und NetzbĂŒrger bei der Verwirklichung ihrer Grundrechte. Wir werden den gesellschaftlichen digitalen Wandel konstruktiv unterstĂŒtzen. Unsere Grundwerte sind Freiheit, Eigenverantwortung und das vorurteilsfreie Interesse an Neuerungen.
Sacha van GeffenReferring to the seminal talk Dymaxion gave at the closing of the NoisySquare at OHM in 2013. This talk will explore what has happened and what has not in the mean time on the "battle ground". An overview will be presented on the technical, legal, political and social battles going on and will provide pointers to further tactics. Finally we will look at how to make sure we keep ourselves safe and sane.
Long war tactics
In many ways people have tried to rise against the extensive spying and logging of the five eyes and their allies. This talk tries to summarize the actions that have happened in different domains.
From this we will look forward to things that need to be done, effective tactics that we have seen from other domains and how to rewrite the rulebook.
This talk is meant to keep morale up and celebrate some of our victories, while at the same time proposing some tactics for future victories.
Teja PhilippMr Beam was started as a hobby project aiming to get more experience in 3D printing. For fun we put it on Kickstarter and ended up in kind of a roller coaster.
Mr Beam goes Kickstarter
After many years as a all purpose developer in several startups, I decided to explore the shiny new world of 3D printing.
Laser cutting seemed to be cool, useful and fun. The idea of reusing a dvd burner laser was nice and budget saving, some weeks later the first prototype wrote "hello world" on a piece of wood.
After spending another two month of improvements two friends joined and the idea of kickstarting a mini series production was born.
Finally the Kickstarter campaign was the reason for a lot of travel: Erfurt, Berlin, Barcelona, Tiflis, Vienna, Rome, Austin, San Francisco. On the road were awesome highlights as well as deep depressions.
All in all we didn't get rich in the end, but we got lots of experience in many different areas.
We believe that crowdfunding is a huge opportunity to develop things that otherwise never would have been done. We are happy to share all the lessons learned on our way. Hopefully other projects cause less headache with this knowledge.
MeTaMiNd EvoLuTioNleading hackers and researchers
from the worldwide hackerspace,
universitiy, and DIY artist community,
explain current technological
possibilites in BCI,
and show ways
to use open source
hardware and software
for hackers, makers, artists,
personal development, citizen science,
providing a framework
for alternative culture and free expression
balancing the soon coming commercial expansion
in "Neurogaming", "Neuromarketing" and "eHealth"
talk will illustrate
the mutually beneficial relationship
between "hacking" and science,
with the example of hacking BCIs,
as well as an overview into the new field
of "BCI Mind-Hacking", such as exploiting
remote consumer Neuroheadsets,
and Data-Mining the human-brain
for sensitive data during casual use.
Open-BCI DIY-Neuroscience Maker-Art Mind-Hacking
the talk is envisioned with 3-4 speakers:
1 x hacker / artist / visionary (15 years chaos-angel)
1 x university BCI Phd-candidate (Neuroscience)
1 x electronics engineer working 40 years in EEG
and can therefore include
various aspects of this topic:
artistic, political, scientific,
technological, instructional, etc ...
+ + +
talk will also illustrate
the mutually beneficial relationship
between "hacking" and science,
with the example of hacking BCI systems.
+ + +
LINK: MeTaMiNd EvoLuTioN (facebook)
LINK: MeTaVoLuT1oN photo gallery
+ + +
Exploiting consumer brain-computer-interfaces
A talk about future applications of consumer EEG devices, reflecting security risks, such as ways to leak private user information (health conditions, PIN-codes, known people and locations, EEG biometrics), and how to avoid this from happening. We introduce different exploit approaches that also have been proposed by academia. We will evaluate security risks by considering a few, conceivable scenarios coming up the next decade.
Finally, a call for participation:
we would like to discuss a possible open-source platform to exchange EEG data anonymously, suggested neurofeedback protocols, as well as machine learning powered EEG pattern simulations, covering some of the most prominent cognitive processes.
~ ~ ~
we are from the original
non-commercial and fully
open-source project wWw.Open-BCI.ORG,
as has been present at congress since 2007,
and publicly introduced with a talk at 28C3:
LINK: 28C3 Open-BCI talk video
- - - -
+ + +
Danc und GruC
~MeTA | OfficerOfTheSpacestation c-base
web: wWw.MeTa-MiNd.dE | www.Open-BCI.org
Ange AlbertiniOld-school arcade games were so protected that hacking is the only way to preserve them before all boards are dead, and the games are lost.
Preserving arcade games
- an overview of famous old-school arcade games
- their incredible hardware
- the permanent piracy
- the awesome protections (designed to commit suicide !)
- what was required to preserve some of them from being lost for ever.
This talk is a homage to Michael Steil's Ultimate Commodore 64 presentation at 25c3: you should watch it, it's inspiring in content and quality !
Lior OppenheimTL;DR We unravel the story of a bug that would become one of the most important vulnerabilities released this year. Also, we have free cookies.
The findings we published earlier this year demystified the voodoo that is TR-069, demonstrated how mass pwnage can be achieved via server-side attacks, and proved the landscape is ripe for harvesting. We will continue where we left off to explore TR-069 client-side vulnerabilities; we analyze client implementations, pour some insight into mysterious results from our internet-wide scans, and follow to mass pwnage through remote code execution on millions of online devices. again.
Too Many Cooks - Exploiting the Internet-of-TR-069-Things
TR-069 is the de-facto standard remote management protocol that ISPs surreptitiously use to control consumer-premises equipment (these would be your home routers, set-top boxes, VoIP phones etc.), rumored to be a well-thought conspiracy devised by Internet Service Provider secret societies since the 17th century.
Since its establishment in 2004, there has been a growing trend of endorsement and deployment of the CWMP/TR-069 protocol in global carriers and service providers.
Despite the rising popularity of this black magic, it is often overlooked in penetration tests and security assessments of Internet gateway device attack surfaces, and wrongly so. Would they reconsider if they knew TR-069 the second most popular service openly listening on the Internet (after HTTP)?
This talk will begin by describing our previous efforts presented this summer (DEF CON 22 & more), where our group revealed critically vulnerable TR-069 server deployments and discussed the incomprehensible asymmetry between the trust instated in this protocol and the measures taken to protect it (or lack thereof).
Subsequently, we decided to go after clients â exposing a critical attack surface by design, listening on 0.0.0.0 with a publicly available IP address. While centralized servers are rather easily patched to close security holes, clients may take more effortâŠ
We will conclude with the shocking unveiling of one of the year's security stories, walking the audience through the discovery and exploitation of a memory corruption vulnerability in an extremely popular client implementation. Our weapon of choice this round would be embedded device reverse engineering (some soldering required), leading us all the way to remote code execution on millions of devices.
Ben DaltonThis talk asks how we might plan for the continuation of a privacy sustaining internet in light of growing trends in enforced identity checking and demonisation of everyday anonymity. It presents a 'free phonebox' project, which was tested at the FutureEverything art and technology festival in 2014, as an example of a social-technical system that promotes identity ambiguity in communication through the sharing of 'free' mobile phone minutes between strangers.
Superheroes Still Need Phoneboxes
The project presented in this talk uses a computer running debian to connect a USB handset to one of a number of 'donor' mobile phones by acting as a bluetooth handsfree headset to each of the mobiles. The project is based on No Hands a GPLv2 implementation of the Bluetooth HFP 1.5 Hands Free Protocol. A free phonebox that randomly assigns calls made to one of the participating mobiles nearby acts a little like a low-tech remailer (mix network node). Lending strangers your phone creates 'data chaff' that helps to muddy the call record metadata logs that otherwise tie your device to you as a form of identification and tracking. It provides (some) deniability for any calls made while nearby the phonebox. Borrowing a stranger's phone lets you call someone without revealing yourself through caller-id. The close range of bluetooth, imposes a geographic limit on users.
This talk considers why a project like a free phonebox may be useful in countering growing moves to criminalise anonymous communication. People generally see the 'free time' in their mobile cell phone call plans as something that belongs to them. Lending someone in need your phone is also seen as charitable and positive. Therefore, a system that shares phone minutes between strangers provides an easier forum for debate around preservation of anonymity in communication than a similar project lending wifi connectivity. Open wifi has been gradually characterised as a tool for malicious hackers, unethical pirates and tech-savvy criminals despite the significant advantages universal connectivity could offer. Historical examples of anonymising connectivity including phoneboxes and postal systems are discussed.
The public phonebox in particular has long been associated with elements of privacy, secrecy and anonymity. The physical box affords a semi-private space in a public setting. Sound is difficult to overhear, but the caller is still in view of those nearby. Phoneboxes have historically used an anonymous payment system of coins, and require no identity authentication for access. In many countries policies of regulating call costs and mandating maintained phonebox coverage have established phoneboxes as anonymous connectivity commons. Many accounts of phoneboxes in popular culture portray them as valued resources of personal independence. Phoneboxes often provide the backdrop for narratives of family contact, emergency assistance or first kisses. The cheap and near universal nature of the phonebox makes them a recognisable anchor of reliability in new situations and locations. I would argue it is no coincidence that Superman turns to the phonebox for a moment of privacy when changing from one pseudonym to another.
Ben Dalton is an artist and academic researcher trained in physics, electronics and communication design, who has worked on projects on distributed sensor networks and ubiquitous computing at the MIT Media Lab, USA, big screens and pocket screens in public space at Leeds Beckett University, UK, the aesthetic, ethical and spatial dimensions of the politics of data at the National Academy of Art & Design in Bergen (KHiB), Norway, and digital pseudonymity at the Royal College of Art, UK. He has presented recent work on identity and pseudonmyity at the Institute of Contemporary Art (ICA) London, Foundation for Art and Creative Technology (FACT) Liverpool, FutureEverything Manchester, Today's Art The Hague, Abandon Normal Devices Liverpool, World Wide Web Conference (WWW2013) Rio de Janeiro, Sensuous Knowledge Bergen, and Designing Interactive Systems (DIS) Newcastle.
Richard StallmanFor freedom in your own computer, the software must be free.
For freedom on the internet, we must organize against
surveillance, censorship, SaaSS and the war against sharing.
Freedom in your computer and in the net
To control your computing, you need to control the software that does it. That means it must be _free software_, free as in freedom. Nonfree software is inherently unjust, and nowadays is often malware too. We developed the GNU system as a way to avoid nonfree software on our computers.
That assumes you're running your own copy of the programs. That means shunning Service as a Software Substitute, where someone else's copy in someone else's server does your computing.
Beyond that, we face the danger of censorship, and surveillance both on and off the internet. Lurking behind them is the menace of the War on Sharing, the publishers' decades-long campaign to control what we do in our computers. Increasingly, computer hardware itself is becoming malicious.
This talk will discuss these threats and the possible solutions.
Frank RiegerAuch das Jahr 2014 geht irgendwann vorbei. Deshalb werfen wir einen Blick zurĂŒck auf die fĂŒr uns besonders relevanten Themen und versuchen abzuschĂ€tzen, was im Jahr 2015 auf uns zukommen kĂ¶nnte.
JahresrĂŒckblick des CCC
Katharina NocunDie Kritik am Freihandelsabkommen TTIP und CETA auf die ChlorhĂŒhnchen zu beschrĂ€nken, greift viel zu kurz. Denn bei den beiden Abkommen zwischen der EU und den USA und der EU und Kanada steht noch viel mehr auf dem Spiel. Egal ob Datenschutz, Demokratie oder Urheberrecht â Abkommen, an denen Konzerne unter Ausschluss der Ăffentlichkeit mitschreiben kĂ¶nnen, sind selten eine gute Idee. Sitzungsdokumente mit âunverbindlichenâ Lobby-VorschlĂ€gen und Leaks der Vertragstexte lassen wenig Gutes erwarten. Datenschutzstandards laufen Gefahr zu Handelshemmnissen erklĂ€rt zu werden. Konzerne pochen darauf, Staaten vor auĂerstaatlichen Schiedsgerichten auf Schadensersatz verklagen zu kĂ¶nnen. Was die BĂŒrger wollen, wurde im ganzen Verhandlungsprozess der beiden Freihandelsabkommen nicht einmal gefragt. Doch âKlicktivismusâ war gestern â neue Strategien und Tools halfen dabei, eine Welle des dezentralen Protests loszutreten.
Deine Rechte sind in diesen Freihandelsabkommen nicht verfĂŒgbar
Es blieb nicht bei Online-Appellen mit zusammen fast einer Million Unterzeichnern. Ăber das Netz wurden Flashmobs auf Wahlkampfevents der EU-Spitzenkandidaten organisiert. 6,5 Millionen âDenkzettelâ wurden vor der EU-Wahl bundesweit an TĂŒren gehĂ€ngt â koordiniert ĂŒber eine Software, die Verteilungsgebiete der Freiwilligen koordiniert. Ein breiter Protest sorgte dafĂŒr, dass TTIP zu einem der groĂen Themen im EU-Wahlkampf wurde.
230 Organisationen aus ganz Europa reichten im Sommer 2014 schlieĂlich eine gemeinsame europĂ€ische BĂŒrgerinitiative gegen TTIP und CETA bei der EU-Kommission ein. Ein europĂ€ischer Dachverband wurde gegrĂŒndet, eine Stelle ausgeschrieben und besetzt und fĂŒr die Fertigstellung der Open-Source-Software fĂŒr die gemeinsame Petition fehlten nur noch wenige Code-Zeilen. Die fĂŒr den Protest gegen TTIP und CETA entwickelten Petitions-Software soll auĂerdem auch fĂŒr zukĂŒnftigen BĂŒndnisse nutzbar sein.
Doch dann trat das Unvorstellbare ein: Die EU-Kommission will die EuropĂ€ische BĂŒrgerinitiative nicht zulassen. Doch die Bewegung gegen TTIP und CETA hat ihr Pulver noch lange nicht verschossen.
Wir zeigen, an welchen Stellen sich die Abkommen TTIP und CETA auf Netzpolitik, Datenschutz und Demokratie auswirken kĂ¶nnen, wie der kreative Protest sich mit digitalen Mitteln organisiert hat und und wie andere Kampagnen von diesen Erfahrungen mĂ¶glicherweise profitieren kĂ¶nnen â und selbstverstĂ€ndlich auch, was die nĂ€chsten Schritte sein werden.
Ian GoldbergIn the wake of the Snowden revelations and the explicit targetting of address book and buddy list information, social service providers may wish to actively avoid learning which of its users are friends. In this talk, we will introduce the workings of a surprising technology called private information retrieval, or PIR. Then, we will describe its use in DP5, a new suite of privacy-preserving presence protocols that allow people to determine when their friends are online (and to establish secure communications with them), without a centralized provider ever learning who is friends with whom.
DP5: PIR for Privacy-preserving Presence
- Nikita Borisov, University of Illinois at Urbana-Champaign
- George Danezis, University College London
- Ian Goldberg, University of Waterloo [currently on sabbatical at the
University of Cambridge]
"We kill people based on metadata."
— General Michael Hayden
People like to know when their social contacts are online. Typically, this is done by a central server keeping track of who is online and offline, as well as of the complete friend graph of users. However, the Snowden revelations have shown that address book and buddy list information is routinely targetted for mass interception. Hence, some social service providers, such as activist organizations, do not want to even possess this information about their users, lest it be taken or compelled from them.
Private information retrieval, or PIR, allows clients to download information from online databases without revealing to the database operators what information is being requested. In this talk, we will introduce the workings of this counterintuitive technology. Then, we will describe its use in DP5, a new suite of privacy-preserving presence protocols that allow people to determine when their friends are online (and to establish secure communications with them), without a centralized provider ever learning who is friends with whom.
Nikita Borisov is an Associate Professor of Electrical and Computer Engineering at the University of Illinois at Urbana-Champaign. His research focuses on privacy and anonymity of online communications, as well as protecting the Internet from censorship. With Goldberg, he invented the Off-the-Record Messaging; his research has also influenced the design of the Tor network and the 802.11 security suite.
George Danezis is a Reader in Security and Privacy Engineering at University College London (UK). In the past he has been doing security research at the University of Cambridge, KU Leuven and Microsoft Research. His research focuses on designing and analysing the privacy properties of anonymous communications systems, doing traffic analysis and understanding privacy technologies. He was the co-designer of the Mixminion remailer protocol, and proposed some of the first indirect traffic analysis, and DoS-based attacks against Tor.
Ian Goldberg is an Associate Professor of Computer Science at the University of Waterloo, currently visiting the University of Cambridge. His research focuses on developing usable and useful technologies to help Internet users maintain their security and privacy. Once the Chief Scientist and Head Cypherpunk of Zero-Knowledge Systems, he is currently the chair of the board of directors of the Tor Project, Inc., one of the inventors of Off-the-Record Messaging, and a winner of the Electronic Frontier Foundation's Pioneer Award.
Trammell HudsonIn this presentation we demonstrate Thunderstrike, a vulnerability that allows the installation of persistent firmware modifications into the EFI boot ROM of Apple's popular MacBooks. The bootkit can be easily installed by an evil-maid via the externally accessible Thunderbolt ports and can survive reinstallation of OSX as well as hard drive replacements. Once installed, it can prevent software attempts to remove it and could spread virally across air-gaps by infecting additional Thunderbolt devices.
Thunderstrike: EFI bootkits for Apple MacBooks
It is possible to use a Thunderbolt Option ROM to circumvent the cryptographic signature checks in Apple's EFI firmware update routines. This allows an attacker with physical access to the machine to write untrusted code to the SPI flash ROM on the motherboard and creates a new class of firmware bootkits for the MacBook systems.
There are neither hardware nor software cryptographic checks at boot time of firmware validity, so once the malicious code has been flashed to the ROM, it controls the system from the very first instruction. It could use SMM and other techniques to hide from attempts to detect it.
Our proof of concept bootkit also replaces Apple's public RSA key in the ROM and prevents software attempts to replace it that are not signed by the attacker's private key. Since the boot ROM is independent of the operating system, reinstallation of OS X will not remove it. Nor does it depend on anything stored on the disk, so replacing the harddrive has no effect. A hardware in-system-programming device is the only way to restore the stock firmware.
Additionally, Thunderbolt devices' Option ROMs are writable from code that runs during the early boot and the bootkit could write copies of itself to new Thunderbolt devices. The devices remain functional, which would allow a stealthy bootkit to spread across air-gap security perimeters through shared Thunderbolt devices.
While the two year old Option ROM vulnerability that this attack uses can be closed with a few byte patch to the firmware, the larger issue of Apple's EFI firmware security and secure booting with no trusted hardware is more difficult to fix.
Stefan WehrmeyerDie interessantesten IFG-Geschichten des Jahres mit Anfragen und Ablehnungen, Klagen und Kampagnen. AuĂerdem: wie wir mit Hilfe des Journalismus der Informationsfreiheit neuen Antrieb geben werden!
IFG â Mit freundlichen GrĂŒĂen
Nach dem VerĂ¶ffentlichen eines Dokuments auf dem 30C3 fing 2014 fĂŒr FragDenStaat.de mit einer Abmahnung und mehreren AntrĂ€gen auf einstweilige VerfĂŒgung an. Der erste Rechtsstreit âBundesrepublik Deutschland gegen FragDenStaat.deâ!
Einige weitere schĂ¶ne Geschichten rund um das Informationsfreiheitsgesetz veranschaulichen den Zustand des IFG unter der neuen Bundesregierung und der neuen Informationsfreiheitsbeauftragten.
AuĂerdem mĂ¶chte ich die ersten Ergebnisse der Kooperation zwischen FragDenStaat.de und dem gemeinnĂŒtzigen RecherchebĂŒro Correctiv.org vorstellen, die Informationsfreiheit bekannter und schlagkrĂ€ftiger macht.
Leslie Dunton-DownerJune 5, 2014 marked one year since leaks by NSA whistleblower Edward Snowden began to be introduced to a worldwide public. On this date, transmediale teamed up with N.K. Projekt and Leslie Dunton-Downer, 2014 fellow at The American Academy in Berlin, for the Magical Secrecy Tour, a bus journey exploring Berlin as the global capital of informed response to mass surveillance. This inside look at the project features first-ever screening of footage shot by filmmaker Simon Klose (TPB AFK) for his documentary about the tour.
The Magical Secrecy Tour
Netanel Rubintl;dr EXPLOIT ALL THE PERL.
We chained several of Perlâs ridiculous syntax quirks in order to create a surprisingly powerful attack, bringing down some of the most popular Perl-based projects in the world to their knees. Brace yourselves, RCE exploits are coming.
The Perl Jam: Exploiting a 20 Year-old Vulnerability
Deemed âthe write-only programming languageâ by many, Perl has well-served its purpose as a successful subject for less successful programmer jokes. Itâs self-obfuscating âTMTOWTDIâ syntax is one of the top reasons for sysadmin PTSD, nervous breakdowns, and marriage problems.
This talk will spawn a wormhole 20 years into the past, and dive into some of the more hazardous and fundamental language quirks (WAT-style), walking the audience through the discovery of vulnerable core modules and the implementation of a new exploitation technique (branding and logo included!). Using this technique, we unleash a Pandoraâs box of exploits to vulnerabilities hidden under the surface for years, in some of the most popular Perl-based projects in the world. Hilarity ensuance guaranteed.
Tonimir KisasondiThis talk will show a new method for password cracking called UNHash. UNHash as a tool uses rulefiles that are something in between of a DSL (Domain specific language) and a python script to describe the password cracking process. This talk will show how to mix web service abuse, knowledge of human nature and data mining to enable far better attacks against passwords. We will be focusing on a few features: cracking default passwords on network systems with minimal effort, testing for embedded backdoors and offline attacks by data mining and modeling about 33 million user account to gain insight in how users choose their passwords and how can we use that knowledge to speed up password cracking for 20% more gain for non pseudorandom passwords.
UNHash - Methods for better password cracking
This talk will show a new method for password cracking called UNHash. UNHash as a tool uses rulefiles that are something in between of a DSL (Domain specific language) and a python script to describe the password cracking process. That way, we have the possibility to describe complex password cracking rules that contain dictionaries, rules, bruteforcing, joining, combining and other patterns in a language that is easily human readable and extensible. To stop reinventing the wheel, UNHash generates candidate passwords for john the ripper, hashcat or a lot of other tools that can read stdin.
The usage of "slow" hashes like bcrypt and scrypt will require us to try a smaller quantity of possible passwords, but with more detailed targeting. The concept behind UNHash is to enable such attacks against modern slow hashes or to enable better targeting and be faster and easier then traditional methods.
To make use of the new "language", we need set of rules. To generate rulesets, we will show a new machine learning algorithm that can analyze plaintext passwords and generate rules for UNHash. The machine learning algorithm shows a classifier network heuristic that we call the sieve algorithm that can classify passwords and show how users generate their passwords. Training the classifier on about 30+ million unique passwords, can yield interesting rules that describe how users pick their passwords.
Since we are already classified passwords, why not use the effort to collect all password elements like words (and see which languages do they belong), strings, numbers and mutations so we can use that as a cornerstone for a new set of dictionaries. Since we already said said that we want to identify words and their languages, we needed to create a linguistic dictionary for word the use in the classifier algorithm. We will show how to create custom dictionaries for various languages or from a specific domain by parsing wikipedia database backups or by abusing really popular web services.
A small portion of the talk will show why it is useful to scrape password dumps or obtain them via low interaction honeypots in order to collect known backdoor passwords.
We will skip the science and get to the practical part - How can you use UNHash for better password cracking and how to implement more classifiers so we can have a better models of how users create their passwords.
Walter van HolstThis speech about how the hacker scene is failing its own ideals and what questions must be addressed to make a real difference.
Infocalypse now: P0wning stuff is not enough
Every year Chaos Congress is a venerable display of ingenuity in the hacker scene. Every year there are more visitors, more and often better talks on security issues, society, culture and technology in general. At the same time the social and political clouds that appeared on the horizon are now overhead and are even darker than expected. Discussing last year's big exploits and congratulating each other on our ingenuity in finding them is not enough. We have to wipe the smug grins from our faces and take a long hard look into the mirror. Because there are several questions that are often unasked because we may not have the answer to them. Not solving these puzzles also means that we cannot prevent the infocoalypse of big data, the internet of things, the military-industrial-surveillance complex as well as organised crime mucking up our lives. So let us talk about our failures to:
- explain general purpose computing to laypersons;
- preventing security weaknesses from happening;
- articulate security risks to everyday people and politicians alike;
- educate fellow tech people about them,
And why they are failures and why there is an urgent need to fix them.
JĂ¶ran MuuĂ-MerholzBeim Googlequiz spielen max. 7 Teams mit je max. 7 Spielern gegeneinander. Sie dĂŒrfen dabei nicht Google benutzen. Es ist eine recht spaĂorientierte Angelegenheit, so dass auch Zuschauer willkommen sind.
Googlequiz â 2015er Edition
Beim Googlequiz werden Aufgaben gestellt, fĂŒr die man im Kopf bzw. im Team LĂ¶sungen sucht. Google oder ĂŒberhaupt das Internet darf dafĂŒr nicht genutzt werden. Vorkenntnisse braucht man nicht.
Das Googlequiz war 2014 schon ziemlich gut.
FĂŒr 2015 bauen wir eine komplette Neuauflage.
Die Vorbilder, von denen die 2015er Edition inspiriert ist, heiĂen: Der Preis ist heiĂ, GlĂŒcksrad, Eins-Zwei-oder-Drei, Familienduell, Ruck-Zuck, Wikipedia.
Die Dinge, die beim #30c3 neu und gut waren, werden ausgebaut: laute, irritierende Musik sowie laute, irritierende Luftballons.
Erich Moechel - Station VIENNA in der US-Botschaft 1090 Wien
- VIENNA ANNEX beim UNO-Sitz in Wien 1220
- Legacy Standort âNSA-Villaâ Wien 1180
- Relaystation Exelberg,Breitbandnetz von NSA/SCS ĂŒber Wien
- Equipment und Funktion der FORNSAT-Station KĂ¶nigswarte.
NSA Points of Presence in AT
Die weitaus grĂ¶Ăte Installation der US-Dienste befindet sich auf der KĂ¶nigswarte an der slowakischen Grenze. Zu Zeiten des Kalten Kriegs diente die KĂ¶nigswarte den Allierten als vorgeschobener Horchposten am Eisernen Vorhang bei Hainburg, um analoge Funkstrecken der Telekoms und militĂ€rische Kommunikation im Ostern abzuhĂ¶ren. Ab 2001 begannen neue, andersartige Antennen auf dem Areal der KĂ¶nigswartezu wachsen, enorme Parabolspiegel, die gen Himmel gerichtet sind. Die grĂ¶Ăten dieser Hochleistungsspiegel haben einen Durchmesser von mehr als zehn Metern, mittlerweile sind es 18 StĂŒck, die allesamt zivile Kommunikationsatelliten anvisieren. Unter der KĂ¶nigswarte befindet sich ein enormes subterranes Rechenzentrum, das geht aus den Luftaufnahmen eindeutig hervor. Dazu wurde eine weitere, bis dato nicht dokumentierte US-"Kommunikationsstation" am Dach eines Hochhauses direkt neben der UNO-City entdeckt. Beide finden sich unter ihren Decknamen in den von Edward Snowden geleakten Dokumenten. Welche Art von Daten an diesen und den anderen Standorten - US-Botschaft in Wien und "NSA-Villa" - abgefangen, verarbeitet und abtransportiert werden lĂ€sst sich nun bereits abschĂ€tzen.
Andreas DewesI will explain why quantum computing is interesting, how it works and what you actually need to build a working quantum computer. I will use the superconducting two-qubit quantum processor I built during my PhD as an example to explain its basic building blocks. I will show how we used this processor to achieve so-called quantum speed-up for a search algorithm that we ran on it. Finally, I will give a short overview of the current state of superconducting quantum computing and Google's recently announced effort to build a working quantum computer in cooperation with one of the leading research groups in this field.
Let's build a quantum computer!
Google recently announced that it will partner up with John Martinis -one of the leading researchers on superconducting quantum computing- to build a working quantum processor. This announcement has sparked a lot of renewed interest in a topic that was mainly of academic interest before. So, if Google thinks it's worth the hassle to build quantum computers then there surely must be something about them after all?
With this talk, I want to provide a better understanding of why quantum computing is interesting and how we might actually build a working quantum computer one day. As an example, I will discuss the two-qubit chip that I built during my PhD thesis as a realization of a basic, functional two-qubit quantum processor. I will explain the building blocks of this processor and show how we can manipulate the qubits, read out their state with high fidelity and couple them to each other in order to realize two-qubit gate operations.
I will then show how we used this processor to demonstrate the concept of "quantum speed-up" by implementing and running the so-called Grover quantum search algorithm on it.
Finally, I will give a brief overview of the current state of quantum computing and explain the (likely) approach followed by Google and John Martinis to realize a working, large-scale quantum processor, as well as some problems they will have to overcome on their way.
Julia RedaAfter years of debate, EU copyright law is finally being revisited. The Commission will present a proposal for reform within 4 months of 31c3. And it's high time: There has never been a bigger discrepancy between the technical feasibility to share information and knowledge across all physical borders and the legal restrictions to actually do so. This talk outlines the unique opportunity and the challenge to bring copyright into the 21st century that lies in front of us. Hackers ensured that people were heard during last winter's public consultation. Can they now also ensure a progressive outcome of the reform process?
When copyright was last reformed on an EU level, YouTube and Facebook didn't exist, smartphones were unheard of. Last winter, the European Commission finally started a public consultation aimed at identifying all the ways in which the current copyright regime has been outdated by technological developments. Through projects such as Copywrongs.eu, which was developed at a workshop at 30c3, activists took it upon themselves to open the consultation to a wider audience and ensure that end users were heard. The tools they developed for that purpose, published under free licences, were even picked up by collecting societies to mobilise their members for replying to the consultation. The resulting over 9000 responses, half of which came from end users, reveal a deep divide: Individuals, cultural institutions such as libraries and scientists are calling for Europe-wide reform, whereas rightsholders are trying to defend the status quo. But the answers also point at some surprising similarities in the views of some respondents that can lead to new alliances and a copyright reform that truly finds a balance between competing societal goals.
The new EU commission was tasked by their president to present a proposal for copyright reform within 4 months of 31c3. After years of debate, 2001's copyright directive is finally being revisited. Promisingly, the mandate for copyright legislation in the new Commission has been moved from a directorate concerned mostly with economic issues to the one for âDigital Society & Cultureâ. The last Commissioner responsible for this field, Neelie Kroes, ended her mandate with a passionate call for copyright reform, describing the current legal framework in the EU as "fragmented, inflexible, and often irrelevant".
But what can we expect from the responsible Commissioner Guenter Oettinger, who's clearly not a digital native, and who has to answer to Commission Vice-President Andrus Ansip, formerly a fervent supporter of the Anti-Counterfeiting Trade Agreement ACTA? I'll explain what the new structure of the Commission means for copyright reform, who the players are, the expected timeline, what we may hope to achieve and how you can help ensure an ambitious, progressive and user-friendly outcome. This talk is also a call for hackers to involve themselves in traditional arenas of policy-making and to become more political in their demands and activities.
RenĂ© FreingruberEMET (Enhanced Mitigation Experience Toolkit) is an application which can be used to further harden a Windows system by adding additional security protections to running processes. These protections include several ROP (Return-Oriented-Programming) checks, shellcode detection mechansims, heap-spray mitigations and many more.
The talk covers techniques to bypass EMET 5.1 (the current version) and shows the audience how hard/easy it is for an attacker to accomplish this.
EMET 5.1 - Armor or Curtain?
The Enhanced Mitigation Experience Toolkit (EMET) is an application developed by Microsoft which adds an additional layer of security to applications to prevent attackers exploiting vulnerabilities in them.
It can be used to globally enable system mitigation techniques such as Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP) or Structured Exception Handler Overwrite Protection (SEHOP). In addition special per-process protections can be added such as various Return-Oriented-Programming (ROP) protections (LoadLibrary, MemProt, Caller, SimExecFlow, StackPivot), Export Address Table Access Filtering (EAF and EAF+) to prevent execution of shellcode, pre-allocations to defeat heap spraying and kernel exploitation, additional randomization (bottom-up randomization and mandatory ASLR) and advanced mitigations (deep hooks, anti detours and banned functions) to prevent different types of attacks.
If an application supports DEP together with full ASLR the difficulty to write a reliable exploit increases dramatically. The typical approach to defeat DEP is to use ROP to disable it. ROP builds on the idea to return (or jump) to small so-called gadgets (which are equal to already existing code from the code-section which end with a return or jump instruction) to chain these gadgets together to build new logic (like logic to disable DEP). If ASLR is supported by all modules of the application this approach can't be applied because the address of such gadgets is randomized by ASLR and thus unknown by the attacker. In such a case the vulnerability must be turned into an information disclosure vulnerability to first disclose an address to defeat ASLR. Techniques to accomplish this (e.g. partial overwrites, overwriting the length field of strings, ...) have already been discussed in the past and thus will not be focus of this talk.
Instead further techniques will be discussed which can be used to bypass the additional per-process protections of EMET. To apply these techniques a vulnerability which allows code execution as well as leaking information (to bypass ASLR) is required. These requirements are satisfied per default because otherwise writing an exploit for a not-EMET protected application would be impossible.
The aim of this talk is to demonstrate new and more reliable exploitation techniques as well as discussing in which situations already existing techniques can be applied in a reliable way.
An important approach of exploit developers is to write bypasses in a way that they can easily be ported to other exploits. For example, if a technique requires jumping to already existing code a dumb approach would be to build it application specific. Instead the technique can be built on top of the EMET library which gets injected into all protected applications and thus is a good target to minimize work load because the code for the bypass must only be written one time. To apply such techniques various methods to identify the presence, retrieving the imagebase as well as the version of EMET will be shown.
EMET also supports none memory corruption related protection techniques (like Attack Surface Reduction ASR and certificate pinning), however these will not be discussed during the talk because the focus of the talk is on memory corruption exploitation (e.g. buffer overflows, use-after-free bugs, type confusion attacks and so on).
All techniques are implemented and demonstrated in a real-world Firefox exploit. Even if the vulnerability is older (we at SEC Consult don't want to publish reliable working exploit code for applications which are still in-use these days) it is a very interesting vulnerability to study and together with a highly configurable exploit it's easy to see the different techniques in action. The exploit works reliable against any Windows operating system (Windows XP, Windows Vista, Windows 7, Windows 8, Server 2003, Server 2008, Server 2012, ...), on 32-bit as well as on 64-bit architectures and is able to bypass EMET in all versions (EMET 4.1, 5.0 and 5.1) with all protections enabled.
Microsoft as well as other vendors typically suggest as a workaround for new memory corruption vulnerabilities to install EMET to protect the application. The aim of the presentation is to show the audience that attackers can still exploit such protected applications by using one of the many existing techniques.
We at SEC Consult do not believe in putting additional security layers like EMET, DEP, ASLR, application firewalls and so on on top of applications. Rather we demand from software developers and especially from the software industry itself to focus on secure software development instead of forcing their customers to create a chain of security layers to protect their software product.
Protections such as EMET, DEP and ASLR are useful to add an additional hurdle for attackers but are not unbreakable.
Michael BĂŒkerAn overview of 70 years of nuclear weapons, focusing on some of the underlying physics, the international politics that surround the topic, modern technology for nuclear weapons detection and monitoring, and what everyone can do to help nuclear disarmament.
What Ever Happened to Nuclear Weapons?
With the end of the Cold War, the sense of imminent danger from nuclear weapons quickly faded. But the weapons never went away: Today, half the world's population lives in countries with nuclear weapons. Roughly 15,000 nuclear warheads, each powerful enough to destroy a city, are in the hands of nine countries.
The most important international treaty on nuclear weapons states that only five countries can âlegallyâ have them. But over the last 50 years, eight other countries have come into their posession, four of which are established nuclear powers today. How did that happen?
Moreover, nuclear tests of different kinds are banned by a multitude of international treaties. An impressive global measurement network of hundreds of seismic, hydroacoustic, infrasound and radionuclide measurement stations has been set up to detect nuclear tests. However, a treaty to finally ban all sorts of nuclear explosions, signed by 183 countries, is on the brink of failing. What is up with that?
This talk aims to provide a broad physical, technical and historical overview of the topic of nuclear weapons, and explain where international politics and verification technology stand today.
Natalia LukaszewiczThe Maker movement and patent law are like two planets moving on the orbit of innovations. Occasionally, they collide âŠ because the Maker planet moves too fast.
But, back on the Earth. Encounters with patent law can be of many reasons, e.g. filing a patent application or being blocked in making by a patent (or much worse, being accused of a patent infringement). The latter motivated the question of the permissible uses of patented inventions. The talk explains which activities on patents are lawful and keep Makers safe in their making.
The Maker movement meets patent law
The Maker Movement does not need to be presented. Even the White House has expressed its gratitude and admiration for individual inventors â single heroes; and the World Bank has recognised their potential.
But the daily life of Makers is not (always) that sweet and victorious. As they get more technologically advanced, they face new challenges: financial, resource-related or legal.
The project focuses on the legal aspects, specifically on patent law. There are two ways Makers meet with patents: 1) they want to obtain a patent for their solution, 2) they get confronted with a patent infringement claim. The latter led to the question of the efficacy of patent flexibilities (âpatent windowsâ) that reduce the patent exclusivity over the use of an invention. They provide both the freedom to operate and enable defence in patent infringement lawsuits.
The project also contributes to the ongoing discussion on the reform of patent law, and suggests the re-consideration of certain legal tools in the light of the Maker phenomenon.
Beyond any doubt, Makers deserve special attention in the legal field for a number of reasons:
1) their technological contributions,
2) popularisation of democratic ideas: participation, trust and responsibility,
3) for making a part of this world better.
(The patent system shared once the same principles âŠ before it has changed into a money-making machine.)
The reference point for the research is collective making: when an idea leaves the safe private harbour (adverbial basements and garages) and enters open waters of knowledge dissemination and commercialisation, where a patent infringement may easily occur. Against this background I analyse the scope of patent windows (statutory provisions and doctrines) stipulated in four legal systems: Germany, the UK, the USA, and Japan. I present the main construction lines and apply them to the Maker environment. There are measures, e.g. private and non-commercial use or experimental use, that work in âmakingâ but under certain reservations.
The talk serves advising and increasing the awareness of the scope of the permissible uses on patented solutions.
Anja DrephalDuring World War I, homing pigeons were used to carry messages and take photographs over enemy territory. Today, experiments are being conducted to remote-control insects for similar purposes.
This talk intends to give an overview of 100 years of living drones, speculate on future developments in the field, and question the ethical implications of the practice.
Long before man-made aerial vehicles were invented and perfected, pigeons have been employed to carry messages over long distances. Their homing instinct, the ability to find their way back to their home loft from as far as 1,000 miles away, has been known and used by mankind since ancient times. While regular pigeon post had been established since the Middle Ages, it was during World War I that pigeons were used extensively for military purposes: radio communication was still crude and unreliable, but pigeons were fast and dependable means of delivering messages from behind enemy lines. With the advancement of photography, they were even employed as aerial surveillance drones, equipped with small automatic cameras.
Although the US and British armies disbanded their pigeon sections in the 1950s, carrier pigeons are being used for communication purposes until today.
Taking the idea of connecting flying animals with communication technology one step further, as of 2014, experiments are being conducted in wiring and remote-controlling moths, effectively turning them into biobots to be used for search and rescue missions â and possibly for military and surveillance purposes?
Will ScottThis talk will reflect on teaching Computer Science in Pyongyang over the last two years, and look at how technology has been integrated into civilian life in the DPRK. Remaining an extremely isolated country, many people would be surprised to hear that cellphones have become commonplace within the capitol, let alone that the country invests in custom hardware and software. I'll talk through the current state of desktop and mobile technology in pyongyang, and what's changing.
Computer Science in the DPRK
From redstar OS, a custom redhat-derived linux desktop and server environment, to the arirang cellphone and tablet, technology in the DPRK is different from what you are likely to see anywhere else in the world. Most systems are not widely available, and exist as much in rumor as reality. Partially from language barrier, and partially due to restrictive import, export, and communication policies, there are large gaps and large amounts of misinformation around most aspects of the country.
I've spent the last two falls teaching Computer Science, specifically Operating Systems and Databases, to undergraduates at the Pyongyang University of Science and Technology. In the course of life in Pyongyang, I've been able to observe the growing prevalence of mobile technology, and get a firsthand look at the state of consumer technology in the country.
In this talk I'll provide a demonstration of redstar 3.0, the current generation of the desktop operating system, and offer the caveat that it is seldom used in practice. I will also bring a samjiyong android tablet, to demonstrate the state of mobile technology. I'll focus the talk on discussing what international technology is and isn't applicable to the country, and the opportunities going forwards.
Maria XynouHave you ever wondered who is watching while you are reading your favourite media online?
Whether we are reading the Guardian, the New York Times, the Hindu or any other news website, third party trackers are collecting data about our online behaviour.
This lecture will present Tactical Tech's new project, Trackography, which shows that we are all part of a global tracking business.
Claudio àż vecna
When we access websites, third parties are able to track our online behaviour, aggregate our data, link it to other data collected about us and subsequently create profiles. These profiles tell a story about us â which may or may not be true - and can include our political beliefs, gender, sexual orientation, economic status, habits, interests, affiliations and much more.
And while this might all appear to be harmless, we largely have very little control over how and when our data is collected, how our profiles are created, whether they are accurate, who they are subsequently shared with, who has access to them, what they are used for, where they are stored and for how long.
The global data industry has been very opaque... until now.
Trackography illustrates which companies track our data when we read the news online, which countries our data travels to and how our data is handled everytime we access a media website within a period of time.
We developed Trackography to increase transparency about the data collection industry. We hope it will start a discussion on unseen and unconsented data collection and on the politics of data.
Come to our lecture, learn about Trackography and help us track the trackers!
KĂ©vin RedonHow do garage gate remotes work?
It turns out the ones from MegaCode simply send a individual fixed code.
And with little efforts if was possibly to clone them, send arbitrary codes, and record them all.
MegaCode to facility gates
Garage gate remotes are not particularly well known for their security. And cloning them generally isn't a difficult task.
The MegaCode system from Linear LLC is no exception to it.
It did not take long to find out each remote sends a unique but fixed code over the radio interface. The rest was straight forward: record the signal using a Software Defined Radio, decode the signal, modify another remote to send this code, modify a receiver to collect even more codes, and record even more codes.
In this talk I will show how this simple system was reverse engineered. If you always wanted to play with software defined radio, electronics, micro-controllers, or solder components but you had no idea where to start, or thought that it would be to complicated because these are unknown grounds, this should motivate you. The tools and techniques are accessible for newcomers and should motivate you to also start playing with hardware.
Matthias Herz"Vertrauen ist gut - Kontrolle ist besser." Dieses Idiom gilt mehr denn je, sofern man die AktivitĂ€ten von Geheimdiensten bewerten mag. Wie seit einiger Zeit bekannt ist, ist die MĂ€r der massenhaften Ăberwachung des Einzelnen RealitĂ€t. Ob und inwieweit dies Auswirkungen auf die RealitĂ€t des Einzelnen hat, steht im Fokus der vorliegenden Studie.
Snowden Effect vs. Privacy Paradox
Der NSA-Skandal hat gerade in der jĂŒngeren Vergangenheit gezeigt, dass konkrete Einstellungen zu Ăberwachung, Internetnutzung und Datensicherheit globale Themen sind, die gerade im Lichte der EnthĂŒllungen Edward Snowdens vielfach eine Neubewertung erfahren. Aktuelle Studien zeigen, dass der NSA-Skandal die Einstellung von Internetnutzern zu diesen Themen, insbesondere in den Bereichen Online-Shopping, Cloud-Computing, E-Government und Sozialen Online-Netzwerken verĂ€ndert hat. (BITKOM, 2013; Fittkau & MaaĂ, 2013; Fritz, 2013; Krempl, 2013; Wilkens, 2013).
Die vorliegende Studie nutzt ein Multimethoden-Design, um Einstellungen hierzu und um das Nutzungsverhalten von Facebook-Nutzern zu analysieren. Dabei stehen u.a. generationale Effekte und unterschiedliche Nutzertypen im Fokus. Ziel der Studie ist es zu ermitteln, ob mit zunehmendem Wissen ĂŒber Ăberwachungspraktiken eine VerĂ€nderung des Nutzungsverhaltens in Sozialen Online-Netzwerken einhergeht, oder: Ob gegenwĂ€rtig der Snowden-Effekt oder die Manifestation des Privacy Paradox zu beobachten ist.
Eric WustrowFull-body scanners, also known as "naked scanners", are used in airports and other government facilities to detect metallic and nonmetallic objects hidden beneath people's clothes. In many countries, they play a critical part in airline security, but they have also been criticized for being unsafe, ineffective, and an invasion of privacy. To shed scientific lights on these questions, we conducted the first rigorous, independent security evaluation of such a system. We bought a government-surplus Rapiscan Secure 1000 full-body scanner on eBay and extensively tested it in our lab. We found that it's possible to conceal knives, guns, and explosives from detection by exploiting properties of the device's backscatter X-ray technology. We also investigated computer security threats: malicious software and hardware that can compromise the effectiveness, safety, and privacy of the machine. In this talk, we'll explain how full-body scanners work, describe the results of our experiments, and draw lessons to inform transportation security, embedded systems security, and the public debate over secretive and privacy invasive government technologies.
Security Analysis of a Full-Body X-Ray Scanner
In response to evolving terrorist threats, including non-metallic explosive devices and weapons, the U.S. TSA has adopted full-body scanners as the primary passenger screening method at nearly 160 airports nationwide at a cost exceeding $1 billion. Although full-body scanners play a critical role in transportation security, they have generated considerable controversy, including claims that the devices are unsafe, violate privacy and civil liberties, and are
ineffective. Furthermore, these scanners are complex embedded systems that raise important computer security questions.
Despite such concerns, neither the manufacturers nor the government have disclosed enough technical details to allow for rigorous independent evaluation, on the grounds that such information could benefit attackers, or is a trade secret. To help advance the public debate, we purchased a government-surplus Rapiscan Secure 1000 full-body scanner and performed a detailed security evaluation of its hardware and software.
We tested the Secure 1000's effectiveness by experimenting with different methods of concealing contraband. While the device performs well against naive attackers, fundamental limitations of its backscatter X-ray technology allow more clever attackers to defeat it. We show that an adaptive adversary can confidently smuggle contraband past the scanner by carefully arranging it on his body, obscuring it with other materials, or properly shaping it. Using these techniques, we are able to hide firearms, knives, plastic explosive simulants, and detonators in our tests. These attacks suggest a failure on the part of the Secure 1000's designers and the TSA to think adversarially.
We also evaluated the security of the Secure 1000 as a cyberphysical system. We show how malware infecting the operator's console could selectively render contraband invisible to screeners. We also attempt (with limited success) to use software-based attacks to bypass the scanner's safety interlocks and deliver an elevated X-ray radiation dose. Lastly, we show how an external device carried by an attacker can capture naked images of the subject being scanned.
Our results suggest that the Secure 1000 is not able to guarantee effectiveness or privacy against attackers who are knowledgeable about its inner workings, and that such knowledge is easy to obtain for an attacker with modest resources. We believe this study reinforces the message that security systems must be subjected to testing that is rigorous, adversarial, and public before they can be deemed safe for critical applications.
Warning: Nudity. We plan to show unmodified scanner images in order to demonstrate the privacy implications of full-body scanning.
TheresaLightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick!
Lightning Talks Day 3
Philipp Jovanovic"Nearly all of the symmetric encryption modes you learned about in school, textbooks, and Wikipedia are (potentially) insecure." -- Matthew Green
In recent history, we saw time and again (to some extent catastrophic) failures of cryptographic constructions for authenticated encryption (AE) due to bad design choices, implementation errors and a lack of reliable standards. After an introduction providing some background information on these topics, we present CAESAR, a new cryptographic competition which aims to find solutions to the problems mentioned above. In the second part of the talk, we introduce NORX, a new and next-generation AE scheme and our candidate for CAESAR.
CAESAR and NORX
CAESAR is the Competition for Authenticated Encryption: Security, Applicapility, andRobustness, and the latest crypto contest after AES, eSTREAM, SHA-3, and PHC. CAESAR aims to identify a portfolio of authenticated encryption (AE) schemes with support for associated data (AD). Compared to ciphers like AES-CBC or Salsa20, protects not only confidentiality, but also authenticity and integrity of the processed data. Before we give an introduction to CAESAR, we present the motivations behind the competition, like the importance to protect in-transit data, a lack of reliable AE(AD) standards or the repeated crypto failures in recent history that led, for example, to the cracking of WEP (aircrackng), and to attacks on (D)TLS, like BEAST and Lucky13.
In the second part, we talk about NORX, our CAESAR candidate: NORX is a user-oriented cipher, engineered to take advantage of modern CPUs and to scale to different levels of parallelism. NORX relies on trusted building blocks, adapted to meet our design goals:
- the sponge construction (as used in Keccak/SHA-3) is tuned to provide parallel processing
- the core of NORX is inspired by the ciphers Salsa20 and ChaCha (by DJB), and the hash function BLAKE(2) (by Aumasson et al.)
We explain how we selected NORX's operations and parameters to achieve maximized security and efficiency in both soft- and hardware. We also report on detailed benchmark results showing that NORX is among the fastest CAESAR candidates on various platforms, from ARM and x86 to ASICs. For example, on Intel's Haswell microarchitecture, NORX achieves 2.51 cycles per byte (more than 1 gigabyte per second), exploiting local parallelism provided by AVX2 instructions.
AylinStylometry is the study of linguistic style found in text. Stylometry existed long before computers but now the field is dominated by artificial intelligence techniques.
Writing style is a marker of identity that can be found in a document through linguistic information to perform authorship recognition. Authorship recognition is a threat to anonymity but knowing ways to identify authors provides methods for anonymizing authors as well. Even basic stylometry systems reach high accuracy in classifying authors correctly. Stylometry can also be used in source code to identify the author of a program. In this talk, we investigate methods to de-anonymize source code authors of C++ and authors across different domains. Source code authorship attribution could provide proof of authorship in court, automate the process of finding a cyber criminal from the source code left in an infected system, or aid in resolving copyright, copyleft and plagiarism issues in the programming fields. Programmers can obfuscate their variable or function names, but not the structures they subconsciously prefer to use or their favorite increment operators. Following this intuition, we create a new feature set that reflects coding style from properties derived from abstract syntax trees. We reach 99% accuracy in attributing 36 authors each with ten files. We experiment with many different sized datasets leading to high true positive rates. Such a unique representation of coding style has not been used as a machine learning feature to attribute authors and therefore this is a valuable contribution to the field.
We also examine the need for cross-domain stylometry, where the documents of known authorship and the documents in question are written in different contexts. Specifically, we look at blogs, Twitter feeds, and Reddit comments. While traditional methods in stylometry that work well within one domain fail to identify authors across domains, we are able to improve the accuracy of cross-domain stylometry to as high as 80%. Being able to identify authors across domains facilitates linking identities across the Internet making this a key privacy concern; users can take other measures to ensure their anonymity, but due to their unique writing style, they may not be as anonymous as they believe.
Source Code and Cross-Domain Authorship Attribution
Anonymity is a topic researched in detail at the Privacy, Security, and Automation Lab at Drexel University. We study how to effectively identify the author of text with unknown authors and how to anonymize text of known authorship. In our previous talks at CCC, we have presented methods to identify authors of regular text, translated text and users a.k.a cyber-criminals of online underground forums. We introduced our authorship anonymization framework âAnonymouthâ. Many times, we received questions on how applying de-anonymization techniques would work on source code and different domains. In this yearâs talk, we will focus on identifying the authors of source code and cross-domain stylometry.
Can the authors of source code be identified automatically through features of their programming style? Do they leave coding âfootprintsâ? Holding important implications for protecting intellectual property as well as for identifying malware authors and tracking how malware spreads and evolves, this question spurred a cross-cutting research project involving NLP and machine learning. Code stylometry requires features unique to coding and to the programming language. Source code has different properties than common writing, such as the lineage, keywords, comments, the way functions and variables are created, and the grammar of the program.
Aware that methods from text analytics can strengthen cyber analytics, this project sought to advance the potential of automated linguistic-type analysis, or stylometry, for authorship attribution of source code. A corpus of tens of thousands of users was built by scraping Google Code Jam Competition dataset. Specifically investigated were new ways of representing coding style through NLP-inspired syntactic, lexical and layout features. Random forests with 300 hundred trees were used along with less than ten decision features per tree. The main dataset had 173 authors each with six source code files with less then 100 lines of C++ code. A series of experiments was performed to discover the feature set that yielded the highest recognition accuracy: 91%. 57% of the features with information gain were syntactic and the rest were lexical and layout features. Tests on a validation dataset of exact same size showed 86% accuracy with the same features. The features that had information gain in the validation experiments all had information gain in the original dataset, which shows that the method and feature set are robust and abstract syntax trees show best promise.
Source code is just one domain studied in authorship attribution. We also study the problem of domain adaption in stylometry. Can we identify the author of an anonymous blog from a suspect group of Twitter accounts? The ability to do so would lead to the ability to link accounts and identities across the Internet. We can achieve high accuracy at identifying authors of documents within the same domain, including blogs, Twitter feeds, and Reddit comments, even when classifying with up to 200 authors. Identifying the author of a group of tweets from among 200 tweeters yields an accuracy of 94% and identifying the author of a blog entry from among 200 bloggers yields an accuracy of 71%. When we try to identify to author of a collection of tweets based on a collection of blogs from 200 authors, however, accuracy drops to 7% using the same method and features.
We are able to increase the accuracy, however, by applying an augmented version of doppelganger finder, a stylometric approach for multiple account detection that can handle small stylistic changes. This provides significant improvements in each of the cross-domain cases.
Advances in authorship attribution offer both positive and negative repercussions for security. However, it is important to understand the assumptions that underlie these results. Blind application of stylometric methods could be dangerous if the domain is not understood. This work shows that stylometric methods are domain dependent. Whether used defensively or offensively, this is certain to impact user account security.
cyphunk / nathan fain3 theater projects that illustrate the false "California Ideology" and ask us to look at our slip into neoliberalism through the backdoor of technology and to consider the ethics in the protocol.
"Exploit" in theater
We are moving the responsibility for the construction of social behaviour and good citizenry from the hands of policy makers to the hands of engineers. Trading spaces of the commons for those of market will. And the architects (standards bodies) are hardly concerned. Followers of the "California Ideology" present as their argument fluid consensus, provided through technology, as a reason to trust this neoliberal future. I will present 3 collaborations in theater that I feel question this ideology.
- Anonymous-P (with Chris Kondek & Christiane KĂŒhl)
The question is "post-existentialism" not "post-privacy"
- Hermann's Battle (with Rimini Protokoll)
Cypherpunks, Heinrich von Kleist, "Absolute Democracy"
- Right of Might (self & Maria RĂ¶Ăler)
Competitive Assassination Markets (e.g. Assange v. Assad)
Johannes TaelmanAxoloti is an integrated platform for digital audio: its graphical editor is an easy-to-use toolbox for creating sound synthesis or processing algorithms. The audio processing runs on a microcontroller board, and runs standalone after editing.
Axoloti creates compilable c++ code from a graphical network of objects and connections, and automates the compilation, upload and execution of the resulting code on the target hardware. While running, parameters (presented as controls on objects in the document) can be tweaked from the host computer, and variables are read back (presented as numbers, virtual LEDs, graphs...) on the objects, in real time.
The Axoloti hardware has standard audio and MIDI in- and output, but also general purpose I/O, enabling easy development of custom "new" musical instruments.
Kai KunzeThe talk gives an overview about the emerging field of smart glasses and how they can be used to augment our mind (e.g. how to improve our brain with technology). The talk will focus mostly on how to quantify cognitive tasks in real world environments. I also present a first application scenarios on how to use smart eyewear (e.g. google glass or JINS MEME) for short term memory augmentation and cognitive activity recognition.
Eye Wear Computing
Considering the last centuries, major scientific breakthroughs aimed at overcoming our pyhsical limitations (faster transportation, higher buildings,
longer, more comfortable lifes).
Yet, I believe the coming big scientific
breakthroughs will focus on
overcoming our cognitive limitations.
Smart glasses can play a vital role in
1. understanding our cognitive actions and limitations
by quantifying them
2. helping us design interventions to improve our mind.
The talk will focus mostly on the first point,
what kind of cognitve tasks can we track already
with the smart glasses that are available in the
market and what will happen in the near future.
I will discuss application examples for
Google Glass and J!NS MEME. J!NS MEME is the first consumer level device measuring eye movements using electrodes also called Electrooculography (EOG). The MEME glasses not a general computing platform. They can only stream sensor data to a computer (e.g. smart phone, laptop, desktop) using Bluetooth LE. Sensor data includes vertical and horizontal EOG channels and accelerometer + gyroscope data. The runtime of the device is 8 hours enabling long term recording and, more important, long term real-time streaming of eye and head movement. They are unobtrusive and look mostly like normal glasses.
For Google Glass I present an open sensor-logging platform (including the infrared sensor to count eye blinks) and a fast interface to do lifelogging.
We will discuss which eye movements correlate with
brain functions and how this fact can be used
to estimate the cognitive task a user is performing,
from fatigue detection, over reading segmentation
to cognitive workload and the advances to track attention and concentration. Challenges discussed in the talk include how to get ground truth and how to evaluate performance in general.
timobaumannTranscribing a talk comes relatively easy to fast typists, whereas turning a transcript into time-aligned subtitles for a video requires a much larger human effort. In contrast, speech recognition performance (especially for open-source-based solutions), is still poor on open-domain topics, but speech technology is able to align a given text to the corresponding speech with high accuracy. Let's join forces to generate superior subtitling with little effort, and to improve future open-source-based speech recognizers, at the same time!
Automatically Subtitling the C3
We present the ongoing work of an student project in informatics at UniversitĂ€t Hamburg in which we combine the strengths of human transcription performance and automatic alignment of these transcriptions to produce high quality video subtitles.
We believe that our work can help the C3 community in generating video subtitles with less manual effort, and we hope to provide subtitles for all 31C3 talks (as long as you provide the transcriptions).
However, we're not just a service provider to the C3. There is a shortage of training material for free and open-source speech recognizers and the acoustic models they employ. Thus, we plan to prepare an aligned audio corpus of C3 talks which will help to advance open-source speech recognition.
Be a part of this by helping us with your transcriptions -- we'll repay with subtitlings and better open-source speech recognition in the future!
BeAnotherLabThe Machine To Be Another is an open-source interactive system designed to explore the relationship between identity and empathy through interdisciplinary performance-experiments drawing from neuroscience, VR, storytelling and art. Through research collaborations we have been developing applications in contexts of conflict resolution, the arts and healthcare.
The Machine To Be Another
Imagine the possibility of creating stories that can be felt through the audience's own body as something real. For example, what would it mean for the world if citizens from opposite sides of a war could swap bodies and feel what it is like to be part of the family of their own enemy? What if every school child could experience, in full immersion, the life of another young person half way around the world? How would this impact our ability to share our pain, address the challenges we share, resolve conflicts and build empathy, or even improve our emotional resilience as individuals?
We developed a system that allows users to enter the body of a different person and inhabit each otherâs experiences in a radically different way; a way of sharing that transports us to a place of preverbal, embodied empathy. The Machine to Be Another is a Creative Commons interactive system designed as a tool for embodied-immersive storytelling. We merge interaction protocols from neuroscience research in embodiment with performance, storytelling and virtual reality hardware to create in users the illusion of feeling themselves in the body of another person. Embodied simulation mechanisms, in particular of actions, emotions and corporeal sensations have been recently proposed as having deep implications in the understanding of empathy and social cognition, perception of oneâs body, neural plasticity but also in the formation of concepts .For example, studies conducted by EventLab in Barcelona suggest the effectiveness of inducing body ownership for reducing implicit racial bias. This âbody swap illusionâ is so strong that a person can experience being in anotherâs body when facing her own body and shaking hands with âthemselvesâ.
For two years we have been working with an extended community of researchers, artists, activists and members of the public to create performance-experiments related to the understanding of the other and the self. Through this processes we have explored issues such as mutual respect, immigration and physical disability bias, gender identity, conflict resolution, body extension and embodied dance performances.
MagnusExtending the common 3-space-to-2-space projections to 4D and higher and how certain types of fractals can be presented using these expansions. After that we'll have a closer look at Fractal Flames as used in Electric Sheep.
Higher-Dimensional Geometry and Fractals
This talk will be split into 3 parts; first: extending the common 3D-to-2D projections - used by libraries such as OpenGL - to also allow projecting hypothetical 4D or higher constructs to a 2D screen.
Second: making pretty fractal pictures by rendering iterated function systems with affine transformations in 4D and higher. This part explains how the chaos game works and how to do an alternate, discrete render which works better in higher dimensions than 2D.
The third and final part takes a look at the Fractal Flames by Scott Draves, a different kind of iterated function system used in the Electric Sheep screen saver. The original algorithm for this is inherently 2D, but parts of it can be extended to higher dimensions, producing interesting results.
Due to time constraints, it is assumed that the audience is already roughly familiar with - or willing to believe in - the general method for 3D projections, including vector and matrix maths. There will also be pretty pictures.
The presentation will have live demo segments mixed in, which make use of a F/OSS 4D+ primitive and fractal renderer called "Topologic" (see links, below).
AlexisWe from EveryCook are building an open source computerized cooking device. At 29c3 I presented the idea of digital cooking and people gave me an awesome feedback. Now, 2 years later the industry giants have realised that connecting computers and kitchen devices can do awesome things. But do they create open standards? Of course not! They create little black boxes speaking strange languages that you can't integrate in an ecosystem that wasn't designed by the manufacturers themselves. We still want an open ecosystem for free exchange of information about food and recipes. We came closer to our goal. Let me tell you...
Why do we need an open food information platform
There are bluetooth thermometers for meat. Can I use them with my computer? Nope, because they only talk to one dedicated app.
There are cooking devices with touch screen, built-in recipes and sometimes even networking capabilities. But do we know how to talk to them?
We seem to be the only ones believing in the power of open standards. EveryCook is open source since the beginnings. Because we look at the large picture. We want to use ALL available data for cooking. Even data from WWF about sustainability or data from scientific research about nutrients.
And we want to show how we treat this data. We want our database open for all useful input.
As we do for our Hardware. If you see a weak part in our designs you can tell us and we'll change it if needed.
I will tell you what we learned making 4 generations of digital cooking devices. And I would like to explain you why we believe that there should be open standards for cooking software.
What is now done "in the market" is that many companies develop many, many apps and some kitchen devices and none of them is made to interact with it's neighbors. Why? "because my data is my data!" and "my hardware design is mine!"
Isn't that a huge waste of resources? Everyone re-inventing the wheel and then adding some little special sauce to claim the whole thing as "unique".
Having all data about food available is not a need, it is a human right. Having additional data on how to prepare food in machine readable form is a nice extra. Having both together in a database is the technically best solution because of the many synergies.
Let's form the future of digital cooking before someone else does!
MarmushaSo you want to author a next Stuxnet (or even cooler than that). Here is the success recipe: forget what you have known about cyber security. When an attack transitions from control of a digital system to control of a physical process, physics and time become controlling factors instead of the digital rules encoded into your microcontroller.
The holly CIA trinity is meaningless in the physical world. The uncontrollable but still running process is not really available; process dynamics does not stop simply because the controlling equipment is DoSed; electronically segregated components can still communicate over physical media (the process) and a physical phenomenon can be measured terribly wrongly (so that the wrong measurement will be proudly delivered to the digital application in a totally secure way). Where physics plays a governing role, IT security concepts are rendered useless.
Please welcome a new arrival in the "damn"-frameworks series - Damn Vulnerable Chemical Process. Come to the lecture and learn what it takes to exploit a physical process: how to find vulnerabilities and how to exploit them with minimal cost and maximum impact. Get astonished about the gazillion of uncertainties you will have to face on your way to disruptive goal and realize that the TIME is ONLY what matters while designing your attack .
Make sure to visit local library and refresh your knowledge on physics, chemistry, mechanics, control theory, signal processing and algorithms. The lecture will teach you how to apply this knowledge in the exciting world of cyber-physical exploitation.
Damn Vulnerable Chemical Process
Attackers and researchers have shown numerous ways to compromise and control the digital systems involved in process control (plants, grids, cars). Little information is available what to actually do with those controls. A single bit flip can engage the burner under a tank of chemicals, but the reaction will still take hours to complete regardless of the state of the controller outputs. Changing the state of the outputs does not immediately put the process into a vulnerable state. An attacker needs to take into account the timing and state of the system and act when the process is in the vulnerable state.
Designing an attack on a cyber-physical systems leads to unconventional hacking and interesting computer science challenges. Thus, DoS attacks on controlls in the physical domain do not deny process dynamics. In fact, if timed wisely, DoS attack allow manipulation of the process at will. Whoever thinks that cryptography will safe the world is wrong. Due to the specifics of controll principles and their implementation in the equipment, DoS attacks allow manipulation of process controls even if the communication is authenticated.
On the example of the DoS attacks on controller inputs and outputs at the level of communication links the lecture will take the audience through all the stages and details of (i) designing and (ii) implementing such attacks to cause physical damage. The experiments are conducted on the realistic model of a chemical plant used in process engineering research.
Ange AlbertiniBinary tricks to evade identification, detection, to exploit encryption and hash collisions.
Funky File Formats
* artistic binaries - why they are possible, how they work.
- polyglots & chimeras
- hash collisions
* challenges and failures
olia lialinaSince 10 years I write about Vernacular Web and Digital Folklore, about early days of the web and web design before it became a profession. It is not that easy to find pages that were made in 93-97 and are still online or look the same. Things changed in 2009, when Yahoo announced that they are closing Geocities, number one free hosting service of the last century, "myspace of the 90es", first home for many web users and a jest for "professional web"
In half a year yahoo gave its users to copy their data, Archive Team managed to partly rescue the pages and release one terabyte torrent of it. In 2010 my partner Dragan Espenschied and I started to download the files. In the middle of 2011 Dragan restored the archive and we started to go through the profiles: collecting, tagging, comparing, analyzing. One Terabyte of Kilobyte Age project started.
We don't only collect and restore but bring this culture of the 90es back to the web, using contemporary infrastructure. It is http://oneterabyteofkilobyteage.tumblr.com/ that posts a screenshot of a page every 20 minutes since February 2013. Or my channel on Vine, that allows to see those pages animated and with sound. And of course the blog http://contemporary-home-computing.org/1tb/ where we describe the findings.
In my HIGHLY ILLUSTRATED talk I'd like to introduce to the audience pearls of the early web culture, going much deeper than usual Under Construction signs and animated GIFs nostalgia. Will show what did it mean to make a web page technically, philosophically and ideologically. Will also talk about our unique technical setting for emulating the pages and what digital preservation really means. And last but not least will talk about newer cases of deleted social networks and social services.
The Only Thing We Know About Cyberspace Is That Its 640x480
Mareike FoeckingIm Rahmen meiner Forschungsarbeit "Das Bild im digitalen Wandel" beschĂ€tige ich mich mit der VerĂ€nderung der Bilder im Rahmen der VerĂ€nderung der medialen Anwendung und Vermittlung von Bildern.
DarĂŒber wĂŒrde ich gerne sprechen.
Die Krise der Bilder ist die Krise der Politik
Mit welchen Bildern wird die Zukunft beschrieben, mit welchen Bildern wird Wahlkampf gemacht, mit welchen Bildern werden Nachrichten vermittelt und visualisiert?
Bilder kommunizieren oft direkter als Texte und aus ihnen entstehen wiederum neue Bilder.
Inwieweit ist das Selfie ein gesellschaftliches Dispositiv, das zu einem kollektiv verordneten Handeln aufruft und Menschen vereinheitlicht?
Wieso gibt es fĂŒr die Ăberwachung keine wirklichen Bilder und warum bedient Angela Merkel nicht nur ein Bild, sondern viele?
Inwieweit ist die Politik eine Inszenierung oder die Inszenierung selbst die Politik bezĂŒglich der Bilder, mit denen sie kommuniziert?
In einer essayartigen Aneinanderreihung von visuellen Beispielen wird sich dieser Vortrag mit verschiedenen Fragen beschĂ€ftigen, die zum Teil beantwortet werden, zum Teil selbst wiederum neue Fragen stellen.
Robert VerchEine Mietwohnung ist seit circa 20 Jahren verlassen, ihr Bewohner nicht auffindbar. UnverĂ€nderte MĂ¶blierung, Ausstattung und persĂ¶nliche Hinterlassenschaften sind jedoch noch vorhanden und unberĂŒhrt.
ES GIBT VIEL ZU TUN - HAU'N WIR AB.
Anhand dieser Situation verhandeln Besucher*innen in einem kĂŒnstlerisch-technischem Reallabor die Grenzen von Neugier und Voyeurismus. Ihr Verhalten wird fĂŒr die Ăffentlichkeit kĂŒnstlerisch reflektiert und inszeniert. Auf dieser Grundlage wird die Frage nach der MĂ¶glichkeit empathischer Wahrnehmung ĂŒber digitale KanĂ€le aufgeworfen und zur Diskussion gebracht.
Richard Marggraf TurleyWhat do the arts and literature have to contribute to urgent debates about the technization of food production? What can a play from 1605 tell us about fairer distribution of natural resources today? Equally, how might a cyber thriller from 2011 help us debate contentious issues such as gene-based technologies and utopian visions of knowledge-led society? This talk considers agri-tech and food security across a wide sweep of social and political terrain, from the Arab Spring to the European horsemeat scandal, from Shakespeare to Daniel Suarez. It argues that the arts and sciences need to cooperate to deepen understanding about, and define actions on, the big challenges facing a needy world. Finally, it suggests ways in which the arts and technology can assist us in arriving at a model of society in which resources are distributed not only more efficiently, but also more equitably.
Agri-tech and the Arts: From Barns to D-Space
We are facing a crisis of food that threatens to overwhelm households, communities and even entire states. Inequality of access to sustenance has been exacerbated by soaring prices, corporate sharp practice and wide âfood fraudâ â including 2013âs UK horsemeat scandal, and Europolâs exposĂ© of âfakeâ and âsubstandardâ food in Europe in 2013-14. Riots and political unrest that appear to have little connection with food, on closer inspection turn out to have dimensions associated with sustenance. For example, the first shop to be looted in 2011âs London Uprising was not a branded trainers outlet or flat-screen TV centre, but the Clarence Convenience Store, raided for chocolate bars and bottled water. In its first moments, then, the unrest in Britainâs capital took the form of a traditional âfood riotâ. Similarly, the first wave of protest that gave rise to the Arab Spring was initiated by the self-immolation of a street vendor who made his living selling fruit and vegetables from a cart in Tunis. As a result of food-related political unrest, food security has risen on the agendas of governments and international agencies around the world.
Agri-tech has come to be regarded as the panacea to food constraint. MEP Julie Girling is not alone in arguing that âtechnological advancement will be the only way that we can meet the coming growth in demandâ. Certainly, the technization of food production and distribution â advances in gene-based technologies, synthetic biology, agri-robots, remote sensing, agri-infomatics and just-in-time (JIT) algorithms â offers a compelling vision of knowledge-led development. However, as this talk argues, technology is only one part of the story. Until the quality of public engagement is improved around agri-tech, the nature of our food, where it comes from, and the conditions in which it is produced, programmes aimed at establishing a more equitable, ethical, sustainable future society worth living will be compromised. In this regard, the arts can open a shared spae of imagination.
This talk develops findings from my forthcoming interdisciplinary book, co-authored with literary scholar Dr Jayne Archer and plant scientist Professor Howard Thomas, Food and the Literary Imagination. Our argument is that vital, deep knowledge about food, technology and society is to be found in art and literature, both historical and contemporary. In this talk, I explore what art and literature, as heuristic media, can tell us about our relation to food technology, what they can contribute to global debates about the ethics and mechanics of food production, and their role in helping us to imagine a society in which resources are distributed not only more efficiently, but also more equitably.
Part 1 considers former systems consultant Daniel Suarezâs 2011 novel Freedom TM (German title, Darknet), popular among hacker communities for its kinetic scenes of âD-spaceâ cyber combat. At the novelâs radical centre, however, is a vivid portrait of an utopian agricultural society founded on tech-led solutions to food supply. Suarezâs âdarknet farmsâ of the future represent a serious intervention into the politics of C21 agri-tech and food security. In this respect, Freedom TM belongs to a long tradition of the arts exploring contemporary food politics, stretching back to include Shakespeareâs play King Lear (c. 1605), key sections of which are set â modern directors often forget â in a wheatfield, and John Constableâs The Hay Wain (1821), widely misunderstood as a themepark fantasy of rural life and the origins of food, regularly voted Britainâs âbest lovedâ painting.
Part 2 discusses three projects in which I am involved, each aimed at improving public dialogue around food and food politics at local and regional levels: (1) a creative commons project, âEdible Walesâ (funded by CEWN/AHRC); (2) the Welsh Govt/EU-funded âFood Engagement Walesâ; and (3) a project being developed with a major UK supermarket to examine practical ways in which literature can be used to promote public understanding of food as we search for a sustainable, resilient, more equitable future society.
c-atreDas c-atre collectivdrama prĂ€sentiert THE TIME IS RIGHT, ein Science-Fiction-TheaterstĂŒck nach einer Idee von yetzt.
âEs geht um das groĂe Ganze! Die Bewahrung von freiem Wissen, freier Kultur â ohne Copyright-Mafiosi, die jeden Pups, der dir entfleucht, lizenzieren wollen!â (Jo)
Als die Aktivisten Mo und Jo bei einer ihrer geheim-gefĂ€hrlichen Widerstandsaktionen gegen die drohende Allmacht der Verwertungsgesellschaften von dieser sonderbaren jungen Frau, die wie aus dem Nichts erscheint, ĂŒberrascht werden, ahnt noch niemand, welche weitreichenden Folgen diese Begegnung im Kampf fĂŒr die Kunst der Zukunft gehabt haben wird.
The Time is Right
THE TIME IS RIGHT
Martine âauthmillenonâ Lenders
Mirko âmacroâ Fichtner
Sebastian âepuncâ Marg
Merle von Wittich
das c-atre in Zusammenarbeit mit yetzt
UA: 03. Juli 2014, c-base Berlin
Alexa OÂŽBrienA discussion with U.S. Army private Chelsea Manning's attorneys Nanny Hollander, Ahmed Ghappour, and Chase Strangio.
Moderated by journalist Alexa O'Brien.
The case of Chelsea Manning
In the Summer of 2013, Manning was convicted under the Espionage and Computer Fraud and Abuse Acts and sentenced to 35 years in prison for disclosing battlefield reports from the wars in Iraq and Afghanistan, Guantanamo prison camp detainee profiles, and U.S. diplomatic correspondence. She currently is imprisoned at the U.S. Disciplinary Barracks at Fort Leavenworth, Kansas.
During her pretrial confinement before her trial, the U.N. Special Rapporteur on Torture ruled Manning'treatment at Quantico Brig was cruel and unusual.
She is now suing the Department of Defense to provide adequate medical care for her gender dysphoria, which she was diagnoised with four years ago before her arrest by a U.S. Army doctor.
Manning is now appealing her conviction in the U.S. Army Court of Criminal Appeals.
This discussion will explain Manning's current situation and legal fights and how you can help this brave military whistleblower.
Peter SewellComputers have become ubiquitous and essential, but they remain massively error-prone and insecure - as if we were back in the early days of the industrial revolution, with steam engines exploding left, right, and centre. Why is this, and can we do better? Is it science, engineering, craft, or bodgery?
I'll talk about attempts to mix better engineering methods from a cocktail of empiricism and logic, with examples from network protocols, programming languages, and (especially) the concurrency behaviour of programming languages and multiprocessors (from the ARMs in your phone to x86 and IBM Power servers), together with dealings with architects and language standards groups.
Why are computers so @#!*, and what can we do about it?
For more details of the underlying research and the many people who have contributed, see: http://www.cl.cam.ac.uk/~pes20/
JacobThe current state of the Tor network and community, covering important updates, discussions of the ecosystem of software, and include a longer Q&A than previous CCC talks!
State of the Onion
The State of the Onion covers technical, social, economic, political and cultural issues pertaining to anonymity, the Tor Project and the ecosystem surrounding our communities.
Important topics include the following issues:
- XKEYSCORE rules
- The shift from 3 guards to 1 guard
- Blackhat / cert talk and responsible Tor research in general
- Russian funding for Tor research
- New hidden service R&D funding
- Helping Internet services accept anonymous users
- Meek and new pluggable transports
- Tor Browser integration
- Tor and EFF Tor relay challenge
- Incentives to relay
- Spoiled onions paper amongst others
- A summary and fact checking of important media coverage
- Tor Weekly news
- Art and anonymity in culture
Alexander LehmannPremiere of the English version of the shortfilm "We love surveillance".
Premiere: We love surveillance
The shortfilm will be available online at 16.00 (CET).
the_noWe are the PayPal 14. For the last several years we've been restricted in what we could or couldn't say about our court case. Our sentencing is on December 4th, ending the legal restrictions on what we can share about our story.
Paypals War on Terror
The panel will consist of four PayPal 14 defendants: Mercedes "no" Haefer, Josh "Absolem""t0x1c" Covelli, and an unyet decided attorney.
We will be discussing the legal, political, and ethical issues surrounding the PayPal14 courtcase.
frankWas hat sich im letzten Jahr im Bereich IT-Sicherheit getan? Welche neuen Entwicklungen haben sich ergeben? Welche neuen Buzzwords und Trends waren zu sehen?
Wie immer wagen wir den IT-Security-Alptraum-Ausblick auf das Jahr 2015 und darĂŒberhinaus. Denn was wir wirklich wissen wollen, ist ja schlieĂlich: Was kriecht, krabbelt und fliegt in Zukunft auf uns zu und in unseren digitalen Implants herum? Im Zuge von noch mehr Transparenz, Kritik & Selbstkritik und kontinuierlicher nachhaltiger Optimierung aller Prozesse werden wir auĂerdem frĂŒhere Voraussagen hinsichtlich des Eintreffens unserer Weissagungen prĂŒfen.
31C3 Closing Event
polygonCapturing the splash of a water balloon, the snap of a mouse trap or the impact of a bullet results in exciting pictures. Best of all, it doesn't require expensive equipment. This talk covers the theory of high speed photography, the required hardware, microcontroller hacking and setting up an improvised studio in the shower.
Low Cost High Speed Photography
A camera, a flash, a microcontroller and a soldering iron is all it takes to create high speed photos of splashing water balloons and other fast moving action. This talk gives a walkthrough from zero to final results.
Starting with initial thoughts on the speed limits of common cameras and how to circumvent them, then going over the configuration of camera and flash. I explain how to use a microcontroller for precise timing of the exposure and how to wire it up to the rest of the setup. Using the example of a splashing water balloon I'll share ideas on using black fabric and duct tape to turn a shower into an improvised studio and finally take that shot.
Jonas ĂbergRe-using works licensed under Creative Commons seems pretty simple, but it can often be quite time consuming. One image might be okay, but keeping track of the license and attribution of a thousand images in your mashup, or when quoting from massively crowdsourced data sets such as Wikipedia? Whoah! Donât we have computers to do that for us!? We do â but thereâs no widespread support for including licensing or author information when sharing or reusing digital works. This session will discuss how this should work in the open knowledge environment.
Re-using works licensed under Creative Commons seems pretty simple, but it can often be quite time consuming. One image might be okay, but keeping track of the license and attribution of a thousand images in your mashup, or when quoting from massively crowdsourced data sets such as Wikipedia? Whoah! Donât we have computers to do that for us!? We do â but thereâs no widespread support for including licensing or author information when sharing or reusing digital works. This session will discuss how this should work in the open knowledge environment, and could it be that many problems regarding copyright and "piracy" in our digital society could be solved with the right technology?
Let's take a step back and consider how we perceive photographs that we see, online and offline. Didn't you ever want to know who took that awesome photo that you scrolled past in a blog? Or find out more about where that image on Twitter or Facebook comes from? Finding this information for digital photographs can be a daunting task! Sometimes I don't even remember myself where a photograph I took was taken!
Most people have a drawer of black and white photographs at home, a collection of the family history. A very natural reaction when you take a photo, which most people can also relate to, is to turn it over and look at the back of it, hoping that someone -- a parent or grandparent perhaps -- have written on the back of the photo when it was taken, where and who's pictured. The information scribbled on the back represent the context of a piece of art; it's what gives the photograph meaning and value. Metadata is the digital equivalent of your grandmothers handwriting -- giving meaning to pieces of art. By persistently associating the metadata of a photograph with the photograph itself -- making the metadata "stick" -- we can even make sure that your grandmothers handwriting stays with the photograph, even when someone photocopies just one side of it. Assuming the technology makes this easy, of course.
Very recently, we've seen the emergence of technology enabling someone to copy a photograph from a web site, insert it into an editor, and have that editor automatically pick up the associated metadata and provide the correct attribution and licensing information. This has been made possible with the Creative Commons Rights Expression Language (CC-REL), other RDFa metadata, and a clever way of passing information between applications on the clipboard.
In order to relate effectively to the digital works we see online, attribution (who made or built something) matters. It is obvious that proper attribution is the currency of the information age, and it's the start of being able to explore digital works online in their right context. This talk will focus on the philosophical background of why attribution matters, the benefits that technology can bring to the way we work with pieces of art (lolcats and Shakespeare alike), and where we're heading in the future.
Seth SchoenAs we've called for widespread use of HTTPS, the cost and complexity of the certificate system has been an obstacle.
In 2015, a certificate authority, trusted by mainstream web browsers, will issue certificates for web servers automatically at no charge in under a minute. This CA will automatically perform Domain Validation (DV) to verify applicants' control over domain names. The associated software can optionally reconfigure their web servers and deploy the new certificates immediately.
We'll take a look at how the Let's Encrypt CA works, our ACME protocol for requesting and issuing certs, and the client software that can automate the process. And we'll demonstrate what the experience of getting a cert from the new CA may look like for webmasters (don't look away, or you might miss it!). We'll also talk about who's behind Let's Encrypt and some of the measures we're considering for preventing misissuance of certs. Of course, you're invited to test and help perfect the process.
VaracWhen the Internet was designed, it was thought to be meadows full of daisies. As we now know, it's a dark place, where communication is monitored and subverted. This session presents both developments in known solutions, as well as novel suggestions, to liberally apply crypto to improve the foundations of Internet communications.
Jurre van Bergen
Now I sprinkle thee with crypto dust
Trusting servers you can't touch
by Ryan Lackey:
Servers for Internet applications are usually deployed at a distance from both the end users of the service and the administrators of the system, often controlled by third parties. Even when they're hardware vs. virtualized/cloud, it's rare for admins to have direct physical control of the servers. Yet, most applications require a high degree of trust in the integrity of servers. We describe a variety of technologies and solutions to this problem, and a framework to best protect your applications and your users.dename: decentralized, secure, usable PKI
by Andreas Erbsen:
A major challenge for private online communication is public key distribution. Trusted authorities have failed to be secure, and the web of trust has failed to build the network effect it gravely requires to be usable. This talk proposes a new PKI system built on a cryptographic consensus protocol. A set of directory servers updates and signs a mapping from public keys to names. Anyone can run their own server, strengthening the security guarantee for all clients that know it. We have an open-source implementation that can be easily integrated with systems that currently rely on manual key verification, including secure
messaging, host authentication, and software distribution.New development in OTR
by Jurre van Bergen
Jurre van Bergen will speak about new developments in the world of `off-the-record` messaging. What is going on? Where are we going? In addition we will address frequently answered questions by developers and users.Secure email communication - LEAP Encryption Access Project &
Pixelated Your Right to
This presentation will introduce two new secure communication tools under development that help guarantee the right to digitally whisper â LEAP and Pixelated.
by Ladar Levision
Since Ladar Levison shuttered Lavabit during the summer of 2013, he has been working to solve the email privacy problems that made it technologically possible for an American court to demand unfettered access to the email messages for all of Lavabitâs worldwide customers. After a year of hard work, the Dark Internet Mail Environment (DIME) is a standards based, collaborative effort to create an elegant technical solution capable of protecting the privacy of everyoneâs email. It is focused on making end-to-end email encryption automatic, while providing message confidentiality, author verification, and minimizing the leakage of metadata. DIME capable systems reduce the amount of trust users must place in their service provider. Automating the key exchange process while keeping the system resistant to manipulation by sophisticated threats is an ongoing challenge. This talk offers a compressed discussion of the DIME standards, highlighting key portions and will be followed by a project update, where we hope to showcase a DIME capable client and server implementation.
TLS â„ DNS â„ Tor
Replacing 100 CA hierarchies with the single DNS hierarchy, and how the bite reflex against the latter is coming at the cost of less secure identities.
Dr Gareth OwenThis talk presents the results from what we believe to be one of the largest studies into Tor Hidden Services (The Darknet) to date.
Tor: Hidden Services and Deanonymisation
There is no public list of onion addresses available; instead, over a period of 6 months, we ran a large number of Tor relays to infiltrate the Distributed Hash Table which Hidden Services publish to. From this, we were able to collect the list of Tor onion addresses AND the number of requests for each site (e.g. loosely analogous to the number of visitors).
We then used a custom web crawler to crawl all the hidden services and pull a large set of information from each. From this, in this talk, we present a the information we found, from the list of the top onion addresses by content type and by popularity to estimates on size and turnover. We will also present what the largest proportion of Tor Hidden Service traffic is (it isn't pretty, and it's not drugs/silk road!).
Finally, I will explain the main classes of attacks useful for deanonymising the Hidden Services and Tor users. Sadly, it's easier than the Tor user-base at large think and thus far, there have been no patches or fixes for these attacks and there isn't likely to be because they exploit fundamental weaknesses in the way Tor works.
breakthesystemLightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick!
Lightning Talks Day 4
31C3 Infrastructure Review
MadoniusIn this talk an introduction to amateur telescope making (ATM) will be provided. Starting from grinding the mirror, testing it and building the telescope around it.
Why to take the effort to make your own telescope? Because it's custom and many times even cheaper.
How-To grind your own mirror, lens, test its optical properties and build the telescope around that optics. The focus will be on newtonian telescopes but other types will be outlined as well.
Grinding the optical components is the trickiest part, here the techniques and methods are explained, especially how to make high precission optics with your own hands.
Testing those is very critical especially in the late manufaturing process, but optical testbenches can be made for as much as 30-50âŹ
The most time consuming part is the building of the telescope itself, here many aspects have to be considered and taken into account.
Tor E. BjĂžrstadIn the parliamentary elections of September 2013, more than 250 000 Norwegians in selected municipalities were able to vote from home. They were taking part in a national trial of Internet voting, building on an advanced cryptographic protocol.
The rise and fall of Internet voting in Norway
The Norwegian e-vote project started in 2008, and was used for live election trials in 2011 and 2013. By using cutting-edge cryptography and committing to a high degree of openness in all parts of the execution, the project aimed to overcome public concerns about security risks and lack of verifiability.
To promote security, the entire voting system was implemented using a complex and verifiable cryptographic protocol, with no assumed trust between different system functions. To promote openness, the entire election system source code is publicly available, as well as most project documentation. The voting system would published the SHA-256 hashes of encrypted ballots on GitHub every hour, and detailed instructions were provided to voters on how to verify that their vote had been submitted.
Most hackers and cryptographers are highly sceptical of Internet voting, due to legitimate security concerns. Even so, insufficient technical security, or even the perception of such, does not appear to be a main reason for why the project was discontinued.
The aim of this talk is twofold. First, we shall look at Norway's Internet voting project in its social and political context, highlighting the reasons why it came to be, and some of the key forces shaping the project throughout. Secondly, we discuss the findings, experiences and lessons learned from attempting to audit a large, public, complex and security-critical code base.
Nicolas WĂ¶hrlThe next revolution in data processing is Quantum computing.
This talk is an entertaining âtour de forceâ starting with a brief introduction to the fascinating yet strange theories of quantum physics, the concepts of using these in quantum computing and the latest results on qubits in devices made out of real diamonds.
If you want to learn about the machines that decrypt your passwords in the coming years and how you can actually grow diamonds in your microwave oven (and who wouldnât?) this talk is for you!
Diamonds are a quantum computerâs best friend
Quantum computing uses quantum phenomena directly such as superposition and entanglement to perform data processing. However, applying these quantum concepts to macroscopic devices such as computers is an enormous challenge for information scientists and physicists alike. What does it make so hard? Well, scientists have to find a material in which they are able to store and manipulate quantum bits (qubits). Since quantum states are very fickle and thus hard to abide the most important task is to find materials in which qubits can be stored for a sufficient long time. Surprisingly they found these properties in diamond. More specific, scientists are investigating defect centers in diamond to be used as qubits. Although quantum computing in 2014 is still in its infancy first experiments have already been carried out that give hope that these computational concepts will become reality.
This talk is an entertaining âtour de forceâ starting with a brief introduction to the fascinating yet strange theories of quantum physics, the concepts of using these in quantum computing and the latest results on qubits in devices made out of diamond. Moreover this presentation is given by a physicist who was working on diamond for various other applications for years - who suddenly realized that he has the material for the next IT revolution right in his lab.
If you want to learn about the machines that decrypt your passwords in the coming years and how you can actually grow diamonds in your microwave oven (and who wouldnât?) this talk is for you!
Tamas K LengyelNew methods and approaches for securing cloud environments are becoming increasingly more critical as traditional host security strategies are not well integrated into virtual environments. For example, antivirus scans are a critical component of layered defense-in-depth, but in the cloud they rapidly exhaust available CPU and memory. The cloud environment nevertheless offers a unique opportunity: the ability to peer into a running operating system from an outside perspective, known as virtual machine introspection (VMI). More interestingly, it is also possible to alter the behavior of the virtualized components to help protect virtual systems in real-time. In this talk we will explore the open-source LibVMI library which over the last year, as part of the DARPA Cyber Fast Track program, has been significantly extended to ease the process of developing cloud security solutions.
Virtual Machine Introspection
New methods and approaches for securing cloud environments are becoming increasingly more critical now that virtual environments are being widely adopted by the businesses sector. Despite the fact that virtualization itself is not inherently insecure, the majority of virtual systems are less secure than those physical systems they replace. This curious state arises primarily because traditional host security strategies are not well integrated into virtual environments: as an example, typical antivirus scans are a critical component of layered defense-in-depth, but they rapidly exhaust available CPU and memory when protecting a large number of virtual machines. Some antivirus vendors have taken a small step into virtualization by adapting their existing products to scan the disks of VMs from an external perspective, but this gain in efficiency does not fully realize the potential for protection and monitoring of a virtual environment. In addition, weakly implemented âself-defenseâ techniques leave themselves vulnerable to being neutralized by undetected or zero-day attacks. This âone opportunityâ for success is a critical handicap for existing protective measures.
Virtualization nevertheless also offers a unique opportunity: the ability to peer into a running operating system from an outside perspective, known as introspection (VMI). It is possible to observe the memory, storage, CPUs, processes, and kernel of a running virtual machine from a safe vantage point. More interestingly, it is also possible to alter the behavior of all of these components to help protect virtual systems. The open-source LibVMI library has been designed specifically for this purpose, to look at 32-bit or 64-bit virtual machines, both on x86 and ARM. Over the last year, as part of DARPA's Cyber Fast Track program, LibVMI has been significantly extended by our team to ease the process of developing secure intrusion detection and intrusion prevention systems for the cloud. Utilizing Xen's advanced memory access system and the latest virtualization extensions available on Intel processors, LibVMI now offers unique capabilities for instrumenting, inspecting and controlling the execution of hosted guest operating systems and applications. Further combined with Xen's Security Modules, cloud security applications can be now tailored to provide a multi-tiered security environment required for multi-tenant cloud deployments.
In this talk we will explore the finer details how these features can be utilized for the detection of advanced rootkits techniques, while providing a stealthy, tamper resistant environment. Our talk will explore the disaggregation of Xen's trusted computed base (TCB) with the use of the FLASK policy engine, and the changes our team implemented and contributed to Xen and the Linux kernel, to make secure cross-domain introspection part of a coherent mandatory access control system. Diving deeper into the virtualization details of the x86 architecture we will discuss advanced instrumentation techniques via the Extended Page Tables and via software breakpoint injection, and how these features are now accessible via the LibVMI API.
We will also discuss critical details of live memory introspection and highlight common pitfalls in developing secure applications without relying on untrusted and potentially compromised data-sources. We will explore how mapping in-memory Linux and Windows kernels is performed by LibVMI, and compare it to other forensics tools, such as Volatility and Rekall. Our talk will further explore how to use existing forensics tools on live virtual machine to analyze modern malwares. At last, we will briefly discuss open challenges in virtualization security and some of the new CPU features proposed by Intel.
Frank RiegerWas hat sich im letzten Jahr im Bereich IT-Sicherheit getan? Welche neuen Entwicklungen haben sich ergeben? Welche neuen Buzzwords und Trends waren zu sehen?
Security Nightmares (Stream)
Wie immer wagen wir den IT-Security-Alptraum-Ausblick auf das Jahr 2015 und darĂŒberhinaus. Denn was wir wirklich wissen wollen, ist ja schlieĂlich: Was kriecht, krabbelt und fliegt in Zukunft auf uns zu und in unseren digitalen Implants herum? Im Zuge von noch mehr Transparenz, Kritik & Selbstkritik und kontinuierlicher nachhaltiger Optimierung aller Prozesse werden wir auĂerdem frĂŒhere Voraussagen hinsichtlich des Eintreffens unserer Weissagungen prĂŒfen.