• 7
    watchers
  • 502
    plays
  • 2.2k
    collected
  • 2014-12-27T00:00:00Z
  • 1h
  • 5d 18h (138 episodes)
  • English
The Chaos Communication Congress is an annual meeting of the international hacker scene, organized by the Chaos Computer Club. The congress features a variety of lectures and workshops on technical and political issues. The event takes place regularly at the end of the year since 1984, with the current date and duration (December 27–30) established in 2005.

138 episodes

Season Premiere

2014-12-27T00:00:00Z

31x01 31C3 Opening Event (#6561)

Season Premiere

31x01 31C3 Opening Event (#6561)

  • 2014-12-27T00:00:00Z1h

Speakers: erdgeist, Geraldine de Bastion

Speaker: alecempire

Speaker: Martin Haase/maha

Im Sommer 2014 wurde die sogenannte Digitale „Agenda“ vorgestellt, die als „netzpolitisches Regierungsprogramm“ bezeichnet wurde. Aus texttypologischer Sicht handelt es sich aber eher um einen PR-Text, der so aussieht, als sei er ein Auszug aus einer Wahlkampfbroschüre. Der Vortrag analysiert den Text zunächst inhaltlich, um zu zeigen, worum es im Einzelnen geht und wo Widersprüche auftauchen, dann aus textkritischer und aus linguistischer Perspektive. Insbesondere werden bestimmte Interessen der Bundesregierung und anderer Akteure deutlich, die weniger offen thematisiert werden, aber doch sprachlich zu Tage treten.

Speaker: hannes, David Kaloper

We present Mirage OS, a modular library operating system developed from scratch in the functional programming language OCaml. Each service, called unikernel, is an OCaml application using libraries such as a TCP/IP stack, DNS. It is either compiled to a Xen virtual machine image or to a Unix binary (for development). State in 2014 is that it runs on x86 and arm, we implemented a clean-slate TLS (1.0, 1.1, 1.2), X.509, ASN.1 stack, crypto primitives, Off-the-record. We also have TCP/IP, HTTP, a persistent branchable store (similar to git) - all implemented in OCaml. A virtual machine serving data via https is roughly 2MB in size - no libc inside :)

31x05 3D Casting Aluminum (#6417)

  • 2014-12-27T00:00:00Z1h

Speaker: Julia Longtin

We use microwaves to cast aluminum from 3D printed objects. This gives us the ability to cast high quality 6040 aluminum pieces using a 3D printer and commercially available consumer microwaves.

We manufacture microwave safe kilns for melting aluminum. We create microwave transparent molds that allow us to burn out plastic without heating the mold itself therefor creating a quicker method of accomplishing the lost PLA process.

Speaker: Silvia

In the post-NSA world it is important to understand the magnitude of our online activities in order to take informative decisions on our ubiquitous shared lives. Personal Tracking Devices is the result of a two years long study on tracking technologies and the inherent nature of the web and telecommunication networks in general. The study, conducted as part of Ph.D. research in privacy and security at UPC Barcelona Tech, collected a large amount of metadata to raise awareness on the footprints left by users on the web and through mobile apps.

Speakers: Sergey Gordeychik, Aleksandr Timorin

For two years SCADA StrangeLove speaks about Industrial Control Systems and nuclear plants. This year we want to discuss Green Energy. Our hackers' vision of Green Energy, SmartGrids and Cloud IoT technology. We will also speak about the security problems of traditional "heavy" industrial solutions, about the things that Zurich Airport and Large Hadron Collider have in common On top of it you will learn about our new releases, some funny and not so funny stories about discovery and fixing of vulnerabilities and the latest news from the front struggling for the Purity of Essence.​

Speakers: Stefan Pelzer, Philipp Ruch

Ein Mahnmal gegen die Vereinten Nationen, 25.000 Euro Kopfgeld auf eine deutsche Waffenhändlerfamilie, eine falsche Kampagne für das Familienministerium oder die Flucht der "Mauerkreuze" vom Reichstagsufer an die EU-Außengrenzen: wenn das Zentrum für Politische Schönheit (ZPS) das Kriegsbeil ausgräbt, ist eine kontroverse Debatte garantiert.

31x09 Reproducible Builds (#6240)

  • 2014-12-27T00:00:00Z1h

Software build reproducibility is the ability to use independent build machines to compile bit-identical binaries from program source code. In this talk, we will discuss the motivation for and the technical details behind software build reproducibility. We will describe the technical mechanisms used by the Tor Project to produce reproducible builds of the Tor Browser, and also introduce the early efforts of both F-Droid and Debian to achieve these same build integrity properties on a more wide-scale basis.

Speaker: Hong Phuc Dang

The talk is about our project to develop software and hardware tools for a fair and environment friendly garment and textile production and how we break down the locks that exists on every level in the industry from design, to software, machines and distribution.

Speaker: Andrea Barisani

This talks follows our previous EMV research uncovering new findings as well as a detailed analysis of Chip & PIN fraud markers in order to benefit cardholders, as well as issuing banks, in preventing wrongful liability for fraudulent charges.

Speaker: Sebastian Schinzel

We present four new Bleichenbacher side channels, and three successful Bleichenbacher attacks against the Java Secure Socket Extension (JSSE) SSL/TLS implementation and against hardware security appliances using the Cavium NITROX SSL accelerator chip.

At 28C3 we introduced the very first steps of the osmo-gmr projects. During this talk, we will present the various advances that have been made in this project on various aspects (voice codec, crypto algorithm, ...)

GMR-1 (GEO Mobile Radio) is a satellite phone protocol derived from GSM. The main operator using this protocol is Thuraya and is mainly active in the middle east and asia.

osmo-gmr is a project of the osmocom family whose goal is to implement the various levels of a GMR stacks, starting from SDR signal acquisition up to the actual voice layer.

At 28C3 we gave and introductory talk to the project which was pretty new at the time. On this talk, we will quickly summarize what was presented last time and then move on to the new stuff.

The two main obstacles to implement a practical monitoring software for GMR-1 were the secret crypto algorithm and the unknown voice codec. Both obstacles have now been lifted and we will present the details of how that happened. We will also look toward the next steps and other aspects of the system that we're planning to dig into.

Speaker: Andreas Bihlmaier

An introduction to the Robot Operating System (ROS) for the home/hackerspace roboticist (if it physically interacts with the world through code, call it robot).

Speaker: Tobias Engel

Companies are now selling the ability to track your phone number whereever you go. With a precision of up to 50 meters, detailed movement profiles can be compiled by somebody from the other side of the world without you ever knowing about it. But that is just the tip of the iceberg.

31x16 Glitching For n00bs (#6499)

  • 2014-12-27T00:00:00Z1h

Despite claims of its obsolescence, electrical glitching can be a viable attack vector against some ICs. This presentation chronicles a quest to learn what types of electrical transients can be introduced into an integrated circuit to cause a variety of circuit faults advantageous to an reverser. Several hardware platforms were constructed during the quest to aid in research, including old-skool & solderless breadboards, photo-etched & professional PCBs, FPGAs, and cheap & dirty homemade logic analyzers. The strengths and weaknesses of the various approaches will be discussed.

Speakers: josch, arche3000

Der Vortrag bietet eine sprachwissenschaftlich informierte Perspektive auf den Informationskrieg mit Fokus auf operative Kommunikation in sozialen Medien. Am Beispiel eines selbst entwickelten Bots werden wir linguistische Prozeduren zur Manipulation von Kommunikation mit dem Ziel der Beeinflussung von Wissen, Werten, Gefühlen und Handlungsdispositionen vorstellen.

Speakers: Norbert Braun, darthrake

The talk is on the eXperimental Robot Project (XRP), a project to develop an open-hardware humanoid robot. More precisely, we are focusing on the distinguishing feature of a humanoid robot - the ability to walk on two legs.

31x19 Mobile self-defense (#6122)

  • 2014-12-27T00:00:00Z1h

Speaker: Karsten Nohl

We know that mobile networks can — and do — attack us on many fronts. As this talk will show, even 3G is attackable. It’s high time that we upgrade from complaining to self-defense.

Speaker: David Madlener

Three years have elapsed since the call for a "Hacker Space Program" during the Chaos Communication Camp 2011. In this lecture we will review the basics of space flight, discuss common problems and pitfalls encountered by a practitioner on the way to orbit, and report on the state of our sounding rocket program.

Speakers: Thomas Skowron, ubahnverleih

Seit nun über 10 Jahren gibt es OpenStreetMap. Besonders in den letzten drei Jahren war die Entwicklung überwältigend, sowohl was die Datenlage als auch das gesamte Ökosystem anbelangt. Wir wollen zeigen, was möglich ist und was in der Zukunft (hoffentlich) passieren wird.

2014-12-27T00:00:00Z

31x22 Jugend hackt (#6559)

31x22 Jugend hackt (#6559)

  • 2014-12-27T00:00:00Z1h

Speakers: Fiona Krakenbürger, Maria Reimer, Philipp Kalweit, Max Nagy, Lukas, Nico

Im September 2014 fand die Veranstaltung Jugend hackt statt: Ein Wochenende Hacken, Basteln und Programmieren mit 120 computerbegeisterten Jugendlichen. Wir als Organisatorinnen und Teilnehmer wollen von dem Event erzählen und unsere Erfahrungen teilen. Der Talk richtet sich gleichermaßen an Jugendliche, die sich für's Hacken begeistern, als auch an alle, die sich für Code Literacy, Medienpädagogik oder den IT-Nachwuchs interessieren.

Speaker: starbug

Bei der Passworteingabe über die Schultern schauen? Die Mateflasche klauen, um an Fingerabdrücke zu kommen? Alles Technik von gestern. Der Vortrag zeigt, wie man heutzutage an Daten kommt, um Authentifizierungsmethoden zu überwinden.

2014-12-27T00:00:00Z

31x24 Space Hacker (#6142)

31x24 Space Hacker (#6142)

  • 2014-12-27T00:00:00Z1h

Speakers: Karsten Becker, Robert

At the 26C3 we first presented our vision of sending a rover to the moon. We're still in the pursuit of doing this and are closer than ever. Many things have happened in the past 5 years and we want to share our story with you. But this talk is not just about us, it is also about you! You will have the possibility to contribute to our mission, just tune in to get all the details :)

31x25 Code Pointer Integrity (#6050)

  • 2014-12-27T00:00:00Z1h

Speaker: gannimo

Programs are full of bugs, leading to vulnerabilities. We'll discuss power and limitations of code-pointer integrity (CPI), a strong but practical security policy that enforces memory safety for all code pointers, protecting against any form of control-flow hijack attack (e. g., ROP or JOP).

The Novena open source laptop contains a FPGA, but free software support for FPGAs is lacking and requires root access to the hardware.

Our work is on providing a framework and a demonstration application for general purpose accelerator cores for Novena's FPGA.

2014-12-27T00:00:00Z

31x27 ECCHacks (#6369)

31x27 ECCHacks (#6369)

  • 2014-12-27T00:00:00Z1h

Speakers: djb, Tanja Lange

This talk will explain how to work with elliptic curves constructively to obtain secure and efficient implementations, and will highlight pitfalls that must be avoided when implementing elliptic-curve crypto (ECC). The talk will also explain what all the buzz in curve choices for TLS is about. This talk does not require any prior exposure to ECC.

Speaker: Rudolf Marek

You definitely should care. The aim of this talk is to provide insight to the security, architecture and yes you guessed it, vulnerability of the AMD System Management Unit (SMU) firmware found in modern AMD x86 processors.

Speaker: Caspar Bowden

In 2011 I started trying to warn EU institutions about what we now call PRISM, after working it out from open sources. Civil society, privacy regulators, and the Commission all did nothing. This is the story of exactly how they did nothing, and why, and what is happening now.

Speakers: ericfiliol, Paul Irolla

This talk presents a deep analysis of banking mobile apps available in the world. Based on static and dynamic analysis as well as on the analysis of the final source code we show that a vast majority of them are not respecting users' privacy and users' data protection. Worse a few of them contains critical bugs.

Speakers: Nadia Heninger, Julia Angwin, Laura Poitras and Jack Gillum

Julia Angwin, Jack Gillum, and Laura Poitras will tell us stories about how they use crypto and privacy-enhancing technologies as high-profile journalists, and rant in an entertaining way about how these tools have failed or are horribly inadequate for their needs. They will also talk about their rare crypto successes.

Speaker: tw, gadi

Rocket Kitten is an advanced APT set of campaigns, with a twist - off-the-shelf malware that won’t shame a nation state. The talk will combine an assessment of the threat group’s modus operandi with a technical deep dive. Prepare for some hex dumps.

This talk will uncover a set of high profile espionage campaigns from 2014 that involve a commercial attack framework – a highly specialized tool that has not been publicly documented and remained undetected in multiple operations. We will discuss the framework's technical design and review its features and capabilities that make it a premium instrument for stealth intrusions. We will further discuss how the tool was delivered to victims and how the compromise was carried out.

Speaker: Friederike

Maxwell's equations are four differential equations which form the foundation of classical electrodynamics, classical optics, and electric circuits. This talk will take a look at the connection between these equations, wave propagation and antenna arrays.

Speakers: Laurent Ghigonis and Alexandre De Oliveira

SS7 has been shown repeatedly as an insecure protocol: spoofing, faking, crash through fuzzing, fraud. The main question of our study is to determine how this insecurity is mitigated by network operator’s action to prevent compromise on both network exposure of infrastructure and privacy compromise of subscribers. It's why we wanted to come out with SS7map.

2014-12-27T00:00:00Z

31x35 Citizenfour (#6581)

31x35 Citizenfour (#6581)

  • 2014-12-27T00:00:00Z1h

Opt-out! No stream/recording available!


"Citizenfour" is Laura Poitras' documentary and a closeup view about blowing the whistle on the spooks at the NSA.

A portrait of Edward Snowden in the weeks he chooses to change our understanding of what governments know about us.

Speaker: Joscha

How can the physical universe give rise to a mind? I suggest to replace this confusing question by another one: what kind of information processing system is the mind, and how is the mind computed? As we will see, even our ideas of the physical universe turn out to be computational. Let us explore some fascinating scenery of the philosophy underlying Artificial Intelligence.

Speaker: Eireann Leverett

This talk will introduce you to Industrial Ethernet Switches and their vulnerabilities. These are switches used in industrial environments, like substations, factories, refineries, ports, or other other homes of industrial automation. In other words: DCS, PCS, ICS & SCADA switches. It is a very good companion talk to Damn Vulnerable Chemical Process? Own your own critical infrastructures today!

Speaker: Peter Laackmann, Marcus Janke

An entertaining, thrilling and educational journey through the world of chip preparation. Deep insight into amateur- as well as professional methods and equipment is given, for the first, most important steps for analysis and attacks on dedicated hardware.

Speaker: Arne Padmos

GPG has been correctly described as "damn near unusable". Why is this so? What does research into usable security tell us? This talk covers the history, methods, and findings of the research field, as well as proposed solutions and open questions.

31x40 Lightning Talks Day 2 (#6563)

  • 2014-12-28T00:00:00Z1h

Speaker: gedsic

Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick!

Speaker: saper

Ever wondered what the cryptic QNY27R on your airline reservaton means? This talk explores typical computing environment as seen in the air transport industry. Discover ancient software, old communication protocols and cryptic systems. What data are stored and how they are exchanged to keep the air transport industry running.

Speakers: Elektra, Andrea Behrendt - read & delete

Die radikalen philosophischen Texte von Elektra W. haben das Ziel - seien wir offen und direkt - einen Headcrash des Ich-Erlebens herbeizuführen, das sich im Laufe unserer Enkulturation und Erziehung im Vorderlappen des Großhirns breit gemacht hat.

Speaker: James Bamford

For nearly one hundred years, the NSA and its predecessors have been engaging in secret, illegal deals with the American telecom industry, with both virtually immune from prosecution.

Speaker: Joseph Tartaro, Matthew Halchyshak

Reverse engineering is not all binaries and byte-code. The black art also extends to networks and unobtainable game servers. In this talk we go into the gruesome details of how we dug through the graveyards of console binaries and mausoleums of forgotten network protocols in order to stitch together the pieces necessary to bring our favorite game Metal Gear Online back to life. We will be examining the process of reverse engineering the games custom network protocols in all angles from packet logs to low level disassembly of client code.

Speaker: raichoo

Idris is a relatively young research programming languages that attempts to bring dependent types to general purpose programming. In this talk I will introduce the concept of dependent types and the Curry-Howard isomorphism and how these can be applied to prove properties about software and eradicate whole classes of bugs and security issues.

Speaker: J. Alex Halderman

Estonia is the only country in the world that relies on Internet voting in a significant way for legally-binding national elections — up to 30% of all voters cast their ballots online. This makes the security of Estonia's Internet voting system of interest to technologists and citizens the world over. Over the past year, I helped lead the first rigorous, independent security evaluation of the system, based on election observation, code review, and laboratory testing. The findings are alarming: there are staggering gaps in Estonia's procedural and operational security, and the architecture of the system leaves it open to cyberattacks from foreign powers. Our investigation confirmed the viability of these attacks in the lab, but the Estonian government has chosen to downplay them. We urgently recommend that Estonia discontinue use of the system before the country suffers a major attack.

Speaker: Lothar Hotz

Im Vortrag wird die technische Umsetzung des Transparenzportals Hamburg vorgestellt.

Speaker: Felix Mütze

Im Grunde sind GIFs Schnee von gestern. Es gibt zahlreiche Alternativen, die das, was ein GIF kann, besser können. Und trotzdem haben sich GIFs als Kulturtechnik durchgesetzt. Oder war es nur ein letzter Hype vor dem Tod? Wie kommt es, dass ein Medium, das schon in den 90ern veraltet war, sich noch zwei Jahrzehnte später bester Beliebtheit erfreut? Und was können wir daraus über die Diskrepanz zwischen aktueller technischer Entwicklung einerseits und der tatsächlichen Nutzung von Technologie andererseits lernen?

Speaker: Sarah

How to play with lasers without injuring Yourself and others and how to design the safety circuits of a laser system.

Speakers: Jimmy Schulz, Dr. Rüdiger Hanig

We report about a LOAD e. V. study regarding data collection of cars, future developments of this technology field, how this data is accessed and secured and what the stakeholders (car manufacturers, car owners and users) positions are on this data gathering. In a summary we outline necessary consequences.

Speaker: Ben H.

Using the same stream cipher key twice is known to be a Very Bad Idea, but keystream-resuse vulnerabilities are still very much a thing of the present - both in legitimate software and in the malware landscape. We describe a heuristic algorithm which can detect vulnerabilities of this kind. We explain the inner workings of the algorithm and demonstrate a proof-of-concept attack on sevreral examples of vulnerable data, including files encrypted by the DirCrypt malware and encrypted traffic generated by malware such as variants of Zeus and Ramnit.

31x52 Iridium Pager Hacking (#6236)

  • 2014-12-28T00:00:00Z1h

Speakers: Sec, schneider

The chronicles of reversing the Iridium pager system.

Speaker: ruedi

(K)ein kleiner Rant über Elliptische Kurven, Quantencomputer, Bitcoins und die NSA et al.

Speaker: Sacha van Geffen

Referring to the seminal talk Dymaxion gave at the closing of the NoisySquare at OHM in 2013. This talk will explore what has happened and what has not in the mean time on the "battle ground". An overview will be presented on the technical, legal, political and social battles going on and will provide pointers to further tactics. Finally we will look at how to make sure we keep ourselves safe and sane.

31x55 Forging the USB armory (#6541)

  • 2014-12-28T00:00:00Z1h

Speaker: Andrea Barisani

The presentation will cover the journey that we have taken to develop the USB armory board from scratch, explaining the lessons learned and its prospected applications.

Speaker: Jeroen van der Ham

Ethics in Computer Science is now finally gaining some well deserved attention. At the University of Amsterdam, we have started an ethical committee for the System and Network Engineering Master. In this talk we describe how and why we started this committee, and also look back at our first results.

Speaker: Anita Gohdes

Simple access to social media and cell phone has widely been accepted as a positive tool for citizens to voice dissatisfaction with their government and coordinate protest. But why would rulers permit these tools if they merely pose a threat to their own survival? This talk will investigate how a government’s ability to censor and limit the flow of information feeds into its choice of violent responses to protest. I will talk about the conditions under which a government is likely to benefit more from surveilling the free flow of information, and under which conditions it is more likely to benefit from censorship.

Speakers: Teja Philipp, Philipp Engel

Mr Beam was started as a hobby project aiming to get more experience in 3D printing. For fun we put it on Kickstarter and ended up in kind of a roller coaster.

Speaker: MeTaMiNd EvoLuTioN

leading hackers and researchers from the worldwide hackerspace, universitiy, and DIY artist community, explain current technological possibilites in BCI, and show ways to use open source hardware and software for hackers, makers, artists, personal development, citizen science, providing a framework for alternative culture and free expression balancing the soon coming commercial expansion in "Neurogaming", "Neuromarketing" and "eHealth" talk will illustrate the mutually beneficial relationship between "hacking" and science, with the example of hacking BCIs, as well as an overview into the new field of "BCI Mind-Hacking", such as exploiting remote consumer Neuroheadsets, and Data-Mining the human-brain for sensitive data during casual use.

Speaker: Michael Carbone

An update to our Reports from the Frontlines talk at OHM 2013, we will provide the latest stories and figures from Access' digital security helpline that provides security incident response and technical support to civil society groups and human rights defenders around the world.

Speaker: Reuben Binns

The internet may be the nervous system of the 21st century, but its main business purpose is helping marketers work out how to make people buy stuff. This talk maps out a possible alternative, where consumers co-ordinate online, pooling their data and resources to match demand with supply.

Speaker: ruedi

Im Vortrag sollen technische und gesellschaftliche Konsequenzen der von Microsoft kontrollierten Windows-8-Secure-Boot-Architektur und mögliche Gegenmaßnahmen diskutiert werden.

Speakers: Anonymous member of Tarnac Solidarity Committee, tarnac nine

“There will be people who resist adopting and using technology, people who want nothing to do with virtual profiles, online data systems or smart phones. Yet a government might suspect that people who opt out completely have something to hide and thus are more likely to break laws, and as a counterterrorism measure, that government will build the kind of ‘hidden people’ registry we described earlier. If you don’t have any registered social-networking profiles or mobile subscriptions, and on-line references to you are unusually hard to find, you might be considered a candidate for such a registry. You might also be subjected to a strict set of new regulations that includes rigorous airport screening or even travel restrictions.”

Speaker: Aram Bartholl

In general data is stored on technically sensitive systems and can easily be lost. At the same time files today appear often as indestructible once uploaded to the Internet.

Speaker: tbsprs

A toilet is a toilet is a toilet ... was a toilet. Nowadays hackers discover a larger interest in doing more with toilets then just what they were designed for in the first place. Within the "Internet of things" scene the sanitarian sphere claims a place of its own. This talk will present current projects, technologies used and research published.

Speakers: Rafal Wojtczuk, Corey Kallenberg

On modern Intel based computers there exists two powerful and protected code regions: the UEFI firmware and System Management Mode (SMM). UEFI is the replacement for conventional BIOS and has the responsibility of initializing the platform. SMM is a powerful mode of execution on Intel CPUs that is even more privileged than a hypervisor. Because of their powerful positions, SMM and UEFI are protected by a variety of hardware mechanisms. In this talk, Rafal Wojtczuk and Corey Kallenberg team up to disclose several prevalent vulnerabilities that result in SMM runtime breakin as well as arbitrary reflash of the UEFI firmware.

Speaker: fabs

While graph databases are primarily known as the backbone of the modern dating world, this nerd has found a much more interesting application for them: program analysis. This talk aims to demonstrate that graph databases and the typical program representations developed in compiler construction are a match made in heaven, allowing large code bases to be mined for vulnerabilities using complex bug descriptions encoded in simple, and not so simple graph database queries.

Speaker: Ange Albertini

Old-school arcade games were so protected that hacking is the only way to preserve them before all boards are dead, and the games are lost.

Speakers: Jacob and Laura Poitras

Surveillance, cryptography, terrorism, malware, economic espionage, assassination, interventions, intelligence services, political prisoners, policing, transparency, justice and you.

Speakers: bunnie, Xobs

We introduce Fernvale, a reverse-engineered, open hardware and software platform based upon Mediatek's MT6260 value phone SoC. The MT6260 is the chip that powers many of the $10 GSM feature phones produced by the Shanzhai. Fernvale is made available as open-licensed schematics, board layouts, and an RTOS based upon the BSD-licensed NuttX, as well as a suite of open tools for code development and firmware upload. We discuss our technical reverse engineering efforts, as well as our methodology to lawfully import IP from the Shanzhai ecosystem into the Maker ecosystem. We hope to establish a repeatable, if not labor-intensive, model for opening up previously closed IP of interest, thereby outlining a path to leveling the playing field for lawful Makers.

Speaker: Bill Scannell

Of all the NSA's Cold War listening posts, their intelligence facility on top of Berlin's Teufelsberg was their most secretive.

Speakers: Rejo Zenger, Thomas Lohninger

Our talk will highlight the current debates surrounding net neutrality in Europe, the United States and other parts of the world. We will look at the results of the SaveTheInternet.eu campaign which was lunched a year ago on 30c3. We will discuss various legal protections for net neutrality, look closer at the experience of the Netherlands and we will give an overview of all important open ends of the debate.

Speakers: Lior Oppenheim, Shahar Tal

TL;DR We unravel the story of a bug that would become one of the most important vulnerabilities released this year. Also, we have free cookies. The findings we published earlier this year demystified the voodoo that is TR-069, demonstrated how mass pwnage can be achieved via server-side attacks, and proved the landscape is ripe for harvesting. We will continue where we left off to explore TR-069 client-side vulnerabilities; we analyze client implementations, pour some insight into mysterious results from our internet-wide scans, and follow to mass pwnage through remote code execution on millions of online devices. again.

Speakers: Sarah Harrison, gracefire

Whistleblowing is becoming a progressively popular topic and ways to technically support anonymous submissions by journalistic sources are being increasingly discussed and developed. However, there is much more to protecting sources than the technical side. There is currently little discussion about the surrounding ethics, operational security and public protections of sources. Two women that have expertise in all areas of source protection; from submission, to publication, to after-care explain and discuss what source protection really means, issues that have arisen in recent years, often causing disastrous consequences, as well as the important lessons to learn from these and successful cases.

Speaker: Ben Dalton

This talk asks how we might plan for the continuation of a privacy sustaining internet in light of growing trends in enforced identity checking and demonisation of everyday anonymity. It presents a 'free phonebox' project, which was tested at the FutureEverything art and technology festival in 2014, as an example of a social-technical system that promotes identity ambiguity in communication through the sharing of 'free' mobile phone minutes between strangers.

Speaker: David Kriesel

Kopierer, die spontan Zahlen im Dokument verändern: Im August 2013 kam heraus, dass so gut wie alle Xerox-Scankopierer beim Scannen Zahlen und Buchstaben einfach so durch andere ersetzen. Da man solche Fehler als Benutzer so gut wie nicht sehen kann, ist der Bug extrem gefährlich und blieb lange unentdeckt: Er existiert über acht Jahre in freier Wildbahn.

Speaker: Zakir Durumeric

The Heartbleed vulnerability took the Internet by surprise in April of this year. The vulnerability was one of the most consequential in the history of the Internet, since it allowed attackers to potentially steal login credentials, cryptographic keys, and other private data from up to half of all popular HTTPS sites. In this talk, we take a detailed look at Heartbleed and its aftermath, based on comprehensive measurements and analysis that our research team performed over the past six months. We began tracking Heartbleed's impact within hours of its disclosure using massive ZMap scans and large network telescopes. This allowed us to track which sites remained vulnerable, observe certificate revocations, and monitor for large scale attacks in close to real time. Based on this data, we also conducted one of the largest ever mass vulnerability notifications, informing the network administrators for all devices still susceptible to Heartbleed across the entire IPv4 address space. Finally, we investigated the question of whether attackers knew about and exploited Heartbleed prior to its public disclosure---and we will present new details about this question in the talk. We hope that by learning from the Heartbleed security disaster, our community can prepare to respond more effectively to such events in the future.

Speaker: Nick Sullivan

Two weeks after the Heartbleed bug was announced, CloudFlare patched the Heartbleed bug, created a challenge to prove the bug could be used to find private keys (uncovering a second bug in OpenSSL) and turned its entire network into a giant honeypot. This session will discuss the specific steps taken to prevent early disclosure, creating and scaling the first public vulnerability test, how the CloudFlare Heartbleed challenge showed that you can reveal private SSL keys (how a second bug in OpenSSL made this possible) the incredible impact of revoking over 100,000 certificates in a single day, and the results of our honeypot revealing the proportion of attack traffic versus research traffic.

Speakers: frank, Fefe

Im Format einer lockeren Abendshow werden wir die Nachrichten-Highlights des Jahres präsentieren, die Meldungen zwischen den Meldungen, die subtilen Sensationen hinter den Schlagzeilen.

Speaker: Richard Stallman

For freedom in your own computer, the software must be free. For freedom on the internet, we must organize against surveillance, censorship, SaaSS and the war against sharing.

Speaker: Erich Moechel

  • Station VIENNA in der US-Botschaft 1090 Wien
  • VIENNA ANNEX beim UNO-Sitz in Wien 1220
  • Legacy Standort „NSA-Villa“ Wien 1180
  • Relaystation Exelberg,Breitbandnetz von NSA/SCS über Wien
  • Equipment und Funktion der FORNSAT-Station Königswarte.

Speakers: Eric Wustrow, Hovav Shacham

Full-body scanners, also known as "naked scanners", are used in airports and other government facilities to detect metallic and nonmetallic objects hidden beneath people's clothes. In many countries, they play a critical part in airline security, but they have also been criticized for being unsafe, ineffective, and an invasion of privacy. To shed scientific lights on these questions, we conducted the first rigorous, independent security evaluation of such a system. We bought a government-surplus Rapiscan Secure 1000 full-body scanner on eBay and extensively tested it in our lab. We found that it's possible to conceal knives, guns, and explosives from detection by exploiting properties of the device's backscatter X-ray technology. We also investigated computer security threats: malicious software and hardware that can compromise the effectiveness, safety, and privacy of the machine. In this talk, we'll explain how full-body scanners work, describe the results of our experiments, and draw lessons to inform transportation security, embedded systems security, and the public debate over secretive and privacy invasive government technologies.

Speaker: Alexis

We from EveryCook are building an open source computerized cooking device. At 29c3 I presented the idea of digital cooking and people gave me an awesome feedback. Now, 2 years later the industry giants have realised that connecting computers and kitchen devices can do awesome things. But do they create open standards? Of course not! They create little black boxes speaking strange languages that you can't integrate in an ecosystem that wasn't designed by the manufacturers themselves. We still want an open ecosystem for free exchange of information about food and recipes. We came closer to our goal. Let me tell you...

Speaker: Frank Rieger, erdgeist, Linus Neumann, heckpiet, Constanze Kurz

Auch das Jahr 2014 geht irgendwann vorbei. Deshalb werfen wir einen Blick zurück auf die für uns besonders relevanten Themen und versuchen abzuschätzen, was im Jahr 2015 auf uns zukommen könnte.

Speaker: Andreas Dewes

I will explain why quantum computing is interesting, how it works and what you actually need to build a working quantum computer. I will use the superconducting two-qubit quantum processor I built during my PhD as an example to explain its basic building blocks. I will show how we used this processor to achieve so-called quantum speed-up for a search algorithm that we ran on it. Finally, I will give a short overview of the current state of superconducting quantum computing and Google's recently announced effort to build a working quantum computer in cooperation with one of the leading research groups in this field.

31x86 Lightning Talks Day 3 (#6579)

  • 2014-12-29T00:00:00Z1h

Speaker: Theresa

Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick!

Speaker: Marmusha

So you want to author a next Stuxnet (or even cooler than that). Here is the success recipe: forget what you have known about cyber security. When an attack transitions from control of a digital system to control of a physical process, physics and time become controlling factors instead of the digital rules encoded into your microcontroller. The holly CIA trinity is meaningless in the physical world. The uncontrollable but still running process is not really available; process dynamics does not stop simply because the controlling equipment is DoSed; electronically segregated components can still communicate over physical media (the process) and a physical phenomenon can be measured terribly wrongly (so that the wrong measurement will be proudly delivered to the digital application in a totally secure way). Where physics plays a governing role, IT security concepts are rendered useless. Please welcome a new arrival in the "damn"-frameworks series - Damn Vulnerable Chemical Process. Come to the lecture and learn what it takes to exploit a physical process: how to find vulnerabilities and how to exploit them with minimal cost and maximum impact. Get astonished about the gazillion of uncertainties you will have to face on your way to disruptive goal and realize that the TIME is ONLY what matters while designing your attack . Make sure to visit local library and refresh your knowledge on physics, chemistry, mechanics, control theory, signal processing and algorithms. The lecture will teach you how to apply this knowledge in the exciting world of cyber-physical exploitation.

Speaker: Julia Reda

After years of debate, EU copyright law is finally being revisited. The Commission will present a proposal for reform within 4 months of 31c3. And it's high time: There has never been a bigger discrepancy between the technical feasibility to share information and knowledge across all physical borders and the legal restrictions to actually do so. This talk outlines the unique opportunity and the challenge to bring copyright into the 21st century that lies in front of us. Hackers ensured that people were heard during last winter's public consultation. Can they now also ensure a progressive outcome of the reform process?

31x89 Funky File Formats (#5930)

  • 2014-12-29T00:00:00Z1h

Speaker: Ange Albertini

Binary tricks to evade identification, detection, to exploit encryption and hash collisions.

Speaker: Katharina Nocun

Die Kritik am Freihandelsabkommen TTIP und CETA auf die Chlorhühnchen zu beschränken, greift viel zu kurz. Denn bei den beiden Abkommen zwischen der EU und den USA und der EU und Kanada steht noch viel mehr auf dem Spiel. Egal ob Datenschutz, Demokratie oder Urheberrecht – Abkommen, an denen Konzerne unter Ausschluss der Öffentlichkeit mitschreiben können, sind selten eine gute Idee. Sitzungsdokumente mit “unverbindlichen” Lobby-Vorschlägen und Leaks der Vertragstexte lassen wenig Gutes erwarten. Datenschutzstandards laufen Gefahr zu Handelshemmnissen erklärt zu werden. Konzerne pochen darauf, Staaten vor außerstaatlichen Schiedsgerichten auf Schadensersatz verklagen zu können. Was die Bürger wollen, wurde im ganzen Verhandlungsprozess der beiden Freihandelsabkommen nicht einmal gefragt. Doch “Klicktivismus” war gestern – neue Strategien und Tools halfen dabei, eine Welle des dezentralen Protests loszutreten.

Speaker: René Freingruber

EMET (Enhanced Mitigation Experience Toolkit) is an application which can be used to further harden a Windows system by adding additional security protections to running processes. These protections include several ROP (Return-Oriented-Programming) checks, shellcode detection mechansims, heap-spray mitigations and many more. The talk covers techniques to bypass EMET 5.1 (the current version) and shows the audience how hard/easy it is for an attacker to accomplish this.

2014-12-29T00:00:00Z

31x92 CAESAR and NORX (#6137)

31x92 CAESAR and NORX (#6137)

  • 2014-12-29T00:00:00Z1h

Speakers: Philipp Jovanovic, aumasson

"Nearly all of the symmetric encryption modes you learned about in school, textbooks, and Wikipedia are (potentially) insecure." -- Matthew Green In recent history, we saw time and again (to some extent catastrophic) failures of cryptographic constructions for authenticated encryption (AE) due to bad design choices, implementation errors and a lack of reliable standards. After an introduction providing some background information on these topics, we present CAESAR, a new cryptographic competition which aims to find solutions to the problems mentioned above. In the second part of the talk, we introduce NORX, a new and next-generation AE scheme and our candidate for CAESAR.

Speaker: olia lialina

Since 10 years I write about Vernacular Web and Digital Folklore, about early days of the web and web design before it became a profession. It is not that easy to find pages that were made in 93-97 and are still online or look the same. Things changed in 2009, when Yahoo announced that they are closing Geocities, number one free hosting service of the last century, "myspace of the 90es", first home for many web users and a jest for "professional web" In half a year yahoo gave its users to copy their data, Archive Team managed to partly rescue the pages and release one terabyte torrent of it. In 2010 my partner Dragan Espenschied and I started to download the files. In the middle of 2011 Dragan restored the archive and we started to go through the profiles: collecting, tagging, comparing, analyzing. One Terabyte of Kilobyte Age project started. We don't only collect and restore but bring this culture of the 90es back to the web, using contemporary infrastructure. It is http://oneterabyteofkilobyteage.tumblr.com/ that posts a screenshot of a page every 20 minutes since February 2013. Or my channel on Vine, that allows to see those pages animated and with sound. And of course the blog http://contemporary-home-computing.org/1tb/ where we describe the findings. In my HIGHLY ILLUSTRATED talk I'd like to introduce to the audience pearls of the early web culture, going much deeper than usual Under Construction signs and animated GIFs nostalgia. Will show what did it mean to make a web page technically, philosophically and ideologically. Will also talk about our unique technical setting for emulating the pages and what digital preservation really means. And last but not least will talk about newer cases of deleted social networks and social services.

Speakers: Ian Goldberg, George Danezis and Nikita Borisov

In the wake of the Snowden revelations and the explicit targetting of address book and buddy list information, social service providers may wish to actively avoid learning which of its users are friends. In this talk, we will introduce the workings of a surprising technology called private information retrieval, or PIR. Then, we will describe its use in DP5, a new suite of privacy-preserving presence protocols that allow people to determine when their friends are online (and to establish secure communications with them), without a centralized provider ever learning who is friends with whom.

Speaker: Michael Büker

An overview of 70 years of nuclear weapons, focusing on some of the underlying physics, the international politics that surround the topic, modern technology for nuclear weapons detection and monitoring, and what everyone can do to help nuclear disarmament.

Speakers: Aylin, greenie, Rebekah Overdorf

Stylometry is the study of linguistic style found in text. Stylometry existed long before computers but now the field is dominated by artificial intelligence techniques. Writing style is a marker of identity that can be found in a document through linguistic information to perform authorship recognition. Authorship recognition is a threat to anonymity but knowing ways to identify authors provides methods for anonymizing authors as well. Even basic stylometry systems reach high accuracy in classifying authors correctly. Stylometry can also be used in source code to identify the author of a program. In this talk, we investigate methods to de-anonymize source code authors of C++ and authors across different domains. Source code authorship attribution could provide proof of authorship in court, automate the process of finding a cyber criminal from the source code left in an infected system, or aid in resolving copyright, copyleft and plagiarism issues in the programming fields. Programmers can obfuscate their variable or function names, but not the structures they subconsciously prefer to use or their favorite increment operators. Following this intuition, we create a new feature set that reflects coding style from properties derived from abstract syntax trees. We reach 99% accuracy in attributing 36 authors each with ten files. We experiment with many different sized datasets leading to high true positive rates. Such a unique representation of coding style has not been used as a machine learning feature to attribute authors and therefore this is a valuable contribution to the field. We also examine the need for cross-domain stylometry, where the documents of known authorship and the documents in question are written in different contexts. Specifically, we look at blogs, Twitter feeds, and Reddit comments. While traditional methods in stylometry that work well within one domain fail to identify authors across domains, we are

Speaker: Mareike Foecking

Im Rahmen meiner Forschungsarbeit "Das Bild im digitalen Wandel" beschätige ich mich mit der Veränderung der Bilder im Rahmen der Veränderung der medialen Anwendung und Vermittlung von Bildern. Darüber würde ich gerne sprechen.

Speaker: Trammell Hudson

In this presentation we demonstrate Thunderstrike, a vulnerability that allows the installation of persistent firmware modifications into the EFI boot ROM of Apple's popular MacBooks. The bootkit can be easily installed by an evil-maid via the externally accessible Thunderbolt ports and can survive reinstallation of OSX as well as hard drive replacements. Once installed, it can prevent software attempts to remove it and could spread virally across air-gaps by infecting additional Thunderbolt devices.

Speaker: Natalia Lukaszewicz

The Maker movement and patent law are like two planets moving on the orbit of innovations. Occasionally, they collide … because the Maker planet moves too fast. But, back on the Earth. Encounters with patent law can be of many reasons, e.g. filing a patent application or being blocked in making by a patent (or much worse, being accused of a patent infringement). The latter motivated the question of the permissible uses of patented inventions. The talk explains which activities on patents are lawful and keep Makers safe in their making.

Speakers: cyphunk, nathan fain

3 theater projects that illustrate the false "California Ideology" and ask us to look at our slip into neoliberalism through the backdoor of technology and to consider the ethics in the protocol.

Speakers: Robert Verch, Eva Olivin

Eine Mietwohnung ist seit circa 20 Jahren verlassen, ihr Bewohner nicht auffindbar. Unveränderte Möblierung, Ausstattung und persönliche Hinterlassenschaften sind jedoch noch vorhanden und unberührt.

Speaker: Stefan Wehrmeyer

Die interessantesten IFG-Geschichten des Jahres mit Anfragen und Ablehnungen, Klagen und Kampagnen. Außerdem: wie wir mit Hilfe des Journalismus der Informationsfreiheit neuen Antrieb geben werden!

Speaker: Anja Drephal

During World War I, homing pigeons were used to carry messages and take photographs over enemy territory. Today, experiments are being conducted to remote-control insects for similar purposes. This talk intends to give an overview of 100 years of living drones, speculate on future developments in the field, and question the ethical implications of the practice.

Speaker: Johannes Taelman

Axoloti is an integrated platform for digital audio: its graphical editor is an easy-to-use toolbox for creating sound synthesis or processing algorithms. The audio processing runs on a microcontroller board, and runs standalone after editing.

Speaker: Richard Marggraf Turley

What do the arts and literature have to contribute to urgent debates about the technization of food production? What can a play from 1605 tell us about fairer distribution of natural resources today? Equally, how might a cyber thriller from 2011 help us debate contentious issues such as gene-based technologies and utopian visions of knowledge-led society? This talk considers agri-tech and food security across a wide sweep of social and political terrain, from the Arab Spring to the European horsemeat scandal, from Shakespeare to Daniel Suarez. It argues that the arts and sciences need to cooperate to deepen understanding about, and define actions on, the big challenges facing a needy world. Finally, it suggests ways in which the arts and technology can assist us in arriving at a model of society in which resources are distributed not only more efficiently, but also more equitably.

Speaker: Leslie Dunton-Downer

June 5, 2014 marked one year since leaks by NSA whistleblower Edward Snowden began to be introduced to a worldwide public. On this date, transmediale teamed up with N.K. Projekt and Leslie Dunton-Downer, 2014 fellow at The American Academy in Berlin, for the Magical Secrecy Tour, a bus journey exploring Berlin as the global capital of informed response to mass surveillance. This inside look at the project features first-ever screening of footage shot by filmmaker Simon Klose (TPB AFK) for his documentary about the tour.

Speaker: Will Scott

This talk will reflect on teaching Computer Science in Pyongyang over the last two years, and look at how technology has been integrated into civilian life in the DPRK. Remaining an extremely isolated country, many people would be surprised to hear that cellphones have become commonplace within the capitol, let alone that the country invests in custom hardware and software. I'll talk through the current state of desktop and mobile technology in pyongyang, and what's changing.

Speaker: Kai Kunze

The talk gives an overview about the emerging field of smart glasses and how they can be used to augment our mind (e.g. how to improve our brain with technology). The talk will focus mostly on how to quantify cognitive tasks in real world environments. I also present a first application scenarios on how to use smart eyewear (e.g. google glass or JINS MEME) for short term memory augmentation and cognitive activity recognition.

Das c-atre collectivdrama präsentiert THE TIME IS RIGHT, ein Science-Fiction-Theaterstück nach einer Idee von yetzt.

„Es geht um das große Ganze! Die Bewahrung von freiem Wissen, freier Kultur – ohne Copyright-Mafiosi, die jeden Pups, der dir entfleucht, lizenzieren wollen!“ (Jo)

Als die Aktivisten Mo und Jo bei einer ihrer geheim-gefährlichen Widerstandsaktionen gegen die drohende Allmacht der Verwertungsgesellschaften von dieser sonderbaren jungen Frau, die wie aus dem Nichts erscheint, überrascht werden, ahnt noch niemand, welche weitreichenden Folgen diese Begegnung im Kampf für die Kunst der Zukunft gehabt haben wird.

THE TIME IS RIGHT

Schauspieler/innen:

Carolin Meyer
Gero Nagel
Jens Ohlig
Josefine Matthey
Martine „authmillenon“ Lenders
Mirko „macro“ Fichtner
Pierre Pronchery
Sebastian „epunc“ Marg
Sigi Oepke

Merle von Wittich
Elisabeth Krüger
Carolina Rocha

Schauspielerische Leitung:
Josefine Matthey

Dramaturgie:
Carolin Meyer

Text:
das c-atre in Zusammenarbeit mit yetzt

Musik/Sound/Komposition:
Dirk Geier

Bühnenbild:
Peter Stoltz
Sebastian Marg

Kostüm:
das c-atre

Maske:
Vivien Pöltl

Technik:
Sven Wagner

UA: 03. Juli 2014, c-base Berlin

Speaker: Netanel Rubin

tl;dr EXPLOIT ALL THE PERL. We chained several of Perl’s ridiculous syntax quirks in order to create a surprisingly powerful attack, bringing down some of the most popular Perl-based projects in the world to their knees. Brace yourselves, RCE exploits are coming.

2014-12-29T00:00:00Z

31x111 Trackography (#6299)

31x111 Trackography (#6299)

  • 2014-12-29T00:00:00Z1h

Speakers: Maria Xynou, Claudio, vecna

Have you ever wondered who is watching while you are reading your favourite media online? Whether we are reading the Guardian, the New York Times, the Hindu or any other news website, third party trackers are collecting data about our online behaviour. This lecture will present Tactical Tech's new project, Trackography, which shows that we are all part of a global tracking business.

Speakers: timobaumann, Arne Köhn

Transcribing a talk comes relatively easy to fast typists, whereas turning a transcript into time-aligned subtitles for a video requires a much larger human effort. In contrast, speech recognition performance (especially for open-source-based solutions), is still poor on open-domain topics, but speech technology is able to align a given text to the corresponding speech with high accuracy. Let's join forces to generate superior subtitling with little effort, and to improve future open-source-based speech recognizers, at the same time!

Speaker: Kévin Redon

How do garage gate remotes work? It turns out the ones from MegaCode simply send a individual fixed code. And with little efforts if was possibly to clone them, send arbitrary codes, and record them all.

Speaker: BeAnotherLab

The Machine To Be Another is an open-source interactive system designed to explore the relationship between identity and empathy through interdisciplinary performance-experiments drawing from neuroscience, VR, storytelling and art. Through research collaborations we have been developing applications in contexts of conflict resolution, the arts and healthcare.

Speaker: Tonimir Kisasondi

This talk will show a new method for password cracking called UNHash. UNHash as a tool uses rulefiles that are something in between of a DSL (Domain specific language) and a python script to describe the password cracking process. This talk will show how to mix web service abuse, knowledge of human nature and data mining to enable far better attacks against passwords. We will be focusing on a few features: cracking default passwords on network systems with minimal effort, testing for embedded backdoors and offline attacks by data mining and modeling about 33 million user account to gain insight in how users choose their passwords and how can we use that knowledge to speed up password cracking for 20% more gain for non pseudorandom passwords.

Speaker: Magnus

Extending the common 3-space-to-2-space projections to 4D and higher and how certain types of fractals can be presented using these expansions. After that we‘ll have a closer look at Fractal Flames as used in Electric Sheep.

Speaker: Walter van Holst

This speech about how the hacker scene is failing its own ideals and what questions must be addressed to make a real difference.

Speakers: Matthias Herz, Michael Johann

„Vertrauen ist gut - Kontrolle ist besser.“ Dieses Idiom gilt mehr denn je, sofern man die Aktivitäten von Geheimdiensten bewerten mag. Wie seit einiger Zeit bekannt ist, ist die Mär der massenhaften Überwachung des Einzelnen Realität. Ob und inwieweit dies Auswirkungen auf die Realität des Einzelnen hat, steht im Fokus der vorliegenden Studie.


Opt-out! No stream/recording available!


Speakers: Jöran Muuß-Merholz, Ralf Appelt, Blanche Fabri, it4n6, Martin Krönke

Beim Googlequiz spielen max. 7 Teams mit je max. 7 Spielern gegeneinander. Sie dürfen dabei nicht Google benutzen. Es ist eine recht spaßorientierte Angelegenheit, so dass auch Zuschauer willkommen sind.

Beim Googlequiz werden Aufgaben gestellt, für die man im Kopf bzw. im Team Lösungen sucht. Google oder überhaupt das Internet darf dafür nicht genutzt werden. Vorkenntnisse braucht man nicht.

Das Googlequiz war 2014 schon ziemlich gut.
Für 2015 bauen wir eine komplette Neuauflage.
Die Vorbilder, von denen die 2015er Edition inspiriert ist, heißen: Der Preis ist heiß, Glücksrad, Eins-Zwei-oder-Drei, Familienduell, Ruck-Zuck, Wikipedia.
Die Dinge, die beim #30c3 neu und gut waren, werden ausgebaut: laute, irritierende Musik sowie laute, irritierende Luftballons.


Opt-out! No stream/recording available!


Speaker: Tim Pritlove

The Podlove Project wants to lift podcast publishing on a new level by producing software, standards and specifications. Tim Pritlove introduces using Podlove Publisher, the Podlove Web Player, the Podlove Subscribe Button and other parts of the Podlove Infrastructure.

Speaker: Alexa O'Brien

A discussion with U.S. Army private Chelsea Manning's attorneys Nanny Hollander, Ahmed Ghappour, and Chase Strangio. Moderated by journalist Alexa O'Brien.

Speaker: Tor E. Bjørstad

In the parliamentary elections of September 2013, more than 250 000 Norwegians in selected municipalities were able to vote from home. They were taking part in a national trial of Internet voting, building on an advanced cryptographic protocol.

31x124 Lightning Talks Day 4 (#6580)

  • 2014-12-30T00:00:00Z1h

Speaker: breakthesystem

Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick!

Speaker: Jonas Öberg

Re-using works licensed under Creative Commons seems pretty simple, but it can often be quite time consuming. One image might be okay, but keeping track of the license and attribution of a thousand images in your mashup, or when quoting from massively crowdsourced data sets such as Wikipedia? Whoah! Don’t we have computers to do that for us!? We do – but there’s no widespread support for including licensing or author information when sharing or reusing digital works. This session will discuss how this should work in the open knowledge environment.

Speaker: Nicolas Wöhrl

The next revolution in data processing is Quantum computing. This talk is an entertaining “tour de force” starting with a brief introduction to the fascinating yet strange theories of quantum physics, the concepts of using these in quantum computing and the latest results on qubits in devices made out of real diamonds. If you want to learn about the machines that decrypt your passwords in the coming years and how you can actually grow diamonds in your microwave oven (and who wouldn’t?) this talk is for you!

Speaker: Peter Sewell

Computers have become ubiquitous and essential, but they remain massively error-prone and insecure - as if we were back in the early days of the industrial revolution, with steam engines exploding left, right, and centre. Why is this, and can we do better? Is it science, engineering, craft, or bodgery? I'll talk about attempts to mix better engineering methods from a cocktail of empiricism and logic, with examples from network protocols, programming languages, and (especially) the concurrency behaviour of programming languages and multiprocessors (from the ARMs in your phone to x86 and IBM Power servers), together with dealings with architects and language standards groups.

2014-12-30T00:00:00Z

31x128 Let's Encrypt (#6397)

31x128 Let's Encrypt (#6397)

  • 2014-12-30T00:00:00Z1h

Speaker: Seth Schoen

As we've called for widespread use of HTTPS, the cost and complexity of the certificate system has been an obstacle.

31x129 State of the Onion (#6251)

  • 2014-12-30T00:00:00Z1h

Speakers: Jacob, arma

The current state of the Tor network and community, covering important updates, discussions of the ecosystem of software, and include a longer Q&A than previous CCC talks!

Speaker: Leon

31C3 Infrastructure Review

Speakers: Ryan Lackey, Andres Erbsen, Jurre van Bergen, Ladar Levison, equinox

When the Internet was designed, it was thought to be meadows full of daisies. As we now know, it's a dark place, where communication is monitored and subverted. This session presents both developments in known solutions, as well as novel suggestions, to liberally apply crypto to improve the foundations of Internet communications.

31x132 Paypals War on Terror (#6377)

  • 2014-12-30T00:00:00Z1h

Speakers: the_no, absolem

We are the PayPal 14. For the last several years we've been restricted in what we could or couldn't say about our court case. Our sentencing is on December 4th, ending the legal restrictions on what we can share about our story.

Speakers: Tamas K Lengyel, Thomas Kittel

New methods and approaches for securing cloud environments are becoming increasingly more critical as traditional host security strategies are not well integrated into virtual environments. For example, antivirus scans are a critical component of layered defense-in-depth, but in the cloud they rapidly exhaust available CPU and memory. The cloud environment nevertheless offers a unique opportunity: the ability to peer into a running operating system from an outside perspective, known as virtual machine introspection (VMI). More interestingly, it is also possible to alter the behavior of the virtualized components to help protect virtual systems in real-time. In this talk we will explore the open-source LibVMI library which over the last year, as part of the DARPA Cyber Fast Track program, has been significantly extended to ease the process of developing cloud security solutions.

31x134 Security Nightmares (#6572)

  • 2014-12-30T00:00:00Z1h

31x135 Telescope Making (#5931)

  • 2014-12-30T00:00:00Z1h

Speaker: Madonius

In this talk an introduction to amateur telescope making (ATM) will be provided. Starting from grinding the mirror, testing it and building the telescope around it.

Speaker: Dr Gareth Owen

This talk presents the results from what we believe to be one of the largest studies into Tor Hidden Services (The Darknet) to date.

31x138 31C3 Closing Event (#6562)

  • 2014-12-30T00:00:00Z1h

Speakers: tomate, dodger

31C3 Closing Event

Loading...