Season 32 2015 - 2016

Speakers: Carina Haupt, Linus Neumann

Speaker: Fatuma Musa Afrah

Speaker: greenstadt

What does the fact that Tor users can’t edit wikipedia mean for the quality of the ``encyclopedia that anyone can edit?’’ How do captchas and blocking of anonymity services affect the experiences of Tor users when they are trying to contribute content? This talk will discuss the increasing limitations of active participation in the anonymous Internet and the findings of our interview study of Tor users and wikipedia editors concerning these issues. We believe that by understanding the contributions Tor users make—and that people denied access to anonymity tools don't make—we can help make the case for the value of anonymity online.

The belief that a free and open Internet enables people to accomplish great things together is at the core of projects like Wikipedia, open source software, and online political activism. The term “peer production” has been used for years to describe a new kind of collaborative project-—one that is facilitated by the Internet and in which people self-organize to create things they value, whether that’s software, encyclopedias, news, maps, or just about anything else. But research about these projects and how they work generally doesn't take into account the value of anonymous participation.

Moderating user-generated or peer-produced content has challenges and many services (Yelp, Google, Wikipedia, Cloudflare, etc) have turned to third party blacklists, real-name policies, and banning users of anonymity networks like Tor to handle real and perceived abuse issues.
The result of such decisions in aggregate means that the Internet offers uneven opportunities for participation and engagement. It’s easy to imagine anonymous participants as only jerks and trolls, but much harder to quantify the contributions that don’t happen when anonymity is banned or made more difficult.

We interviewed Tor users about their participation in peer production projects and Wikipedia editors about their priv

Speakers: nelles-al-badri

Eine zweite Büste der ägyptischen Königin sei gefunden worden, meldete Ägyptens größte Zeitung. Der Fund war jedoch Teil einer Kunstaktion, die Museen und Kunstmarkt für deren Umgang mit Antiken kritisiert.

Nelles und Al-Badri haben mit einem portablen Scanner die Daten der Nofretete aus dem Neuen Museum in Berlin geraubt und den daraufhin angefertigten 3D Druck in Kairo ausgestellt. Mit ihrer multimedialen Intervention „The Other Nefertiti“ stellen sie Fragen nach Original und Kopie, nach dem Monopol auf Digitalisate
und fordern die neokolonialen Strukturen von Museen heraus.

Auf dem Kongress werden sie über notwendige Lügen sprechen und Kunst als oppositionelle Strategie, alternative Erzählungen und wie Deutsche den Terror von Daesh finanzieren.

Speaker: Holger Krekel

FOSS and hacker culture meeting the EU buereaucracy. What can possibly come out of that? We'll discuss what is involved for FOSS projects and other interested parties to get $$$ funding by the European Union. Hackers deal with rule systems and their execution. And the European Union issues a lot of rules which are executed by the "commission" and its employees. Within the Horizon2020 framework programme 80.000.000.000 Euros will be distributed towards research projects across Europe between 2014-2020. Shouldn't some of that money go to purposes deemed useful by 32c3 attendants?

No surprise, the formal rules a project has to live by just for an application proposal is somewhat amazing. FOSS hackers, on the other hand, are used to communicate and adapt to a multitude of programs and systems. Looking from the right angle, it can be interesting to understand how an EU funded project is supposed to work.

Even if you don't usually find arbitrary rule systems and their execution interesting you may learn some interesting bits and pieces about how (not) to interact with the EU - should you decide that your project is ready or desperate enough to go that way. Some of these "bits and pieces" can take weeks to research and be summarized in 3 minutes.

We'll specifically look and discuss how it played out for the NEXTLEAP
project which aims to research decentralized crypto protocols and
communities. Discussed in the hallways of 31c3 well after midnight it managed to receive 2 Million Euro in funding.

Speaker: Anna

Im März 2014 wurde der NSA-Untersuchungsausschuss im Bundestag eingesetzt, der die Verwicklungen um die deutschen Geheimdienste aufklären soll. Ein Rück- und Ausblick: Was wissen wir heute, was erwartet uns noch?

Immer wieder stößt der Ausschuss, der die (Zusammen-)Arbeit der deutschen Geheimdienste und der Five Eyes untersuchen soll, auf Schwierigkeiten. Die Abgeordneten und ihre Mitarbeiter müssen unter widrigen Bedingungen mit Unmengen an eingestuften Papierakten arbeiten und bekommen wichtige Informationen vorenthalten. Die Gedächtnislücken vieler Zeugen sind bemerkenswert, ebenso wie die eigenartigen Rechtsauffassungen der Spione, die zu Tage treten. Die Theorie, dass Grundrechte nicht im Weltraum gelten, ist nur ein Beispiel von vielen.

Die Szenerie gleicht nicht selten absurdem Theater und doch wissen wir mittlerweile mehr als am Anfang. Der Vortrag wird einen Überblick über das geben, was wir seit Beginn des Ausschusses erfahren haben und einen Ausblick auf das bieten, was uns noch erwartet. Nicht zuletzt soll überlegt werden, welche Schlussfolgerungen wir aus den Erkenntnissen ziehen und was sie uns über die Unmöglichkeit der Geheimdienstkontrolle offenbart haben.

Speaker: Joanna Rutkowska

Can we build trustworthy client systems on x86 hardware? What are the main challenges? What can we do about them, realistically? Is there anything we can?

In the first part we will take a look at the security problems we encounter on modern Intel-based x86 systems, specifically on laptops. In the second part we will discuss how most (all?) of these problems could be addressed, with just minimal hardware modifications realizable by laptop OEMs.

Speakers: Kirst3nF, Walter van Holst

In recent years, NGOs have been struggling to defend civil rights in Brussels. As human rights defenders, it is part of our job to detect failures in the EU’s digital policy-making. But we rarely have the opportunity to explore the underlying reasons and to debug Europe’s kernel package.

In this talk, we want to analyse the EU’s biggest fails and explore the following questions: Where and why is the European Union failing? Can the EU learn from its failures? Where and what is the European digital rights movement? How do we make our advocacy more successful?

In recent months, these fails have received a great deal of attention in the press – Oettinger’s Taliban attacks, Schroedinger’s net neutrality, the cybercybercyber war and the repeated repackaging of ACTA.

It is reasonable to say that in a complex system like the European Union, system failure is a perpetual risk. However, for the defence of human rights and, indeed, many other policy issues, limiting those risks is absolutely essential. This is why we want to explore how we can gain insights and use valuable information from recent fails to fix the EU’s vulnerabilities. Most importantly, if we wish to prevent the more serious failures in the future, we need to examine how and where our advocacy fails.

Access and European Digital Rights fight for digital rights at the EU level. Although we’re detecting and fighting a large number of failures that the European Union produces with regard to digital policy-making, we’re still very far from preventing the big fails.

For instance, instead of proposing real solutions to the migration crisis, the EU’s shortsighted vision focuses on border surveillance. Instead of an urgently needed reform of Europe’s privacy rules, its governments water down the protections for their citizens. Instead of safeguarding the open and neutral internet, the EU paves the way for discrimination by the big telcos. Inst

Speakers: panic, sev

The REXUS/BEXUS programme allows students from universities and higher education colleges across Europe to carry out scientific and technological experiments on research rockets and balloons. Each year, two rockets and two balloons are launched, carrying up to 20 experiments designed and built by student teams.
By reference of two experiments we were involved in, we will explain the way from the experiment idea to the launch and test of it.

Bringing an experiment into space aboard a sounding rocket or into the higher atmosphere aboard a balloon is not as hard as one might think. Students from Europe can simply write a proposal and apply for the REXUS/BEXUS programme, which is realised by an agreement between the German and Swedish space agencies, DLR (German: Deutsches Zentrum für Luft- und Raumfahrt) and SNSB (Swedish National Space Board, Swedish: Rymdstyrelsen). The Swedish share is furthermore accessible to teams from other European countries through ESA.

For REXUS, two sounding rockets are launched from northern Sweden every year, each one capable of carrying up to 5 experiments (max. experiment payload mass approx. 40kg) to an altitude of 80-90km. The experiments have to be engineered to withstand at least 20g of acceleration during ascent and descent, and experience milli-gravity when close to the apogee. In addition, the space specific thermal and vacuum environment need to be considered. Since the altitude is too low for reaching an orbit, the rocket motor and payload falls back to ground and is recovered by helicopters. The experiments are then returned to the student teams and the data from the 10min flight can be analysed, for instance, atmospheric measurements or technology demonstrators.

Similarly for BEXUS, two balloons per year are launched from the same location in Sweden and allow for carrying up to 12 experiments (max. 100kg). The balloon lifts the gondola with inside experiments to an altitude between 25-30km.

Speakers: Daniel Lange (DLange), Felix "tmbinc" Domke

Analysis of the emission scandal shaking the German automotive industry from a procedural, organizational and technical level. Includes insight into cheating for advanced managers and code extraction from ECUs from Ebay. And from Volkswagen. Initially.

The exhaust emission scandal has visibly shaken the confidence auto buyers put into the German automotive industry.
The details are – half a year after Volkswagen managers confessed to fraud – scarce, very scare.
Both around the procedural and the technical details of the betrayal. Daniel will show how engineering a Electronic Control Unit (ECU) works, and how many people are involved.
And he will take a look at the revealing communication from the affected parties. That try to share nothing with many words but still reveal a few interesting details.
Felix takes the other approach and looks at body of evidence that 8+ million people have access to but too few took a closer look.
He will share the tricks to extract the firmware from the affected engine control units and share the findings he made along the way and when he looked at the plain and honest truth in code.

Speakers: Sec, Schneider

News about the rad1o half a year later – cool stuff that happened, and why you need an SDR.

The rad1o was the badge for the Camp 2015. This talk will be a bit about what went into a project of this size, what went well and what not so much. The main part is about what we (and lots of other volunteers) have done with it – both standalone and with a computer, and why y’all need to play more with SDR.

Speaker: Evan Roth

In Internet Landscapes, Evan Roth will discuss his work as it relates to visualizing, archiving and understanding the Internet and its effects on culture with a focus on the misuse of communication technologies. Roth will trace his personal and creative history within an Internet landscape that has changed significantly in the last 16 years. The presentation will include a range of work culminating in his more recent pilgrimages to the beaches of the UK, New Zealand and Sweden, where submarine Internet fiber optic cables reach the land. Armed with an array of paranormal technologies, Roth will recount his personal quest to visualize and reconnect with a changing Internet landscape.

Speakers: Maik Brüggemann, Ralf Spenneberg

Unser Vortrag demonstriert einen PLC-only Wurm. Der PLC-Wurm kann selbstständig ein Netzwerk nach Siemens Simatic S7-1200 Geräten in den Versionen 1 bis 3 durchsuchen und diese befallen. Hierzu ist keine Unterstützung durch PCs oder Server erforderlich. Der Wurm „lebt“ ausschließlich in den PLCs.

PLCs der Baureihe Siemens Simatic werden über einen proprietäres Protokoll verwaltet. Mit diesem Protokoll kann ein PLC gestartet und gestoppt werden. Es können Diagnoseinformationen gelesen und der Upload/Download von Benutzerprogrammen durchgeführt werden. Für die S7-300/400 existieren bereits OpenSource-Lösungen die das Siemens Protokoll unterstützen. Mit der Einführung der neuen Produktreihe S7-1200 wurde das alte Protokoll von Siemens abgelöst und durch ein neues Protokoll ersetzt. Zu diesem neuen Protokoll steht weder eine offizielle Dokumentation zur Verfügung noch existieren veröffentlichte Untersuchungen. Wir haben dieses Protokoll basierend auf der S7-1200v3 analysiert und können beliebig Benutzerprogramme mit diesem Protokoll auf einer PLC installieren bzw. auslesen.

Hierauf aufbauend haben wir einen PLC-Wurm entwickelt, der selbstständig ein beliebiges Netzwerk nach S7-1200v3 Geräten durchsucht und diese befällt wenn die Schutzmechanismen ausgeschaltet sind. Der Wurm ist ausschließlich in der Programmiersprache SCL programmiert und benötigt keine weitere externe Unterstützung. Für die Fernsteuerung der infizierten PLCs haben wir einen Command&Control Server implementiert. Infizierte Geräte können sich automatisch mit diesem Server verbinden. Über diese Schnittstelle können wir aus der Ferne beliebige Steuerausgänge verändern. Eine Proxy-Funktionalität erlaubt es uns über einen Tunnel auf weitere Systeme in dem Netzwerk zuzugreifen. Schließlich kann über den Steuerungsserver auch der Defect-Modus ausgelöst werden. Hierdurch stellt die PLC ihre Arbeit ein. In diesem Modus is

Speaker: Clifford

Yosys (Yosys Open Synthesis Suite) is an Open Source Verilog synthesis and verification tool.

Project IceStorm aims at reverse engineering and documenting the bit-stream format of Lattice iCE40 FPGAs and providing simple tools for analyzing and creating bit-stream files, including a tool that converts iCE40 bit-stream files into behavioral Verilog. Currently the bitstream format for iCE40 HX1K and HX8K is fully documented and supported by the tools.

Arachne-PNR is an Open Source place&route tool for iCE40 FPGAs based on the databases provided by Project IceStorm. It converts BLIF files into an ASCII file format that can be turned into a bit-stream by IceStorm tools.

This three projects together implement a complete open source tool-chain for iCE40 FPGAs. It is available now and it is feature complete (with the exception of timing analysis, which is work in progress).

Speakers: Peter Laackmann, Marcus Janke

Dr. Peter Laackmann und Marcus Janke zeigen mit einem tiefen Einblick in die Welt der Hardware-Trojaner, auf welchem Wege „Institutionen“ versuchen können, sich versteckten Zugang zu Sicherheits-Hardware zu verschaffen.

Wer bzw. was kann Hersteller dazu bringen, den Einsatz von „Backdoors“ zu akzeptieren, zu billigen, zu unterstützen oder sogar selbst zu initiieren? Wann ist es Mutwilligkeit, wann Ignoranz, wann Dummheit?

Versteckte Zugänge zu Sicherheitschips, auch als „Backdoors“ bekannt, stellen eine erhebliche Bedrohung für die Sicherheit persönlicher Daten in vielen heutigen Anwendungen dar. Die Referenten zeigen detailliert, auf welchem Wege „Institutionen“ versuchen können, sich versteckten Zugang zu Sicherheits-Hardware zu verschaffen. Die Beispiele reichen von der einfachen Firmware-Änderung über Schaltungsmodifikationen in Herstellungsmasken, bis hin zu Sondertechnologien, deren Nutzung als „Backdoors“ auch in der Zertifizierung nahezu undetektierbar ist.

Gleichzeitig wird gezeigt, auf welchen Wegen jeder Beteiligte in Entwicklung, Produktion und Anwendung helfen kann, „Backdoors“ schon im Ansatz zu verhindern. Besonderes Augenmerk liegt auf der Erkennung bestimmter als vermeintliche „Sicherheitsfeatures“ angepriesener Technologien, die jedoch ihren Einsatz als Hardware-Trojaner stark begünstigen und somit geradezu herausfordern.

Auch der moralisch-ethische Aspekt soll beleuchtet werden: Wer bzw. was kann Hersteller dazu bringen, den Einsatz von „Backdoors“ zu akzeptieren, zu billigen, zu unterstützen oder sogar selbst zu initiieren? Wann ist es Mutwilligkeit, wann Ignoranz, wann Dummheit?

Der Vortrag zeigt, was man gegen diese Bedrohung schon präventiv auf jeder Ebene unternehmen kann und wie sich die Abwesenheit von „Backdoors“ wirksam kontrollieren läßt.

Die Autoren blicken auf über 25 Jahre private und fast 20 Jahre berufliche Erfahrung im Ber

Speaker: vimja, ari, Patrick Stählin, Hakuna MaMate

2015 und 2016 sind wichtige Jahre für die Netzpolitik in der Schweiz, denn die Parlamente entscheiden sowohl die Revision des BÜPF (Bundesgesetz betreffend die Überwachung des Post- und Fernmeldeverkehrs) als auch das NDG (Nachrichtendienstgesetz).

Die beiden Gesetze würden den entsprechenden Bundesbehörden deutlich mehr Handlungsfreiheiten einräumen, wenn es um das Sammeln von Daten auf Vorrat und das Überwachen der Telekommunikation geht. Im Vortrag geben wir eine Übersicht über die beiden Gesetze und sprechen darüber, welche Auswirkungen sie unserer Meinung nach haben werden und was wir dagegen unternehmen und bereits unternommen haben.

Einige der am stärksten kritisierten Punkte der Gesetze sind:

Dem Nachrichtendienst wird der Einsatz von Staatstrojanern gestattet,

Dem Nachrichtendienst wird exzessiver Zugriff auf den Internetverkehr in der Schweiz gestattet (Kabelaufklärung),

Die Vorratsdatenspeicherung in der Schweiz wird weiter ausgebaut.

Wir gehören zum CCC-CH und zur Digitalen Gesellschaft (Schweiz). In der Schweiz haben die Stimmberechtigten die Möglichkeit, das Referendum zu ergreifen. Gelingt es, innerhalb von einhundert Tagen nach in Kraft treten der Referendumsfrist 50'000 Unterschriften zu sammeln, so kommt der Gesetzesentwurf vor das Stimmvolk, welches das letzte Wort hat. Doch 50'000 Unterschriften wollen erst mal gesammelt werden… Leider werden die Gesetze zeitlich versetzt verabschiedet, so dass die Referendumsfristen nicht, wie ursprünglich erhofft, zusammenfallen. Es ist durchaus denkbar, dass es sich dabei um ein politisches Manöver handelt, da das BÜPF doch deutlich mehr Gegner hat als das NDG.

Im Falle des NDG hat die Digitale Gesellschaft, zusammen mit der Piratenpartei Schweiz, grundrechte.ch und dem CCC-CH, unter nachrichtendienstgesetz.ch eine Plattform erstellt, um die Unterschriftensammlung zu koordinieren. Zum Zeitpunkt des 32C3 wird die

Speakers: Florian Grunow, Niklaus Schiess

Angae means "Fog" in Korean. The term is widely used in parts of custom code used by the Red Star OS. We will lift the fog on the internals of North Korea's operating system. Our talk will provide information about how privacy is invaded for all users of Red Star OS and how an operating system designed by a totalitarian dictatorship works.

In 2014 the version 3 of North Korea's Red Star operating system was leaked. It is based on Linux and has the look and feel of a Mac. There is also a server version available. We will start the presentation by giving a general overview and presenting findings that already hit the net during the last year, like research on Red Star’s custom browser and its configuration.

The focus of the presentation is to explain in depth how the architecture of the components is made up and to give a detailed overview of the privacy invading custom code implemented into the OS.

The system is designed to defend and protect itself from changes made from user space. We will analyze the interaction of the components and the protection mechanisms and provide information on how to deactivate some of the malicious functionality of Red Star OS.
North Korea abuses the principals of free software to provide an operating system that suppresses free speech. Therefore we think it is necessary to disclose this information to the public and present the audience on how to get around the limitations introduced by North Korea.

Investigating functionality that can be used to invade the privacy of users was our primary goal. We found that the features implemented in Red Star OS are the wet dream of a surveillance state dictator. It provides a set of surveillance features like the capabilities to watermark different types of files that can be used to track the distribution of documents and multi-media files. We will have an in depth look on how some of these features built the foundation for a suppressive s

Speaker: Philipp Winter

Several years ago, the Great Firewall of China was silently upgraded to find and block circumvention servers that employ encryption to defeat deep packet inspection. The system is now used to block protocols such as Tor, SoftEther, and SSH. In this talk, we will give an overview of how this system works, and how it can be circumvented.

The GFW's reactive probing system scans egress network traffic for circumvention protocol signatures, and then launches short-lived probes to verify if the suspected server is, in fact, speaking the circumvention protocol. If that is the case, the GFW adds the IP address and port of the server to a country-wide blacklist, preventing people in China from connecting to it. We recently finished a multi-month research project in which we looked at the system from different angles to answer several open questions. In particular, we will talk about:

How the reactive probing system makes use of thousands of unique IP addresses to launch its probes.

We discuss our hypotheses on the physical design of the reactive probing system. Our evidence shows that all these IP addresses are either hijacked, or that the GFW operates a large, geographically distributed network of proxies.

We show patterns in the IP, TCP, and TLS headers that suggest that the thousands of reactive probing IP addresses we harvested are controlled by few centralized systems.

How the system seems to flush its blacklist regularly, providing a short window for circumvention.

The effectiveness of the system, i.e., how good is it at blocking servers and how well does it scale?

How the GFW seems to treat science and education networks different from consumer networks.

Ways to troll the Great Firewall of China.

Speaker: Ilja van Sprundel

This presentation covers windows kernel driver security issues. It'll discuss some background, and then give an overview of the most common issues seen in drivers, covering both finding and fixing issues.

In this presentation I intent to cover a rapid fire set of issues that commonly occur in windows drivers. From the trivial (ioctl, probing) to the obscure and subtle. The presentation will discuss these issues, illustrate them with examples, and offer developer guidance on how to avoid and mitigate these issues.

Whether you're a security researcher, a developer looking for some security guidance when writing these drivers, or just generally curious about driver internals, there's something here for all.

Speaker: Yaniv Balmas

Key-Loggers are cool, really cool. It seems, however, that every conceivable aspect of key-logging has already been covered: from physical devices to hooking techniques. What possible innovation could be left in this field?

Well, that’s what we used to think too. That is until we noticed that little grey box sitting there underneath a monitor, next to yesterday’s dirty coffee cup. The little grey box that is most commonly known as ‚KVM‘.
The talk will tell the tale of our long journey to transform an innocent KVM into a raging key-logging monster.
We will safely guide you through the embedded wastelands, past unknown IC’s, to explore uncharted serial protocols and unravel monstrous obfuscation techniques.
Walking along the misty firmware woods of 8051 assembly we will challenge ambiguous functions, and confront undebuggable environments.

Finally, we will present a live demo of our POC code and show you that air-gapped networks might not be as segregated as you imagined.
You will witness that malware code could actually reside outside your computer, persisting through reboots, wipes, formats, and even hardware replacements.
You might laugh, you might cry, but one thing is certain – you will never look at your KVM the same as before

Our presentation will guide the audience trough an entire research project process: from the choice of a research subject, the learning stage, trough the many failures along the way, and until a complete success is finally achieved.
Our research process provides useful insights for both entry-level and experienced researchers in the hardware hacking area.

This research sheds light on a brand new field that has yet to be uncovered by the security community. We believe that CCC, as one of the world’s largest security convention, will provide the most suitable stage to share our research story and its implications.
And finally, this talk is the product of a long research project

Speaker: Marcell Mars

Public Library is the synergy of two efforts. First, it makes the case for the institution of public library and its principle of universal access to knowledge. Second, it is an exploration and development of distributed internet infrastructure for amateur librarians. If Public Library is a proposal/RFC Memory of the World is its proof of concept and reference implementation.

In the catalog of History the institution of public library is listed in the category of phenomena of which we humans are most proud. Along with free public education, public healthcare, the scientific method, Universal Declaration of Human Rights, Wikipedia, free software… It’s one of those almost invisible infrastructures that we start to notice only once they go extinct. A place where all people can get access to all knowledge that can be collected seemed for a long time a dream beyond reach – until the egalitarian impetus of social revolutions, the Enlightment idea of universality of knowledge, and the expcetional suspension of the comercial barriers of copyright made it possible.

The Internet has, as in many other situations, completely changed our expectations and imagination about what is possible. The dream of a catalogue of the world – a universal access to all available knowledge for every member of society – became realizable. A question merely of the meeting of curves on a graph: the point at which the line of global distribution of personal computers meets that of the critical mass of people with access to the Internet. Today nobody lacks the imagination necessary to see public libraries as part of a global infrastructure of universal access to knowledge for literally every member of society. However, the emergence and development of the Internet is taking place precisely at the point at which an institutional crisis — one with traumatic and inconceivable consequences — has also begun.

The reactionary forces of the »old regime« are

Speaker: Sergey Gordeychik, Aleksandr Timorin, repdet

For years SCADA StrangeLove team speaks about vulnerabilities in Industrial Control Systems. Now we want to show by example of railway the link between information security and industrial safety and demonstrate how a root access gained in a few minutes can bring to naught all the years of efforts that were devoted to the improvement of fail-safety and reliability of the ICS system.

Railroads is a complex systems and process automation is used in different areas: to control power, switches, signals and locomotives. At this talk we will analyze threats and vulnerabilities of fundamental rail-road automation systems such as computer based interlocking, automatic train control and automatic train protection.

No vendor names and vulnerabilities details will be released, for obvious reasons. By the way, all research based on hands-on security exercises and most of issues are confirmed and processed by vendors.

Speaker: Alexander Graf

Did you ever want to have access to a few hundred thousand network end points? Or a few hundred thousand phone numbers? A short look behind the curtains of how not to do network security.

Have you ever wondered why cable modem providers don’t allow you to swap out your modems with your own?

Once you look at the network your modem (and thus you once you gain access to it) has access to, a whole new world of security mess-up lies ahead.

Join me in exploring how DOCSIS (the standard behind cable modems) works, how it’s used today in a real life example setup, how you could potentially make it secure and what implications this has to you as an end user. I will also show you what happens if you don't look out for security on the DOCSIS network and how that can lead to compromising other people's modems, private networks and telephone access.

Speaker: Simon

In the past years there has been a lot of discussion on the topic of state sponsored surveillance. But hardly any material can be accessed to support the general debate due to vaguely declared security concerns. So we are debating Big Brother with little knowledge about what he actually sees, while he is watching. Over the course of three years, I was able to research the archives left by East Germany's Stasi to look for visual memories of this notorious surveillance system and more recently I was invited to spend some weeks looking at the archive by the Czechoslovak StB. Illustrating with images I have found during my research, I would like to address the question why this material is still relevant – even 25 years after the fall of the Iron Curtain.

Speaker: rahra

The Amiga was one of the most powerful and wide srpead computers in the late 80's. This talk explains its hardware design and programming.

The Amiga 1000 appeared in 1985 and was followed by the Amiga 500 a few years later, which had the same design concept but was a little bit more powerful. The hardware design was highly sophisticated and powerful and was years ahead to other computers at the time then.
Equipped with the Motorola 68000 Microprocessor as the CPU which was internally a full 32 bit processor and several additional co-processors for various complex DMA tasks it was perfect for graphics-intensive software.

This talk explains the hardware in detail, how all those processors interacted and how it was programmed.

Speaker: Trammell Hudson

Last year at 31c3 we disclosed Thunderstrike, the first firmware attacks against Macbooks.

This year we’ve ported old UEFI vulnerabilities to the Mac and will demo Thunderstrike 2, an extension to the attack that no longer requires physical access and can replicate via shared Thunderbolt devices.

Speaker: LaForge

Seven years after presenting „running your own GSM network“, we are back presenting about how to do the same for 3G (UMTS/HSPA) networks.

Seven years ago, the now famous „running your own GSM network“ talk was held at 25C3, paving the way for a first step into the then-new field of applied research (aka hacking) into mobile communications research.

The result of that talk is what is known as OpenBSC. Together with its sister-projects OsmoBTS, OsmoPCU, OsmoNITB, OsmoSGSN and OpenGGSN are commonly used to run GSM/GPRS networks as a means to perform security research, offensive as well as defensive.

Now, the team behind those projects has finally started work on supporting 3G base station hardware, extending the scope from 2G/2.5G/2.75G technologies towards UMTS, HSDPA and HSUPA.

The talk will cover
* what was/is required to implement in terms of the protocol stacks,
* the current status of this work,
* how it integrates into the Osmo* world,
* how it is envisioned to be usd in mobile security research.

Like at 25C3, there will also be a demo, of course..

Speaker: Ryan Lackey

Datahavens have long been discussed as a solution to user security and privacy needs. Instinctively, the idea of physical locations where servers for communications, financial privacy, and other services can work is easily understood and seems appealing. As a founder of the HavenCo datahaven on Sealand in 2000, I saw firsthand the potential and the pitfalls of this approach.

Datahavens have long been discussed as a solution to user security and privacy needs. Instinctively, the idea of physical locations where servers for communications, financial privacy, and other services can work is easily understood and seems appealing. As a founder of the HavenCo datahaven on Sealand in 2000, I saw firsthand the potential and the pitfalls of this approach.

We will discuss the concept behind datahavens, some specific examples, the legal and technical challenges they face, and how specifically HavenCo failed. While projects to date have largely failed, there is hope for the future, both in the physical datahaven approach and in technical measures, so there is good reason to be optimistic.

Speaker: INCO

CubeSat are small standardized satellites typically flown as secondary and containerized payloads piggybacking on the launches of larger satellites. Their low entrance cost have been a revolution in opening access to space for a broad range of institutions. In this talk the basics of CubeSat standards, technology and development are going to be presented. The goal is to proliferate the knowledge of what it takes to successfully build, launch and operate a CubeSat within and beyond the hacker community.

It has been 12 years since the first CubeSat was launched. Invented as a standard for university student satellite projects, the advantages of the CubeSat standard made it outgrow the educational field. The (relatively) low entrance hurdle in terms of cost and regulations has inspired many to pursue their own satellite project. But why do about 50% of all first-time CubeSats fail early? This talk is aiming at spreading the knowledge of how to tackle the task of conducting a CubeSat mission. What are the special requirements for CubeSats? How is the space environment different from what we came to expect for earth-based projects? What kind of components are available? What (FOSS) tools are available for the design and verification process?

Speaker: David Kaplan

Software design and testing is hard, but what happens when each bug fix can cost months of delay and millions of dollars? In this talk we’ll take a behind-the-scenes look at the challenges in the design of a very complex, yet critical piece of hardware: the modern x86 CPU.

All hardware design and testing is complex, but x86 CPUs are designs that must work correctly basically 100% of the time. They are critical not only for running your applications, but for enforcing the security of the entire system. In this talk, we’ll explore what modern x86 CPU hardware looks like, describe some of the methodology around CPU testing, and discuss real-world hardware design.

So does that all make flawless hardware? Of course not! CPU bugs do happen, and when dealing with hardware bugs, it’s rarely as simple as “download this patch”. This talk will additionally look at some of the various capabilities used with modern chips to address late-breaking issues, from special configuration bits to microcode to even focused ion beams.

The goal of this talk is to not only provide the listener with a glimpse into the world of complex hardware design, but to hopefully inspire software engineers with new ideas on how to test equally critical software that must “just work”.

Speakers: Karsten Nohl, Fabian Bräunlein, dexter

Payment systems are old and have – unlike card protocols – seen little scrutiny so far. This talk enumerates design and implementation flaws in payment processing systems, which can defraud consumers and merchants.

Like most embedded devices, payment system elements are potentially vulnerable to a range of attacks. This has not changed in years. What did change, though, is the exposure of these vulnerabilities: Serial interfaces are now exposed via ethernet; proprietary backend protocols are reachable over the Internet TCP, and flaws in real time operating systems are widely known.

This talk provides an overview of design issues and implementation vulnerabilities in current payment processing systems, including un-authenticated protocols and insecure hardware implementations, which enable fraud vectors against merchants who operate payment terminals and consumers who use them. Some of them remote and pre-auth ...

Speakers: gannimo, [email protected]

Memory corruption is an ongoing problem and in past years we have both developed a set of defense mechanisms and novel attacks against those defense mechanisms. Novel defense mechanisms like Control-Flow Integrity (CFI) and Code-Pointer Integrity (CPI) promise to stop control-flow hijack attacks. We show that, while they make attacks harder, attacks often remain possible. Introducing novel attack mechanisms, like Control-Flow Bending (CFB), we discuss limitations of the current approaches. CFB is a generalization of data-only attacks that allows an attacker to execute code even if a defense mechanism significantly constrains execution.

Memory corruption plagues systems not just since Aleph1's article on stack smashing but since the dawn of computing. With the rise of defense techniques like stack cookies, ASLR, and DEP, attacks have grown more sophisticated but control-flow hijack attacks are still prevalent. Attackers can still launch code reuse attacks, often using some form of information disclosure. Stronger defense mechanisms have been proposed but none have seen wide deployment so far due to the time it takes to deploy a security mechanism, incompatibility with specific features, and most severely due to performance overhead.

Control-Flow Integrity (CFI) and Code-Pointer Integrity (CPI) are two of the hottest upcoming defense mechanisms. After quickly introducing them, we will discuss differences and advantages/disadvantages of both approaches, especially the security benefits they give under novel memory corruption attacks. CFI guarantees that the dynamic control flow follows the statically determined control-flow of the compiled program but an attacker may reuse any of the statically valid transitions at any control flow transfer. CPI on the other hand is a dynamic property that enforces memory safety guarantees like bounds checks for code pointers by separating code pointers from regular data. Data-only attacks a

Speaker: Peter Buschkamp

Light of astronomical objects gets distorted as it passes earth’s atmosphere. Adaptive optics can correct this distortion and create images that are as sharp as those taken in space. The correction needs a bright reference star. If there is no such star nearby, an artificial Laser Guide Star can be created in the upper atmosphere.

A lot of clever real time software, hardware and feedback loops steer a deformable mirror to straighten the distorted wavefront. The talk looks at the technologies of this fascinating technique and will also cover the question how to become a laser-rocket-scientist. Also, there will be star-wars like laser pew pew pictures & videos.

In the first part I will talk about the background of adaptive optics and how it enables ground-based observations which people though to be impossible only two decades ago. We will look at the building blocks of such a system and how they are combined to work together nicely.

The second part will look at a real Laser-AO system, the project I have worked with, ARGOS at the LARGE Binocular Telescope in Arizona. I will present the system in detail and talk about the little things in all the black boxes. Mechanics, electronics, Optics and Software. We will have images and videos of the system at work and look at first test results showing the potential of this system.
ARGOS feeds one of three near-infrared multi-object spectrometers that exists on this planet (Instruments name: LUCI). LUCI is used to record light from the universe 11 billion years ago to to answer the question where galaxies came from and how they developed.

In the last (somewhat shorter) part I want to briefly talk about what it takes to get into this kind of work, how to become a „laser rocket scientist“. I get this question a lot in Q&A sessions and therefore want to address it right away. There are misconceptions about his type of work and quite a number of people leave the field again – mainly

Speakers: djb, Tanja Lange

Last year your friend Karen joined the alternative music scene and sent you a sound track. The government is recording everything, and this year announced that alternative music is a gateway drug to terrorism (see http://www.theguardian.com/australia-news/2015/sep/25/radicalisation-kit-links-activism-and-alternative-music-scene-to-extremism). Fortunately, Karen encrypted the email.

Fast forward to 2035. Stasi 2.0 has risen to power and has decided that, to protect society, anyone who has ever been exposed to alternative music will be sent to a „better place“. They still have a copy of Karen’s ciphertext. And here’s the really bad news: They’ve just finished building a billion-qubit quantum computer.

Back in 2015, large general-purpose quantum computers haven’t been built yet, but the consensus is that they will be built, and that they will allow well-funded attackers to retroactively break practically all of today's deployed public-key cryptography.
RSA will be dead.
ECC will be dead.
DSA will be dead.
„Perfect forward secrecy“, despite its name, won’t help.

Fortunately, there are replacement public-key cryptosystems
that have held up very well against analysis of possible attacks,
including future quantum attacks.
This talk will take a hands-on look at the two examples
with the longest track records: namely, hash-based signatures (Merkle trees) and code-based encryption (McEliece).

Speakers: Inbar Raz, Gadi Evron

With the advancement of defensive security and the constant release of research papers into their toolsets, advanced threat actors have had to adapt with new operational security practices, as well as with new technology.

With the advancement of defensive security and the constant release of research papers into their toolsets, advanced threat actors have has to adapt with new operational security practices, as well as with new technology.

Examples of this are how long it takes for a threat actor to take its operation offline once a public report of it's tools is getting released, or the technology it may be using to cope when its expensive code base that has taken years of development suddenly becomes public property.

Two quick examples are the geographical distribution of attacks, which are often (mis)used in attribution, and the use of cryptography for reuse of now public code bases.

Speakers: plutoo, derrek, smea

In 2011 the Nintendo 3DS was released. Today it is the most popular current-gen handheld console, having sold more than 50 million units worldwide. The 3DS features a completely redesigned architecture from its predecessors the DS and the DSi. This talk will focus on the security features of the 3DS, and how we got around them.

We start by presenting a summary of the security system of the 3DS from the ground up. After the introduction, we proceed to elaborately exploit each layer of the 3DS operating system, starting with userspace, kernelspace, and finally gain code-execution in the security processor.

We also present how we figured out a hardware secret built into the console, and an early break in the chain of trust.

Basic knowledge of embedded systems and CPU architectures is recommended, although we aim to also make it enjoyable for non-technical audiences.

Speaker: Gianteye

In this talk Matthew Borgatti, Lead Scientist at Super-Releaser, will take you through the process of turning a puddle of goo into a working soft robot. He will take you through the different mechanisms that can be created, simple processes for fabricating soft robots, and methods for joining elements together into sophisticated assemblies.

Soft robots are slowly trickling out of universities and labs into everyday life. Amazon is experimenting with installing soft grippers on robotic arms to pick any product off a warehouse shelf. DARPA just funded an extensive program to build soft exoskeletons for soldiers to enhance how much they can lift and how long they can march. My lab, Super-Releaser, is developing robotic spacesuit components for NASA as a subcontractor on a SBIR grant. On paper they might seem too complex to whip up at home, but if you’re the kind of person who loved Creepy Crawlers and have access to a 3d printer you can make your very own soft robots.

Let’s take a step back to explain what a soft robot is and what they're good for. Most robots out there are made from hard parts like steel gears and plastic housings with the occasional rubber wheel or timing belt thrown in. When they respond to their environment it’s usually by reading sensors and using a processor to change their behavior accordingly. This responsiveness is called compliance. There’s another way to get compliance out of an engineered object, though: make the object soft. Everything from goat hooves to octopus tentacles, starfish suckers to human muscles, use softness and springiness to their advantage. When your robot responds to the environment by bending, say around the thing you’re trying to grip, getting a specific output, like putting that thing in a box to get packed up and shipped off, becomes a lot simpler on the computation side of things. Adding compliant mechanisms to your engineering toolbox can add huge problem solving power to any robo

Speakers: Bühne für Menschenrechte

THIS EVENT IS NOT GOING TO BE RECORDED!

Die ASYL-DIALOGE erzählen von Begegnungen, die Menschen verändern, von gemeinsamen Kämpfen in unerwarteten Momenten – eine dieser Geschichten spielt in Osnabrück, wo seit März 2014 ein breites Bündnis solidarischer Menschen bereits 37 Abschiebungen verhindern konnte und somit für viele bundesweit zum Vorbild wurde...

The Asylum Dialogues
Documentary Theatre - Actors for Human Rights Germany
in German, with English, French and Arabic subtitles

The ASYLUM DIALOGUES speak about encounters which change people, about joint fights in unexpected moments - one of the stories takes place in Osnabrück, where - since March2014 - a coaltion of solidary people could prevent until today 37 deportations and became a role model nationwide.

Speakers: frank, Linus Neumann, erdgeist, Constanze Kurz, Falk Garbsch

Wir werden einen Überblick über die Themen geben, die den Chaos Computer Club 2015 beschäftigt haben. Neben der Zusammenfassung und der Rückschau auf das vergangene Jahr wollen wir aber auch über zukünftige Projekte reden.

Speakers: Will Scott, [email protected]

The techniques to control access to the Internet, and the ability to bring transparency to those processes are both continuing to evolve. We’ll give an update on the landscape of online information controls, and our ability to measure them.

The talk will give an update on current country-level practices, the techniques in use to measure them, and an overview of major tools in use.

Over the past couple years, restrictions on Internet access have grown even more ubiquitous. Many take the form of URL or Domain blacklists implemented by western countries, along with increased levels of self censorship on social platforms with user generated content.

The measurement community continues to play a catch-up game. Through a mixture of watching legislature, an increased understanding of what we need to build to keep track of internet controls, and discoveries of side channels that let us externally measure connectivity, we’re making progress!

Speaker: Julia Maria Mönig

In my talk I am 1) discussing philosophical concepts of privacy, especially Hannah Arendt's philosophy. I am 2) explaining why in a liberal-democratic system we need to protect our privacy and 3) what we can morally do to prevent catastrophes such as a totalitarian system from happening again. With Hannah Arendt's arguments and her analysis of totalitarian systems in mind, I am referring to three examples from today's privacy discussions: cybermobbing, Behavioral Advertising and secret services.

That our privacy is at stake is not just a problem since the 2013 revelations of Edward Snowden. The 20th century philosopher Hannah Arendt is an important source to understand what privacy' means and why we need to protect it. In my talk I am going to explain what Arendt understood asprivate' throughout her work, and how her reasons to claim the protection of the private realm were connected with her analysis of the totalitarian systems in the 20th Century.
In my contribution I am first discussing philosophical concepts of privacy, with a focus on Hannah Arendt's philosophy. Second, I am arguing why in a liberal-democratic system we need to protect our privacy. The third step will be to reason what we can morally do to prevent catastrophes such as a totalitarian system from happening again.
Being a philosopher, I am going to make the philosophical — and in part legal — claims and preconditions understandable for a larger public. To prevent "what never ought have happened" from happening again we should, following Arendt, never refuse to judge about what is happening around us. I apply Arendt's framework of moral judging by examples to three cases from today's privacy discussions, Cybermobbing, Behavioral Advertising and secret services.

Speaker: Miguel Chaves

There are two lines of research in the world about decreasing poverty in low-income communities: (1) to create solutions and share them with people living in low-income areas or (2) build the capacity of people from low-income areas to create their own solutions. Maker Spaces to BoP have showed great results to the strategy two. The lecture has the goal to expose all the experience we have learnt in the last three years to project, implement and manage a Maker Space in a favela in São Paulo - Brazil called Innovation Center Vila Nova Esperança (ICVNE).

The terms “social innovation” and “social innovators” have become commonplace expressions in technology and development fields. More people have created new kinds of businesses and solutions to create positive impact in the society instead of just bringing interests to the partners of the company. However, in the last two decades, most resources available to build solutions for international development challenges were provided to institutions in richer countries. Most of the solutions, therefore, were coming from outside the local context or community. There are very few examples that show low-income people as responsible designers for good solutions. Several reasons try to explain why this has happened, but one essential reasoning is the belief that well educated people have more capacity to reach a good solution for any context, even if these people do not belong to the local culture or context. However, the main results of this methodology are anything but understanding and positive. The four main results are: dependence, lack of user needs understanding, (and, as such) little or no sense of ownership, and lack of maintenance.
In order to address these four problems, different approaches to social innovation have started to be tested. One model that tries to explain these different approaches are called Design For, Design With, Design By. If this model is studied deeper, it

Speaker: Thomas Lohninger

After two years the fight for net neutrality in Europe about the Telecom Single Market Regulation has come to a close. In this talk we will analyse the new net neutrality law and it's consequences and we give you the lessons learned from two years of EU campaigning.

On 30c3 we launched the SaveTheInternet.eu campaign. Since then activists from all around Europe fought for net neutrality and the freedom of the open internet. At 32c3 the the legislative process in Europe will have come to a close and the campaign will be mostly over.

In this talk we will look back and try to learn from past mistakes and successes. What has worked and what didn't? What will the new net neutrality law in Europe actually mean in practice? We assess the repercussions for the European internet and also for the global fight for net neutrality, particularly in the global south.

Speakers: gedsic, bigalex

Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick!

To get involved and learn more about what is happening please visit the Lightning Talks Wikipage.

Speaker: Ed Schouten

CloudABI is an alternative runtime environment for UNIX-like operating systems that is purely based on the principle of capability-based security. This makes it possible to create applications that are strongly sandboxed, easier to test and easier to maintain.

UNIX-like operating systems don't seem to make it easy to sandbox programs to harden them against exploits. They also don't allow you to run untrusted executables directly without compromising security, which is the reason why we require technology like virtual machines and containers to secure our systems.

I am going to talk about a system I am developing called CloudABI. CloudABI is a simplified POSIX-like runtime environment that is inspired by FreeBSD's Capsicum. It allows you to create exectables that can solely interact with the environment through file descriptors (capabilities). This not only makes CloudABI more secure than the traditional POSIX runtime, it also makes it easier to test programs through dependency injection. This makes CloudABI a perfect environment for developing microservices.

In my presentation I am going to focus on how CloudABI works, how you can develop software for it and how it works in practice.

Speaker: Fredy Kuenzler

Buffering sucks! Why we see regular buffering when watching online video. What internet service providers could do to reduce buffering and why big players refuse to act. An attempt of calculating the economic cost of buffering.

It’s all about Net Neutrality. Buffering is the visible effect which makes millions of broadband customers suffer.

Speakers: Walter van Holst, Nate Cardozo, mlp, Richard Tynan

Transposition of the Wassenaar Arrangement, which now also covers export controls on exploits and surveillance technology, into European law is upon us. This panel discusses this, both on process and substance.

The big issue is that this may stifle security research while at the same time we want to stop the Hacking Teams of this world.

This is a panel discussing the various good or least bad ways to deal with this. Participants come from civil society and security research.

Speakers: Jugend hackt

Auch in 2015 entstanden wieder zahlreiche Projekte bei Jugend hackt, die mit Code die Welt verbessern. Im Talk möchten die jugendlichen HackerInnen Einblick in ihre Ideen und Projekte geben, und ihre Perspektive auf die Welt vermitteln.

Speakers: Iga Bałos, Benjamin Henrion (zoobab)

Ten years after the rejection of the European software patent directive by the European Parliament, the software patent problem still is not over.
Political action is required.

For further information, please refer to the attached document. It contains a one page summary of highlights, and five pages of a more detailed narrative. Finally, it includes the bio's of the three speakers.

Speaker: Markus Beckedahl

Im Sommer kam heraus, dass der Generalbundesanwalt Ermittlungen gegen zwei Journalisten von netzpolitik.org in Gang gesetzt hatte. Das geschah, weil sich das Bundesamt für Verfassungsschutz dadurch auf den Schlips getreten fühlte, dass Auszüge aus ihren Haushaltsplänen der allgemeinen Bevölkerung bei netzpolitik.org zugänglich gemacht wurden.

Zehn Tage lang gab es in der Sommerpause einen medialen Aufschrei, die Ermittlungen wurden gestoppt. Aber noch immer sind viele Fragen ungeklärt. Warum kam es überhaupt dazu, wer hat politischen Druck ausgelöst und sind die Regeln für die Pressefreiheit im Zeitalter des Internets noch zeitgemäß oder sollten sie dringend an digitale Realitäten angepasst werden?

Der Vortrag will einerseits zurückblicken, aber auch die Learnings vorstellen, inklusive einer dringend notwendigen Debatte, wie wir ein Update der Pressefreiheit in Deutschland hinbekommen könnten.

Speakers: Ralf Spenneberg, Hendrik Schwartke, Oguzhan Cicek

Der Hitag S Transponder wird in verschiedensten Applikationen eingesetzt. Während Angriffe für den Hitag 2 bereits bekannt sind, gilt der Hitag S in der Literatur noch nicht als gebrochen. Wir haben die beschriebenen Angriffe auf den Hitag S übertragen. Wir sind in der Lage den Schlüssel zu brechen und Informationen wie das Kennwort zu ermitteln, obwohl diese zusätzlich vor Lesezugriff geschützt sind. In Abhängigkeit des gewählten Angriffs benötigen wir für das Brechen des Schlüssels zwischen mehreren hundert Tagen und 5 Minuten. Wir haben einen Emulator gebaut, der jeden Hitag S Transponder nachbilden kann. Wird der Transponder in einem Schließsystem eingesetzt, können wir so eine Schlüsselkopie erstellen.
Basierend auf unseren Ergebnissen und den Erfahrungen mit anderen Transpondern aus dem 125kHz Bereich können wir nur vor dem Einsatz in sicherheitskritischen Bereichen warnen.

Die Hitag Transponderfamilie besteht aus mehreren unterschiedlichen Transpondern, zu denen auch der Hitag S gehört. Der Hitag S Transponder wird von dem Hersteller NXP in erster Linie für die folgenden Zwecke empfohlen: Wäscherei-Automation, Logistik, Lagerverwaltung und die Überwachung und Verwaltung von Tierherden. In der Realität werden Sie aber auch in Zutrittskontrollsystemen wie dem blueSmart-System der Firma Winkhaus eingesetzt.

Der Hitag S Transponder bietet zwei Modi: Plain und Authentication. Im Authentication Mode ist der Zugriff auf den Speicher des Transponders erst nach einer erfolgreichen Authentifizierung möglich. Grundlage der Authentifizierung ist ein 48Bit Pre-Shared-Key. Für dieses Verfahren ist laut Hersteller leserseitig ein Krypto-Coprozessor erforderlich.

In diesem Vortrag erläutern wir die unterschiedlichen, bei dem Hitag S, erfolgreich durchgeführten Angriffe zur Überwindung der Authentifizierung bzw. dem Brechen des verwendeten Schlüssels. Hierbei berücksichtigen w

Speaker: fractalfox

This talk is a brief recap into EEG / BCI for hackers, makers, researchers, and artists. It will give an overview of current consumer devices and their flaws, and subquently present fully open-source, high-quality hardware and software. Finally implications for the future of modern society are outlined, especially how commercial EEG consumer devices or services may be exploited by corporations to cloudsource market research, or spy on health conditions, brain states or even leak private information. Strategies to circumvent these risks and secure brain wave experience are being discussed.

In the recent years, affordable Brain-Computer Interfaces are becoming more accessible for consumers. Applications range from controlling computers / machines, biofeedback and Quantified Self. At first sight, the current generation of commercial devices seem to be decent in their functionality, and various use cases are suggested. However, neurophysiological signal quality, as well as limitations of software and hardware hackability are among the greatest issues and hurdles towards advancement in user experience.

This talk is a brief recap into EEG / BCI for hackers, makers, researchers, and artists. It will give an overview of current consumer devices and their flaws, and subquently present fully open-source, high-quality hardware and software. Finally implications for the future of modern society are outlined, especially how commercial EEG consumer devices or services may be exploited by corporations to cloudsource market research, or spy on health conditions, brain states or even leak private information. Strategies to circumvent these risks and secure brain wave experience are being discussed.

This talk can be seen as a sequel to last year's talk by MeTaMiNd EvoLuTioN and will also deal with further proceedings in open-source neurotech.

Speaker: Jeff Deutch

This talk will focus on the potential ability of data disaggregated by race and ethnicity to reduce discriminatory policing in Germany. In the UK, data has been collected during police procedures, allowing for a monitoring and evaluation of discriminatory policing practices. Unfortunately, such an empirically driven policy approach is not currently possible in Germany. This talk will argue that, as a first step, a policy based off the UK approach towards data collection be implemented in Germany to incorporate, rather than ignore, Germany’s diverse identities, and to allow for empirically driven and more effective policing.

As social exclusion and racial discrimination are highly tied to policing practices, it is essential that a reduction of discriminatory policing be part of the larger discussion on addressing social inequalities in developed nations. In Germany, the lack of data disaggregated by race and ethnicity means that there are no figures on the extent of racially or ethnically based discrimination. Germany presents a unique case for examining the collection of disaggregated data due largely to the term race, or Rasse, having negative connotations due to the misuse of such data during the Nazi era.

This talk will focus on the potential ability of data disaggregated by race and ethnicity to reduce discriminatory policing in Germany, with a particular focus on ‘stop and search.’ Stop and search is a crime-prevention practice existing in both Germany and the UK which allows police officers to stop individuals they suspect of committing a crime, carrying a weapon, possessing stolen property, or carrying drugs. In Germany, federal police have the added power to stop a person suspected of committing an immigration violation.

In the UK – due to pressure from civil society organisations, academics, and government officials – data has been collected during police procedures, allowing for a monitoring and evaluation of disc

Speaker: Vincent Haupert

Neue App-basierte TAN-Verfahren sollen die etablierten Verfahren ablösen und Onlinebanking komfortabler machen. Die Notwendigkeit von dedizierter Hardware entfällt und Transaktionen können mit nur einem mobilen Endgerät durchgeführt werden. Was von den Kreditinstituten als Feature beworben wird, erweist sich in unserer Untersuchung als fatal. In einem Proof-of-Concept-Angriff demonstrieren wir die Manipulation von Transaktionsdaten und zeigen die konzeptionelle Schwäche von App-basierten TAN-Verfahren.

Die deutschen Kreditinstitute wenden sich zunehmend von den alten TAN-Verfahren ab. Als Motiv zur Erschließung neuer Techniken abseits der indizierten TAN-Liste, mTAN und chipTAN wird neben der Sicherheit auch der fehlende Komfort durch die Notwendigkeit dedizierter Hardware angeführt. Neue App-basierte TAN-Verfahren erlauben es dem Nutzer, eine Transaktion mit seinem mobilen Endgerät (Android oder iOS) auszulösen und auf dem selben Gerät zu bestätigen -- und das bei vermeintlich höherer Sicherheit als bei den etablierten Verfahren. Wir haben die Sicherheit solcher App-basierten TAN-Verfahren am Beispiel des pushTAN-Verfahrens der Sparkassen ausgewertet und attestieren dem Verfahren gravierende konzeptionelle Schwächen. Der bewusste Verzicht auf eigenständige Hardware zur Transaktionsauslösung und -bestätigung macht das Verfahren für Schadsoftware zu einer leichten Beute. Zur Demonstration dieser Schwächen haben wir einen Angriff entwickelt, der vom Nutzer Transaktionen abfängt und vor ihrer Bestätigung nach Belieben manipulieren kann.

Speaker: Peter Löwenstein

Initiative Freifunk, ein Projekt des Chaos Darmstadt e.V. - Wie kamen wir mit den Verwaltungen, den Verbänden und Parteien ins Gespräch, um freifunk für refugees umzusetzen?

Zeitstrahl Entwicklung von Freifunk Initiative Darmstadt 03/15 bis 12/15
Was hat sich in den 10 Monaten geändert – und warum?

Welche Parteien haben das Thema Freifunk in kommunale Parlamente Südhessens getragen – und mit welcher Begründung?

Wie reagierten Regierungspräsidium, Bürgermeister und Kreistage als Betreiber der Unterkünfte auf die Freifunk Initiative?

Welche Apps passen zu Freifunk für Flüchtlinge – und warum?
Was habe ich gelernt?

Warum Bündnisse eingehen besser ist als auf nur eine Partei zu vertrauen

Erkenne die Chancen auf Veränderungen, wenn die ganze Verwaltung chaotisch geworden zu sein scheint – nur woran?

Telekom, Vodafone oder unitymedia sind keine Gegner: Vier Argumente für Freifunk, mit der sich trotz den ganz Großen die Rathaustüren für freifunk weit öffnen

Wie Flüchtlinge das Internet nutzen – und wofür nicht. Chancen und Risiken

Freifunk 2016: Was ich erkennen kann – Ernüchterung, Burnout und Professionalisierung.

Speaker: Matthias Tarasiewicz (parasew)

AXIOM is the first professional, extendable, affordable and modular cinema camera platform based on Free ("libre") Software, Open Design, Open Hardware, transparent development processes and extensive documentation. The community project establishes an ecosystem that offers a sustainable basis for a broad spectrum of imaging applications and empowers enthusiasts, videographers as well as developers in the technology and creative industry sectors.

Since 2006 the apertus° community has been developing open tools to tackle demands of professionals working in contemporary video and film production. The community extends from renowned Directors of Photography in prominent Hollywood studios to emerging independent filmmakers, developers, artists and researchers all working from different locations around the world. AXIOM is a very ambitious project, using principles of FLOSS, extended on the whole design, production and software of a professional, modular cinema camera. With AXIOM, our ambition is to free film makers of the artificial limitations introduced through the “closed” products being available.

Speakers: Vera Tollmann, Boaz Levin

During this lecture presentation, Boaz Levin and Vera Tollmann,
co-founders of the Research Center for Proxy Politics, will develop the
proxy as a figure of thought by spinning and testing it in different
contexts.

The Research Center for Proxy Politics aims to explore and reflect upon
the nature of networks and their actors, that is, machines and things as
well as humans. The proxy, a decoy or surrogate, is today often used to
designate a computer server acting as an intermediary for requests from
clients. Originating in the Latin procurator, an agent representing
others in a court of law, proxies are now emblematic of a
post-representational political age, one increasingly populated by bot
militias, puppet states, ghostwriters, and communication relays.

During the period of the project (September 2014 to August 2017) the
center hosts a series of workshops at the Universität der Künste,
Berlin, revolving around a wide range of relevant topics including the
politics of digital networks, the political economy of
crypto-currencies, the genealogy of networked thought, the mediality of
physical landscapes and strategies of opacity. The center also conducts
material, experimental, investigations into the conception and
construction of alternative networks, or alternets.

Speakers: taziden, Adrienne Charmet

Earlier this year, following the tragic events of early January in Paris, the French governement pushed a bill to put a legal framework around Intelligence Services activities. Far from protecting civil liberties, this bill seem to be the translation of Snowden's revelations into law.

Despite the fact this law was in the making for many years, its content seem to be inspired by Snowden's revelations.
French intelligent services, willing to become more independent from US ones were certainly waiting for this bill for a long time, giving them uncompared power on every one (IMSI Catchers, algorithmic black boxes in ISP networks, etc etc)
A patch to the law has been voted, legalizing international cable wiretapping for the DGSE (French NSA), providing them legal protection for what existed since at least 2008 as a NouvelObs journalist revealed some weeks ago.

In this talk, we'll also give an overview over the legal actions taken by several NGO's to defeat this laws.

Following the November 2015 Paris attacks and the declaration of a state of emergency, we'll extend the initial scope of the talk to give an overview of the latest securitarian/autharitarian developments in France.

Speaker: Paul Fuxjaeger

"Signal level is high but throughput is low" is a common experience in WLAN networks without central management. That causes a lot of frustration, mainly because there is no easy way for users to OBSERVE the presence of interference at all.

In order to improve this situation we developed a patch for OpenWRT which makes interference from other sources visible and is able to display the current utilization-ratio (channel load). No additional hardware is required and no interruption of normal operation is necessary - because recent chipsets maintain internal counters for channel load tracking.

We all love WLAN/IEEE802.11 networks. It's wonderful what we do with a few slices of free spectrum without the need for any central coordination.

The Problem is: demand for these few radio resources is increasing faster than additional free spectrum gets allocated. A potential tragedy of the commons situation is approaching.

Additionally, there is a heavy new user on the block: mobile operators want to start utilizing those free 5GHz bands. Protocols labelled License-Assisted-Access (LAA) or LTE-Unlicensed (LTE-U) have been put into silicon and large scale rollout can be expected to start during 2016.

This talk presents a modification to OpenWRT that will help coping with increased interference load over the next years. We think this feature is necessary to avoid a tragedy-of-the-commons situation in license-exempt bands (2.4/5GHz) due to ever increasing demands and node densities. The same way as we would be frustrated when we are unable to measure the general noise level in a room prior to deciding to use it to have a verbal conversation in it.

We started testing this feature (modifications to the mac80211 sublayer and to luci) at this years BattleMeshV8 in Maribor, Slovenia. Public release is planned for November 2015.

Speaker: Cornelius Diekmann

We develop a tool to verify Linux netfilter/iptables firewalls rulesets. Then, we verify the verification tool itself.

Warning: involves math!

This talk is also an introduction to interactive theorem proving and programming in Isabelle/HOL. We strongly suggest that audience members have some familiarity with functional programming. A strong mathematical background is NOT required.

TL;DR: Math is cool again, we now have the tools for "executable math". Also: iptables!

We all know that writing large firewall rulesets can be hard. One huge problem. Let's write a tool to statically verify some properties of our rulesets! Now we have three huge problems:
(1) writing flawless firewall rulesets.
(2) making sure that our verification tool does the right thing.
(3) making sure that the internal firewall model of our tool corresponds to the real world.

In this talk, we will solve these problems from front to back. We focus on problems (2) and (3). Warning: this talk involves math!

First, we need to specify the behavior of the Linux netfilter/iptables firewall. In order to be convincing, this model must be small and simple. It should fit on one slide. However, firewalls can be quite complex and the model must cope with this. For example, looking at man iptables-extensions, we see numerous match conditions. But nobody required that our model must be executable code; we will specify the model mathematically. For example, this allows to define arbitrary match conditions. Technically speaking, we define the filtering behavior of iptables in terms of bigstep semantics. Mathematical specifications can be very powerful, in particular when we get to the point where the specification is not directly "executable".

Enough math, let's write some executable code to do something with our ruleset. For example, unfolding the jumps to user-defined chains, checking that some packets will be certainly blocked, or checking that we got th

Speaker: Alvar Freude

Das Nonplusultra für hauptamtliche Jugendschützer sind Filterprogramme, auch „Jugendschutzprogramme“ genannt. Doch was machen die Programme, welche Wirkungen und vor allem Nebenwirkungen haben sie? Und was macht eigentlich der Zombie JMStV?

Die Bundesländer wollen in einem neuen Anlauf den Jugendmedienschutzvertrag (JMStV) verschärfen. Ein Kernpunkt ist: Möglichst viele (oder alle) Webseiten sollen maschinenlesbare Alterskennzeichen tragen. Filterprogramme sollen diese auslesen und (vermeintlich oder tatsächlich) jugendgefährdende Webseiten blockieren. Der Traum so mancher Jugendschützer sind dabei Filter direkt beim Provider, am besten standardmäßig aktiviert und nur auf Wunsch auf die Stufe „ab 18“ änderbar.

Die „Kommission für Jugendmedienschutz“ (KJM) hat bereits mehrere Filterprogramme offiziell anerkannt, also quasi zugelassen.

Doch welche Nebenwirkungen haben diese Filter? Wie funktionieren die Programme, und was machen sie?

Der Vortrag zeigt anhand einer genauen Analyse, dass die Qualität der offiziellen „Jugendschutzprogramme“ unter aller Sau ist und sie noch einige weitere, bisher nicht bekannte Nebenwirkungen haben.

Daneben zeigt der Vortrag noch den aktuellen Stand der Diskussion über den Jugendmedienschutzstaatsvertrag und was uns in dem Bereich noch alles blüht.

Speakers: Clémentine Maurice, Daniel Gruss

"Insanity: doing the same thing over and over again and expecting different results."
Albert Einstein - Who did not live long enough to see Rowhammer

Recent studies have found that repeated accesses to DRAM rows can cause random bit flips, resulting in the so called Rowhammer vulnerability. We present Rowhammer.js, the first remote software-induced hardware-fault attack, from JavaScript. We also extend our presentation with an overview of cache side-channel attacks, that use the same technique to evict data from the cache.

Last year, studies demonstrated Rowhammer, a fault attack that can cause random bit flips by repeatedly accessing DRAM rows. This vulnerability has already been exploited to gain root privileges and to evade a sandbox, showing the severity of faulting single bits for security. However, these exploits are written in native code and use special instructions that flush data from the cache.

In this talk we present Rowhammer.js [1], a JavaScript-based implementation of the Rowhammer attack. After presenting the native attack, we underline the challenges we faced to trigger the vulnerability from JavaScript, without any special instruction. Beyond DRAM, this attack also requires a very fine understanding of CPU cache internals, that are largely undocumented. We detail our findings on these undocumented parts, and the different steps that led to the attack from JavaScript. We also give an outlook on possible exploits, including gaining root privileges from JavaScript and performing fault attacks on cryptography.

In the last part, we extend our presentation with an overview of cache attacks, bridging the gap between hardware-fault attacks and side channels. In side-channel attacks, the attacker doesn't rely on a direct software compromise, but rather on passive observation of hardware characteristics when a victim process runs. In common with Rowhammer.js, these attacks use techniques to evict d

Speaker: Gregor Ruttner

„Never ever say no, act your first thought and learn to love mistakes“ – these are the basic rules of improv theatre. I will show how this can be adopted for everyday life.

Improvisational theatre (short „improv theatre“) has a long history but still follows the same basic framework: be open minded and not afraid of yourself and others.
Keith Johnstone, the godfather of this genre, once said: „Good improvisers seem telepathic; everything looks pre-arranged. This is because they accept all offers made – which is something no ‘normal’ person would do.“ They can do so by learning that any mistake can be the origin of something great.
This can also be seen as a hack of the traditional arts form theatre: Create something awesome out of something awful.
The mantra behind is „if you fail, fail smartly“ or as we say in Austria G’scheitern.

There will also be a workshop for those who want to try out some improv theatre methods.

Speakers: Trammell Hudson, Adelle Lin

In this talk I'll show how to build an open source vector gaming system with MAME, a microcontroller and an XY monitor or oscilloscope. Relive the joys of playing vector video games from 1979 and enjoy some of the retro-styled vector games of 2015.

Speaker: Mahsa

As Internet users increasingly connect to the Internet through smartphones, this has transformed Iran’s Internet ecology towards an increasing reliance and production in apps. In Iran, a country that practises some of the most stringent censorship and surveillance techniques in the world has seen this transformation reshape the way the government implements information controls online. While applications with popular usage on browsers such as Facebook and Twitter remain blocked through their mobile applications, platforms that predominantly exist in app form such as WhatsApp, Viber, and Instagram remain unblocked in the country. This talk will look at how the government is counteracting these policies through various means, including local imitation apps, and new programs such as ‘intelligent filtering’, and the Revolutionary Guards' “Spider” program. Additionally, a discussion of how Iranian Internet users use these platforms, especially in reference to digital security awareness and practices will be included.

Speaker: Roland Bracewell Shoemaker

Let's Encrypt is a new free and automated certificate authority,
that entered closed beta in October and has already issued a large number of
valid certificates. This talk will provide a short overview of
how the Let's Encrypt client and server software work, and explore
statistics gathered during our closed beta and launch period.

Let's Encrypt is a new certificate authority that is being launched by a
collaboration between EFF, Mozilla, Cisco, Akamai, IdenTrust, and a team
at the University of Michigan. It will issue certificates for free,
using a new automated protocol called ACME for verification of domain
control and issuance.

This talk will describe the features of the CA and available clients at
launch; discuss ongoing feature development in both the official server and client;
and share statistics on the closed beta and launch periods, as well as looking
at our place within the CA ecosystem post launch.

Speakers: Pedro Noel, Bethany Horne

The Ecuadorian government received international visibility when in 2012 it agreed to grant Wikileaks founder Julian Assange political asylum and host him in Ecuador's London embassy. Ecuador has since been widely praised for standing up to the United States to defend the freedom of the press and freedom of expression.

However, the reality is not consistent with this image Ecuador seeks to project. Journalists inside the country face oppressive laws, huge fines and lawsuits for reporting on government corruption. Digital and physical surveillance of journalists and activists is in fact getting worse.

We will analyze some of the existing leaks that prove such activities. We will also give a first-hand account from someone who had to literally run away from Ecuador for publishing leaked materials proving illegal espionage against journalists and citizens.

Is Ecuador really interested in free speech? We don't think so and we will tell you why.

The talk will be divided as the following:

1. The lie: Wikileaks and free speech advocacy

Analysis of current situation and recent past in an international scope.

1. The truth: Surveillance, oppressive laws and huge fees

Analysis of recent cases of freedom of speech suppression in the country (lawsuits, fines, political pressure, surveillance).

Analysis of already published leaks proving attacks on freedom of speech, expression and personal privacy.

Analysis of government public discourse to legitimate such actions.

1. A new leak

A new leak will be published during the talk: a secret document providing strong evidence that the government of Ecuador is not interested in free speech at all - or even freedom itself.

Speakers:

Bethany Horne grew up in Ecuador. She worked there for the state newspaper, El Telégrafo, and later for the Free/Libre Open Knowledge Society, a research group operating out of a state university to develop policy for the Ecuadori

Speaker: Nicolas Pouillard

In this presentation I will present the experimental language Ling. We shall get an intuitive understanding of the language through familiar concepts from imperative programming. We shall cover how Ling enables a modular and precise control on memory allocation, through a general optimization called fusion. This optimization, fusion is a cost-free abstraction mechanism which brings high level programming to system programming.

The design of Ling is the result of my researches in collaboration with Daniel Gustafsson and Nicolas Guenot at the IT-University of Copenhagen and also from the language Limestone by Jean-Philippe Bernardy and Víctor López Juan at the University of Chalmers. These two lines of research stand upon the longstanding research topics of process calculi (such as the π-calculus), term calculi (such as λ-calculus), Linear Logic, and dependent Type Theory (such as used in Coq and Agda to write proofs and programs).

The research on the λ-calculus and Type Theory gave rise to a powerful family of languages including but not limited to: Haskell, OCaml, Coq, Idris, and Agda. The research on the π-calculus gave rise to a vast family of calculi for concurrency. However type systems for these languages took much longer to emerge and progress. For instance the main concurrent programming language in use today is still dynamically typed. This is changing as we understand better how to the use the formulae of Linear Logic as behavior types (or session types) for concurrent processes.

Still the aim of this experimental language is to program systems precisely and modularly. The need for precision comes from the resource constraints such as memory, file handles and the need for modularity comes the desire to reduce programming mistakes by solving problems at the right abstraction level. Functional programming offers a pretty good framework for modularity. This modularity comes at a cost which is rather difficult to pre

Speaker: Netanel Rubin

tl;dr EXPLOIT ALL THE PERL. AGAIN.
After last year’s Perl crackdown, I decided I have to take the Perl abuse to the next level. This time I focused on Perl’s core, or more specifically, the referencing mechanism, and shattered the security of most Perl CGI projects in the world.

With more WATs, more broken concepts, and more wildly popular 0-days, we will finally prove the Perl language is a broken concept, one that stood tall for way too many years.

Presenting „The Perl Jam: Exploiting a 20 Year-old Vulnerability“ at 31c3 opened a Pandora’s Box full of Perl debates and controversies. Many of these debates originated from the Perl community itself, with unforgiving arguments such as „vulnerabilities are the developer’s fault“, „RTFM“ and „I really hate the Camel abuse in the presentation“ that were mostly directed at me.

This is why I’m proud to say that this year I finally got the message: Finding vulnerabilities in core modules is not enough. I need to prove there are problems in the most fundamental aspects of the Perl language, or the Perl community will keep ignoring the language many issues.
So I did, and we are going to analyze it in a presentation filled with lolz, WATs, and 0-days, so maybe this time something will change.

Join me for a journey in which we will delve into more 0-days in Bugzilla, an RCE on everyone who follows CGI.pm documentation, and precious WTF moments with basically any other CGI module in the world, including (but not limited to) Mojolicious, Catalyst and PSGI, affecting almost every Perl based CGI application in existence.

I hope this talk will finally prove that developers are NOT the fault here, it’s the LANGUAGE, and its anti-intuitive, fail-prone ‚TMTOWTDI‘ syntax.
btw, maybe it’s time to check your $$references ;)

Speaker: Christian Schaffner

I will entertain the audience with a science talk about quantum cryptography, covering both some classics (Quantum Key Distribution) and the latest developments (position-based quantum cryptography) in this fascinating research field.
[No previous knowledge of quantum mechanics is required to follow the talk.]

The most well-known application of quantum cryptography is Quantum Key Distribution (QKD) which was invented in 1984 by Bennett and Brassard. QKD allows two players Alice and Bob to securely communicate over an insecure line which is overheard by an eavesdropper Eve. Security can be proven in an information-theoretic sense against an unrestricted Eve. Such a high level of security is impossible to achieve with classical communication. In the first part of the talk, I will introduce some basic concepts of quantum information theory in order to understand and appreciate the security of QKD.

However, quantum cryptography offers a wide range of other applications that go beyond the task of key distribution. For instance, the goal of “position-based cryptography” is to use a player’s physical position as cryptographic credential. The combination of relativistic constraints (assuring that information cannot travel faster than the speed of light) and quantum mechanical effects (such as the impossibility to perfectly copy a quantum state) enables entirely new cryptographic applications like sending a message in such a way that it can only be read at a particular geographic position. In the second part, I will introduce you to this intriguing new branch of quantum cryptography.

Speakers: agonarch, @fraufeli

Kommentierendes im Internet ist neuerdings bedroht. Der unflätige Kommentierer hat den Pedonazi als Schrecken des Netzes abgelöst, als Strohmann für mehr Kontrolle über das Netz kann er auf breitere Gefolgschaft rechnen. Es “muss etwas geschehen” gegen den “Hass im Netz”, “Putintrolle” und Wutnetzbürger. Twitter, Mark Zuckerberg, Politiker, alle sollen mehr tun - aber was denn eigentlich, mehr Zensur und Moderation, andere Ausgestaltungen von Kommentarsystemen?

“The commenters don’t read the article, the writers don’t read the comments, and no one clicks on the ads.”, @ftrain 20 April 2012

Viele klassische Zeitungen geben auf, schränken ihre Kommentarbereiche online wieder ein oder schließen sie ganz. Die Süddeutsche beschränkt Kommentare auf drei Themen/Tag, Spiegel Online und FAZ fahren Kommentarmöglichkeiten zurück. Woher kommt die Schlacke im einst so ersehnten "Rückkanal"? Fördern die Artikel selbst eine Tendenz zu Ressentiments? Selbst bei Watchbloggern klassischer Medien wie Niggemeier ist der Ton im Kommentarbereich sauer geworden. Spreeblick färbt neuerdings Unerwünschtes weiß. Kommentarverdrossene Medienschaffende, Blogger und Fernsehjournalisten richten offene Briefe und Videobotschaften an ihr Publikum. Politische Verantwortungsträger fordern unisono Schritte gegen “die Hetze” und “den Hass” im Neuland des Internets und bei Facebook, gemeint sind fast immer Online-Kommentare im eristischen Geiste. Was hat sich in den letzten Jahren verändert? Werden wir wirklich soeben vom Hass überrollt? Welche Rolle spielt die technische Realisierung von Kommentarsystemen? Warum klaffen Moderationspraxis und “Community Guidelines” auseinander?

@fraufeli hat jahrelange Erfahrungen als Social Media Gärtnerin in den Kommentarspalten von Nachrichtenportalen und kennt sich mit Krauts und Unkrauts aus. Sie versteigt sich zu der These, dass es eigentlich keine Kommunikation mehr im

Speakers: Yann.A, Julien MOINARD, Gwénolé Audic

It is clear that something is needed to help the security community to evaluate, audit and control the security level of hardware products.

Hardsploit is a complete tool box (hardware & software), a framework which aims to:

• Facilitate the audit of electronic systems for industry 'security' workers (consultants, auditors, pentesters, product designers, etc.)

• Increase the level of security (and trust !) of new products designed by the industry

Hardsploit is an all-in-one hardware pentesting tool with software and electronic aspects. It's a technical and modular platform (using FPGA) to perform security tests by using electronic communication bus.

The main hardware security audit functions are:
- Sniffer
- Interact
- Dump

Hardsploit's modules will let users intercept, replay and / or send data via each type of electronic bus used by the target. The level of interaction that pentesters will have depends on the targeted bus features.

Hardsploit's modules also enable you to analyze electronic bus (serial and parallel types) like JTAG, SPI, I2C's, parallel addresses and more will come !

We also provide a graphical interface to manage your components and their commands. A wiring helper module is available too. It will help you connect easily your target to Hardsploit.

Our ambition is to provide a tool equivalent to those offered by the company Qualys or the Metasploit Framework but in the domain of embedded systems/electronics.

Speakers: J. Alex Halderman, Nadia Heninger

Earlier this year, we discovered that Diffie-Hellman key
exchange – cornerstone of modern cryptography – is less
secure in practice than the security community believed. In this
talk, we’ll explain how the NSA is likely exploiting this weakness to
allow it to decrypt connections to at least 20% of HTTPS websites, 25% of SSH servers, and 66% of IPsec VPNs.

Unlike the NSA, most of us don’t have a billion-dollar budget, but thanks to 1990s-era U.S. crypto backdoors, even attackers with much more modest resources can break the crypto for a sizable fraction of web sites. We’ll explain these flaws and how to defend yourself, and we’ll demonstrate how you too can experiment with Diffie-Hellman cryptanalysis from the comfort of your local hacker space.

Diffie-Hellman key exchange lets two parties negotiate a shared secret key in the presence of an eavesdropper who can see every message they exchange. This bit of cryptographic magic underlies the security of the Internet, from TLS to SSH, IPsec, Tor, OTR, and beyond.
Diffie-Hellman is widely believed to offer „perfect forward secrecy“ – after you’re done communicating, you can „forget" your
secret key and not even the NSA can later reconstruct it. In recent
years, this property led to the security community (us included!)
promoting Diffie-Hellman over other crypto techniques as a defense
against mass surveillance.

We were wrong. We’re really sorry.

In this talk, we’ll explain how a confluence of number theory, lazy
implementations, and aging protocols has created a world where anyone willing to spend a few hundred million dollars is likely able to
passively decrypt a huge fraction of Internet traffic. We’ll then go
back for a close reading of the Snowden documents that were published at 31C3 and show how such a cryptanalytic exploit lines up exactly with several of the NSA’s most powerful known decryption capabili

Speakers: Dongkwan, Hongil Kim

Newly adopted VoLTE requires changes in all associated parties, such as 3GPP standard, device, operating system, and cellular core networks. Therefore, it is not too surprising that it has security problems. However, it turns out that it has way too many problems. In this talk, we introduce how you can freely send data in the cellular network, and how an attacker can perform caller spoofing and denial of service attacks on calls to disable the target’s calling. Furthermore, we explain how small implementation glitch on VoLTE may lead to break the whole cellular network down.

Voice-over-LTE (VoLTE) is a newly adopted voice technology in the LTE network, whose functionality is similar to VoIP. Even though VoLTE works similar to VoIP, implementing it on the cellular network is not an easy problem because it needs many changes at each component of LTE. If these changes are not securely considered, this may lead to several security problems.

In the legacy 3G network, as data and voice are separate, the accounting policies are also different: data is charged based on byte usage, and voice, on time usage. However, in VoLTE, even though voice is delivered as a packet, it is still charged by time usage. Therefore, this strange accounting policy might open free data channels.

Another point is that voice signaling for VoLTE is not handled as in the legacy 3G network. Basically, a phone has two processors: an application processor (AP) which runs mobile OSes such as Android and a communication processor (CP) which manages digital signal processing and radio access. In 3G, voice signaling is handled in CP which makes an attacker hard to manipulate it. However, in VoLTE, because voice signaling is handled in AP, an attacker can easily analyze or modify the call flow. Furthermore, this new change can cause problems to the mobile OS.

To scrutinize these two points, we analyzed 5 operators, two in the U.S and three in South Korea. As

Speaker: Rink Springer

When an online game no longer captivates interest, what do you do? Grind on the network protocol, of course! How does it work, is it secure - and, how can you still get away while doing this?

Online games are hardly new, but their inner workings are rarely (if ever) documented. This needs to change: if it runs on my computer and uses my network I want to know what's going on!

This talk starts by analysing the network protocol of the Runes of Magic game, and continues by introducing specific tools to aid this process and the steps taken to come up with such tools. Continuing with a demonstration to whet your appetite: we will show how much fun it is to do this kind of work, and finally some advice on the legal side of things.

All custom tools and methods described are not specific to a game per se, however using custom tools will greatly improve your reversing experience. They aren't even specific to games, the same techniques can be used to analyse about any network protocol.

Speaker: Steini

Unsere Welt ist nach allem was wir heute wissen im kleinsten Massstab völlig bizarr aufgebaut und im grössten also im kosmologischen Massstab besteht sie ziemlich genau aus nichts. Wie hängt das zusammen und was hat das mit dunkler Materie und dunkler Energie zu tun und was zum Geier ist eigentlich die "spukhafte Fernwirkung" von der Einstein damals sprach und warum hat bis heute keiner so recht verstanden wie das alles zusammenpasst?
Hast du schon mal davon gehört, dass die Quantenphysik irgendwie schräg ist, hast dich da aber noch nicht ran getraut, obwohl du das gerne besser verstehen wollen würdest? Denkst du manchmal drüber nach, wie zum Geier das komplette Universum mit allen Sternen und Planeten ganz früher mal in einen Tischtennisball oder sogar noch was kleineres gepasst haben soll? Hast du schon mal davon gehört, dass ein Proton angeblich aus drei Quarks besteht und denkst, "jaja, ihr könnt mir viel erzählen". Und klinkt sich dein Vorstellungsvermögen aus, wenn du versuchst dir so was wie ein "schwarzes Loch" vorzustellen, das unendlich klein sein soll und dabei unendlich schwer? Dann bist du hier genau richtig. Ich will dir ohne wesentliche Vorkenntnisse vorauszusetzen im Grossen und Ganzen den Zusammenhang näher bringen, deine Faszination für das Thema wecken oder füttern und dir Mut machen, dich weiter damit zu beschäftigen. Du darfst hier Fragen stellen, dich wundern, zweifeln und irritiert sein.
Wenn du an Quantenheilung, Vortex Atome und holistische Quanten-Kinesiologie glaubst, dann bist du herzlich willkommen um zu lernen, dass das mit Quantenphysik nichts, aber auch wirklich gar nichts zu tun hat, aber sei bitte nicht enttäuscht, wenn ich auf diese Themen nicht eingehe. Eine Stunde ist viel zu Kurz um zusätzlich eine Einführung in die Prinzipien der Wissenschaft zu halten.
Wenn du aber schon mal die Schrödingergleichung hergeleitet hast oder gerne über die Vorteile der M-Theorie gegenüber der Super-St

Speakers: Sec, schneider

Listening to satellites and decoding is fun. We show interesting stuff we found, and how you can get into it.

The Iridium satellite system provides voice and data coverage to satellite phones, pagers and integrated transceivers over Earth's entire surface. It was built by Motorola over 15 years ago, and parts of it remain unchanged to this day.

Last year we showed how to decode the unidirectional pager messages. Since then we can share our better understanding of some of the protocol but also show listening to the SMS-like bidirectional SBD communication channel.

Speaker: Nick Sullivan

Legend has it, the first iteration of the Secure Sockets Layer (SSL) protocol was broken in ten minutes by Phillip Hallam-Baker and Alan Schiffman during a presentation by Marc Andreesen at MIT in 1994. In the following two decades the protocol has been improved and the implementations have been strengthened, but not without a steady stream of implementation vulnerabilities and protocol design errors. From the ciphersuite rollback attack to LogJam, SSL/TLS has seen a diverse set of problems. In this talk we’ll discuss the pitfalls in designing and implementing a cryptographic protocol and lessons learned from TLS up to version 1.2.

Legend has it, the first iteration of the Secure Sockets Layer (SSL) protocol was broken in ten minutes by Phillip Hallam-Baker and Alan Schiffman during a presentation by Marc Andreesen at MIT in 1994. In the following two decades the protocol has been improved and the implementations have been strengthened, but not without a steady stream of implementation vulnerabilities and protocol design errors. From the ciphersuite rollback attack to LogJam, SSL/TLS has seen a diverse set of problems.

From the HMAC-then-Encrypt vs Encrypt-then-HMAC debate to the preference for Cipher Block Chaining (CBC) modes, the 90s was an innocent time in secure protocol design. Daniel Bleichenbacher had not yet started his assault on RSA and the types of side-channel attacks that enabled BEAST and POODLE had not yet been discovered. Over the next two decades, not only were weaknesses revealed in the protocol, but implementation flaws were found in even the most widely deployed SSL/TLS libraries. By following the security-relevant changes in SSL/TLS over the years we can paint a picture of the hard lessons learned by the cryptographic community over the history of this protocol all and how we can prevent ourselves from repeating the mistakes of the past.

Speakers: Marie Moe, Eireann Leverett

Gradually we are all becoming more and more dependent on machines, we will be able to live longer with an increased quality of life due to machines integrated into our body. However, our dependence on technology grows faster than our ability to secure it, and a security failure of a medical device can have fatal consequences. This talk is about Marie's personal experience with being the host of a vulnerable medical implant, and how this has forced her to become a human part of the "Internet-of-Things".

Marie's life depends on the functioning of a medical device, a pacemaker that generates each and every beat of her heart. This computer inside of her may fail due to hardware and software issues, due to misconfigurations or network-connectivity.

Yes, you read that correctly. The pacemaker has a wireless interface for remote monitoring forcing the patient to become a human part of the Internet-of-Things. As a security-professional Marie is worried about her heart's attack surface. How can she trust the machine inside her body, when it is running on proprietary code and there is no transparency? This is why she went shopping on eBay to acquire medical devices that can communicate with her pacemaker, and started a hacking project together with her friend Éireann.

This talk will be focused on the problem that we have these life critical devices with vulnerabilities that can't easily be patched without performing surgery on patients, Marie's personal experience with being the host of such a device, and how the hacker community can proceed to work with the vendors to secure the devices.

Speaker: Jasper Bongertz

Sanitizing and anonymizing PCAP or PCAPng files is often necessary to be able to share information about attack vectors, security problems or incidents in general. While it may seem simple to replace IP addresses or ports there are still quite a number of network packet details that are hard to replace. This technical talk will shed a light on where those troublemakers are encountered and how to get around them.

When sanitizing/anonymizing PCAPs (or the newer, better, but also much more complex PCAPng network capture file format) there are a ton of problems to run into: Replacement need to be consistent, Checksums need to be recalculated sometimes but now always, and IPv6 has dependencies to MAC addresses that need to be considered as well. Additionally, protocols may be stacked on top of each other, tunneling IPv4 over IPv4 or IPv6 over IPv4, adding complexity to the replacement process. And finally, sanitizing TCP payloads is a certifiable nightmare because you never quite know what you're looking at, and the data segments may require reassembly/unpacking before you can do anything. It's easy to break sequence numbers, unless every replacement is exactly the same size as the original value. This talk will take a closer look at some of the typical problems that come up when sanitizing/anonymizing network packet captures, and at tools that can help with getting reasonable results.

Speakers: Fefe, frank

Wir helfen euch, die Fnords zu sehen, wenn nach einem klaren Fall von Selbstmord der Zensor pinkeln war und die Stahlbälle den maximalen Realitätsabstand eingenommen haben.

Ein munterer Rückblick auf das Jahr mit Würdigung der groteskesten Geschehnisse zwecks Neukalibrierung des Bizarrometers.

Speakers: Nicolas Wöhrl, @ReinhardRemfort

Nicolas Wöhrl und Reinhard Remfort sprechen über interessante aktuelle Forschung, Experimente und ihren wissenschaftlichen Alltag an einer deutschen Hochschule. Fachübergreifend, abwechslungsreich, unstrukturiert, hoffnungslos subjektiv und immer garantiert methodisch inkorrekt.

Eigentlich ein Podcast der alle 14 Tage erscheint. Nach dem großen Erfolg auf dem Kongress im letzten Jahr wird diesmal eine noch größere Show abgezogen: Experimente die mal interessant, mal fragwürdig sind. Wissenschaftler die mal belehrend und mal unzurechnungsfähig sind. Wissenschaftliche Studien die mal nobelpreisverdächtig und mal zweifelhaft sind. Wissenschaft auf der Showbühne. It works, bitches!

Speaker: Martin Haase/maha, Kai Biermann

In der politischen Rede sind immer wieder Floskeln zu beobachten, zum Teil gibt es Moden, wie im Zusammenhang mit dem so genannten No-Spy-Abkommen, wo Handlungen wiederholt mit „bestem Wissen und Gewissen“ gerechtfertigt wurden. Auch das „volle/vollste Vertrauen“ der Kanzlerin ist auffällig. Der Vortrag vertritt die Hypothese, dass solche Phrasen nicht zufällig sind, dass sie eine Funktion besitzen. Es wird erläutert, was mit ihnen erreicht werden soll. Es wird außerdem der Frage nachgegangen, wie Floskeln sich durch häufigen Gebrauch in ihrer Bedeutung verändern bzw. verselbständigen und gegen den Sprecher wenden können.

In diesem Vortrag werden eine Reihe von Floskeln untersucht, die in politischer Rede vorkommen und sich in jüngerer Zeit besonderer Beliebtheit erfreuen. Es wird erörtert, was die Floskeln eigentlich bedeuten, wie und zu welchem Zweck sie verwendet werden und welche besondere Dynamik bei häufigem Gebrauch entstehen kann, insbesondere wenn sich die Floskeln verselbständigen.

Es werden eine Reihe von Politikerzitaten zu aktuellen Themen analysiert: selbstverständlich geht es um die Vorratsdatenspeicherung und ihre auch sprachlich zweifelhaften Begründungen, um den "Kampf gegen den Terror" und um die Landesverratsaffäre.

Speaker: Matthew Garrett

In 2011, Joanna Rutkowska unveiled an easy-to-use tool for mitigating many attacks on system boot chains by using the TPM - the Anti Evil Maid. Unfortunately the implementation was difficult to incorporate into normal system boot in a secure manner - anybody able to observe a user could recreate the secret. This presentation describes a method to allow systems to prove their identity to the user without making it trivial for attackers to mimic a secure boot and extract secrets from the user, and why the state of modern hardware means this may still not be enough.

A correctly implemented Trusted Boot solution makes it possible for systems to prove to other systems that they have booted with the expected boot chain. The Anti Evil Maid technique took advantage of this to encrypt a secret with the TPM in such a way that a system whose firmware or bootloader had been compromised would no longer be able to decrypt that secret. Unfortunately, the use of a static secret makes it easier for an attacker to mimic a good boot - as a result, a sufficiently motivated attacker could circumvent Anti Evil Maid and convince the user that a compromised system was in a good state.

This presentation describes the use of shared trust between the system and another device, making it significantly more difficult for an attacker to mimic a trusted boot. It includes a description of the implementation of Trusted Boot support in Free operating systems on modern UEFI systems, how this can be tied into sharing trust between multiple devices and the limitations that may still permit state-level actors to compromise these techniques.

Speaker: Andrei Costin

Embedded systems are omnipresent in our everyday life and are becoming
increasingly present in many computing and networked environments. For example,
they are at the core of various Common-Off-The-Shelf (COTS) devices such as
printers, video surveillance systems, home routers and virtually anything we
informally call electronics. The emerging phenomenon of the Internet-of-Things
(IoT) will make them even more widespread and interconnected. Cisco famously
predicted that there will be 50 billion connected embedded devices by 2020.
Given those estimations, the heterogeneity of technology and application fields,
and the current threat landscape, the security of all those devices becomes of
paramount importance. In addition to this, manual security analysis does not
scale. Therefore, novel, scalable and automated approaches are needed.
In this talk, we present several methods that make the large scale
security analyses of embedded devices a feasible task. We implemented
those techniques in a scalable framework that we tested on real world data.
First, we collected a large number of firmware images from Internet
repositories and then performed simple static analysis.
Second, since embedded devices often expose web interfaces for
remote administration, therefore we developed techniques for large scale
static and dynamic analysis of such interfaces.
Finally, identifying and classifying the firmware files, as well as
fingerprinting and identifying embedded devices is difficult, especially
at large scale.
Using these techniques, we were able to discover a large number of new
vulnerabilities in dozens of firmware packages, affecting a great variety of vendors and
device classes. We were also able to achieve high accuracy in fingerprinting and
classification of both firmware images and live devices.

This material is both important and innovative because it addresses the

Speaker: obelix

How can be 3d printing a dual use technology? Print more things, produce less waste, save money!

Each day 3D printers become cheaper and the internet gets filled with 3d files to print. With every 3d printer running the need for plastics and therefore the amount of waste produced (either through failed prints or normal end of life of the print) will grow. Even if there are things you won't need to buy anymore and the additional waste is compensated here, the reality shows that failed prints can't be ignored, 3d printers are used to print a lot of nonsense things (e.g. internet memes) and the lifetime of these prints is often below commercial grade products.

In this talk i'll present the difficulties in recycling plastic as well as the progresses or fails i've made.

How easy is it to recycle 3d prints or other wast in order print it again?
How often can this process be repeated? Does it save money?
Do the new prints look good?

As a special feature i'll try to collect some waste from the audience at the beginning of the talk and recycle it live on stage!

About me: i'm 25 years old and use 3d printers since several years and run 9 3d printers at this time. With so many printers, the amount of waste gets at a point where it feels like i would waste a lot of money and increase the negative environmental impact if i don't recycle the fails and unused prints. I brought several printers to events like 30-31C3, GPN13-14-15 or the CCCamp15 (you may remeber me as obelix, the guy with the tent full of 3d printers).

Speakers: Roger, David Goulet, asn

We'll update you on what's going on with Tor onion services, aka Tor hidden services.

In the past, onion services were mostly run by people who wanted to set up a website that somebody else wanted to shut down. Increasingly, people are recognizing that onion services are much more broadly useful: they are about providing more security to users, not hiding websites.

Over the last year or so, Facebook set up an onion service to let their users reach Facebook more securely, the IETF officially designated '.onion' as a reserved domain, we've been talking to the "Let's Encrypt" folks about giving an onion address to every website, some neat new apps are coming out that use onion services (like decentralized chat), and more.

We also have some actual stats on hidden services:
https://blog.torproject.org/blog/some-statistics-about-onions

At the same time, we've been working on next-generation onion services. We'll explain why they greatly improve both security and scalability.

Speaker: Joscha

Computational theories of the mind seem to be ideally suited to explain rationality. But how can computations be subverted by meaning, emotion and love?

Minds are computational systems that are realized by causal functionality provided by their computational substrate (such as nervous systems). Their primary purpose is the discovery and exploitation of structure in an entropic environment, but they are capable to something much more sinister, too: they give rise to meaning.
Minds are the solution to a control problem: in our case, this problem amounts to navigating a social primate through a complex open environment in an attempt to stave off entropy long enough to serve evolutionary imperatives. Minds are capable of second-order control: they create representational structures that serve as a model of their environment. And minds are capable or rationality: they can learn how to build models that are entirely independent of their subjective benefit for the individual.
Because we are the product of an evolutionary process, our minds are constrained by powerful safeguards against becoming fully rational in the way we construct these models: our motivational system can not only support our thinking and decision making to optimize individual rewards, but censor and distort our understanding to make us conform to social and evolutionary rewards. This opens a security hole for mind-viruses: statebuilding systems of beliefs that manage to copy themselves across populations and create causal preconditions to serve neither individuals nor societies, but primarily themselves.
I will introduce a computational model of belief attractors that can help us to explain how our minds can become colonized and governed by irrational beliefs that co-evolve with social institutions.
This talk is part of a series of insights on how to use the epistemology of Artificial Intelligence to understand the nature of our minds.

Speakers: gedsic, bigalex

Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick!

To get involved and learn more about what is happening please visit the Lightning Talks Wikipage.

Speaker: Christoph Engemann

The military use of Drones has profoundly changed warfare and is a central aspect of the globalized war on terror. The public debate including the respective talks at prior CCCs is dominated by questions of the ethical and juridical aspects of Drone use.

This talk tries to shift the focus towards the enabling dimensions of Drone warfare.

Using source material from public documents of academia, the US-military as well as from the Snowden publications I will show that Social Graphs and graph-analysis are central for the War on Terror.

In this context Drones have at least two functions: 1. they act as data-gatheres, collecting visual and SIGINT (phone) data necessary for graph-generation and -updates. 2. they are deployed to shape Social Graphs: that is destroy particular nodes with kinetic means where the kill decision are made on the basis of graph analysis.

I will show that there is a rich academic literature on graph analysis of terror networks revealing an ongoing debate about algorithms able to inform such decisions.

On this basis I will argue that in the War on Terror Drones and Social-Graphs need to be understood as interdependent systems and that the debate needs to be informed by a deeper understanding of the history and current state of graph-analysis.

The talk will conclude with questions regarding the strategic and geopolitical role of Social Graphs.

Speakers: Roger, Jacob, Mike Perry, Shari Steele, Alison Macrina

Major changes are underway in the Tor Project, the Tor Network, and the Tor community. We want to tell you details and introduce the growing Tor community to the larger world.

The State of the Onion covers technical, social, economic, political, and cultural issues pertaining to anonymity, the Tor Project, and the ecosystem surrounding our communities.

Important topics include the following issues:

• Our new mission statement and code of conduct
• An introduction to our „Vegas Plan“
• Introducing a huge set of developers and users working on enabling your anonymity
• An overview of the kinds of projects and groups involved with Tor
• A summary and fact checking of important media coverage
• A history lesson about the Tor network

Speaker: Zakir Durumeric

Is your email being sent in the clear? While PGP and S/MIME provide end-to-end encrypted mail, most users have yet to adopt these practices, and for users who have, these tools leave metadata, such as the subject, sender, and recipient, visible everywhere along a message’s path. SMTP—the ubiquitous mail transport protocol—has evolved over the years to add encryption and authentication, both of which take place behind the scenes and help guard against surveillance and spam. While these features are being increasingly deployed, our research shows that they are almost always configured in vulnerable ways—the details of which are hidden from the users sending and receiving mail. Even more disturbingly, these vulnerabilities are being widely exploited in the wild: in seven countries, more than 20% of inbound Gmail messages are downgraded to cleartext by network-based attacks. In the most severe case, 96% of messages sent from Tunisia to Gmail are downgraded to cleartext. In this talk, I’ll introduce the commonly used SMTP security extensions—including STARTTLS, SPF, DKIM, and DMARC—and describe the current state of mail security on the Internet. I'll describe several commonly occurring attacks our recent research has found and discuss how mail operators can configure their servers to secure email transport. Finally, I'll discuss several weaknesses in the protocols we're using and recent proposals for helping secure email transport.

Email carries some of our most sensitive communication, including private correspondence, financial details, and password recovery confirmations. We expect that messages are private and, in many cases, unforgeable. However, SMTP—the protocol responsible for relaying messages between mail servers—did not originally authenticate senders or encrypt mail in transit. Instead, servers support these features through SMTP extensions. Adopting these features is entirely voluntary and they have only bee

Speakers: leomagnet, Markus Zimmermann

The Fluxus movement came about in the early 1960ies and the talk will discuss its strenghts, dead-ends and promises for the creation of works and community in our digital environment. International, transdisciplinary, non-institutional, anti-art and playful. After several years of research and new art productions, Leo Findeisen and Markus Zimmermann will present their findings.

Historical points of interest will deal with Erik Satie, Marcel Duchamp and John Cage and their pioneering works of easy listening, the new instrumentalisation of taste and boredom as well as the enhancement of the notion of art via the application of musical scores to daily actions. These lines are followed up in classical Fluxus works and the audience will get to see pieces by Nam Jun Paik, Alison Knowles, Robert Filliou, Ay O, Something Else Press a.o. Later influences in Germany are presented in anecdotes of Wau Holland & Joseph Beuys, foebud or thing.net. The vital Fluxus scenes of the 1970ies behind the Iron Curtain are hardly known and will also be presented using recent books. Contemporary candidates include Mediengruppe Bitnik!, speed-shows of Aram Bartholl, the Balcony manifesto by Constant Dullaart a.o., the "Internet Black-Out" by LaQuadrature.net; some "Scores" (Handlungsanleitungen) will be tried out live and their function "The 12 Ideas of Fluxus" (2002) will be discussed. In applying methods of cultural anthropology and Actor-Network-Theory, we will also compare Fluxus ideas and Fluxus ideals with the tools, methods and goals of online-Communities and the OpenSource-approach in general.

The poster attached (2011) has been our research manifesto, it features visuals of and explanations about the Icelandic Modern Media Initiative, XKCD, Yoko Ono, Joseph Beuys, the Google Custom Placemark, Nam Jun Paiks "TV-Chello" and who is playing it as well as George Maciunas, the "impressario" of Fluxus.
"Fluxus cannot save the world."

Speaker: Andreas Dewes

Algorithms and „big data“ penetrate many aspects of our lives today. In the future, data collection and analysis will be even more ubiquitous and permeate our lives from morning to night.

Many people (well, mostly business people) welcome this new era of data analysis and the associated vision of an „intelligent planet“. Not so many people seem to be concerned about the other side of the coin though, which is an ever-growing influence of algorithms on our personal life and the accompanying shift of decision power from humans to machines. In as little as 10 years, algorithms might decide if you get a new job – or if you get fired from your current one –, how much you will pay for your health insurance, whether you will be allowed to travel to a given country and who you will marry. So it’s time to say hi to your new boss: the algorithm.

Often people talk either about the consequences of a data-driven society, or about the technological aspects of it, but rarely about the two together. With my talk I want to change that by discussing concrete technologies and algorithms that are used in data analysis today, together with their societal and political implications. I will show how algorithms can be trained to be racist, misogynic and plenty of other things, and that this actually happens in practice if no care is taken to avoid it. Finally, I will discuss various approaches to solve this dilemma, both technological and political.

Outline:

• Introduction to „big data“ and data analysis,
• Parts of our lives that are already under algorithmic control,
• Parts of our lives that soon will be under algorithmic control,
• Example use case of algorithms in data science,
• How machine learning can discriminate against certain groups of people,
• Example algorithm: Classifying people in good and bad customers,
• How the bias comes about: Algorithm-based discrimination,
• How we can fix these problems.
• Outl

Speaker: Fefe

After defensive programming techniques and before attack method mitigations, the least privilege principle is our strongest weapon against exploitation. Much of the focus has been on how the admin can sandbox processes away.

A recent development is the idea that the process itself can „sandbox itself away“. This talk explores how that works in practice and is aimed at interested programmers.

This talk will mostly focus on seccomp-filter and namespaces on Linux, but it will also talk about capsicum (FreeBSD) and tame (OpenBSD), and old-school methods like ptrace and chroot, and cover capabilities. Also maybe a bit about systrace/selinux style approaches where the admin sets the profile from the outside, and why I chose to focus on letting the app sandbox itself instead.

Speaker: Bernd Lehmann

This talk is about Vehicle2Vehicle (V2V) communication in Europe and in the U.S. Next to the introduction of some requirements for V2V communication, the basic approaches of V2V communication based on IEEE 802.11p are presented. This includes an introduction to communication stack, concepts of message dissemination, message contents, privacy & security issues and an outlook to further developments.

Modern vehicles have several advanced driver assistant systems (ADASs). This is the beginning of the full automation of the driving task. Vehicle manufacturers already showed first fully automated prototypes but a lot of challenges have to be addressed until such systems will be commercially available. One challenge is to provide the necessary information for the self-driving vehicle to make the right driving decisions. V2V communication is one possible technology to provide this information. The proposed talk is an introduction to the state of the art of V2V communication based on IEEE 802.11p.

This talk is a technical introduction to Vehicle2Vehicle communication. It will introduce the basic concepts of V2V technology and provides references to documents of the standardization. The talk will consist of the following parts:

Motivation:
The talk starts by describing the scope and possible applications of V2V communication focusing on the use-case of the “Electronic Emergency Break Light”. What is more, V2V communication will be compared to traditional on-board sensors like Lidar or Radar.

Basic concepts:
The state of the art concepts of V2V communication based on IEEE 802.11p and its differences compared to consumer WiFi will be discussed in this section. Furthermore, the existing concepts and standards developed in both Europe and the U.S. will be compared, with a special focus on the differences between the two approaches. In summary, the following questions will be addressed:
• What are the approaches for V2V communicat

Speaker: Ben H.

DGAs (Domain Generation Algorithms) have become a trusty fallback mechanism for malware that’s a headache to deal with, but they have one big drawback – they draw a lot of attention to themselves with their many DNS request for gibberish domains.

When basic entropy-based Machine Learning methods rose to the challenge of automatically detecting DGAs, DGAs responded by subtly changing their output to be /just/ plausible enough to fool those methods. In this talk we’ll harness the might of the English dictionary, cut corners to achieve sane running times for insane computations, and use fancy Machine Learning® methods – all in order to build a classifier with a higher standard for gibberish plausibility.

In recent years, there has been a rising trend in malware’s use of Domain Generation Algorithms (DGAs) as a fallback mechanism in case the campaign is shut down at the DNS level. DGAs are a headache to deal with, but they have one big drawback – they make a lot of noise. To be more precise, they generate a very large amount of DNS requests for domains, and the domains are often complete gibberish.

This situation looks ripe to be exploited with your favorite Cyber™ Machine Learning® Big Data© solution; and indeed, advances were made by basic language processing methods that could detect and stop the outright complete gibberish. These worked well, until DGAs mutated, and started producing more reasonable gibberish. A milestone in this regard was the introduction of KWYJIBO, a DGA that generates gibberish where every other letter is a vowel (e. g. „garolimoja“), which stumps the old methods completely.

How do you thwart KWYJIBO and other DGAs of its sophistication? How do you look for meaninglessness in string-space? In this talk we’ll harness the might of the English dictionary; cheat mathematics to cut running times from impossible to reasonable; and demonstrate a fancy Cyber™ Machine Learning® Big Data© tool bas

Speaker: Max Schrems

Introduction and consequences of the CJEU's "Safe Harbor" ruling, to invalidate the EU-US data sharing deal in the light of the revelations over US surveillance by Edward Snowden.

In a landmark ruling the Court of Justice of the European Union (CJEU) has declared the "Safe Harbor" data sharing system between the EU and the US invalid over NSA surveillance, disclosed by Edward Snowden. The CJEU has for the first time ruled that "mass surveillance" as in the US violated the "essence" of Art 7 and 47 of the EU Charter of Fundamental Rights.

The ruling has major implications for global data flows as more than 4.000 US companies used "Safe Harbor" as their legal basis for EU-US data transfers - including large providers like Google, Apple, Microsoft, Facebook or Yahoo. In addition the ruling could also be relevant case law for similar forms of "mass surveillance" by EU member states.

In addition to explaining the legal situation [and a couple of insiders], the following questions should be answered:
- What are possible legal solutions for global services?
- What are possible technical solutions for global services?
- What are ways forward to enforce fundamental rights in the digital sphere?

Speakers: CAGE, Cerie Bullivant

CAGE exists to highlight abuses of the War on Terror. It has uncovered many secrets of governments that they would like to remain secret, and is now one of the most targeted organisations in the UK. Hear how the state attempts to suppress dissent, and yet we manage to speak out.

The War on Terror is the primary justification used to invest ever-increasing powers to the security state. It is the reason why states have been able to amass the powers to conduct mass surveillance of millions of law-abiding citizens. The surveillance state continues to expand.

CAGE was formed to highlight the abuses of the War on Terror after the creation of Guantanamo Bay prison. It has uncovered the existence of secret detention sites across the globe, revealed the involvement of Western intelligence agencies in rendition and torture and has campaigned courageously on behalf of prisoners that have been tortured and held without detention and trial for years. Our work has been underpinned by an unshakable commitment to the principles of due process and the rule of law. Today, CAGE is leading the charge against one of the most draconian and intrusive Government policies that has ever been devised – PREVENT.

We are representatives of the ‘suspect community’ of our times. As a result of our challenging yet rational, evidence-based and measured contributions, our organisation has become one of the most targeted in the UK. Our bank accounts have been frozen, one of our directors has been arrested, our funders have been pressured, our homes & vehicles have been bugged... We’re constantly attempting to secure our communications and environments just to continue our work. From new encryption methods to Faraday bags.

The Security State is trying to marginalise each of us. But we are taking on the security state together and citizens are being empowered. There are many that agree with us and recognise what is to come...

Speaker: Aylin

Last year I presented research showing how to de-anonymize programmers based on their coding style. This is of immediate concern to open source software developers who would like to remain anonymous. On the other hand, being able to de-anonymize programmers can help in forensic investigations, or in resolving plagiarism claims or copyright disputes.

I will report on our new research findings in the past year. We were able to increase the scale and accuracy of our methods dramatically and can now handle 1,600 programmers, reaching 94% de-anonymization accuracy. In ongoing research, we are tackling the much harder problem of de-anonymizing programmers from binaries of compiled code. This can help identify the author of a suspicious executable file and can potentially aid malware forensics. We demonstrate the efficacy of our techniques using a dataset collected from GitHub.

It is possible to identify individuals by de-anonymizing different types of large datasets. Once individuals are de-anonymized, different types of personal details can be detected from data that belong to them. Furthermore, their identities across different platforms can be linked. This is possible through utilizing machine learning methods that represent human data with a numeric vector that consists of features. Then a classifier is used to learn the patterns of each individual, to classify a previously unseen feature vector.

Tor users, social networks, underground cyber forums, the Netflix dataset have been de-anonymized in the past five years. Advances in machine learning and the improvements in computational power, such as cloud computing services, make these large scale de-anonymization tasks possible in a feasible amount of time. As data aggregators are collecting vast amounts of data from all possible digital media channels and as computing power is becoming cheaper, de-anonymization threatens privacy on a daily basis.

Last year, we showed how we can de-anony

Speakers: Antonio Bianchi, Jacopo Corbetta, Andrew Dutcher

How we built an automatic exploitation system and qualified for the DARPA Cyber Grand Challenge.

From a rag-tag hackademic group to getting money from DARPA for auto-exploiting and auto-patching. A tale of surfing, CTF-playing, and releasing an angry binary-analysis framework as open source :)

Beside introducing Shellphish, we will explain how we qualified to the final round of the DARPA Cyber Grand Challenge. The CGC is a security competition played by programs. Yep, you read it right, your code must automatically exploit and patch binaries, without any human intervention!

In particular, we will show how our open source binary analysis framework (angr) can help you find vulnerabilities in binaries.

Shellphish is a group of security enthusiasts born in the University of California, Santa Barbara (UCSB) in 2004.
Since then Shellphish played countless Capture the Flag (CTF) security competitions, winning the DEFCON CTF finals in 2005.

In 2015, Shellphish enrolled in the DARPA Cyber Grand Challenge (CGC).
Differently from others security competitions, in which humans have to solve security challenges (such as exploiting binaries or web services), during the CGC participants have to build an automatic system that plays for them!
In particular, teams have to build a system that is able to automatically find vulnerabilities in binaries, exploit them, and patch them, without any human intervention.

In this talk we will present the system we developed to participate in the CGC, our almost-million dollar baby :)
Our system was able to score among the top 7 teams during the qualification event of the CGC, qualifying us for the final event (in August 2016 at Las Vegas), in which participants will compete against each other to win a first-place prize of 2 million dollars (and eternal bragging rights).

Part of the system we developed is based on angr, the open source binary ana

Speakers: rop, frank

The talk „We Lost The War“ was presented at Congress ten years ago, causing quite a stir. It was a prediction of a dark future that did not sit well with many people, but unfortunately many predictions have come true meanwhile. This talk will try to address what comes next, as well as what the hacker community can do to make things better.

It’s a broad-spectrum talk that covers analysis of past and current events and possible futures in specific fields such as surveillance and digital rights, as well as a broader analysis of where the speakers think the world might be in 5-10 more years.

Speaker: Jennifer Helsby

Mass quantities of data are being incorporated into predictive systems in an ever-broadening set of fields. In many cases, these algorithms operate in the dark and their use has implications both intentional and unintentional. This talk will cover some of the fairness and accountability issues involved in controlling algorithms for media, policy, and policing.

Decision making is increasingly being performed by intelligent algorithms in areas from search engine rankings to public policy. Algorithmic decision making includes applications as important as who is flagged as a potential terrorist as in the United States’ no-fly list to deciding how police officers will be allocated as in predictive policing.

These systems are getting smarter as we develop better algorithms, as well as more expansive as they integrate more data. Government agencies and corporations are determining how to best convert the mass quantities of data that have been collected on their citizens and customers into meaningful inferences and decisions through data mining and predictive systems.

However, many of these systems consist of algorithms whose operation is closed to the public - constituting a new form of secrecy maintained by powerful entities. The intentional or unintentional impact of some of these systems can have profound consequences.

This talk will cover some of the emerging issues with the widespread use of these systems in terms of transparency and fairness. We need to have some mechanism for verifying how these systems operate. Are these algorithms discriminatory? Are they fair with respect to protected groups? What role can auditing and reverse engineering play? I'll discuss these questions, the current status of this field, and some paths forward.

Speaker: Dia Kayyali

Street level surveillance technology, such as surveillance cameras and iris scanners, is now a pervasive part of the daily lives of city dwellers, with disastrous consequences for freedom of expression. This talk will cover what kind of street level technology we’re seeing, how it’s spreading, and who’s making money off of it. We’ll also talk about some of the security flaws hackers have exposed on these technologies, and put out a call to action to CCC.

Surveillance was on the street before it was online, and that hasn’t changed. What has changed is that cities around the world are now bristling with street level surveillance technology, like GPS tracking devices, IMSI catchers, biometrics, drones, and cameras of all kinds. Much like the business of selling malware to repressive regimes, big multi-national corporations like General Electric and Morpho have made huge profits off the spread of this technology, and have helped it spread like wildfire.

Even in places like the United States, where, in the last 20 years, crime rates have steadily and significantly declined, the use of this incredibly invasive technology is excused by “public safety" or "crime prevention needs.” Justifications range from warnings about terrorism (often thinly-veiled jabs at activists like the Black Lives Matter movement or anti-austerity activists in Greece) to conflating “national security” with disaster preparedness. Similarly, In Latin American, government authorities have used surveillance measures to discredit and stigmatize social movements involved in protests.

Street level surveillance is also often part of preparation for major events. The technology left behind becomes integrated in to everyday policing. The 2012 Olympics in London was accompanied by a host of new technology, including iris scanners, biometric ID cards, automated license plate readers, and facial-recognition CCTV systems. In preparation for the 2014 World Cup

Speaker: Karsten Becker

3D printers are almost everywhere, but not on the moon yet. We want to change that and this talk gives you a little insight into the how and whys of 3D printing on the moon.

Having a printer in space is a great idea, it allows you to produce things in space, without having to actually launch it with a rocket. Some want to mine asteroids for that, we want to use lunar regolith. This would make it possible to build structures on the moon that are essential for build a permanent outpost there.
Even further down the line one might build the first interplanetary refuelling outpost in space for rockets and go even deeper into space.

We want to show you how this dream could become reality, what techniques are of interest, and how it could be implemented.

Speaker: Henryk Plötz

QR codes have rapidly overtaken rival 2D bar code symbologies and are becoming quite ubiquitous. Most uses are rather pedestrian though, and even the more non-standard modifications to pure QR codes lack a certain technical finesse, opting to just overpaint part of the code and let error correction handle that instead. Let's see how we can do better.

The simple visual appearance of a QR code belies a very complex multi-step encoding process: Text is encoded using one or multiple character sets and encoding modes (allowing, for example, for a more efficient representation of strings of numbers), the resultant data is grouped into code words in segments with delimiters, error correction information is added, the augmented data is placed on the 2D matrix, structure obfuscation with a masking pattern is applied and version and format meta-data is added. each of these steps grants some degree of freedom to the encoder that will result in visually distinct but semantically identical codes.

Previous approaches to play with QR code appearance have usually stuck to modifying either end of this pipeline: Overwriting some parts of the finished code, or adding additional encoded data so that the finished code will have certain features embedded in it. The downside of these approaches is that you either rely on error correction to remove all the disturbances you've added, limiting the amount of modification possible, or become very limited in which pixels you can control.

By constructing an encoder and decoder that allows access to each step of the encoding/decoding process, I will allow you to go further and take control of the QR code as a whole. Changing all parameters of the encoding process will make the resulting code appear almost like you want it without relying on the error correcting capabilities, which then allows you to add further manipulations by abusing the error correction capabilities.

All code will be released under a free

Speaker: Jethro Beekman

This talk will be an overview of how to reverse-engineer Unified Extensible Firmware Interface (UEFI) firmware, the replacement for BIOS. Various useful tools will be discussed, including those written by the presenter and those written by others. One of the highlights will be a tool that enables running parts of the firmware in userspace on a standard Operating System.

The Unified Extensible Firmware Interface (UEFI) is a programming environment quite different from regular Operating Systems models, and as such reverse engineering UEFI software is quite different from reversing standard software.

This talk will consits of three parts. First, an overview of UEFI and what makes it different will be presented. Then, existing and new tools that aid in reversing UEFI are discussed, including a demonstration of the efiperun tool that enables running UEFI modules in userspace. The talk will conclude with the recounting of a succesful reverse engineering project to uncover the Lenovo hard drive password hashing algorithm.

Jethro Beekman is a security researcher and Ph.D. student at the University of California, Berkeley. He has a broad range of interests in technology, ranging from electronics to cryptography. Recent work has focused on various topics such as side-channels, remote attestation, Heartbleed and the Rust programming language.

Speaker: Darsha

20 OSCILLATORS IN 20 MINUTES is an experimental music performance/technical challenge/standup comedy act where I attempt to build twenty sound generating square wave oscillators in twenty minutes. This involves fabricating small electronic circuits with wires, chips, small components and nine-volt batteries under the pressure of limited time and expectation. This is a test of my technical abilities and an experiment in working with live troubleshooting as a method of musical improvisation.

Speakers: Arne Hintz, Lina Dencik

How have the media reported the Snowden revelations? Does the public care about surveillance, and how do people react? Do we need a ‚data justice‘ movement?

This talk will present results from the research project „Digital Citizenship and Surveillance Society: State-Media-Citizen Relations After the Snowden Leaks“. We will discuss why media coverage has been biased and investigate public knowledge of, as well as public reactions to, surveillance. We will show that people are concerned about surveillance but feel disempowered to resist it, and explore why many social/political/environmental activists have been reluctant to change their communication practices after Snowden. And we will suggest a ‚data justice‘ framework to form part of broader social and economic justice agenda in order to resonate with a broader public.

The project „Digital Citizenship and Surveillance Society“ is hosted at Cardiff University and includes researchers from Cardiff, the Oxford Internet Institute and the Technical University of Delft. It investigates the responses to the Snowden revelations for policy, technology, civil society and the news media. In this talk, two of the investigators will present findings from research that included content analysis of the British press and broadcast news, interviews with journalists and activists, and focus groups with a wide range of the British public. They will uncover widespread worries about surveillance amongst both activists and wider population but, at the same time, a lack of knowledge and confidence to address it socially, politically and technologically.

The research provides insights for digital rights campaigners, crypto developers, and everyone interested in the Snowden leaks.

Speaker: Gloria Spindle – Peng! Collective

Giant billboard vans, drone-operated leaflet drops over an NSA building and calls to secret service agents, Intelexit explores all routes to reach out to secret service agents and convince them to follow their conscience and quit their jobs. We will take a look at the highlights of the campaign from 2015 and what's around the corner for 2016.

When we talk about government surveillance, we most often talk about it as a dark and menacing threat. But there are humans working day in and day out at secret service offices around the world, following orders, keeping secrets. How many of them feel ethically conflicted about their role in upholding these structures? How many of them might consider leaving and pursuing another career, if nudged in the right direction? Intelexit, an initiative produced by the Peng! Collective, reaches out to these people and offers them a friendly nudge and connects them with the right kinds of support if they wish to leave. Treading the line between art and activism, between spectacle and reality, Peng set up Intelexit to draw attention to the women and men working in the shadows, and to reach out to them. Intelexit was an experiment at first but it turned out to be very popular and needed, so it will continue into 2016 and it needs your help!

Speaker: Filippo Valsorda

Entropy, the randomness used in many critical cryptography processes including key generation, is as important as it is misunderstood. Many myths are fueled by misleading documentation. This presentation aims to provide simple and actionable information while explaining the core technical details and real world implementations.

Randomness is as simple as critical. An application wants some bytes which an attacker can't predict. The clearest example is generating a cryptographic key, but a wide array of functions depend on randomness.

Any time a key is generated, any time a DSA signature is made, any time the memory layout is randomized, applications rely on being able to create strings of bytes impossible to predict. If that comes short everything fails: cryptographic keys are compromised, exploits protections are ineffective.

Entropy, the unpredictable raw material, is usually collected by the Operating System and exposed to the applications that need it. Once enough bits of entropy have been collected, it becomes impossible to predict the output of the CSPRNG (cryptographically secure pseudo-random number generator), a stirrer of sorts that expands a seed into unlimited whitened random bytes, often based on stream ciphers or hashes.

Real risks include trying to use a CSPRNG early on in the boot process, when not enough random events have been collected, or using a userspace CSPRNG instead of the kernel one and forgetting to seed it. Or using a non-CS PRNG.

That's just about it. However, there is a lot of misunderstanding on "decreasing entropy". It's a widespread myth that using random bytes decreases the "amount" of entropy. Reality is, to an attacker who's basically trying to predict the CSPRNG output there's no decrease in difficulty no matter how much output is drawn, so developers can avoid introducing additional complexity because of this.

This is all backed up by showing a simple toy CSPRNG design, and reasonin

Speaker: Tarek Loubani

Free software and hardware are essential to sovereignty among developing nations, and can be used to secure infrastructure and information against sophisticated adversaries. Underdeveloped nations are leveraging Free software for these purposes, including Gaza and the Palestinian territories. This lecture discusses the Palestinian use of Free software and hardware to claim a kind of sovereignty, focusing on the health sector as one example where speaker Dr. Tarek Loubani has experienced and participated in efforts to incorporate Free culture.

Free software and hardware are essential to ensure cultural, economic and military sovereignty among developing nations. Software such as GNU/Linux and GPG are potent weapons used by state and quasi-state actors to secure infrastructure or information against sophisticated adversaries.

Several Latin American countries have effectively utilized Free software tools over the past two decades to advance their sovereignty. Today, another wave of underdeveloped nations is similarly leveraging Free software, including the Gaza Strip and Palestinian Authority.

The Palestinian Territories - and particularly the Gaza Strip - exist in a state of nearly-complete technological, economic, political and military domination. This lecture discusses the Palestinian use of Free software and hardware to claim a kind of sovereignty, focusing on the health sector as one example where speaker Dr. Tarek Loubani has experienced and participated in efforts to incorporate Free culture.

Speakers: Andreas Zingerle, Linda Kronman

The lecture outlines strategies by the "Artist against 419" online community that uses open source intelligence to gather data and file reports about fraudulent websites. The lecture presents the artistic installation "Megacorp." (created by KairUs) that tries to visualize the global phenomenon of fake business websites.

“Megacorp.” is a corporate conglomerate inspired by its equally powerful counterparts in science fiction. The artwork is based on a collection of fake websites scraped from internet by the artist duo KairUs. These companies exist only virtually and are used by cyber criminals for phishing attacks or to support scam stories. The “Megacorp.” exists therefore as an umbrella company for subsidiary companies that are 100% dummy cooperations. “Megacorp.” operates on a global scale and is constantly growing with firms represented in almost every branch of industry. The strategic objectives according to the “Megacorp.” Mission statement is to: “offer complete services from one source which can serve the entire market”. Accordingly the subsidiary companies cover domestic and international export, real estate agents, insurance companies, law firms, security companies, banks, educational institutions, hospitals, online commerce, economic communities and ministries.The functions of “Megacorp.” are presented in the form of an interim report and company visuals. The archieved websites are locally available in the gallery allowing visitors to explore the current fake website repository. By examining the fake websites the artwork reflects both the imaginary and the real world ‘megacorps’, questioning centralization of power.

Speaker: Arne Semsrott

Die Landesverrat-Affäre um netzpolitik.org hat gezeigt, wie wichtig es ist, nicht nur aus staatlichen Dokumenten zu zitieren, sondern sie im Original zu veröffentlichen. Ideales Werkzeug dafür ist das Informationsfreiheitsgesetz (IFG). Wir geben einen Überblick über die Entwicklungen dieses Jahr rund um das IFG.

Die Landesverrat-Affäre um netzpolitik.org hat gezeigt, wie wichtig es ist, nicht nur aus staatlichen Dokumenten zu zitieren, sondern sie im Original zu veröffentlichen.
Ideales Werkzeug dafür ist das Informationsfreiheitsgesetz (IFG), das aber weiterhin noch viel zu selten genutzt wird - weder von Aktivistinnen noch von Journalistinnen.
Wir zeigen, welche politischen Entwicklungen, Gerichtsurteile und Veröffentlichungen 2015 wichtig waren für die Informationsfreiheit in Deutschland - und auch in anderen Ländern wie England, wo der Freedom of Information Act von der Cameron-Regierung vermutlich bald eingestampft wird.
FragDenStaat haben wir unterdessen weiterentwickelt zu einer Plattform, auf der Behörden auch dann angefragt werden können, wenn für sie das IFG nicht gilt. Und haben dabei erlebt, dass der bisher größte internationale Medienhype um die Plattform nicht auf seriöse Arbeit zurückzuführen ist, sondern auf einen 17-Jährigen, der über FragDenStaat seine Abiturklausuren vor dem Klausurtermin einsehen wollte.

Speakers: taziden, kload

Two years after the invitation to build your own iSP at 30C3, I'd like to invite everyone to take part in building a better Internet with the Internet Cube project.

At the crossroads of DIY Internet Access, Open Source Hardware and Self-Hosting Free Software, "Internet Cube" is the living proof everyone can regain control on their data.
Using a public and static VPN endpoint provided by a neutral and privacy-friendly ISP, the Cube enables the user to have her services accessible from everywhere simply by plugging it to the Internet.
Assorted with a wireless antenna, the Cube operates as an ambulant cleaning gateway to the Internet, getting rid of whatever stupid thing a commercial ISP would be doing on the network like port blocking or service prioritization.

There are many other use cases enabled by already existing Y U NO HOST applications like turning the Cube into a PirateBox or a Tor gateway.

When the first prototype came to life, someone said "Well, congratulations guys, you've just built an actual working FreedomBox" and I believe that what we built is more than that.