Chaos Computer Club - 25C3: nothing to hide (low quality mp4)

Handschellen hacken (25c3)

Sun, 28 Dec 2008 01:00:00 +0100

Jeder kann auf Youtube ansehen, wie man normale Handschellen mit einer Büroklammer öffnet. Aber es gibt verschiedenste Hochsicherheitsmodelle mit deutlich komplizierteren Schlössern, die nur darauf warten, vom Sperrsport entdeckt zu werden... about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2963.en.html

25C3 Opening and Keynote "Nothing to hide" (25c3)

Sat, 27 Dec 2008 01:00:00 +0100

about this event: http://events.ccc.de/congress/2008/Fahrplan/events/3025.en.html

Flying for free (25c3)

Sun, 28 Dec 2008 01:00:00 +0100

Birds, glider pilots, and recently UAVs can exploit a variety of weather effects in order to gain altitude, remain airborne and travel long distances all with no power input – effectively, hacking the atmosphere to fly for free. This talk will explain the aircraft, techniques, meteorology, hardware and software that we use to achieve this. In the process I will show why the sport of gliding may be of interest to hackers, and explain how you too can get involved in this highly rewarding and low-cost form of flying. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2940.en.html

RF fingerprinting of RFID (25c3)

Sat, 27 Dec 2008 01:00:00 +0100

In the lecture portion of this workshop we will present an overview of existing and our own novel methods for hacking electronic passports and driver's licenses including novel radio frequency fingerprinting techniques. In the the hands-on section we will show participants entering with basic radio experience how to conduct experiments with RFID and reverse engineer proprietary protocols. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2845.en.html

Solar-powering your Geek Gear (25c3)

Sat, 27 Dec 2008 01:00:00 +0100

This talk will show you how to solar-power your laptop, PDA, cell phone, portable fridge or almost any other small device. Topics discussed include choosing the right solar panel, using (or not using) a voltage regulator, buffering the energy, some real applications as well as instructions on how to build a small and simple device to measure your power and energy savings. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2904.en.html

Das Grundrecht auf digitale Intimsphäre (25c3)

Sat, 27 Dec 2008 01:00:00 +0100

Das Bundesverfassungsgericht hat uns anläßlich der Verfassungsbeschwerde gegen das nordrhein-westfälische Verfassungsschutzgesetz ein neues Grundrecht auf Gewährleistung der Vertraulichkeit und Integrität von informationstechnischen Systemen geschenkt. Damit wurden für den Einsatz des geplanten Bundestrojaners zwar genaue Regelungen getroffen, aber was ist eigentlich mit den tausenden Festplatten, die jedes Jahr in Deutschland beschlagnahmt werden? about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2923.en.html

Lightning Talks Day4 (25c3)

Tue, 30 Dec 2008 01:00:00 +0100

4 minutes for every speaker. Learn about the good, the bad, and the ugly - in software, hardware, projects, and more. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2973.en.html

Mining social contacts with active RFID (25c3)

Tue, 30 Dec 2008 01:00:00 +0100

We describe the implementation of a distributed proximity detection firmware for the OpenBeacon RFID platform. We report on experiments performed during conference gatherings, where the new feature of proximity detection was used to mine and expose patterns of social contact. We discuss some properties of the networks of social contact, and show how these networks can be analyzed, visualized, and used to infer the underlying social structure. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2899.en.html

Pflanzenhacken (25c3)

Tue, 30 Dec 2008 01:00:00 +0100

Ob Tomaten, Zitronen oder Cannabis: Nutzpflanzen werden längst nicht mehr konventionell in Erde gezüchtet. Von der Auswahl des Saat- und Erbguts bis zur Ernte ist der Anbau von Pflanzen aller Art ein schwieriges, aber spannendes Thema. Die von der Industrie angestellte Forschung hilft auch dem Hobbyzüchter: Pflanzen, die ohne Erde kultiviert und wenige Wochen nach der "Aussaat" erntereif sind, gehören längst nicht mehr in Science-Fiction-Filme, sondern in den Keller des geneigten Bastlers. Dieser Vortrag soll aufzeigen, dass nicht nur bei Bits'n'Bytes, sondern auch bei Obst und Gemüse durchaus hackbares Potential besteht. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2952.en.html

Stormfucker: Owning the Storm Botnet (25c3)

Mon, 29 Dec 2008 01:00:00 +0100

In the talk we will demonstrate how to own the storm botnet (live demo included). about this event: http://events.ccc.de/congress/2008/Fahrplan/events/3000.en.html

Scalable Swarm Robotics (25c3)

Sun, 28 Dec 2008 01:00:00 +0100

The topic of swarm robotics will be introduced, including the current state of the art and some current research platforms. The problems of scalability in robot swarms will be discussed, particularly of programming and maintaining a large group of robots. The Formica platform represents a novel, very low cost approach to swarm robotics. Its design and implementation will be described, and the lecture will culminate in a live demonstration of a swarm of 25 robots cooperating on a task. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2890.en.html

Hacker Jeopardy (25c3)

Mon, 29 Dec 2008 01:00:00 +0100

Das bekannte Quizformat - aber natürlich mit Themen, die man im Fernsehen nie zu sehen bekäme. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2958.en.html

Hacker Jeopardy (English interpretation) (25c3)

Mon, 29 Dec 2008 01:00:00 +0100

English Interpretation and video transmission of the event in Saal 1 The famous quiz – of course with topics you will never see in TV. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/3057.en.html

Banking Malware 101 (25c3)

Sun, 28 Dec 2008 01:00:00 +0100

In the recent years, we observed a growing sophistication how credentials are stolen from compromised machines: the attackers use sophisticated keyloggers to control the victim's machine and use different techniques to steal the actual credentials. In this talk, we present an overview of this threat and empirical measurement results. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/3020.en.html

Squeezing Attack Traces (25c3)

Mon, 29 Dec 2008 01:00:00 +0100

This talk will give an overview about how modern attack analysis tools (dynamic honeypots, an automated shellcode analyzer, and an intrusion signature generator) can be used to get a deep understanding about what attacks do and how they work. A live demo will be given to demonstrate the usage of those tools. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/3002.en.html

Short Attention Span Security (25c3)

Sun, 28 Dec 2008 01:00:00 +0100

Working as a security consultant means that you get to see everyone's dirty laundry. However, it also means a hectic schedule and restrictive confidentiality agreements. Without violating my NDA, here's a set of turbo-talks looking at some new tricks for some new technologies and a look at some lucrative new attack surfaces that will become much more prevalent in the coming year. Topics will include: Script Injection in Flex, EFI Rootkits, static analysis with Dehydra, and pattern-matching hex editors. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2734.en.html

Analyzing RFID Security (25c3)

Mon, 29 Dec 2008 01:00:00 +0100

Many RFID tags have weaknesses, but the security level of different tags varies widely. Using the Mifare Classic cards as an example, we illustrate the complexity of RFID systems and discuss different attack vectors. To empower further analysis of RFID cards, we release an open-source, software-controlled, and extensible RFID reader with support for most common standards. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/3032.en.html

Jahresrückblick (25c3)

Sun, 28 Dec 2008 01:00:00 +0100

Es war mal wieder ein bewegtes Jahr für den CCC. Was alles passiert ist, werden wir in der gebotenen Kürze berichten. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/3024.en.html

Crafting and Hacking: Separated at Birth (25c3)

Tue, 30 Dec 2008 01:00:00 +0100

What do hackers have in common with crafters? Lots. While crafting is more often about string and glue than bits and electrons, crafters often feel the same need to create things and manipulate materials into something new. The roots of computing are intertwined with craft around the invention of the Jaquard punchcard loom. We'll look at where the two scenes have gone since then, and what we can gain by reconnecting the hacker world with its softer, more decorative cousin. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2777.en.html

Life is a Holodeck! (25c3)

Sun, 28 Dec 2008 01:00:00 +0100

This talk will give you an overview of the different techniques for spacial representation and show you how they work. Starting with a brief history on the invention of stereoscopy and lenticular representation we will quickly get into history and invention of holography, the basic principles and milestones during development through to the latest available applications and technologies. Different types of Holograms will be shown and explained. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/3016.en.html

Lightning Talks Day3 - Evening (25c3)

Mon, 29 Dec 2008 01:00:00 +0100

4 minutes for every speaker. Learn about the good, the bad, and the ugly - in software, hardware, projects, and more. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/3053.en.html

Algorithmic Music in a Box (25c3)

Sun, 28 Dec 2008 01:00:00 +0100

Small devices like microcontrollers, coupled to a few buttons, knobs, encoders and LEDs, allow for a host of interesting and creative musical applications. Solder a few bits together, program a few lines, and you can build a deep device to support your musical exploration. This lecture will show you quickly how the hardware and code works, and then focus on a few interesting applications: controllers, sequencers, sound generators. The workshop will allow you to build your own crazy ideas. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2843.en.html

Why were we so vulnerable to the DNS vulnerability? (25c3)

Sat, 27 Dec 2008 01:00:00 +0100

SSL wasn't enough. Encryption is nonexistent. Autoupdaters are horribly broken. Why is all this the case? about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2906.en.html

The Ultimate Commodore 64 Talk (25c3)

Mon, 29 Dec 2008 01:00:00 +0100

Retrocomputing is cool as never before. People play C64 games in emulators and listen to SID music, but few people know much about the C64 architecture. This talk attempts to communicate "everything about the C64" to the listener, including its internals and quirks, as well as the tricks that have been used in the demoscene, trying to revive the spirit of times when programmers counted clock cycles and hardware limitations were seen as a challenge. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2874.en.html

Running your own GSM network (25c3)

Mon, 29 Dec 2008 01:00:00 +0100

This presentation will mark the first public release of a new GPL licensed Free Software project implementing the GSM fixed network, including the various minimal necessary functionality of BSC, MSC, HLR. It will introduce the respective standards and protocols, as well as a short demonstration of an actual phone call between two mobile phones registered to the base station. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/3007.en.html

Der elektronische Personalausweis (25c3)

Mon, 29 Dec 2008 01:00:00 +0100

Die Einführung von Fingerabdrücken und biometrischen Gesichtsbildern in den geplanten elektronischen Personalausweis (ePA) ist 2008 beschlossen worden. Versprochen wird uns die sichere Identitätskontrolle, geliefert vom Dienstleister des Vertrauens, der Bundesdruckerei GmbH. Konzeptionelle Fehler aus dem Paßgesetz werden jedoch im neuen Scheckkartenformat des ePA wiederholt. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2895.en.html

Attacking NFC mobile phones (25c3)

Mon, 29 Dec 2008 01:00:00 +0100

Near Field Communication (NFC) based services and mobile phones are starting to appear in the field, therefore it is time to take a look at the security of the services and especially the NFC mobile phones themselves. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html

Predictable RNG in the vulnerable Debian OpenSSL package (25c3)

Tue, 30 Dec 2008 01:00:00 +0100

Recently, the Debian project announced an OpenSSL package vulnerability which they had been distributing for the last two years. This bug makes the PRNG predictable, affecting the keys generated by openssl and every other system that uses libssl (eg. openssh, openvpn). about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2995.en.html

Security Nightmares 2009 (25c3)

Tue, 30 Dec 2008 01:00:00 +0100

Security Nightmares - der jährliche Rückblick auf die IT-Sicherheit und der Security-Glaskugelblick für's nächste Jahr. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/3021.en.html

Kurt Gödel – I do not fit into this century (25c3)

Sat, 27 Dec 2008 01:00:00 +0100

Manche bezeichnen ihn als größten Logiker seit Aristoteles: Der 1906 geborene Wiener Mathematiker Kurt Gödel rührte ab 1930 mit seinen Unvollständigkeitssätzen an den Grundfesten der Mathematik. Er wies nach, daß es in jedem formalen logischen System Fragen gibt, die unentscheidbar sind. Sein Arbeitsleben verbrachte der Wissenschaftler, der wie viele Kollegen aus Europa fliehen mußte, am berühmten Institute for Advanced Study in Princeton – dem Mekka der modernen Mathematik. Der introvertierte Mensch Kurt Gödel schwankte dabei Zeit seines Lebens zwischen Genie und Wahnsinn, hatte zahlreiche Neurosen und eine ausgeprägte Paranoia. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/3050.en.html

Methods for Understanding Targeted Attacks with Office Documents (25c3)

Mon, 29 Dec 2008 01:00:00 +0100

As more security features and anti-exploitation mechanisms are added to modern operating systems, attackers are changing their targets to higher-level applications. In the last few years, we have seen increasing targeted attacks using malicious Office documents against both government and non-government entities. These attacks are well publicized in the media; unfortunately, there is not much public information on attack details or exploitation mechanisms employed in the attacks themselves. This presentation aims to fill the gap by offering: about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2938.en.html

SWF and the Malware Tragedy (25c3)

Mon, 29 Dec 2008 01:00:00 +0100

This talk rounds up possible web-based attacks using Flash with a particular focus on obfuscation, de-obfuscation and the generic detection of malicious SWF. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2596.en.html

Security of MICA*-based wireless sensor networks (25c3)

Sun, 28 Dec 2008 01:00:00 +0100

Firstly, we mention an initial qualitative risk assessment, carried out by interviewing the operating manager of a large suspension bridge and a contractor responsible for part of a large subway tunnel network who want to use wireless sensor networks. The core of the talk deals with assessing the practical security of the particular COTS system adopted by our team, the Crossbow MICAz motes running TinyOS or XMesh, together with the Stargate gateway: we designed and implemented a variety of attacks on this system and we discuss the security problems we found, together with appropriate fixes where possible. While some of our attacks exploit generally known vulnerabilities, others like selective jamming and power exhaustion through routing table manipulation are original and interesting in their own right. In section we also demonstrate how an attacker can undetectably alter messages in an IEEE 802.15.4 radio environment. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2831.en.html

Anatomy of smartphone hardware (25c3)

Sun, 28 Dec 2008 01:00:00 +0100

Do you know the architecture of contemporary mobile phone hardware? This presentation will explain about the individual major building blocks and overall architecture of contemporary GSM and UMTS smartphones. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/3008.en.html

Terrorist All-Stars (25c3)

Sat, 27 Dec 2008 01:00:00 +0100

After more than a year of mostly dealing with the terrorism investigation against my partner Andrej Holm, and the resulting total surveillance directed at him and our family, it has become more quiet lately for us. The investigation is *still* going on though. In the course of my new preoccupation 'terrorism' I keep hearing about similarly absurd cases of such investigations. All different, but all with analogies. All hard to bear for those who are subjected tot them. The talk will introduce some cases and search for patterns in cases against 'terrorists' who are clearly not terrorists. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2991.en.html

Cisco IOS attack and defense (25c3)

Mon, 29 Dec 2008 01:00:00 +0100

The talk will cover the past, present and future of Cisco IOS hacking, defense and forensics. Starting from the historic attacks that still work on less well managed parts of the Internet, the powerful common bugs, the classes of binary vulnerabilities and how to exploit them down to the latest methods and techniques, this session will try to give everything in one bag. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2816.en.html

OnionCat – A Tor-based Anonymous VPN (25c3)

Mon, 29 Dec 2008 01:00:00 +0100

OnionCat manages to build a complete IP transparent VPN based on Tor's hidden services, provides a simple well-known interface and has the potential to create an anonymous global network which could evolve to a feature- and information-rich network like we know the plain Internet today. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2828.en.html

Closing Ceremony (25c3)

Tue, 30 Dec 2008 01:00:00 +0100

about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2999.en.html

Repurposing the TI EZ430U (25c3)

Mon, 29 Dec 2008 01:00:00 +0100

USB devices are sometimes composed of little more than a microcontroller and a USB device controller. This lecture describes how to reprogram one such device, greatly expanding its potential. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2681.en.html

Objects as Software: The Coming Revolution (25c3)

Mon, 29 Dec 2008 01:00:00 +0100

How physical compilers (CNC machines, laser cutters, 3D printers, etc) are changing the way we make things, how we think about the nature of objects. This talk will focus on the future of digital manufacturing, and how self-replicating machines will make this technology accessible to everyone: ushering in a new era of technological advance. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2781.en.html

The Infinite Library (25c3)

Sun, 28 Dec 2008 01:00:00 +0100

Decades ago, Jorge Luis Borges wrote about infinite libraries and perfect memory with the slightly sad air of someone who'd seen those things and knew their faults. Today we work toward infinite libraries and perfect memory with little heed for the possible consequences. How could it be bad to have everything possible stored? To remember everything? I don't know that it will be bad, but I do know that it will be different from our current lives of loss and forgetting. Right now, storing pornography causes problems even for people who have nothing especially perverted to hide: A collection of pornography gets to the heart of what it means to be a private individual. As we move from mass media to individually produced media, from edited collections of porn (magazines, commercially produced films) to individual snapshots and youtube clips and stored bittorrents, the particularity of a collection of porn will be testimony to its owner's private set of tastes. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2980.en.html

Blinkenlights Stereoscope (25c3)

Sun, 28 Dec 2008 01:00:00 +0100

Blinkenlights Stereoscope is the new light installation of Project Blinkenlights, a group that originated form the Chaos Computer Club in 2001. Stereoscope targeted the City Hall in Toronto, Canada and was the biggest and most interactive installation of the group so far. The talk provides insight into how it worked and what technology had been developed to make it all happen. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2934.en.html

MD5 considered harmful today (25c3)

Tue, 30 Dec 2008 01:00:00 +0100

![We have executed an attack that ...](http://events.ccc.de/congress/2008/Fahrplan/attachments/1207_censored.jpg) about this event: http://events.ccc.de/congress/2008/Fahrplan/events/3023.en.html

About Cyborgs and Gargoyles (25c3)

Sat, 27 Dec 2008 01:00:00 +0100

In this talk I present the current state of wearable computing, computing as common and useful as clothes, focusing on activity recognition (the inference of the users current actions) using on-body sensors (accelerometers, gyroscopes and other modalities), explaining possibilities, dealing with challenges and limitations and presenting some perils. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2892.en.html

An introduction to new stream cipher designs (25c3)

Mon, 29 Dec 2008 01:00:00 +0100

Even with "nothing to hide", we want to protect the privacy of our bits and bytes. Encryption is an important tool for this, and stream ciphers are a major class of symmetric-key encryption schemes. Algorithms such as RC4 (used in WEP/WPA, bittorrent, SSL), A5/1 (GSM telephony), E0 (bluetooth), as well as AES in counter (CTR) mode, are important examples of stream ciphers used in everyday applications. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2875.en.html

Why technology sucks (25c3)

Tue, 30 Dec 2008 01:00:00 +0100

More and more technology is seen as the ultimate solution for many problems. Lack of understanding and bending rules towards the technology show that politicians and managers have an established level of incompetence. Of course this poses a problem. We tend to forget that hacking also means is having fun with things. Let's ride the incompetence and use technology 'concepts' for the things we want. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/3004.en.html

Zehn Big Brother Awards in .at (25c3)

Mon, 29 Dec 2008 01:00:00 +0100

Als erster Big-Brother-Awards-Veranstalter schaffte es Österreich, dieses Jahr die Preise bereits zum zehnten mal zu vergeben. Und obwohl es sich nur um eine Zehnerpotenz handelt, und nicht um eine zur Basis 2, ist es Zeit für einen Rückblick – und einen kleinen Ausblick. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2975.en.html

Security Nightmares 2009 (English interpretation) (25c3)

Tue, 30 Dec 2008 01:00:00 +0100

English Interpretation and video transmission of the event in Saal 1 Security Nightmares – the yearly review on IT-Security and a look into the crystal ball for next year. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/3058.en.html

Tricks: makes you smile (25c3)

Sun, 28 Dec 2008 01:00:00 +0100

A collection of engaging techniques, some unreleased and some perhaps forgotten, to make pentesting fun again. From layer 3 attacks that still work, to user interaction based exploits that aren't 'clickjacking', to local root privilege escalation without exploits and uncommon web application exploitation techniques. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2992.en.html

La Quadrature du Net - Campaigning on Telecoms Package (25c3)

Tue, 30 Dec 2008 01:00:00 +0100

La Quadrature du Net (Squaring the Net) is a citizen group informing about legislative projects menacing civil liberties as well as economic and social development in the digital age. Supported by international NGOs (EFF, OSI, ORG, Internautas, Netzwerk Freies Wissen, April, etc.), it aims at providing infrastructure for pan-European activism about such topics as network neutrality, privacy, "graduated response", etc. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2791.en.html

Attacking Rich Internet Applications (25c3)

Sun, 28 Dec 2008 01:00:00 +0100

This presentation will examine the largely underresearched topic of rich internet applications (RIAs) security in the hopes of illustrating how the complex interactions with their executing environment, and general bad security practices, can lead to exploitable applications. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2893.en.html

Not Soy Fast: Genetically Modified, Resource Greedy, and coming to a Supermarket Near You (25c3)

Tue, 30 Dec 2008 01:00:00 +0100

Soy is the magic ingredient that we often look to for our alternative, healthier, and more responsible diets. Yet the soy industry, with its boom in profits and global reach, behaves the exact opposite way. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2680.en.html

Security and anonymity vulnerabilities in Tor (25c3)

Mon, 29 Dec 2008 01:00:00 +0100

There have been a number of exciting bugs and design flaws in Tor over the years, with effects ranging from complete anonymity compromise to remote code execution. Some of them are our fault, and some are the fault of components (libraries, browsers, operating systems) that we trusted. Further, the academic research community has been coming up with increasingly esoteric – and increasingly effective! – attacks against all anonymity designs, including Tor. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2977.en.html

Vertex Hacking (25c3)

Tue, 30 Dec 2008 01:00:00 +0100

Es geht um die Methoden beim Umgang mit unbekannten Dateiformaten, speziell im Bereich der 3D-Modelle. Vorgestellt werden sollen die Werkzeuge, die Vorgehensweise, ein paar mögliche Fallstricke, interessante Implementierungsdetails und schlussendlich auch das Ergebnis in Form der Bibliothek libg3d. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2942.en.html

Wikileaks (25c3)

Tue, 30 Dec 2008 01:00:00 +0100

Wikileaks is developing an uncensorable Wikipedia for untraceable mass document leaking and analysis. In the past year, Wikileaks has publicly revealed more sensitive military documents than the entire world's press combined. Its mission has been quite successful after the launch, spawning reportage worldwide and effectively helping to bring about reform on important matters based on factual information. As of now the effort has spawned thousands of press references in major newspapers like The NY Times, The Guardian and the BBC, and tens of thousands in blog posts. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2916.en.html

Messing Around with Garage Doors (25c3)

Sat, 27 Dec 2008 01:00:00 +0100

We demonstrate a complete break of the KeeLoq crypto-system. Thanks to Power Analysis, even non-specialists can gain access to objects secured by a KeeLoq access control system. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/3030.en.html

Collapsing the European security architecture (25c3)

Sat, 27 Dec 2008 01:00:00 +0100

At the latest since 9/11, the EU took severe changes in their home affairs policy. New agreements and institutions were created to facilitate police networking (Europol, Frontex, CEPOL, new databases and their shared access). The european "cross border crime fighting" has become an EU framework. Providing that this should help to win a "war on terrorism", lots of the changes follow the US model of "Homeland Security". Risks" should be minimized by taking more and more "proactive" measures and foresee possible "threats". about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2669.en.html

DECT (25c3)

Mon, 29 Dec 2008 01:00:00 +0100

Digital Enhanced Cordless Telecommunications (DECT) is a synonym for cordless phones today. Although DECT can be found nearly everywhere, only little is known about the security of DECT. Most parts of the DECT standard are public, but all cryptographic algorithms used in DECT (authentication and encryption) are secret and not known to the public. Nevertheless we decided to investigate the security of DECT closer ... about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2937.en.html

Just Estonia and Georgia? (25c3)

Sat, 27 Dec 2008 01:00:00 +0100

Estonia and Georgia are just two examples of where global scale cooperation is required for handling security incidents on the Internet. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2988.en.html

Fnord News Show (English interpretation) (25c3)

Sun, 28 Dec 2008 01:00:00 +0100

English Interpretation and video transmission of the event in Saal 1 This year's apocalyptic Fnord-review will include the war in Georgia and the financial-crisis. We try to web the events into a kind of mega-conspiracy, so that only one group (or probably two or three) are guilty. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/3056.en.html

Climate Change - State of the Science (25c3)

Sun, 28 Dec 2008 01:00:00 +0100

We are in the midst of a major global warming, as witnessed not just by temperature measurements, but also for example by the record loss of Arctic sea ice in 2007 and 2008. This year, both the Northwest Passage and the Northeast Passage in the Arctic were open for ships to pass through for the first time in living memory. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2863.en.html

The Privacy Workshop Project (25c3)

Mon, 29 Dec 2008 01:00:00 +0100

The lecture intends to give an overview of the Privacy Workshop project started in Siegen (NRW, Germany) and to animate listeners to participate in the project. Update 2008-12-30: we finally put the slides online, but there are still some cc-license tags that need to be fixed for the last pictures. The flickr-links are ok though, so please don't moan and stay tuned :) about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2872.en.html

Embracing Post-Privacy (25c3)

Sun, 28 Dec 2008 01:00:00 +0100

The breaking away of privacy in the digital world is often understood as something dangerous, and for good reasons. But could there be opportunities in it, too? Do the current cultural and technological trends only dissolve the protected area of privacy, or could they dissolve as well the pressures that privacy is supposed to liberate us from? What if we witness a transformation of civilization so profound that terms like "private" and "public" lose their meaning altogether? Maybe we won't need "privacy" at all in the future because we will value other, new liberties more strongly? about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2979.en.html

Cracking the MSP430 BSL (25c3)

Sat, 27 Dec 2008 01:00:00 +0100

The Texas Instruments MSP430 low-power microcontroller is used in many medical, industrial, and consumer devices. When its JTAG fuse is blown, the device's firmware is kept private only a serial bootstrap loader (BSL), certain revisions of which are vulnerable to a side-channel timing analysis attack. This talk continues that from Black Hat USA by describing the speaker's adventures in creating a hardware device for exploiting this vulnerability. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2839.en.html

Building an international movement: hackerspaces.org (25c3)

Sat, 27 Dec 2008 01:00:00 +0100

We live in interesting times to build hacker spaces: physical spaces where hackers make things, inspired by European models, pop up everywhere. Whether you need inspiration to build your own hacker space or want an update on what happened in places like New York City, Washington D.C., San Francisco, or Vienna since last year: This international panel will provide you with insight. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2806.en.html

Lightning Talks Day2 (25c3)

Sun, 28 Dec 2008 01:00:00 +0100

4 minutes for every speaker. Learn about the good, the bad, and the ugly - in software, hardware, projects, and more. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/3048.en.html

Rapid Prototype Your Life (25c3)

Sun, 28 Dec 2008 01:00:00 +0100

The tools are at hand to free you from the bonds of consumer slavery. No longer must you rely on distant and faceless factories or bow down before the false idols of mass produced consumer manufactured items. Never again look into the aisles of oblivion filled with mass produced products. Take rapid prototype manufacturing into your life and return to a time before corporations robbed you of our individualism. A cottage industry paradise awaits those with the digital skills and the means to acquire or build the machines that can actualize the items that exist now only in your imagination. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/3015.en.html

All your base(s) are belong to us (25c3)

Sun, 28 Dec 2008 01:00:00 +0100

New DNA genotyping and sequencing technologies have recently advanced the possibilities for both mass and individual genomics by several orders of magnitude. The personal genome on DVD, genetic analysis of entire populations, and government DNA databases are but a few of the results of this process. The field is still accelerating, and the related computational challenges are enormous. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/3044.en.html

U23 (25c3)

Sat, 27 Dec 2008 01:00:00 +0100

Organize and operate a workshop for young people. Show them how your hackerspace works. Gain their attraction in having fun with hardware, electronics, microprocessors, software or hacking. Become known to new persons. Create networks of brains for new, cool projects. Let them experience the amazing power of teamwork! about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2827.en.html

Exploiting Symbian (25c3)

Sun, 28 Dec 2008 01:00:00 +0100

SymbianOS is one of the major smart phone operating system and has been around for many years still exploitation has not been researched yet. The lack of proper exploitation techniques is mostly due to the fact that until the recent introduction of PIPS/OpenC (a POSIX API port) SymbianOS did not have the means for programmers to EASILY write insecure code. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2832.en.html

Datenpannen (25c3)

Sat, 27 Dec 2008 01:00:00 +0100

Wer nichts zu verbergen hat, hat nichts zu befürchten? Die zuständigen Mitarbeiter halten sich strikt an das Gesetz? Überwachung hat für die Betroffenen keine negativen Folgen? Im Jahr 2008 sind diese Irrtümer so häufig widerlegt worden wie noch nie: Datenskandale bei LIDL, Telekom und dutzenden anderen, per Internet zugängliche Meldedaten, Massenverkauf von Bank- und Telefondaten – eine Liste ohne Ende im Datenskandaljahr 2008. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2814.en.html

Advanced memory forensics: The Cold Boot Attacks (25c3)

Sat, 27 Dec 2008 01:00:00 +0100

Contrary to popular assumption, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at operating temperatures and even if removed from a motherboard. Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2922.en.html

Privacy in the social semantic web (25c3)

Mon, 29 Dec 2008 01:00:00 +0100

[[ Thank you all for your feedback. I currently register some hacking space on berlios.de so we can have a mailing list and maybe a wiki! please contact me at: jan.heuer <<ät<< uni-muenster.de ]] In the last years the static web has moved towards an interactive web – often referred to as the web2.0. People collaboratively write articles in online encyclopedias like Wikipedia or self-portray themselves with profiles in social networks like Myspace. Delicious allows people to tag their bookmarks and share them with friends. Twitter is a short status message service to tell friends what you're doing right now. The diversity of applications attracts a huge amount of users and the application can be used from any computer. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2873.en.html

Beyond Asimov - Laws for Robots (25c3)

Sat, 27 Dec 2008 01:00:00 +0100

Robotic systems become more and more autonomous, and telepresence develops very rapidly. But what happens if things go wrong? Who is responsible for that autonomous cleaning car murdering tourists? How can you identify the owner of that spy-drone filming you naked at the pool? This talk outlines some ideas to trigger a debate on how to deal with these problems, without stifling innovation and fun. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2815.en.html

Console Hacking 2008: Wii Fail (25c3)

Sun, 28 Dec 2008 01:00:00 +0100

The Nintendo Wii game console has been one of the most popular of all time, selling almost as many units as all of its competitors combined. Despite being cheaper than the PS3 and Xbox360, it contains a sophisticated security architecture that withstood over a year of concerted effort to hack the device. The design itself is impressive; unfortunately, flaws in the implementation (both subtle and severe) render the device easily hacked, with little chance of recovery. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2799.en.html

Lightning Talks Day3 - Morning (25c3)

Mon, 29 Dec 2008 01:00:00 +0100

4 minutes for every speaker. Learn about the good, the bad, and the ugly - in software, hardware, projects, and more. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/3047.en.html

FAIFA: A first open source PLC tool (25c3)

Sat, 27 Dec 2008 01:00:00 +0100

PLC (PowerLineCommunications) had been widely used currently for the in-home LANs and for Internet access over PowerLineCommunications based on the market standard called HomePlug. Electricity is a great medium to transport data over existing cables in-home and outdoor but gives the network an old-school flavor of the behaviour of the hub where all stations share the medium. In this lecture, we present the freshly released FAIFA open source software that can be used to audit the security of PLC networks and script some flawnesses of the PLC devices. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2901.en.html

The Trust Situation (25c3)

Sat, 27 Dec 2008 01:00:00 +0100

In many social situations, people start to adjust their behaviour due to surveillance. Inspired by more and more cases of breaches of data protection regulations, an erosion of trust into these regulations and those who forfeit them can be seen. The consequences of this are grim. Either we abolish surveillance technologies or the idea of "informational self-determination". about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2665.en.html

Security Failures in Smart Card Payment Systems (25c3)

Sat, 27 Dec 2008 01:00:00 +0100

PIN entry devices (PED) are used in the Chip & PIN (EMV) system to process customers' card details and PINs in stores world-wide. Because of the highly sensitive information they handle, PEDs are subject to an extensive security evaluation procedure. We have demonstrated that the tamper protection of two popular PEDs can be easily circumvented with a paperclip, some basic technical skills, and off-the-shelf electronics. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2953.en.html

Der Hackerparagraph 202c StGB (25c3)

Sat, 27 Dec 2008 01:00:00 +0100

Es wird Zeit, dass wir mal über die Dinge sprechen, die wir seit dem Inkrafttreten des Hackerparagraphen nicht mehr machen können. Und die Dinge, bei denen wir uns nicht sicher sind, ob wir sie machen können, und daher lieber sein lassen. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/3028.en.html

Hacking the iPhone (25c3)

Sat, 27 Dec 2008 01:00:00 +0100

Apple's iPhone has made a tremendous impact on the smartphone market and the public consciousness, but it has also highlighted their desire to carefully control the device with draconian restrictions. These restrictions prevent users from choosing to run third-party applications unauthorized by Apple and using the devices on carriers not approved by Apple. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2976.en.html

Erich Mühsams Tagebücher in der Festungshaft (25c3)

Sat, 27 Dec 2008 01:00:00 +0100

Während seiner Festungshaft (1920-1924) wurden dem Dichter und Anarchisten Erich Mühsam mehrfach die Tagebücher konfisziert, ausgewertet und (teils öffentlich) gegen ihn verwendet. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2807.en.html

Fnord News Show (25c3)

Sun, 28 Dec 2008 01:00:00 +0100

Das wird dieses Jahr ein apokalyptischer Fnord-Rückblick inklusive Georgien-Krieg und Finanzkrise. Wir versuchen, die Geschehnisse in eine Art Mega-Verschwörungstheorie zu weben, sodass eine Gruppe (oder vielleicht zwei oder drei) an allem schuld sind. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2812.en.html

TCP Denial of Service Vulnerabilities (25c3)

Sun, 28 Dec 2008 01:00:00 +0100

The Transmission Control Protocol (TCP) is one of the fundamental protocols used in today's communication networks. Recently, there has been an increased discussion on possible Denial of Service attacks against TCP-based services, which has largely been triggered by the partial disclosure of several vulnerabilities by the security company Outpost24. This talk will present several TCP vulnerabilities in an attempt to find out just what they found. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2909.en.html

eVoting after Nedap and Digital Pen (25c3)

Mon, 29 Dec 2008 01:00:00 +0100

Cryptographic methods have been suggested as a solution of the transparency and auditability issues in electronic voting. This talk introduces some of the suggested approaches and explains why such methods replace one issue with another, rather than fixing it. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/3041.en.html

Chip Reverse Engineering (25c3)

Sat, 27 Dec 2008 01:00:00 +0100

Cryptographic algorithms are often kept secret in the false belief that this provides security. To find and analyze these algorithms, we reverse-engineering the silicon chips that implement them. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2896.en.html

Neusprech im Überwachungsstaat (25c3)

Mon, 29 Dec 2008 01:00:00 +0100

Politiker wollen ihre Überwachungspläne schmackhaft machen. Neben der inhaltlichen Verharmlosung von Vorratsdatenspeicherung, Onlinedurchsuchung, Videoüberwachung usw. nutzen sie sprachliche Mittel, um ihre Maßnahmen durchzusetzen. Negativ besetzte Wörter werden durch positive ersetzt und rhetorische Muster werden verwendet, um negative Aspekte auszublenden. Der Vortrag beleuchtet Merkmale der Politikersprache, die in Anlehnung an George Orwell als Neusprech bezeichnet werden kann. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2860.en.html

Locating Mobile Phones using SS7 (25c3)

Sat, 27 Dec 2008 01:00:00 +0100

You are used to your mobile phone number following you around the globe. But the same functionality that makes you reachable worldwide can also be used to track your whereabouts down to city-level – without you ever knowing about it. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2997.en.html

Full-Disk-Encryption Crash-Course (25c3)

Sun, 28 Dec 2008 01:00:00 +0100

This is not a hacking presentation, no vulnerabilities are presented. It's a crash-course in full-disk-encryption ("FDE") concepts, products and implementation aspects. An overview of both commercial and open-source offerings for Windows, Linux, and MacOSX is given. A (programmer's) look at the open-source solutions concludes the presentation. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2882.en.html

Soviet Unterzoegersdorf (25c3)

Sun, 28 Dec 2008 01:00:00 +0100

Join a glorious gala presentation with his Excellency and a battalion of members of the Soviet Unterzoegersdorf Military Enforcement Community. We will present the envious "First World" with the fruits of our techno-labor. Among other triumphs on display will be the second part of an ongoing series of so-called "Computer Games" or "Virtual Hyper-Rooms" glorifying the struggles of the Motherland, Soviet Unterzoegersdorf: Sector II. We promise not to mention the SALT II agreement. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2773.en.html

coreboot: Beyond The Final Frontier (25c3)

Sat, 27 Dec 2008 01:00:00 +0100

The BIOS and it's successor EFI are considered by many to be the final frontier for open source software in commodity PCs. This talk describes the BIOS replacement coreboot (formerly LinuxBIOS) and the projects surrounding it. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2970.en.html

Vulnerability discovery in encrypted closed source PHP applications (25c3)

Sun, 28 Dec 2008 01:00:00 +0100

Security audits of PHP applications are usually performed on a source code basis. However sometimes vendors protect their source code by encrypting their applications with runtime (bytecode-)encryptors. When these tools are used source code analysis is no longer possible and because these tools change how PHP works internally, several greybox security scanning/fuzzing techniques relying on hooks fail, too. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2678.en.html