Chaos Computer Club - 25C3: nothing to hide (ogg)

4 minutes for every speaker. Learn about the good, the bad, and the ugly - in software, hardware, projects, and more. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2973.en.html

We describe the implementation of a distributed proximity detection firmware for the OpenBeacon RFID platform. We report on experiments performed during conference gatherings, where the new feature of proximity detection was used to mine and expose patterns of social contact. We discuss some properties of the networks of social contact, and show how these networks can be analyzed, visualized, and used to infer the underlying social structure. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2899.en.html

Ob Tomaten, Zitronen oder Cannabis: Nutzpflanzen werden längst nicht mehr konventionell in Erde gezüchtet. Von der Auswahl des Saat- und Erbguts bis zur Ernte ist der Anbau von Pflanzen aller Art ein schwieriges, aber spannendes Thema. Die von der Industrie angestellte Forschung hilft auch dem Hobbyzüchter: Pflanzen, die ohne Erde kultiviert und wenige Wochen nach der "Aussaat" erntereif sind, gehören längst nicht mehr in Science-Fiction-Filme, sondern in den Keller des geneigten Bastlers. Dieser Vortrag soll aufzeigen, dass nicht nur bei Bits'n'Bytes, sondern auch bei Obst und Gemüse durchaus hackbares Potential besteht. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2952.en.html

What do hackers have in common with crafters? Lots. While crafting is more often about string and glue than bits and electrons, crafters often feel the same need to create things and manipulate materials into something new. The roots of computing are intertwined with craft around the invention of the Jaquard punchcard loom. We'll look at where the two scenes have gone since then, and what we can gain by reconnecting the hacker world with its softer, more decorative cousin. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2777.en.html

Recently, the Debian project announced an OpenSSL package vulnerability which they had been distributing for the last two years. This bug makes the PRNG predictable, affecting the keys generated by openssl and every other system that uses libssl (eg. openssh, openvpn). about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2995.en.html

Security Nightmares - der jährliche Rückblick auf die IT-Sicherheit und der Security-Glaskugelblick für's nächste Jahr. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/3021.en.html

about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2999.en.html

 about this event: http://events.ccc.de/congress/2008/Fahrplan/events/3023.en.html

More and more technology is seen as the ultimate solution for many problems. Lack of understanding and bending rules towards the technology show that politicians and managers have an established level of incompetence. Of course this poses a problem. We tend to forget that hacking also means is having fun with things. Let's ride the incompetence and use technology 'concepts' for the things we want. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/3004.en.html

English Interpretation and video transmission of the event in Saal 1 Security Nightmares – the yearly review on IT-Security and a look into the crystal ball for next year. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/3058.en.html

La Quadrature du Net (Squaring the Net) is a citizen group informing about legislative projects menacing civil liberties as well as economic and social development in the digital age. Supported by international NGOs (EFF, OSI, ORG, Internautas, Netzwerk Freies Wissen, April, etc.), it aims at providing infrastructure for pan-European activism about such topics as network neutrality, privacy, "graduated response", etc. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2791.en.html

Soy is the magic ingredient that we often look to for our alternative, healthier, and more responsible diets. Yet the soy industry, with its boom in profits and global reach, behaves the exact opposite way. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2680.en.html

Es geht um die Methoden beim Umgang mit unbekannten Dateiformaten, speziell im Bereich der 3D-Modelle. Vorgestellt werden sollen die Werkzeuge, die Vorgehensweise, ein paar mögliche Fallstricke, interessante Implementierungsdetails und schlussendlich auch das Ergebnis in Form der Bibliothek libg3d. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2942.en.html

Wikileaks is developing an uncensorable Wikipedia for untraceable mass document leaking and analysis. In the past year, Wikileaks has publicly revealed more sensitive military documents than the entire world's press combined. Its mission has been quite successful after the launch, spawning reportage worldwide and effectively helping to bring about reform on important matters based on factual information. As of now the effort has spawned thousands of press references in major newspapers like The NY Times, The Guardian and the BBC, and tens of thousands in blog posts. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2916.en.html

In the talk we will demonstrate how to own the storm botnet (live demo included). about this event: http://events.ccc.de/congress/2008/Fahrplan/events/3000.en.html

Das bekannte Quizformat - aber natürlich mit Themen, die man im Fernsehen nie zu sehen bekäme. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2958.en.html

English Interpretation and video transmission of the event in Saal 1 The famous quiz – of course with topics you will never see in TV. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/3057.en.html

This talk will give an overview about how modern attack analysis tools (dynamic honeypots, an automated shellcode analyzer, and an intrusion signature generator) can be used to get a deep understanding about what attacks do and how they work. A live demo will be given to demonstrate the usage of those tools. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/3002.en.html

Many RFID tags have weaknesses, but the security level of different tags varies widely. Using the Mifare Classic cards as an example, we illustrate the complexity of RFID systems and discuss different attack vectors. To empower further analysis of RFID cards, we release an open-source, software-controlled, and extensible RFID reader with support for most common standards. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/3032.en.html

4 minutes for every speaker. Learn about the good, the bad, and the ugly - in software, hardware, projects, and more. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/3053.en.html

Retrocomputing is cool as never before. People play C64 games in emulators and listen to SID music, but few people know much about the C64 architecture. This talk attempts to communicate "everything about the C64" to the listener, including its internals and quirks, as well as the tricks that have been used in the demoscene, trying to revive the spirit of times when programmers counted clock cycles and hardware limitations were seen as a challenge. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2874.en.html

This presentation will mark the first public release of a new GPL licensed Free Software project implementing the GSM fixed network, including the various minimal necessary functionality of BSC, MSC, HLR. It will introduce the respective standards and protocols, as well as a short demonstration of an actual phone call between two mobile phones registered to the base station. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/3007.en.html

Die Einführung von Fingerabdrücken und biometrischen Gesichtsbildern in den geplanten elektronischen Personalausweis (ePA) ist 2008 beschlossen worden. Versprochen wird uns die sichere Identitätskontrolle, geliefert vom Dienstleister des Vertrauens, der Bundesdruckerei GmbH. Konzeptionelle Fehler aus dem Paßgesetz werden jedoch im neuen Scheckkartenformat des ePA wiederholt. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2895.en.html

Near Field Communication (NFC) based services and mobile phones are starting to appear in the field, therefore it is time to take a look at the security of the services and especially the NFC mobile phones themselves. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html

As more security features and anti-exploitation mechanisms are added to modern operating systems, attackers are changing their targets to higher-level applications. In the last few years, we have seen increasing targeted attacks using malicious Office documents against both government and non-government entities. These attacks are well publicized in the media; unfortunately, there is not much public information on attack details or exploitation mechanisms employed in the attacks themselves. This presentation aims to fill the gap by offering: about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2938.en.html

This talk rounds up possible web-based attacks using Flash with a particular focus on obfuscation, de-obfuscation and the generic detection of malicious SWF. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2596.en.html

The talk will cover the past, present and future of Cisco IOS hacking, defense and forensics. Starting from the historic attacks that still work on less well managed parts of the Internet, the powerful common bugs, the classes of binary vulnerabilities and how to exploit them down to the latest methods and techniques, this session will try to give everything in one bag. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2816.en.html

OnionCat manages to build a complete IP transparent VPN based on Tor's hidden services, provides a simple well-known interface and has the potential to create an anonymous global network which could evolve to a feature- and information-rich network like we know the plain Internet today. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2828.en.html

USB devices are sometimes composed of little more than a microcontroller and a USB device controller. This lecture describes how to reprogram one such device, greatly expanding its potential. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2681.en.html

How physical compilers (CNC machines, laser cutters, 3D printers, etc) are changing the way we make things, how we think about the nature of objects. This talk will focus on the future of digital manufacturing, and how self-replicating machines will make this technology accessible to everyone: ushering in a new era of technological advance. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2781.en.html

Even with "nothing to hide", we want to protect the privacy of our bits and bytes. Encryption is an important tool for this, and stream ciphers are a major class of symmetric-key encryption schemes. Algorithms such as RC4 (used in WEP/WPA, bittorrent, SSL), A5/1 (GSM telephony), E0 (bluetooth), as well as AES in counter (CTR) mode, are important examples of stream ciphers used in everyday applications. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2875.en.html

Als erster Big-Brother-Awards-Veranstalter schaffte es Österreich, dieses Jahr die Preise bereits zum zehnten mal zu vergeben. Und obwohl es sich nur um eine Zehnerpotenz handelt, und nicht um eine zur Basis 2, ist es Zeit für einen Rückblick – und einen kleinen Ausblick. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2975.en.html

There have been a number of exciting bugs and design flaws in Tor over the years, with effects ranging from complete anonymity compromise to remote code execution. Some of them are our fault, and some are the fault of components (libraries, browsers, operating systems) that we trusted. Further, the academic research community has been coming up with increasingly esoteric – and increasingly effective! – attacks against all anonymity designs, including Tor. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2977.en.html

Digital Enhanced Cordless Telecommunications (DECT) is a synonym for cordless phones today. Although DECT can be found nearly everywhere, only little is known about the security of DECT. Most parts of the DECT standard are public, but all cryptographic algorithms used in DECT (authentication and encryption) are secret and not known to the public. Nevertheless we decided to investigate the security of DECT closer ... about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2937.en.html

The lecture intends to give an overview of the Privacy Workshop project started in Siegen (NRW, Germany) and to animate listeners to participate in the project. Update 2008-12-30: we finally put the slides online, but there are still some cc-license tags that need to be fixed for the last pictures. The flickr-links are ok though, so please don't moan and stay tuned :) about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2872.en.html

[[ Thank you all for your feedback. I currently register some hacking space on berlios.de so we can have a mailing list and maybe a wiki! please contact me at: jan.heuer <<ät<< uni-muenster.de ]] In the last years the static web has moved towards an interactive web – often referred to as the web2.0. People collaboratively write articles in online encyclopedias like Wikipedia or self-portray themselves with profiles in social networks like Myspace. Delicious allows people to tag their bookmarks and share them with friends. Twitter is a short status message service to tell friends what you're doing right now. The diversity of applications attracts a huge amount of users and the application can be used from any computer. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2873.en.html

4 minutes for every speaker. Learn about the good, the bad, and the ugly - in software, hardware, projects, and more. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/3047.en.html

Cryptographic methods have been suggested as a solution of the transparency and auditability issues in electronic voting. This talk introduces some of the suggested approaches and explains why such methods replace one issue with another, rather than fixing it. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/3041.en.html

Politiker wollen ihre Überwachungspläne schmackhaft machen. Neben der inhaltlichen Verharmlosung von Vorratsdatenspeicherung, Onlinedurchsuchung, Videoüberwachung usw. nutzen sie sprachliche Mittel, um ihre Maßnahmen durchzusetzen. Negativ besetzte Wörter werden durch positive ersetzt und rhetorische Muster werden verwendet, um negative Aspekte auszublenden. Der Vortrag beleuchtet Merkmale der Politikersprache, die in Anlehnung an George Orwell als Neusprech bezeichnet werden kann. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2860.en.html

Jeder kann auf Youtube ansehen, wie man normale Handschellen mit einer Büroklammer öffnet. Aber es gibt verschiedenste Hochsicherheitsmodelle mit deutlich komplizierteren Schlössern, die nur darauf warten, vom Sperrsport entdeckt zu werden... about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2963.en.html

Birds, glider pilots, and recently UAVs can exploit a variety of weather effects in order to gain altitude, remain airborne and travel long distances all with no power input – effectively, hacking the atmosphere to fly for free. This talk will explain the aircraft, techniques, meteorology, hardware and software that we use to achieve this. In the process I will show why the sport of gliding may be of interest to hackers, and explain how you too can get involved in this highly rewarding and low-cost form of flying. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2940.en.html

The topic of swarm robotics will be introduced, including the current state of the art and some current research platforms. The problems of scalability in robot swarms will be discussed, particularly of programming and maintaining a large group of robots. The Formica platform represents a novel, very low cost approach to swarm robotics. Its design and implementation will be described, and the lecture will culminate in a live demonstration of a swarm of 25 robots cooperating on a task. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2890.en.html

In the recent years, we observed a growing sophistication how credentials are stolen from compromised machines: the attackers use sophisticated keyloggers to control the victim's machine and use different techniques to steal the actual credentials. In this talk, we present an overview of this threat and empirical measurement results. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/3020.en.html

Working as a security consultant means that you get to see everyone's dirty laundry. However, it also means a hectic schedule and restrictive confidentiality agreements. Without violating my NDA, here's a set of turbo-talks looking at some new tricks for some new technologies and a look at some lucrative new attack surfaces that will become much more prevalent in the coming year. Topics will include: Script Injection in Flex, EFI Rootkits, static analysis with Dehydra, and pattern-matching hex editors. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2734.en.html

Es war mal wieder ein bewegtes Jahr für den CCC. Was alles passiert ist, werden wir in der gebotenen Kürze berichten. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/3024.en.html

This talk will give you an overview of the different techniques for spacial representation and show you how they work. Starting with a brief history on the invention of stereoscopy and lenticular representation we will quickly get into history and invention of holography, the basic principles and milestones during development through to the latest available applications and technologies. Different types of Holograms will be shown and explained. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/3016.en.html

Small devices like microcontrollers, coupled to a few buttons, knobs, encoders and LEDs, allow for a host of interesting and creative musical applications. Solder a few bits together, program a few lines, and you can build a deep device to support your musical exploration. This lecture will show you quickly how the hardware and code works, and then focus on a few interesting applications: controllers, sequencers, sound generators. The workshop will allow you to build your own crazy ideas. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2843.en.html

Firstly, we mention an initial qualitative risk assessment, carried out by interviewing the operating manager of a large suspension bridge and a contractor responsible for part of a large subway tunnel network who want to use wireless sensor networks. The core of the talk deals with assessing the practical security of the particular COTS system adopted by our team, the Crossbow MICAz motes running TinyOS or XMesh, together with the Stargate gateway: we designed and implemented a variety of attacks on this system and we discuss the security problems we found, together with appropriate fixes where possible. While some of our attacks exploit generally known vulnerabilities, others like selective jamming and power exhaustion through routing table manipulation are original and interesting in their own right. In section we also demonstrate how an attacker can undetectably alter messages in an IEEE 802.15.4 radio environment. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2831.en.html

Do you know the architecture of contemporary mobile phone hardware? This presentation will explain about the individual major building blocks and overall architecture of contemporary GSM and UMTS smartphones. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/3008.en.html

Decades ago, Jorge Luis Borges wrote about infinite libraries and perfect memory with the slightly sad air of someone who'd seen those things and knew their faults. Today we work toward infinite libraries and perfect memory with little heed for the possible consequences. How could it be bad to have everything possible stored? To remember everything? I don't know that it will be bad, but I do know that it will be different from our current lives of loss and forgetting. Right now, storing pornography causes problems even for people who have nothing especially perverted to hide: A collection of pornography gets to the heart of what it means to be a private individual. As we move from mass media to individually produced media, from edited collections of porn (magazines, commercially produced films) to individual snapshots and youtube clips and stored bittorrents, the particularity of a collection of porn will be testimony to its owner's private set of tastes. about this event: http://events.ccc.de/congress/2008/Fahrplan/events/2980.en.html