Attraktor Wiki - User contributions [en]

Termin:Kongress-Kino-28C3 Nr. 46

2012-11-20T10:40:10Z

Muelli: Created page with " {{Termin |date=2012/11/21 20:30:00 PM |enddate=2012/11/21 22:00:00 PM |title=Kongress Kino Nr. 46 |visible=Yes }} Category:Chaotic-Congress-Cinema Category:Kongress-Kino..."

{{Termin
|date=2012/11/21 20:30:00 PM
|enddate=2012/11/21 22:00:00 PM
|title=Kongress Kino Nr. 46
|visible=Yes
}}
[[Category:Chaotic-Congress-Cinema]]
[[Category:Kongress-Kino]]

Wir schauen uns die Aufzeichnung von Congress-Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

Weitere Informationen unter [http://wiki.attraktor.org/index.php/Category:Kongress-Kino Kongress Kino].

== NOC Review ==
NOC Review about the Camp 2011 and 28C3

A review about the camp and the congress network. Network layout,
planning, setup, operation and finally the teardown.

This talk will review both the 28C3 and, due to popular demand, the
Camp network.

First we would like to give you a review about our network at the
camp, where we built a mid-sized carrier network in a few weeks at a
camp ground with no infrastructure: Starting at the 4km fibre uplink
and the roll out of fibre over the whole campground, you will learn
how to build proper datenklos, deploy access switches and WLAN access
points in them and also how to convert a shipping container into a
sophisticated outdoor data center, in order to build a network that
can deliver pictures of cute little cats to over 3000 users. We had
some issues and challenging tasks, which we wish to report; we also
have some graphs, diagrams, photos and graphics which we want to share
with you.

The second part will be about the network of the 28C3, which is more
or less the usual stuff like every year. You will see some graphs,
infrastructure, and hopefully no reports about big issues. ;)

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4927.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4927-en-noc_review_28c3_camp_h264.mp4>

== KinectFusion ==
Real-time 3D Reconstruction and Interaction Using a Moving Depth
Camera

This project investigates techniques to track the 6DOF position of
handheld depth sensing cameras, such as Kinect, as they move through
space and perform high quality 3D surface reconstructions for
interaction.

While depth cameras are not conceptually new, Kinect has made such
sensors accessible to all. The quality of the depth sensing, given the
low-cost and real-time nature of the device, is compelling, and has
made the sensor instantly popular with researchers and enthusiasts
alike. The Kinect camera uses a structured light technique to generate
real-time depth maps containing discrete range measurements of the
physical scene. This data can be reprojected as a set of discrete 3D
points (or point cloud). Even though the Kinect depth data is
compelling, particularly compared to other commercially available
depth cameras, it is still inherently noisy. Depth mea- surements
often fluctuate and depth maps contain numerous ‘holes’ where no
readings were obtained. To generate 3D models for use in applications
such as gaming, physics, or CAD, higher-level surface geometry needs
to be inferred from this noisy point-based data. One simple approach
makes strong assumptions about the connectivity of neighboring points
within the Kinect depth map to generate a mesh representation. This,
however, leads to noisy and low-quality meshes. As importantly, this
approach creates an incomplete mesh, from only a single, fixed
viewpoint. To create a complete (or even watertight) 3D model,
different viewpoints of the physical scene must be captured and fused
into a single representation. This talk presents a novel interactive
reconstruction system called KinectFusion). The system takes live
depth data from a moving Kinect camera and, in real- time, creates a
single high-quality, geometrically accurate, 3D model. A user holding
a standard Kinect camera can move within any indoor space, and
reconstruct a 3D model of the physical scene within seconds. The
system continuously tracks the 6 degrees-of-freedom (DOF) pose of the
camera and fuses new viewpoints of the scene into a global surface-
based representation. A novel GPU pipeline allows for accurate camera
tracking and surface reconstruction at interactive real-time rates. We
demonstrate core uses of KinectFusion as a low-cost handheld scanner,
and present novel interactive methods for segmenting physical objects
of interest from the reconstructed scene. We show how a real-time 3D
model can be leveraged for geometry-aware augmented reality (AR) and
physics- based interactions, where virtual worlds more realistically
merge and interact with the real. Placing such systems into an
interaction context, where users need to dynamically interact in front
of the sensor, reveals a fundamental challenge – no longer can we
assume a static scene for camera tracking or reconstruction. We
illustrate failure cases caused by a user moving in front of the
sensor. We describe new meth ods to overcome these limitations,
allowing camera tracking and reconstruction of a static background
scene, while simultaneously segmenting, reconstructing and tracking
foreground objects, including the user. We use this approach to
demonstrate real-time multi-touch inter actions anywhere, allowing a
user to appropriate any physical surface, be it planar or non-planar,
for touch.

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4928.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4928-en-kinectfusion_h264.mp4>

Termin:Chaotic-Congress-Cinema-28C3 Nr. 42

2012-10-22T01:45:04Z

Muelli: Created page with " {{Termin |date=2012/10/24 18:45:00 PM |enddate=2012/10/24 22:00:00 PM |title=Chaotic Congress Cinema Nr. 42 |visible=Yes }} Category:Chaotic-Congress-Cinema Wir schauen uns..."

{{Termin
|date=2012/10/24 18:45:00 PM
|enddate=2012/10/24 22:00:00 PM
|title=Chaotic Congress Cinema Nr. 42
|visible=Yes
}}
[[Category:Chaotic-Congress-Cinema]]

Wir schauen uns die Aufzeichnung von Congress-Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

Weitere Informationen unter [http://wiki.attraktor.org/index.php/Category:Chaotic-Congress-Cinema Chaotic Congress Cinema].

== Changing techno-optimists by shaking up the bureaucrats ==

Meet the Netherlands: a nation filled with techno-optimists protecting
our freedom by puting in place restrictions on what you can do,
reducing our privacy and have technology as a solution for anything
and everything. When you make a trip we store your details for two
years, your airplane meal selection from two years earlier is good
data to test with and when migrating the government website we keep
the old website running in an unmaintained state. If you have nothing
to hide nothing can go wrong and there is nothing you can do.

Well not quite. What would happen if you play the system? If you would
take the train and hack the card? What if you were to pick up the
resistance you face and use it in your advantage. No matter what the
costs would carry on? If you would take some data and show the
failures? Not just once but a full month long and call that month
Leaktober. What if you would publicly call the failures with our
personal data? Ultimately you make a difference. You change the law,
you changes the rules of the game and you really can raise the
question if storing all that data is really needed. Ultimately people
really start to doubt if this is the right way to go.

This is a strategic and tactical story on how you can regain some
privacy and data protection. Even though for a journalist this should
be normal work, thanks to some people these things become very
personal. It ends in criminal prosecution, legal threats, insults, a
successful counter hack and ultimately a lot of benefits. But standing
up for a cause does work as long as you focus on the stories you want
to bring. My story is about hacking the system from the inside,
overcoming fear and showing bureaucrats that hackers are people too.
The talk is a lessons learnt how a few people can change a nation with
hacker beliefs if they really want to. A guideline on how to make a
difference by hacking the system you want to change. Where you can
even make huge mistakes, but with some luck you can win a world. How
you can make your critical voice be heard. Zillions of lessons learnt.

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4903.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4903-en-changing_techno_optimists_by_shaking_up_the_bureaucrats_h264.mp4>

== Lightning Talks Day 2 ==

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4905.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4905-en-lightning_talks_day_2_h264.mp4>

Termin:Kongress-Kino-28C3 Nr. 41

2012-10-16T11:03:04Z

Muelli: Created page with " {{Termin |date=2012/10/17 19:15:00 PM |enddate=2012/10/17 22:00:00 PM |title=Kongress Kino Nr. 41 |visible=Yes }} Category:Chaotic-Congress-Cinema Category:Kongress-Kino..."

{{Termin
|date=2012/10/17 19:15:00 PM
|enddate=2012/10/17 22:00:00 PM
|title=Kongress Kino Nr. 41
|visible=Yes
}}
[[Category:Chaotic-Congress-Cinema]]
[[Category:Kongress-Kino]]

Wir schauen uns die Aufzeichnung von Congress-Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

Weitere Informationen unter [http://wiki.attraktor.org/index.php/Category:Kongress-Kino Kongress Kino].

== Closing Event ==

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4899.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4899-en-closing_event_h264.mp4>

== Der Staatstrojaner ==
Vom braunen Briefumschlag bis zur Publikation

0zapftis wird aus Sicht der Technik und unter juristischen
Gesichtspunkten analysiert.

Der Staatstrojaner erregte die Gemüter. "Es kann nicht jeder
Programmierer ständig mit dem Grundgesetz unter dem Arm herumlaufen",
findet Hartmut Pohl und mit ihm der Innenminister mitsamt den
Länderkollegen. Doch wer kontrolliert und überwacht die Überwacher und
ihre Überwachungssoftware, wenn sie in die ausgelagerten Gehirne
vordringen? Wer soll einschätzen, was der Staatstrojaner rechtlich
darf, wenn er nicht mal den Quellcode vorliegen hat? Was genau konnten
die analysierten Versionen des Staatstrojaners? Das und die Fragen der
Zukunft des Spähprogrammes werden im Vortrag Thema sein.

Denn Abhilfe soll nun eine vom Staat selbst programmierte und
entwickelte Spionagesoftware, inklusive Zertifizierung, "technischem
Kompetenzaufbau" sowie einer zentralen Stelle
(Kompetenzkompetenzzentrum) bringen. Wir dürfen gespannt.
== Links ==

+ `Chaos Computer Club analysiert Staatstrojaner
<http://www.ccc.de/de/updates/2011/staatstrojaner>`__
+ `Chaos Computer Club analysiert aktuelle Version des Staatstrojaners
<http://www.ccc.de/de/updates/2011/analysiert-aktueller-
staatstrojaner>`__

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4901.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4901-de-der_staatstrojaner_aus_sicht_der_technik_h264.mp4>

Termin:Kongress-Kino-28C3 Nr. 39

2012-10-01T01:17:13Z

Muelli: Created page with " {{Termin |date=2012/10/03 20:00:00 PM |enddate=2012/10/03 22:00:00 PM |title=Kongress Kino Nr. 39 |visible=Yes }} Category:Chaotic-Congress-Cinema Category:Kongress-Kino..."

{{Termin
|date=2012/10/03 20:00:00 PM
|enddate=2012/10/03 22:00:00 PM
|title=Kongress Kino Nr. 39
|visible=Yes
}}
[[Category:Chaotic-Congress-Cinema]]
[[Category:Kongress-Kino]]

Wir schauen uns die Aufzeichnung von Congress-Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

Weitere Informationen unter [http://wiki.attraktor.org/index.php/Category:Kongress-Kino Kongress Kino].

== Hacking MFPs ==
Part2 - PostScript: Um, you've been hacked

We have decided to continue our research onto PostScript realms - an
old, very powerful and nicely designed programming language, where (as
a coincidence or not, given it's numerous security flaws) Adobe owns
most PostScript interpreters instances.

This time we demonstrate that PostScript language, given it's power,
elegance and Turing-completeness, can be used more than just for
drawing dots, lines and circles - and to a certain extent it can be a
hacker's sweet delight if fully mastered.

We will be presenting a real-life implementation of unusual PostScript
APIs (along with it's dissection and reconstructed documentation) that
interact with various levels of OS and HW, implementation we have
found in a TOP10 printer vendor product line.

Also, we will investigate whether a PostScript-based (hence platform-
independent) virus (18+ years after first proposals of such theory)
can be acomplished, thus giving theoretical hints and few building
blocks in this direction.

We will also present some very constructive uses of the PostScript
language in the creative (i.e. non-destructive) hacking direction.

In the end, we will try to summarize our conclusions and possible
solution for all parties involved (vendors, users, sysadmins, security
experts).

With this research we hope we can prove that entire printer industry
(devices, printing software/drivers/subsystems, publishing and managed
services) have to be rethought security-wise, so that it can withstand
in the long run the current security landscape and threats.

"Hacking MFPs (part2) - PostScript: Um, you've been hacked"

We started our research in early 2010 as a state-of-affairs
investigation of the general security related to printers and printing
protocols&subsystem.

We have concluded and demonstrated that using malicious documents and
applets, it is possible using the PJL protocol to control certain
printer functionality, including malicious content upload/download on
printers' storage.

As a side effect of the research, several other directions in
printers' industry shown prone to malicious attacks (XSS injection and
execution, auth-bypass, unauthorized functionality and content access,
etc.)

Incidentally, very same period, Stuxnet abused printing subsystems to
spread itself and few other printer researches emerged in various
directions (PJL password and hard disk abuse, confidential/password
data harvesting, Linux-based firmware rev-eng).

All these apparently separate events, just come to prove once again
that printers are not forgotten, they spark revived hacking interest
and their (mis)use can be harmful and have long-standing effects on
one's eneterprise security.

============================================

We have decided to continue our research onto PostScript realms - an
old, very powerful and nicely designed programming language, where (as
a coincidence or not, given it's numerous security flaws) Adobe owns
most PostScript interpreters instances.

This time we demonstrate that PostScript language, given it's power,
elegance and Turing-completeness, can be used more than just for
drawing dots, lines and circles - and to a certain extent it can be a
hacker's sweet delight if fully mastered.

We will be presenting a real-life implementation of unusual PostScript
APIs (along with it's dissection and reconstructed documentation) that
interact with various levels of OS and HW, implementation we have
found in a TOP10 printer vendor product line.

Also, we will investigate whether a PostScript-based (hence platform-
independent) virus (18+ years after first proposals of such theory)
can be acomplished, thus giving theoretical hints and few building
blocks in this direction.

We will also present some very constructive uses of the PostScript
language in the creative (i.e. non-destructive) hacking direction.

In the end, we will try to summarize our conclusions and possible
solution for all parties involved (vendors, users, sysadmins, security
experts).

With this research we hope we can prove that entire printer industry
(devices, printing software/drivers/subsystems, publishing and managed
services) have to be rethought security-wise, so that it can withstand
in the long run the current security landscape and threats.

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4871.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4871-en-hacking_mfps_h264.mp4>

== Sachsen dreht frei ==
On- und Offline-berwachung: Weil sie es knnen

Die Meldungen aus Sachsen in diesem Jahr wirkten für alle, die nicht
dort wohnen, ein bisschen, als kämen sie von einem sehr weit
entfernten Stern. In regelmäßigen Abständen werden Dinge bekannt, die
jeweils einzeln früher zum Rücktritt von Ministern geführt hätten.
Funkzellenabfrage, §129-Verfahren, die Durchsuchung eines Pfarrers,
Aberkennung der Immunität eines Fraktionsvorsitzenden wegen
Rädelführerschaft: umfassende Kriminalisierung von Protesten gegen
Nazis, und zwar weit bis in die "Mitte der Gesellschaft". Offline-
Überwachung und -Drangsalierung sind in Sachsen Alltag. Der Talk gibt
einen Überblick über den Stand der Dinge und warnt davor, sich
(außerhalb Sachsens) gemütlich schaudernd zurückzulehnen. Denn: Wenn
Sachsen damit durchkommt, setzt das Maßstäbe für andere Bundesländer.

Die Meldungen aus Sachsen in diesem Jahr wirkten für alle, die nicht
dort wohnen, ein bisschen, als kämen sie von einem weit entfernten
Stern. In regelmäßigen Abständen werden Dinge bekannt, die jeweils
einzeln früher zum Rücktritt von Ministern geführt hätten. Die
Funkzellenabfrage ("Handygate"), ein oder mehrere §129-Verfahren, die
Durchsuchung eines Pfarrers, Aberkennung der Immunität eines
Fraktionsvorsitzenden wegen Rädelführerschaft: umfassende
Kriminalisierung von Protesten gegen Nazis, und zwar weit bis in die
"Mitte der Gesellschaft". Inzwischen gibt es Klagen von Betroffenen
gegen die Auswertung ihrer Handy-Daten, u.a. von JournalistInnen,
RechtsanwältInnen, Abgeordneten.

Auf der Bundesebene wurden einzelne drastische Grundrechtseingriffe
vom Verfassungsgericht korrigiert mit dem Ergebnis, dass bei vielen
das beruhigende Gefühl blieb, dass irgendwie doch alles mit rechten
Dingen zugeht. Ob die sächsischen Gerichte denselben Weg gehen, wird
sich zeigen. Ganz offensichtlich ist jedenfalls, dass die sächsischen
Behörden sich von Kritik nicht beeindrucken lassen.

Der Talk gibt einen Überblick über den Stand der Dinge und warnt
davor, sich (außerhalb Sachsens) gemütlich schaudernd zurückzulehnen.
Denn: Wenn Sachsen damit durchkommt, setzt das auch Maßstäbe für
andere Bundesländer.

U.a. betroffen von der Ermittlungswut sächsischer Behörden ist der
Jenaer Pfarrer Lothar König. Wer für ihn spenden möchte, kann das hier
tun:

JG-Stadtmitte Förderkreis Kontonummer: 80 25 320 Bankleitzahl: 520
60410 Evangelische Kreditgenossenschaft

Das Spendenkonto für die sächsischen Betroffenen der §129-Verfahren:

Rote Hilfe Dresden Konto: 609760434 BLZ 36010043, Postbank Essen
Stichwort: Verfahren 129 Verwendungszweck: “Prozesskostenhilfe”

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4876.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4876-de-die_spinnen_die_sachsen_h264.mp4>

Termin:Chaotic-Congress-Cinema-28C3 Nr. 38

2012-09-20T19:20:54Z

Muelli: Created page with " {{Termin |date=2012/09/26 20:30:00 PM |enddate=2012/09/26 22:00:00 PM |title=Chaotic Congress Cinema Nr. 38 |visible=Yes }} Category:Chaotic-Congress-Cinema Wir schauen uns..."

{{Termin
|date=2012/09/26 20:30:00 PM
|enddate=2012/09/26 22:00:00 PM
|title=Chaotic Congress Cinema Nr. 38
|visible=Yes
}}
[[Category:Chaotic-Congress-Cinema]]

Wir schauen uns die Aufzeichnung von Congress-Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

Weitere Informationen unter [http://wiki.attraktor.org/index.php/Category:Chaotic-Congress-Cinema Chaotic Congress Cinema].

== Fnord-Jahresrckblick ==
von Atomendlager bis Zensus

Auch dieses Jahr werden wir euch wieder mit den Fnords des Jahres zu
unterhalten suchen.

Im Format einer lockeren Abendshow werden wir die Highlights des
Jahres präsentieren, die Meldungen zwischen den Meldungen, die
subtilen Sensationen hinter den Schlagzeilen. Kommen Sie, hören Sie,
sehen Sie! Lassen Sie sich mitreißen!

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4866.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4866-de-fnord_jahresrueckblick_h264.mp4>

== TRESOR: Festplatten sicher verschlsseln ==

Herkömmliche Festplattenverschlüsselungen legen notwendige Schlüssel
im RAM ab. Dadurch sind sie schutzlos Angriffen wie Cold-Boot Attacken
ausgeliefert, die auf den Arbeitsspeicher abzielen. TRESOR bietet
Schutz gegen solche Angriffe.

Herkömmliche Festplattenverschlüsselungen legen notwendige Schlüssel
im RAM ab. Dadurch sind sie schutzlos Angriffen wie Cold-Boot Attacken
ausgeliefert, die auf den Arbeitsspeicher abzielen. TRESOR bietet
Schutz gegen solche Angriffe, indem es den Verschlüsselungsalgorithmus
AES ausschließlich auf dem Prozessor ausführt. Die Sicherheit wird
also dadurch erhöht, dass TRESOR den Schlüssel (sowie alle
Rundenschlüssel und Zwischenzustände von AES) niemals im RAM
hinterlegt, sondern nur in Registern der CPU. Während der gesamten
Betriebszeit gelangen somit keine kritischen Daten der Verschlüsselung
in den Arbeitsspeicher.

TRESOR ist als Patch für den Linux Kernel umgesetzt und nutzt Intel's
AES-NI Instruktionen um die AES-Verschlüsselung zu beschleunigen. Zur
Speicherung des Schlüssels werden die Debugging-Register der x86-64
Architektur "zweckentfremdet". TRESOR ist kompatibel mit allen Linux-
Distributionen und etwaige Performance-Einbußen sind vernachlässigbar.
== Links ==

+ `TRESOR Runs Encryption Securely Outside RAM <http://www1.informatik
.uni-erlangen.de/tresor>`__

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4869.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4869-de-tresor_h264.mp4>

Termin:Chaotic-Congress-Cinema-28C3 Nr. 37

2012-09-18T21:52:03Z

Muelli: Created page with "{{Termin |date=2012/09/19 20:00:00 PM |enddate=2012/09/19 22:00:00 PM |title=Chaotic Congress Cinema Nr. 37 |visible=Yes }} Category:Chaotic-Congress-Cinema == The coming w..."

{{Termin
|date=2012/09/19 20:00:00 PM
|enddate=2012/09/19 22:00:00 PM
|title=Chaotic Congress Cinema Nr. 37
|visible=Yes
}}
[[Category:Chaotic-Congress-Cinema]]

== The coming war on general computation ==
The copyright war was just the beginning

The last 20 years of Internet policy have been dominated by the
copyright war, but the war turns out only to have been a skirmish. The
coming century will be dominated by war against the general purpose
computer, and the stakes are the freedom, fortune and privacy of the
entire human race.

The problem is twofold: first, there is no known general-purpose
computer that can execute all the programs we can think of except the
naughty ones; second, general-purpose computers have replaced every
other device in our world. There are no airplanes, only computers that
fly. There are no cars, only computers we sit in. There are no hearing
aids, only computers we put in our ears. There are no 3D printers,
only computers that drive peripherals. There are no radios, only
computers with fast ADCs and DACs and phased-array antennas.
Consequently anything you do to "secure" anything with a computer in
it ends up undermining the capabilities and security of every other
corner of modern human society.

And general purpose computers *can* cause harm -- whether it's
printing out AR15 components, causing mid-air collisions, or snarling
traffic. So the number of parties with legitimate grievances against
computers are going to continue to multiply, as will the cries to
regulate PCs.

The primary regulatory impulse is to use combinations of code-signing
and other "trust" mechanisms to create computers that run programs
that users can't inspect or terminate, that run without users' consent
or knowledge, and that run even when users don't want them to.

The upshot: a world of ubiquitous malware, where everything we do to
make things better only makes it worse, where the tools of liberation
become tools of oppression.

Our duty and challenge is to devise systems for mitigating the harm of
general purpose computing without recourse to spyware, first to keep
ourselves safe, and second to keep computers safe from the regulatory
impulse.
== Links ==

+ `Bio Cory Doctorow <http://craphound.com/bio.php>`__

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4848.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4848-en-the_coming_war_on_general_computation_h264.mp4>

== The engineering part of social engineering ==
Why just lying your way in won't get you anywhere

All the talks i saw about SE so far just showed which good SE's the
speakers are. I try to do another approach, what if i get in and don't
know what to do then. The talk is about the reconn. before the
assessment, the different approaches of SE. Which techniques can one
use, how to do a proper intel. and what is useful. How things work and
more important why. Which skill set should one have before entering a
engagement. And last but not least how do one counter a SE attack.

Preface:

Needed Skillset:

-physical (ie.NLP)

-logical Customer Preparation:

-theoretical models of attack

-check customer needs by his business

-Contract

Preparation & Reconnaissance:

-threat modeling

-physical

-logical

Project Planing:

-Storyboard

-the target

-infiltration

-fetching data/reaching the target

-exfiltrate

-backup plans

Infiltration:

Find & fetch the data:

Exfiltrate the data:

Writing report:

Business impact analyses:

customer meeting:
== Links ==

+ `the slide deck <http://www.slideshare.net/theAluc/28c3-version-of-
the-engineering-part-of-social-engineering>`__
+ `http:// <http://>`__

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4856.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4856-en-the_engineering_part_of_social_engineering_h264.mp4>

Termin:Chaotic-Congress-Cinema-28C3 Nr. 36

2012-09-07T23:08:16Z

Muelli:

{{Termin
|date=2012/09/12 20:00:00 PM
|enddate=2012/09/12 22:00:00 PM
|title=Chaotic Congress Cinema Nr. 36
|visible=Yes
}}
[[Category:Chaotic-Congress-Cinema]]

== EU-Datenschutz und das Internet der Dinge ==

Derzeit arbeitet die EU-Kommission an der Modernisierung der
Datenschutzrichtlinie. Dieser Beitrag informiert über den Stand der
Dinge.

Derzeit arbeitet die EU-Kommission an der Aktualisierung der
Datenschutzrichtlinie, um den bestehenden Rechtsrahmen nach 15 Jahren
an die neuen technischen und gesellschaftlichen Gegebenheiten
anzupassen. Gleichzeitig werden in einer Expertengruppe der EU-
Kommission die Herausforderungen an den Datenschutz erörtert, die sich
im Zusammenhang mit dem Internet der Dinge ergeben.

Dieser Beitrag informiert über den aktuellen Stand der Dinge auf
europäischer Ebene und diskutiert mit den TeilnehmerInnen die
Positionen, die European Digital Rights (EDRi) in diesen Bereichen
vertritt.

(Nach Verfügbarkeit wird dieser Beitrag gemeinsam mit anderen EDRi-
AktivistInnen gestaltet; Arbeitssprache Englisch ist möglich.)

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4844.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4844-de-eu_datenschutz_internet_der_dinge_h264.mp4>

== Reverse Engineering USB Devices ==

While USB devices often use standard device classes, some do not. This
talk is about reverse engineering the protocols some of these devices
use, how the underlying USB protocol gives us some help, and some
interesting patterns to look for. I'll also detail the thought
processes that went into reverse engineering the Kinect's audio
protocol.

This talk will narrate the process of reverse engineering the Kinect
audio protocol – analyzing a set of USB logs, finding patterns,
building understanding, developing hypotheses of message structure,
and eventually implementing a userspace driver.

I'll also cover how the USB standard can help a reverse engineer out,
some common design ideas that I've seen, and ideas for the sorts of
tools that could assist in completing this kind of task more
efficiently.

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4847.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4847-en-reverse_engineering_usb_devices_h264.mp4>

Termin:Chaotic-Congress-Cinema-28C3 Nr. 36

2012-09-07T22:53:07Z

Muelli: Created page with "== EU-Datenschutz und das Internet der Dinge == Derzeit arbeitet die EU-Kommission an der Modernisierung der Datenschutzrichtlinie. Dieser Beitrag informiert über den Stand..."

== EU-Datenschutz und das Internet der Dinge ==

Derzeit arbeitet die EU-Kommission an der Modernisierung der
Datenschutzrichtlinie. Dieser Beitrag informiert über den Stand der
Dinge.

Derzeit arbeitet die EU-Kommission an der Aktualisierung der
Datenschutzrichtlinie, um den bestehenden Rechtsrahmen nach 15 Jahren
an die neuen technischen und gesellschaftlichen Gegebenheiten
anzupassen. Gleichzeitig werden in einer Expertengruppe der EU-
Kommission die Herausforderungen an den Datenschutz erörtert, die sich
im Zusammenhang mit dem Internet der Dinge ergeben.

Dieser Beitrag informiert über den aktuellen Stand der Dinge auf
europäischer Ebene und diskutiert mit den TeilnehmerInnen die
Positionen, die European Digital Rights (EDRi) in diesen Bereichen
vertritt.

(Nach Verfügbarkeit wird dieser Beitrag gemeinsam mit anderen EDRi-
AktivistInnen gestaltet; Arbeitssprache Englisch ist möglich.)

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4844.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4844-de-eu_datenschutz_internet_der_dinge_h264.mp4>

== Reverse Engineering USB Devices ==

While USB devices often use standard device classes, some do not. This
talk is about reverse engineering the protocols some of these devices
use, how the underlying USB protocol gives us some help, and some
interesting patterns to look for. I'll also detail the thought
processes that went into reverse engineering the Kinect's audio
protocol.

This talk will narrate the process of reverse engineering the Kinect
audio protocol – analyzing a set of USB logs, finding patterns,
building understanding, developing hypotheses of message structure,
and eventually implementing a userspace driver.

I'll also cover how the USB standard can help a reverse engineer out,
some common design ideas that I've seen, and ideas for the sorts of
tools that could assist in completing this kind of task more
efficiently.

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4847.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4847-en-reverse_engineering_usb_devices_h264.mp4>

Termin:Chaotic-Congress-Cinema-28C3 Nr. 24

2012-05-31T13:23:54Z

Muelli: + Warnung an die potentiellen Teilnehmer

{{Termin
|date=2012/06/20 20:30:00 PM
|enddate=2012/06/20 22:00:00 PM
|title=Chaotic Congress Cinema Nr. 24
|visible=Yes
}}
[[Category:Chaotic-Congress-Cinema]]

Achtung: Der Projektor ist eingeschickt, die Teilnehmer muessen sich als eine Loesung zum Schauen der Videos engineeren (i.e. auf dem eigenen Laptop oder so).

Wir schauen uns die Aufzeichnung von Congress-Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

Weitere Informationen unter [http://wiki.attraktor.org/index.php/Category:Chaotic-Congress-Cinema Chaotic Congress Cinema].

== 802.11 Packets in Packets ==
A Standard-Compliant Exploit of Layer 1

New to 2011, Packet-in-Packet exploits allow for injection of raw
radio frames into remote wireless networks. In these exploits, an
attacker crafts a string that when transmitted over the air creates
the symbols of a complete and valid radio packet. When radio
interference damages the beginning of the outer packet, the receiver
is tricked into seeing only the inner packet, allowing a frame to be
remotely injected. The attacker requires no radio, and injection
occurs without a software or hardware bug.

This lecture presents the first implementation of Packet-in-Packet
injection for 802.11B, allowing malicious PHY-Layer frames to be
remotely injected. The attack is standards-compliant and compatible
with all vendors and drivers.

Unlike the simpler implementations for 802.15.4 and 2FSK, 802.11B
presents a number of unique challenges to the PIP implementer. A
single packet can use up to three symbol sets and three data-rates,
switching rates once within the header and a second time for the
beginning of the body. Additionally, a 7-bit scrambler randomizes the
encoding of each packet, so the same string of text can be represented
128 different ways at the exact same rate and encoding.

This lecture presents the first implementation of Packet-in-Packet
injection for 802.11B, allowing malicious PHY-Layer frames to be
remotely injected. The attack is standards-compliant and compatible
with all vendors and drivers.

As a demo, we intend to present a malicious string which can be
embedded in any file with lots of slack space, such as an ISO image.
When this image is downloaded over HTTP on 802.11B, beacon frames will
be injected. For the demo, we will be injecting the SSID stack buffer
overflow frames from Uninformed Volume 6.

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4766.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4766-en-802_11_packets_in_packets_h264.mp4>

== Security Log Visualization with a Correlation Engine ==
What's inside your network?

This brief session focuses on the visualization of actual security
incidents, network forensics and counter surveillance of covert
criminal communications utilizing large data sets from various
security logs and a very brief introduction to correlation engine
logic. Visually displaying security or network issues can express the
risk or urgency in a way a set of dry logs or other methods might not
be able to. Additionally, many organizations rely on a more singular
approach and react to security events, many times from a high false
positive rate source such as isolated intrusion prevention or firewall
alerts, or relying only on anti-virus alerts. Utilizing a correlation
engine (especially open source) or similar applications could offer a
method of discovering or in some cases proactively detecting issues.
The research discussed involves analysis and interrogation of
firewall, intrusion detection and prevention systems, web proxy logs
and available security research. What does a compromised server
infected with spam malware look like or cyber warfare?

A 20 minute presentation of data visualization and investigation
scenarios of five actual issues discovered using various security logs
and a correlation engine. The lecturer will take you on a visual
journey from seemingly mundane entries in firewall logs through to
detecting covert communications between a corporate web server and a
cyber-criminal drop zone. Additional visualizations presented: a
United Kingdom based portion of the South Korean DNS Distributed
Denial of Service attacks of July/August 2008, what bypassing deep
packet inspection using HTTPS/SSL/TLS looks like, detecting a rouge
corporate email server, malicious DNS usage and more. Although the
presenter used a commercial correlation engine, the presentation will
conclude with the discussion of an open source correlation engine.

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4767.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4767-en-security_log_visualization_with_a_correlation_engine_h264.mp4>

Termin:Chaotic-Congress-Cinema-28C3 Nr. 23

2012-05-31T13:23:40Z

Muelli: + Warnung an die potentiellen Teilnehmer

{{Termin
|date=2012/06/13 20:00:00 PM
|enddate=2012/06/13 22:00:00 PM
|title=Chaotic Congress Cinema Nr. 23
|visible=Yes
}}
[[Category:Chaotic-Congress-Cinema]]

Achtung: Der Projektor ist eingeschickt, die Teilnehmer muessen sich als eine Loesung zum Schauen der Videos engineeren (i.e. auf dem eigenen Laptop oder so).

Wir schauen uns die Aufzeichnung von Congress-Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

Weitere Informationen unter [http://wiki.attraktor.org/index.php/Category:Chaotic-Congress-Cinema Chaotic Congress Cinema].

== The Science of Insecurity ==

Why is the overwhelming majority of common networked software still
not secure, despite all effort to the contrary? Why is it almost
certain to get exploited so long as attackers can craft its inputs?
Why is it the case that no amount of effort seems to be enough to fix
software that must speak certain protocols?

The answer to these questions is that for many protocols and services
currently in use on the Internet, the problem of recognizing and
validating their "good", expected inputs from bad ones is either not
well-posed or is undecidable (i. e., no algorithm can exist to solve
it in the general case), which means that their implementations cannot
even be comprehensively tested, let alone automatically checked for
weaknesses or correctness. The designers' desire for more
functionality has made these protocols effectively unsecurable.

In this talk we'll draw a direct connection between this ubiquitous
insecurity and basic computer science concepts of Turing completeness
and theory of languages. We will show how well-meant protocol designs
are doomed to their implementations becoming clusters of 0-days, and
will show where to look for these 0-days. We will also discuss simple
principles of how to avoid designing such protocols.

In memory of Len Sassaman

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4763.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4763-en-the_science_of_insecurity_h264.mp4>

== Automatic Algorithm Invention with a GPU ==
Hell Yeah, it's rocket science

You write software. You test software. You know how to tell if the
software is working. Automate your software testing sufficiently and
you can let the computer do the writing for you! "Genetic
Programming", especially "Cartesian Genetic Programming" (CGP), is a
powerful tool for creating software and designing physical objects.
See how to do CGP as we invent image filters for the Part Time
Scientists' 3D cameras. Danger: Actual code will be shown!

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4764.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4764-en-automatic_algorithm_invention_with_a_gpu_h264.mp4>

Termin:Chaotic-Congress-Cinema-28C3 Nr. 22

2012-05-31T13:22:52Z

Muelli: + Warnung an die potentiellen Teilnehmer

{{Termin
|date=2012/06/06 20:30:00 PM
|enddate=2012/06/06 22:00:00 PM
|title=Chaotic Congress Cinema Nr. 22
|visible=Yes
}}
[[Category:Chaotic-Congress-Cinema]]

Achtung: Der Projektor ist eingeschickt, die Teilnehmer muessen also Initiative ergreifen und sich eine Loesung zum Schauen der Videos engineeren (i.e. auf dem eigenen Laptop oder so).

Wir schauen uns die Aufzeichnung von Congress-Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

Weitere Informationen unter [http://wiki.attraktor.org/index.php/Category:Chaotic-Congress-Cinema Chaotic Congress Cinema].

== ChokePointProject - Quis custodiet ipsos custodes? ==
Aggregating and Visualizing (lack of) Transparancy Data in near-
realtime

The object of the lecture is to present and discuss the
chokepointproject. How it (will) attempt(s) to aggregate and visualize
near-realtime global internetwork data and augment this visualisation
with legislative, commercial(ownership) and circumvention information.

The goals of the project are as follows:

#. Provide a global early warning system against governmental or
commercial abuse of internetworking systems in regards to civil and
human rights.
#. Enforce transparency by aggregating commercial ownership
information.
#. Enforce transparency by aggregating legislative information,
including voting histories.
#. Enable lobbyist to influence legislators by providing reliable,
verifiable data.
#. Provide a public database with near real-time network monitoring
data for general use.
#. Provide up to date circumvention methodologies, their relative
legal status and their potential risks.

The chokepointproject currently consists of two elements :

#. A frontend and public database,
#. An intended globally distributed network monitoring data collection
system.

The frontend intends to provide an easily understandable visualisation
of aggregated and processed data-sources. The data-sources intend to
provide the following information:

#. A per country detailed description of: 1a. Network ownership (by IP
block and route) 1b. Legislative information such as Which relevant
laws are currently active. Who has voted for them (supposing voting
was a part of the process). Which relevant laws are currently under
review or being proposed. Who are proposing/drafting these laws. 1c.
What circumvention methods are currently available for specific
problems.
#. Near real-time network status vitalisations such as, but not
restricted to 2a. Connectivity of geographic clusters, > 2b.
Manipulation of connectivity such as: 2b.1. Traffic shaping, 2b.2.
Content filtering, 2b.3. Blackouts.< p>

The intended globally distributed network monitoring data collection
system would provide an independent and publicly available dataset. I
do not intend to discuss this in depth. The focus of this lecture is
supposed to be the front-end and the aggregation of already publicly
available data sources, and the supposed benefit to improving civil
rights everywhere and protecting them in those places where their
functional effectiveness is under threat.

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4760.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4760-en-chokepointproject_h264.mp4>

== New Ways I'm Going to Hack Your Web App ==

Writing secure code is hard. Even when people do it basically right
there are sometimes edge cases that can be exploited. Most the time
writing code that works isn’t even the hard part, it’s keeping up with
the changing attack techniques while still keeping an eye on all the
old issues that can come back to bite you, straddling the ancient
world of the 90’s RFCs and 2010’s HTML5 compatible browsers. A lot
like how Indiana Jones bridges the ancient and the modern... Except
for Indiana Jones 4. Let’s never talk about that again. Ever. Take
Facebook, Office 365, Wordpress, Exchange, and Live. These are
applications that had decent mitigations to standard threats, but they
all had edge cases. Using a mix of old and new ingredients, we’ll
provide a sampler plate of clickjacking protection bypasses, CSRF
mitigation bypasses, "non-exploitable" XSS attacks that are suddenly
exploitable and XML attacks where you can actually get a shell; and
we'll talk about how to defend against these attacks.

The best description is probably via the slides linked below. We've
put a lot of effort into these, and they have video clips making the
slide deck pretty big (why we're linking to it and not attaching it).

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4761.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4761-en-new_ways_im_going_to_hack_your_web_app_h264.mp4>

Termin:Chaotic-Congress-Cinema-28C3 Nr. 28

2012-04-11T17:47:10Z

Muelli: Created page with " {{Termin |date=2012/07/18 20:00:00 PM |enddate=2012/07/18 22:00:00 PM |title=Chaotic Congress Cinema Nr. 28 |visible=Yes }} Category:Chaotic-Congress-Cinema Wir schauen uns..."

{{Termin
|date=2012/07/18 20:00:00 PM
|enddate=2012/07/18 22:00:00 PM
|title=Chaotic Congress Cinema Nr. 28
|visible=Yes
}}
[[Category:Chaotic-Congress-Cinema]]

Wir schauen uns die Aufzeichnung von Congress-Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

Weitere Informationen unter [http://wiki.attraktor.org/index.php/Category:Chaotic-Congress-Cinema Chaotic Congress Cinema].

== Datenvieh oder Daten-Fee ==
Welchen Wert haben Trackingdaten?

Eine nüchterne Untersuchung der Verfahren zum Nutzertracking und des
wirtschaftlichen Wertes von Tracking- und Userdaten.

Das Tracking von Nutzerinteraktionen ist heute das Rückrad eines
großen Teils der Online-Wirtschaft. Für Nutzer und Aussenstehende
findet diese Wertschöpfung im Verborgenen statt. Aus quantitativen
Daten werden mittels Datamining qualitative Daten aggregiert. Und die
Wirtschaft erdenkt ständig neue Methoden, die Erhebung zu verbessern
und Methoden, die Erhebung zu verschleiern.

Der Vortrag fasst kurz die verschiedenen Möglichkeiten der Erhebung
zusammen und widmet sich dann ausführlich der Frage, welchen Wert die
einzelnen Interaktionen tatsächlich haben. Die beteiligten Branchen
werden dargestellt und es wird beschrieben, welchen Weg die Daten von
ihrem Ursprung zu welchen Abnehmern nehmen.

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4788.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4788-de-datenvieh_oder_daten_fee_h264.mp4>

== Sovereign Keys ==
A proposal for fixing attacks on CAs and DNSSEC

This talk will describe the Sovereign Key system, an EFF proposal for
improving the security of SSL/TLS connections against attacks that
involve Certificate Authorities (CAs) or portions of the DNSSEC
hierarchy.

The design stores persistent name-to-key mappings in a semi-
centralised, append-only data structure. It allows domain owners to
deploy operational TLS keys without trusting any third parties
whatsoever, and gives clients a reliable way to verify those keys. The
design can also be used to automatically circumvent a large portion of
server impersonation and man-in-the-middle attacks, avoiding the need
for confusing certificate warnings, which users will often click
through even when they are under attack.

The Sovereign Key design bootstraps from and reinforces either CA-
signed certificates or DANE/DNSSEC as a method of publishing and
verifying TLS servers' public keys. Conceptually, it provides
functionality similar to what could be obtained if HTTPS servers could
publish special headers saying "in the future, all new public keys for
this domain will be cross-signed by this key: XXX", but the design
includes a number of necessary additional features, including a secure
revocation mechanism, protection against false headers that an
attacker could publish after compromising an HTTPS server, and support
for protocols other than HTTPS (SMTPS, POP3S, IMAPS, XMPPS, etc).

Sovereign Keys allow clients to detect server impersonation and man-
in-the-middle attacks even if the attack involves compromise or malice
by a CA or DNSSEC registry. But Sovereign Keys also allow for
automatic circumvention of these attacks via proxies, VPNs, or Tor
hidden services.

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4798.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4798-en-sovereign_keys_h264.mp4>

Termin:Chaotic-Congress-Cinema-28C3 Nr. 27

2012-04-11T17:46:59Z

Muelli: Created page with " {{Termin |date=2012/07/11 20:00:00 PM |enddate=2012/07/11 22:00:00 PM |title=Chaotic Congress Cinema Nr. 27 |visible=Yes }} Category:Chaotic-Congress-Cinema Wir schauen uns..."

{{Termin
|date=2012/07/11 20:00:00 PM
|enddate=2012/07/11 22:00:00 PM
|title=Chaotic Congress Cinema Nr. 27
|visible=Yes
}}
[[Category:Chaotic-Congress-Cinema]]

Wir schauen uns die Aufzeichnung von Congress-Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

Weitere Informationen unter [http://wiki.attraktor.org/index.php/Category:Chaotic-Congress-Cinema Chaotic Congress Cinema].

== Print Me If You Dare ==
Firmware Modification Attacks and the Rise of Printer Malware

Network printers are ubiquitous fixtures within the modern IT
infrastructure. Residing within sensitive networks and lacking in
security, these devices represent high-value targets that can
theoretically be used not only to manipulate and exfiltrate the
sensitive information such as network credentials and sensitive
documents, but also as fully functional general-purpose bot-nodes
which give attackers a stealthy, persistent foothold inside the victim
network for further recognizance, exploitation and exfiltration.

We first present several generic firmware modification attacks against
HP printers. Weaknesses within the firmware update process allows the
attacker to make arbitrary modifications to the NVRAM contents of the
device. The attacks we present exploit a functional vulnerability
common to all HP printers, and do not depend on any specific code
vulnerability. These attacks cannot be prevented by any authentication
mechanism on the printer, and can be delivered over the network,
either directly or through a print server (active attack) and as
hidden payloads within documents (reflexive attack).

In order to demonstrate these firmware modification attacks, we
present a detailed description of several common HP firmware RFU
(remote firmware update) formats, including the general file format,
along with the compression and checksum algorithms used. Furthermore,
we will release a tool (HPacker), which can unpack existing RFUs and
create/pack arbitrary RFUs. This information was obtained by analysis
of publicly available RFUs as well as reverse engineering the SPI
BootRom contents of several printers.

Next, we describe the design and operation a sophisticated piece of
malware for HP (P2050) printers. Essentially a VxWorks rootkit, this
malware is equipped with: port scanner, covert reverse-IP proxy,
print-job snooper that can monitor, intercept, manipulate and
exfiltrate incoming print-jobs, a live code update mechanism, and more
(see presentation outline below). Lastly, we will demonstrate a self-
propagation mechanism, turning this malware into a full-blown printer
worm.

Using HPacker, we demonstrate the injection of our malware into
arbitrary P2050 RFUs, and show how similar malware can be created for
other popular HP printer types. Next, we demonstrate the delivery of
this modified firmware update over the network to a fully locked-down
printer.

Lastly, we present an accurate distribution of all HP printers
vulnerable to our attack, as determined by our global embedded device
vulnerability scanner (see [1]). Our scan is still incomplete, but
extrapolating from available data, we estimate that there exist at
least 100,000 HP printers that can be compromised through an active
attack, and several million devices that can be compromised through
reflexive attacks. We will present a detailed breakdown of the
geographical and organizational distribution of observable vulnerable
printers in the world.

*We have also unpacked several engine-control processor firmwares
(different from the main SoC) and are currently attempting to locate
code related to tracking dots. Perhaps we will have some results by
December. In any case, HPacker will help the community to do further
research in this direction, possibly allowing us to spoof / disable
these yellow dots of burden.

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4780.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4780-en-print_me_if_you_dare_h264.mp4>

== Deceiving Authorship Detection ==
Tools to Maintain Anonymity Through Writing Style & Current Trends in
Adversarial Stylometry

Stylometry is the art of detecting authorship of a document based on
the linguistic style present in the text. As authorship recognition
methods based on machine learning have improved, they have also
presented a threat to privacy and anonymity. We have developed two
open-source tools, Stylo and Anonymouth, which we will release at 28C3
and introduce in this talk. Anonymouth aids individuals in obfuscating
documents to protect identity from authorship analysis. Stylo is a
machine-learning based authorship detection research tool that
provides the basis for Anonymouth's decision making. We will also
review the problem of stylometry and the privacy implications and
present new research related to detecting writing style deception,
threats to anonymity in short message services like Twitter, examine
the implications for languages other than English, and release a large
adversarial stylometry corpus for linguistic and privacy research
purposes.

Stylometry is the study of authorship recognition based on linguistic
style (word choice, punctuation, syntax, etc). Adversarial stylometry
examines authorship recognition in the context of privacy and
anonymity though attempts to circumvent stylometry with passages
intended to obfuscate or imitate identity.

This talk will introduce the open source authorship recognition and
obfuscation projects Anonymouth and Stylo. Anonymouth aids individuals
in obfuscating their writing style in order to maintain anonymity
against multiple forms of machine learning based authorship
recognition techniques. The basis for this tool is Stylo, an
authorship recognition research tool that implements multiple forms of
state-of-the-art stylometry methods. Anonymouth uses Stylo to attempt
authorship recognition and suggest changes to a document that will
obfuscate the identity of the author to the known set of authorship
recognition techniques.

We will also cover our recent work in the field of adversarial
authorship recognition in the two years since our 26C3 talk, "Privacy
& Stylometry: Practical Attacks Against Authorship Recognition
Techniques." Our lab has new research on detecting deception in
writing style that may indicate a modified document, demonstrating up
to 86% accuracy in detecting the presence of deceptive writing styles.
Short messages have been difficult to assign authorship to but recent
work from our lab demonstrates the threat to anonymity present in
short message services like Twitter. We have found that while
difficult, it is possible to identify authors of tweets with success
rates significantly higher than random chance. We also have new
results that examine the ability of authorship recognition to succeed
across languages and the use of translation to thwart detection.

This talk will also mark the release of an adversarial stylometry data
set that is many times larger than our previous release. This data
set, provided by volunteers, includes at least 6500 words per author
of unmodified writing as well as sample adversarial passages intended
to preserve the anonymity of the author and demographic information
for each author.

The content of this talk will be relevant to those with interest in
novel issues in privacy and anonymity, forensics and anti-forensics,
and machine learning. All of the work presented here is from the
Privacy, Security and Automation Lab at Drexel University. Founded in
2008, our lab focuses on the use of machine learning to augment
privacy and security decision making.

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4781.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4781-en-deceiving_authorship_detection_h264.mp4>

Termin:Chaotic-Congress-Cinema-28C3 Nr. 26

2012-04-11T17:46:52Z

Muelli: Created page with " {{Termin |date=2012/07/04 19:00:00 PM |enddate=2012/07/04 22:00:00 PM |title=Chaotic Congress Cinema Nr. 26 |visible=Yes }} Category:Chaotic-Congress-Cinema Wir schauen uns..."

{{Termin
|date=2012/07/04 19:00:00 PM
|enddate=2012/07/04 22:00:00 PM
|title=Chaotic Congress Cinema Nr. 26
|visible=Yes
}}
[[Category:Chaotic-Congress-Cinema]]

Wir schauen uns die Aufzeichnung von Congress-Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

Weitere Informationen unter [http://wiki.attraktor.org/index.php/Category:Chaotic-Congress-Cinema Chaotic Congress Cinema].

== Hacker Jeopardy ==
Number guessing for geeks

The Hacker Jeopardy is a quiz show.

The well known reversed quiz format, but of course hacker style. It
once was entitled "number guessing for geeks" by a German publisher,
which of course is an unfair simplification. It's also guessing of
letters and special characters. ;)

Three initial rounds will be played, the winners will compete with
each other in the final.

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4775.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4775-de-hacker_jeopardy_h264.mp4>

== r0ket++ ==
The CCC-Badge

Now you've got that r0ket thing. What to do with it?

If you have a r0ket, bring it to our talk! We will try to play a game
of pong with every participant. You need the l0dable r_game to join
the fun :) As we won't be using cryptokeys, you'll need the new 28c3
firmware so the l0dable will run and everything else works.

For CCCamp 2011 we designed r0ket with team r0ket. Besides being a
shiny electronic name tag, the r0ket is an easy to use full featured
microcontroller development board. 3000 r0kets were given to the
participants, to be creative. At Camp we already told you about the
journey to getting everything ready.

In r0ket++ we will tell you what happened since camp and what we
learned from moving the whole production of r0ket to China. You will
get more information about writing your own software for r0ket. And
finally you will find out, what your r0ket does at 28c3: Besides using
r0ket as a rem0te, you can participate in an openBeacon based
tracking.
== Links ==

+ `r0ket wiki <http://r0ket.badge.events.ccc.de/>`__
+ `28c3 firmware, howto <http://r0ket.badge.events.ccc.de/init>`__
+ `r0ket soup <http://r0ket.soup.io/>`__
+ `cccamp11 r0ket talk
<http://http://media.ccc.de/browse/conferences/camp2011/cccamp11-4564
-r0ket-en.html>`__
+ `git <http://https://github.com/r0ket/r0ket>`__

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4777.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4777-en-r0ket_h264.mp4>

Termin:Chaotic-Congress-Cinema-28C3 Nr. 25

2012-04-11T17:46:44Z

Muelli: Created page with " {{Termin |date=2012/06/27 20:30:00 PM |enddate=2012/06/27 22:00:00 PM |title=Chaotic Congress Cinema Nr. 25 |visible=Yes }} Category:Chaotic-Congress-Cinema Wir schauen uns..."

{{Termin
|date=2012/06/27 20:30:00 PM
|enddate=2012/06/27 22:00:00 PM
|title=Chaotic Congress Cinema Nr. 25
|visible=Yes
}}
[[Category:Chaotic-Congress-Cinema]]

Wir schauen uns die Aufzeichnung von Congress-Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

Weitere Informationen unter [http://wiki.attraktor.org/index.php/Category:Chaotic-Congress-Cinema Chaotic Congress Cinema].

== Eating in the Anthropocene ==
Transgenic Fish, Mutagenic Grapefruits and Space Potatoes

Over the last few years hackers have begun to take a larger interest
in food, gastronomy and agriculture. For many in the community the
ability to create DIY molecular gastronomy hardware and recipes is an
obvious entry point. This talk extends some of these early
investigations beyond the kitchen and the chemical properties of food
by looking at specific cultivars, food technology organizations, and
connections between food systems, ecosystems and planetary change.

Part 1 of the talk explores some of the more bizarre and interesting
biotechnologies and genomes that make up the human food system on
planet earth, including Chinese Space Potatoes, Mutagenic Grapefruits
and Glowing Sushi.

Pat 2 of the talk presents ideas of food system redesign particularly
relevant to hackers and food explorers: utopian cuisines, resilient
biotechnologies and eaters as agents of selection.

In Part 3 we provide access to resources and propose interesting
projects for black hat food hackers, DIY BIO foodies, and prospective
food security researchers, such as mining the IAEA's database of
radiation breeding, eating things that weren't meant to be eaten and
defending agricultural biodiversity.

By introducing less known stories from the history of food and
technology, and providing access to resources we hope to get more
hackers curious about exploring, questioning and redesigning our human
food systems.

BIO: Zack Denfeld & Cathrine Kramer run the Center for Genomic
Gastronomy an independent research institute that studies the genomes
and biotechnologies that make up the human food systems on the planet.
They are currently in residence at Art Science Bangalore and a
curating a show on the future of food at the Science Gallery in Dublin
Ireland.

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4768.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4768-en-eating_in_the_anthropocene_h264.mp4>

== Don't scan, just ask ==
A new approach of identifying vulnerable web applications

For years, we tried to identify vulnerable systems in company networks
by getting all the companies netblocks / ip addresses and scanning
them for vulnerable services. Then with the growing importance of web
applications and of course search engines, a new way of identifying
vulnerable systems was introduced: "Google hacking".

However this approach of identifying and scanning companies ip
addresses as well as doing some Google hacking for the (known) URLs of
the company doesn't take all aspects into account and has some
limitations. At first we just check the systems which are obvious, the
ones that are in the companies netblocks, the IP addresses that were
provided by the company and the URLs that are known or can be resolved
using reverse DNS. However how about URLs and systems that aren't
obvious? Systems maybe even the company in focus forgot? Second, the
current techniques are pretty technical. They don't take the business
view into account at any point.

Therefore we developed a new technique as well as framework to
identify companies’ web pages based on a scored keyword list. In other
words: From zero to owning all of a company’s existing web pages, even
the pages not hosted by the company itself, with just a scored keyword
list as input.

Systems that are hosted by third parties, web pages that were just
released for a marketing campaign, maybe even by a third party
marketing company but within the name of the company we want to check?
Possibly not even the company does remember all the web applications
and domains that are running under his name. These
systems/applications won’t be detected using traditional techniques
and thus impose a potential security risk for the company. Second, the
current techniques are pretty technical. They don't take the business
view into account. That means, we try to identify certain applications
using technical information like version banner or the comapnies ip
addresses in order to identify his systems. But how about the other
way around, trying to identify applications and systems by using the
company’s business data (e.g. product names, company names, tax
identification numbers, contact persons, …) and then test the
identified systems and applications for vulnerabilities?

That is what we did. The idea is to build up a scored keyword list for
the company in focus. This list contains general keywords like the
company name, product names, more detailed keywords like an address
contained in imprints and very specific keywords like the companies
tax number. Every keyword in that list is then rated by human
intelligence. Which means specific keywords do have a higher scoring
than general keywords. In the next step a spider uses these keywords
to query search engines like bing, google, etc. for the keywords and
stores all the web sites URLs identified in a database with their
scoring. If a web site that already is in the database is found for
another keyword, just the score of that entry is increased. At the
end, we get a list of websites that contained one or more of the
keywords, along with a scoring for each web site. Then the URL is
taken and checked whether it contains one of the keywords (e.g.
company name). If this is the case, the scoring of the page is
increased again. Then for each entry the FQDN as well as the ip is
resolved and a whois query is executed. If that whois record does
contain the company name, the scoring is increased again. Furthermore
the country codes are used to remove results which are not in the
target country.

At the end of that process, we do have a list of URLs and FQDNs that
could be found using company specific key words. Furthermore that list
is scored. Since during that process you get (based on your keyword
list) hundred thousands of unique hits, you have to minimize that
list. Therefore we did some research on the results generated and
found a decent way to minimize the results to an amount that can be
checked manually by a human. Then those identified company web pages
are passed to a crawler that just extracts external links from those
pages, with the idea that correct company pages might link to other
company pages, and integrates them to the results list. Using these
technique in practice it is possible to identify a lot of web sites
hosted (even by third parties) for one company.

During the crawling process not just external links are extracted but
all forms, HTTP parameters as well as certain parts of the web content
are stored. Thus besides a list, we do have a "mirror" of the web page
as well as the forms and dynamic functions that pose an attack
surface.

The information collected can then be used as input to special
analysis modules. For some of our projects we integrated WAFP (Web
Application Finger Printer), SQLMap and other well known tools as well
as some other self written fuzzers and fingerprinters into that
process. This way the whole process, from identifying web pages
belonging to a certain company up to analyzing those for
vulnerabilities can be totally automated.

In other words: From zero to owning all of a company’s existing web
pages, even the pages not hosted by the company itself, with just a
scored keyword list as input.

During our talk we will present our idea as well as our approach of
identifying vulnerable web applications that belong to a certain
company, based on business data. Furthermore we will explain how our
framework is structured and how it does the searching as well as the
vulnerability assessment in an automated way. So everybody who is
interested will be able to implement his own version or adapt certain
ideas for his projects. Besides just telling you how it could work, we
will also present our framework that performs all of the steps
described above automatically in a demo.

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4770.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4770-en-dont_scan_just_ask_h264.mp4>

Termin:Chaotic-Congress-Cinema-28C3 Nr. 24

2012-04-11T17:46:38Z

Muelli: Created page with " {{Termin |date=2012/06/20 20:30:00 PM |enddate=2012/06/20 22:00:00 PM |title=Chaotic Congress Cinema Nr. 24 |visible=Yes }} Category:Chaotic-Congress-Cinema Wir schauen uns..."

{{Termin
|date=2012/06/20 20:30:00 PM
|enddate=2012/06/20 22:00:00 PM
|title=Chaotic Congress Cinema Nr. 24
|visible=Yes
}}
[[Category:Chaotic-Congress-Cinema]]

Wir schauen uns die Aufzeichnung von Congress-Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

Weitere Informationen unter [http://wiki.attraktor.org/index.php/Category:Chaotic-Congress-Cinema Chaotic Congress Cinema].

== 802.11 Packets in Packets ==
A Standard-Compliant Exploit of Layer 1

New to 2011, Packet-in-Packet exploits allow for injection of raw
radio frames into remote wireless networks. In these exploits, an
attacker crafts a string that when transmitted over the air creates
the symbols of a complete and valid radio packet. When radio
interference damages the beginning of the outer packet, the receiver
is tricked into seeing only the inner packet, allowing a frame to be
remotely injected. The attacker requires no radio, and injection
occurs without a software or hardware bug.

This lecture presents the first implementation of Packet-in-Packet
injection for 802.11B, allowing malicious PHY-Layer frames to be
remotely injected. The attack is standards-compliant and compatible
with all vendors and drivers.

Unlike the simpler implementations for 802.15.4 and 2FSK, 802.11B
presents a number of unique challenges to the PIP implementer. A
single packet can use up to three symbol sets and three data-rates,
switching rates once within the header and a second time for the
beginning of the body. Additionally, a 7-bit scrambler randomizes the
encoding of each packet, so the same string of text can be represented
128 different ways at the exact same rate and encoding.

This lecture presents the first implementation of Packet-in-Packet
injection for 802.11B, allowing malicious PHY-Layer frames to be
remotely injected. The attack is standards-compliant and compatible
with all vendors and drivers.

As a demo, we intend to present a malicious string which can be
embedded in any file with lots of slack space, such as an ISO image.
When this image is downloaded over HTTP on 802.11B, beacon frames will
be injected. For the demo, we will be injecting the SSID stack buffer
overflow frames from Uninformed Volume 6.

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4766.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4766-en-802_11_packets_in_packets_h264.mp4>

== Security Log Visualization with a Correlation Engine ==
What's inside your network?

This brief session focuses on the visualization of actual security
incidents, network forensics and counter surveillance of covert
criminal communications utilizing large data sets from various
security logs and a very brief introduction to correlation engine
logic. Visually displaying security or network issues can express the
risk or urgency in a way a set of dry logs or other methods might not
be able to. Additionally, many organizations rely on a more singular
approach and react to security events, many times from a high false
positive rate source such as isolated intrusion prevention or firewall
alerts, or relying only on anti-virus alerts. Utilizing a correlation
engine (especially open source) or similar applications could offer a
method of discovering or in some cases proactively detecting issues.
The research discussed involves analysis and interrogation of
firewall, intrusion detection and prevention systems, web proxy logs
and available security research. What does a compromised server
infected with spam malware look like or cyber warfare?

A 20 minute presentation of data visualization and investigation
scenarios of five actual issues discovered using various security logs
and a correlation engine. The lecturer will take you on a visual
journey from seemingly mundane entries in firewall logs through to
detecting covert communications between a corporate web server and a
cyber-criminal drop zone. Additional visualizations presented: a
United Kingdom based portion of the South Korean DNS Distributed
Denial of Service attacks of July/August 2008, what bypassing deep
packet inspection using HTTPS/SSL/TLS looks like, detecting a rouge
corporate email server, malicious DNS usage and more. Although the
presenter used a commercial correlation engine, the presentation will
conclude with the discussion of an open source correlation engine.

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4767.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4767-en-security_log_visualization_with_a_correlation_engine_h264.mp4>

Termin:Chaotic-Congress-Cinema-28C3 Nr. 23

2012-04-11T17:46:30Z

Muelli: Created page with " {{Termin |date=2012/06/13 20:00:00 PM |enddate=2012/06/13 22:00:00 PM |title=Chaotic Congress Cinema Nr. 23 |visible=Yes }} Category:Chaotic-Congress-Cinema Wir schauen uns..."

{{Termin
|date=2012/06/13 20:00:00 PM
|enddate=2012/06/13 22:00:00 PM
|title=Chaotic Congress Cinema Nr. 23
|visible=Yes
}}
[[Category:Chaotic-Congress-Cinema]]

Wir schauen uns die Aufzeichnung von Congress-Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

Weitere Informationen unter [http://wiki.attraktor.org/index.php/Category:Chaotic-Congress-Cinema Chaotic Congress Cinema].

== The Science of Insecurity ==

Why is the overwhelming majority of common networked software still
not secure, despite all effort to the contrary? Why is it almost
certain to get exploited so long as attackers can craft its inputs?
Why is it the case that no amount of effort seems to be enough to fix
software that must speak certain protocols?

The answer to these questions is that for many protocols and services
currently in use on the Internet, the problem of recognizing and
validating their "good", expected inputs from bad ones is either not
well-posed or is undecidable (i. e., no algorithm can exist to solve
it in the general case), which means that their implementations cannot
even be comprehensively tested, let alone automatically checked for
weaknesses or correctness. The designers' desire for more
functionality has made these protocols effectively unsecurable.

In this talk we'll draw a direct connection between this ubiquitous
insecurity and basic computer science concepts of Turing completeness
and theory of languages. We will show how well-meant protocol designs
are doomed to their implementations becoming clusters of 0-days, and
will show where to look for these 0-days. We will also discuss simple
principles of how to avoid designing such protocols.

In memory of Len Sassaman

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4763.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4763-en-the_science_of_insecurity_h264.mp4>

== Automatic Algorithm Invention with a GPU ==
Hell Yeah, it's rocket science

You write software. You test software. You know how to tell if the
software is working. Automate your software testing sufficiently and
you can let the computer do the writing for you! "Genetic
Programming", especially "Cartesian Genetic Programming" (CGP), is a
powerful tool for creating software and designing physical objects.
See how to do CGP as we invent image filters for the Part Time
Scientists' 3D cameras. Danger: Actual code will be shown!

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4764.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4764-en-automatic_algorithm_invention_with_a_gpu_h264.mp4>

Termin:Chaotic-Congress-Cinema-28C3 Nr. 22

2012-04-11T17:46:24Z

Muelli: Created page with " {{Termin |date=2012/06/06 20:30:00 PM |enddate=2012/06/06 22:00:00 PM |title=Chaotic Congress Cinema Nr. 22 |visible=Yes }} Category:Chaotic-Congress-Cinema Wir schauen uns..."

{{Termin
|date=2012/06/06 20:30:00 PM
|enddate=2012/06/06 22:00:00 PM
|title=Chaotic Congress Cinema Nr. 22
|visible=Yes
}}
[[Category:Chaotic-Congress-Cinema]]

Wir schauen uns die Aufzeichnung von Congress-Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

Weitere Informationen unter [http://wiki.attraktor.org/index.php/Category:Chaotic-Congress-Cinema Chaotic Congress Cinema].

== ChokePointProject - Quis custodiet ipsos custodes? ==
Aggregating and Visualizing (lack of) Transparancy Data in near-
realtime

The object of the lecture is to present and discuss the
chokepointproject. How it (will) attempt(s) to aggregate and visualize
near-realtime global internetwork data and augment this visualisation
with legislative, commercial(ownership) and circumvention information.

The goals of the project are as follows:

#. Provide a global early warning system against governmental or
commercial abuse of internetworking systems in regards to civil and
human rights.
#. Enforce transparency by aggregating commercial ownership
information.
#. Enforce transparency by aggregating legislative information,
including voting histories.
#. Enable lobbyist to influence legislators by providing reliable,
verifiable data.
#. Provide a public database with near real-time network monitoring
data for general use.
#. Provide up to date circumvention methodologies, their relative
legal status and their potential risks.

The chokepointproject currently consists of two elements :

#. A frontend and public database,
#. An intended globally distributed network monitoring data collection
system.

The frontend intends to provide an easily understandable visualisation
of aggregated and processed data-sources. The data-sources intend to
provide the following information:

#. A per country detailed description of: 1a. Network ownership (by IP
block and route) 1b. Legislative information such as Which relevant
laws are currently active. Who has voted for them (supposing voting
was a part of the process). Which relevant laws are currently under
review or being proposed. Who are proposing/drafting these laws. 1c.
What circumvention methods are currently available for specific
problems.
#. Near real-time network status vitalisations such as, but not
restricted to 2a. Connectivity of geographic clusters, > 2b.
Manipulation of connectivity such as: 2b.1. Traffic shaping, 2b.2.
Content filtering, 2b.3. Blackouts.< p>

The intended globally distributed network monitoring data collection
system would provide an independent and publicly available dataset. I
do not intend to discuss this in depth. The focus of this lecture is
supposed to be the front-end and the aggregation of already publicly
available data sources, and the supposed benefit to improving civil
rights everywhere and protecting them in those places where their
functional effectiveness is under threat.

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4760.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4760-en-chokepointproject_h264.mp4>

== New Ways I'm Going to Hack Your Web App ==

Writing secure code is hard. Even when people do it basically right
there are sometimes edge cases that can be exploited. Most the time
writing code that works isn’t even the hard part, it’s keeping up with
the changing attack techniques while still keeping an eye on all the
old issues that can come back to bite you, straddling the ancient
world of the 90’s RFCs and 2010’s HTML5 compatible browsers. A lot
like how Indiana Jones bridges the ancient and the modern... Except
for Indiana Jones 4. Let’s never talk about that again. Ever. Take
Facebook, Office 365, Wordpress, Exchange, and Live. These are
applications that had decent mitigations to standard threats, but they
all had edge cases. Using a mix of old and new ingredients, we’ll
provide a sampler plate of clickjacking protection bypasses, CSRF
mitigation bypasses, "non-exploitable" XSS attacks that are suddenly
exploitable and XML attacks where you can actually get a shell; and
we'll talk about how to defend against these attacks.

The best description is probably via the slides linked below. We've
put a lot of effort into these, and they have video clips making the
slide deck pretty big (why we're linking to it and not attaching it).

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4761.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4761-en-new_ways_im_going_to_hack_your_web_app_h264.mp4>

Termin:Chaotic-Congress-Cinema-28C3 Nr. 21

2012-04-11T17:46:17Z

Muelli: Created page with " {{Termin |date=2012/05/30 20:30:00 PM |enddate=2012/05/30 22:00:00 PM |title=Chaotic Congress Cinema Nr. 21 |visible=Yes }} Category:Chaotic-Congress-Cinema Wir schauen uns..."

{{Termin
|date=2012/05/30 20:30:00 PM
|enddate=2012/05/30 22:00:00 PM
|title=Chaotic Congress Cinema Nr. 21
|visible=Yes
}}
[[Category:Chaotic-Congress-Cinema]]

Wir schauen uns die Aufzeichnung von Congress-Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

Weitere Informationen unter [http://wiki.attraktor.org/index.php/Category:Chaotic-Congress-Cinema Chaotic Congress Cinema].

== Ein Mittelsmannangriff auf ein digitales Signiergert ==
Bachelorarbeit Informatik Uni Kiel SS 2011

In dieser Arbeit wird gezeigt, wie unter Ausnutzung einer
ungesicherten Verbindung zwischen einer sicheren
Signaturerstellungseinheit und einem Anwender-PC eine qualifizierte
elektronische Signatur gefälscht werden kann.

In der zum Vortrag gehörenden Bachelorarbeit habe habe ich ein
Signaturset der Deutschen Post bestehend aus Chipkartenterminal,
Chipkarte und Anwendungssoftware analysiert - und angegriffen. Dazu
wurde ein Gerät gebaut, dass sich in die USB-Leitung einschleifen
lässt und sich dort so lange transparent verhält, wie ein Angreifer
keine Daten signieren will. Der Angreifer kann per Funk auf das
eingeschleuste Gerät zugreifen, Daten zum Signieren ablegen und
signierte Daten abholen. Das ganze nutzt eine ungesicherte USB-
Verbindung zwischen Anwender-PC und Chipkartenterminal. Da der
Signaturprozess mit einer PIN-Eingabe gesichert ist, muss dem
Angreifer bei Verwendung der einfachsten Karte der Post leider einmal
eine Fehlermeldung angezeigt werden, um ihn dazu zu bewegen, die PIN
erneut einzugeben. Wie genau das ganze umgesetzt ist erfahrt ihr hier.

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4758.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4758-de-ein_mittelsmannangriff_auf_ein_digitales_signiergeraet_h264.mp4>

== Open source music: Tracking 2.0 ==

Tracking is so 1990s. Nowadays MP3 and other similar formats are
overwhelmingly more popular. But is this really a step forward? A
(very) brief history of computer music, where we are at now, and why I
think people are headed in the wrong direction. And what we can do
about it.

Distributing music as recordings is terribly limiting to hackers and
tinkerers. Music as *source code* makes dissection, modification and
reuse easier. I will introduce a prototype next-generation tracker for
the web, with the ultimate aim of being a way to not just create but
also distribute music, and to collaborate on music creation: Github
for music, if you will.

As a music creation tool, trackers have been displaced in popularity
because they are:

+ Balky (arcane command+parameter syntax, steep learning curve, have
slowly grown by accretion without regard to comprehensibility)
+ Underpowered (many useful DSP effects are unavailable)

As a music distribution tool, tracked formats have been displaced in
popularity because they are:

+ Not ubiquitous (people may not have playback software)
+ Underspecified (hence behaviour differs across implementations)

I believe all of these problems are soluble, and I'm going to talk
about how. "modplayjs" (a working title which may well change by
December) is a tracker written in javascript. While capable of playing
existing module formats, it is primarily a playground for
experimenting with shedding two decades of accumulated baggage, and is
currently under heavy development.
== Links ==

+ `current bleeding-edge demo
<http://sphere.chronosempire.org.uk/~HEx/modplayjs/>`__
+ `source repository <https://gitorious.org/html5toys/modplayjs>`__
+ `slides <http://sphere.chronosempire.org.uk/~HEx/28c3/>`__
+ `fooble home page <http://fooble.org>`__
+ `http:// <http://>`__

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4759.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4759-en-open_source_music_tracking_2_0_h264.mp4>

Termin:Chaotic-Congress-Cinema-28C3 Nr. 20

2012-04-11T17:46:10Z

Muelli: Created page with " {{Termin |date=2012/05/23 20:00:00 PM |enddate=2012/05/23 22:00:00 PM |title=Chaotic Congress Cinema Nr. 20 |visible=Yes }} Category:Chaotic-Congress-Cinema Wir schauen uns..."

{{Termin
|date=2012/05/23 20:00:00 PM
|enddate=2012/05/23 22:00:00 PM
|title=Chaotic Congress Cinema Nr. 20
|visible=Yes
}}
[[Category:Chaotic-Congress-Cinema]]

Wir schauen uns die Aufzeichnung von Congress-Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

Weitere Informationen unter [http://wiki.attraktor.org/index.php/Category:Chaotic-Congress-Cinema Chaotic Congress Cinema].

== Counterlobbying EU institutions ==
How to attempt to counter the influence of industry lobbyists and
political forces aiming towards increasing control over the Internet

Return of experience about opposing #censorship #ACTA #censilia
#copywrong and promoting #openness and #netneutrality to the EU
institutions.

Strategic and tactical perspectives by two old and tired activists.

The talk will be about how European citizens can empower themselves to
change the course of Internet Policy Making

Using recent political discussions as an example, Jérémie and
Christian will try to explain how to involve yourself with hacking the
democratic process on a European level.

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4755.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4755-en-counterlobbying_eu_institutions_h264.mp4>

== Quantified-Self and OpenBCI Neurofeedback Mind-Hacking ==
Transhumanism, Self-Optimization and Neurofeedback for post-modern
hackers

Hacking Mind and Body – self knowledge through numbers and mental
reprogramming

Since ancient times humans were trying to improve themselves. Today we
have open-source computer technology that helps us.

Can we use Neurofeedback to increase your intelligence? How do we go
about answering the question? Trust the experts... Outsource
responsibility?! Maybe not: We create beliefs ourselves without
relying on authorities. We gather empiric evidence about changes of
our intelligence.

In this talk we will speak about our own experience on going that way.
We will also speak about the results of other people in the growing
Quantified Self movement.

As hackers we look beyond the obvious and directly apparent, behind
the curtain of the rabbit hole we find power to change reality. Let's
turn the hacking mindset onto ourselves or shall we say our "Optimized
Self". Get an overview of the latest trends in "Quantified Self" Self-
Optimization, and mental techniques to level-up the projection of your
digital self in the matrix.

Using automated modern computer systems and electronic sensors, we can
track the functions and changes of our mind and body and look into the
"Mirror of the Digital Self". Analyzing, and finally optimizing, the
patterns we find, a new and optimized self can be envisioned, and
gradually metamorphed into, using scientific method and data mining
statistics.
== > <p>Join us in this talk about:< ==p>
> IQ measurement and lung self-tracking (Christian Kleineidam)

> open-source Bio-Feedback (MeTaVoLuti0N)> Neurofeedback MindHacking
(MeTaVoLuti0N)

Record work, sleep, exercise, diet, mood, mind, iq, brainwave states
and changes, and find out when and how you can function best and
achieve your goals in post-modern times.

in the second part of the talk MetaMind Evolution will give an
overview about the OpenBCI open source brain/body/bio computer-
interface project, and after the event will help with your Brain-
Computer-Interface project, during workshops in the evening in the
HardwareHackingArea.
== > <p>Event image is based on GNU and OpenEEG GPL images, and under
CC BY-NC-SA 3.0 license.< ==p>
* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4756.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4756-en-quantified_self_and_neurofeedback_mind_hacking_h264.mp4>

Termin:Chaotic-Congress-Cinema-28C3 Nr. 19

2012-04-11T17:46:03Z

Muelli: Created page with " {{Termin |date=2012/05/16 20:00:00 PM |enddate=2012/05/16 22:00:00 PM |title=Chaotic Congress Cinema Nr. 19 |visible=Yes }} Category:Chaotic-Congress-Cinema Wir schauen uns..."

{{Termin
|date=2012/05/16 20:00:00 PM
|enddate=2012/05/16 22:00:00 PM
|title=Chaotic Congress Cinema Nr. 19
|visible=Yes
}}
[[Category:Chaotic-Congress-Cinema]]

Wir schauen uns die Aufzeichnung von Congress-Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

Weitere Informationen unter [http://wiki.attraktor.org/index.php/Category:Chaotic-Congress-Cinema Chaotic Congress Cinema].

== The movements against state-controlled Internet in Turkey ==
A short account of its history and future challenges

We are members of Alternatif Bilişim Derneği (Alternative Informatics
Association)**, one of many organizations that oppose the ongoing
efforts for state-controlled Internet in Turkey. We see that the
problems with media control in Turkey and in Europe are increasingly
becoming part of a global problem. The governments are working on
their own view of a 'secure' Internet, and we have to articulate and
suggest an alternative.

In our talk we want to give an account of our anti-censorship movement
and the challenges we face in Turkey. We will first provide an
overview of the political events; sanctions, censorship regulations
and attempts of resistance in the country. Then, we will point out the
main problems we face in making use of laws and technology against
state control. We would also like to use our presentation as an
opportunity to meet people at the CCC with similar affinities and to
learn from their experience. We see a great need to create global
networks and communities to articulate an alternative message; the
Internet as the peoples’ media.

Ali Rıza Keleş* arkeles@alternatifbilisim.org

Ayşe Kaymak aysakaymak@gmail.com

Işık Barış Fidaner fidaner@gmail.com

Seda Gürses sguerses@esat.kuleuven.be

We are members of Alternatif Bilişim Derneği (Alternative Informatics
Association)**, one of many organizations that oppose the ongoing
efforts for state-controlled Internet in Turkey. We see that the
problems with media control in Turkey and in Europe are increasingly
becoming part of a global problem. The governments are working on
their own view of a 'secure' Internet, and we have to articulate and
suggest an alternative.

In our talk we want to give an account of our anti-censorship movement
and the challenges we face in Turkey. We will first provide an
overview of the political events; sanctions, censorship regulations
and attempts of resistance in the country. Then, we will point out the
main problems we face in making use of laws and technology against
state control. We would also like to use our presentation as an
opportunity to meet people at the CCC with similar affinities and to
learn from their experience. We see a great need to create global
networks and communities to articulate an alternative message; the
Internet as the peoples’ media.

A short history

Despite its growing economy, democracy and fundamental rights have
always been disputed in Turkey, where the shadow of the 1980 coup and
still unresolved Kurdish problem is strongly felt, with the state
persistently denying Kurdish citizens’ rights and repressing real
political opposition to canalize the people’s consent to the
authorized ‘official’ parties in the parliament. The coup in 1980 was
mainly used to implement liberal policies, and this process is near
completion: most state enterprises have been privatized in the last
decade, including Türk Telekom, the phone company and the single ISP
that owns the ADSL infrastructure in Turkey. In the same decade, the
Internet use became widespread. Yet, the increasing popularity of the
Internet has been accompanied by attempts to control it through
criminal sanctions.

Until 2007, tens of thousands of websites had been blocked by courts
as ‘precaution’, including sites like Wordpress and YouTube. After the
Law 5651 in 2007, even more websites were censored directly by
government administration. As a response to this law, Sansüre Karşı
Platform (Platform Against Censorship) was organized. In the first
anti-censorship rally in 17 July 2010, nearly 3000 people
participated, including Internet youth, political parties, trade
unions, etc.

Not long after the events in Tunisia and Egypt; the state institution
for telecommunication, Bilgi Teknolojileri ve İletişim Kurumu (BTK)
made a decision to force ISPs to provide unpaid Internet filters under
the headings 'children', 'family' etc. This move created an enormous
reaction, the culmination of which led to a nationwide Internet
freedom rally in 15 May 2011 that took place in tens of cities. Alone
in Istanbul 60 thousand people marched against the imposed censorship
measures. What followed was a smearing campaign by controlled media
(including state TV) against the protesters, and a pseudo-governance
meeting with NGOs by BTK. After the general elections in June, the war
with PKK escalated, suppressing the BTK decision out of media
attention. Currently, DNS or IP blocking is used mostly for 'obscene'
and in some cases for political websites.

National security has always functioned as an excuse for the Turkish
state to introduce exceptions to a rule or to make the exception the
rule itself. An example is 'Ulusal Kripto Yönetmeliği' (National
Crypto By-law) that was put in order in 2010. This by-law necessitates
‘official authorization’ for any encrypted communication by any
citizen, and also requires the citizens to give away their encryption
mechanisms and private keys to BTK for ‘storage’.

In conclusion, we have reasons to believe that the government is
currently developing infrastructure to utilize methods like deep
packet inspection (DPI) as weapons in a 'cyberwar', possibly against
its own people. These methods will include monitoring and labeling of
Internet users as well as blocking communication. We made use of our
'right to information' to inquire about the plans for employing DPI,
but were ‘informed’ that this is 'beyond the limits our right to
information'.

Problems in using laws & technology against state control

The greatest problems with respect to guaranteeing fundamental rights
in technology deployment and use currently are with how laws are made
and how they are enforced. The lawmaking process is exclusionist, only
including a few NGOs that can better be called QUANGOs (quasi-
autonomous non-governmental organizations). There are several
political parties and trade unions, but even their peaceful protests
are occasionally declared ‘unauthorized’ and considered illegal.
People in general do not trust the judiciary system, but are simply
unorganized and do not believe in their power. The regime bases its
legitimacy on ideology and not on lawful justice.

Türk Telekom (TT), privatized in 2005, monopolizes the ADSL
infrastructure, making Internet services expensive and prone to state
control. In 2007, a workers' strike in TT had triggered debates on
this monopoly being protected by the government. The company also acts
as a service provider in several domains, creating questions about net
neutrality.

Another problem is with the limitation of how people can relate to
technology. Computers, cellphones and other gadgets are aggressively
marketed and widely used throughout the country, but the marketed
forms of use mostly remain superficial, e.g., these gadgets are
depicted as entertainment or as status symbols. We argue that the
hegemony of these consumerist cultural connotations do hamper diverse
uses of these products for a variety of motivations.

A small community of Linux promoters have emerged around universities.
These groups could promote alternative approaches to technology.
However, under the usual political fears, they only articulate their
positions professionally. Their statements usually target Microsoft or
other big proprietary software companies. This position is compatible
with the officially accepted national pride and national security
positions in Turkey, and hence is limited to politics of technology
only (see Pardus project).

Leftist and Kurdish political organizations are in a position to
benefit most from digital communication technologies. However, they
still lack the capacity and enthusiasm to use it effectively.
Alternative political media initiatives online exist, but they are
mostly limited to standard uses and their technical quality reflect
the lack of developers in the political community.

In Turkey, engineering education is praised and supported by families.
Families make up for the lack of a financially strong social system.
The society in general also praises technical knowledge. However, a
strong barrier separates the 'educated people' who are supposed to
know it, from 'regular people' who are only supposed to consume it.
Under economic pressure and feeling indebted to their families, most
white collar workers dedicate themselves to their work in private
companies. There is some space in some universities for shared work
and creativity, but such spaces are getting smaller as most
universities are being turned into technical schools.

+ Ali Rıza Keleş, Işık Barış Fidaner are software developers, Ayşe
Kaymak is a lawyer from Istanbul. Seda Gürses is an Internet
researcher from Brussels.

** Alternatif Bilişim is a social network that includes users,
developers and researchers of digital technologies, studying and
practicing alternative uses of technology. Ultimately, our objective
is to diminish the alienation of people to technical knowledge.

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4753.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4753-en-the_movement_against_state_controlled_internet_in_turkey_h264.mp4>

== Smart Hacking For Privacy ==

Advanced metering devices (aka smart meters) are nowadays being
installed throughout electric networks in Germany, in other parts of
Europe and in the United States. Due to a recent amendment especially
in Germany they become more and more popular and are obligatory for
new and refurbished buildings.

Unfortunately, smart meters are able to become surveillance devices
that monitor the behavior of the customers leading to unprecedented
invasions of consumer privacy. High-resolution energy consumption data
is transmitted to the utility company in principle allowing intrusive
identification and monitoring of equipment within consumers' homes (e.
g., TV set, refrigerator, toaster, and oven) as was already shown in
different reports.

This talk is about the Discovergy / EasyMeter smart meter used for
electricity metering in private homes in Germany. During our analysis
we found several security bugs that range from problems with the
certificate management of the website to missing security features for
the metering data in transit. For example (un)fortunately the metering
data is unsigned and unencrypted, although otherwise stated explicitly
on the manufacturer's homepage. It has to be pointed out that all
tests were performed on a sealed, fully functionally device.

In our presentation we will mainly focus on two aspects which we
revealed during our analysis: first the privacy issues resulting in
even allowing to identify the TV program out of the metering data and
second the "problem" that one can easily alter data transmitted even
for a third party and thereby potentially fake the amount of consumed
power being billed.

In the first part of the talk we show that the analysis of the
household’s electricity usage profile can reveal what channel the TV
set in the household is displaying. We will also give some test-based
assessments whether it is possible to scan for copyright-protected
material in the data collected by the smart meter.

In the second part we focus on the data being transmitted by the smart
meter via the Internet. We show to what extent the consumption data
can be altered and transmitted to the server and visualize this by
transmitting some kind of picture data to Discovergy’s consumption
data server in a way that the picture content will become visible in
the electricity profile. Moreover, we show what happens if the faked
power consumption data reflects unrealistic extreme high or negative
power consumptions and how that might influence the database and
service robustness.

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4754.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4754-en-smart_hacking_for_privacy_h264.mp4>

Termin:Chaotic-Congress-Cinema-28C3 Nr. 18

2012-04-11T17:45:56Z

Muelli: Created page with " {{Termin |date=2012/05/09 20:00:00 PM |enddate=2012/05/09 22:00:00 PM |title=Chaotic Congress Cinema Nr. 18 |visible=Yes }} Category:Chaotic-Congress-Cinema Wir schauen uns..."

{{Termin
|date=2012/05/09 20:00:00 PM
|enddate=2012/05/09 22:00:00 PM
|title=Chaotic Congress Cinema Nr. 18
|visible=Yes
}}
[[Category:Chaotic-Congress-Cinema]]

Wir schauen uns die Aufzeichnung von Congress-Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

Weitere Informationen unter [http://wiki.attraktor.org/index.php/Category:Chaotic-Congress-Cinema Chaotic Congress Cinema].

== The best of The oXcars ==
the greatest free/Libre culture show of all times

The Best of the oXcars!

OXcars is fun. oXcars is empowering the people.

Presentation and screening of the best of the oXcars 2011, 2010, 2009,
2008.

Because their business is not our business. Every year, in Barcelona
1500 people gather for the biggest free/libre culture Show of all
times ;-). Artists and performers from all areas of Spanish and
international culture take part in a "Gala";-) in which artists say
"Not in my name" to the commercialisation of culture, "Not in my name"
to limiting the potential of digital media and to criminalization of
the Internet. Civil society demands the 'lost profits' of all the
knowledge that is being withheld and stolen from public use in the
name of private profits.

http://oxcars11.whois--x.net/en/ http://oxcars10.whois--x.net/en/
http://oxcars09.whois--x.net/en/ http://whois--
x.net/proyectos/oxcars-08

X.net (since 2008) - http://whois--x.net/ X.net (previously Exgae)
aims to provide citizens with creative and legal skills that they can
use to put an end to the monopoly and activities of the cultural
industries groups and their private goals. X.net fights alongside the
great majority of society for the growth of new forms of circulation
of culture. It's the first Spanish legal advisory service specialised
in protecting citizens from the abuses of cultural industries lobbies
and royalty management and collecting societies. X.net developments
and drafts proposals for intervention on legislation, organises
cultural events that aim to “normalise” free culture production and
diffusion practices and make them known to the general public; creates
viral campaigns and lobby groups from the civil society like the
FCForum (http://fcforum.net).

One of X.net’s public activities is the annual oXcars event, the
world’s biggest free culture show ;-). The oXcars is a showcase for
artists and creators who have pioneered the changes in knowledge and
cultural production thanks to the potential of new technologies, and
seeks to defend society’s right to use them. The oXcars are also a way
to make the free culture movement mainstream, a bridge between free
culture works and artists and the general public. The oXcars inform,
make free culture visible and magnify it, and thus empower citizens.

Each number that is presented in the show it is an excuse to explain a
topic: the right to quote, the right to share, net neutrality, P2P
networks, online free art, free beer :-) etc etc. We have prepared a
screening session to show you this amusing Show.

http://oxcars11.whois--x.net/en/ http://oxcars10.whois--x.net/en/
http://oxcars09.whois--x.net/en/ http://whois--
x.net/proyectos/oxcars-08 http://whois--x.net/english/the-
oxcars/oxcars08
== Links ==

+ `http://whois--x.net/ <http://whois--x.net/>`__
+ `http://oxcars11.whois--x.net/en/ <http://oxcars11.whois--
x.net/en/>`__
+ `http://oxcars10.whois--x.net/en/ <http://oxcars10.whois--
x.net/en/>`__
+ `http://oxcars09.whois--x.net/en/ <http://oxcars09.whois--
x.net/en/>`__
+ `http://whois--x.net/proyectos/oxcars-08 <http://whois--
x.net/proyectos/oxcars-08>`__
+ `http://fcforum.net <http://fcforum.net>`__
+ `http://2011.fcforum.net <http://2011.fcforum.net>`__

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4748.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4748-en-the_best_of_the_oxcars_h264.mp4>

== Does Hacktivism Matter? ==
How the Btx hack changed computer law-making in Germany

Do you remember those days when hackers were “real men?” When hacking
was not yet a crime and the cyberspace an undiscovered land? Just
before anti-hacking laws were introduced in Germany? Back in these
days, the famous founding father of the CCC made the Bundespost
(Germany's Federal Mail Service) meet its Waterloo, when they hacked
Bildschirmtext (Btx)—the epitome of both technological utopias and
dystopias at that time. But soon, hackers suffered a setback: new laws
criminalized hacking in the name of fighting white-collar crimes.
Simultaneously to the laws, things were getting rougher in the media
and the public opinion. While being seen as a weird vanguard of
technology before, hackers soon became pranksters and outlaws.
Apparently hacktivism, the portmanteau word for hacking activism, had
failed to shape the policies in the dawning information society.
However, there are evidences that hacktivism had an impact on the new
computer crime legislation—not in terms of having more, but less
restrictions implemented in the law.

In my talk, I take a historian's point of view. First, I will show in
which atmosphere of anxiety and excitement information technology
evolved in Germany in the early 1980s. Then, I will give a very short
description of the Btx hack, which is usually neglected in historical
science. After giving this background, I will reconstruct the debates
of white-collar crime law-making in context of the “2. WiKG” (Zweites
Wirtschaftskriminalitätsbekämpfungsgesetz) in 1984-86. I will show,
how different stakeholders demanded a strict law that penalized
virtually every aspect of hacking while the politicians—even those
from the conservative party—honored the guys who unveiled security
flaws in Btx. This had led to the invention of “good” and “bad”
hackers in juridical discourses. This distinction has been maintained
in law journals, but likewise neglected in most court decisions. My
talk will conclude by arguing that hacktivism matters in shaping
policies by indirectly changing mind-sets, even if it fails to win
every single battle. So, the impact of hacktivism is not part of a
rational debate, but of a more complex strategic situation in which
rational arguments only play a minor role.

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4749.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4749-en-does_hacktivism_matter_h264.mp4>

Termin:Chaotic-Congress-Cinema-28C3 Nr. 17

2012-04-11T17:44:24Z

Muelli: Created page with " {{Termin |date=2012/05/02 20:00:00 PM |enddate=2012/05/02 22:00:00 PM |title=Chaotic Congress Cinema Nr. 17 |visible=Yes }} Category:Chaotic-Congress-Cinema Wir schauen uns..."

{{Termin
|date=2012/05/02 20:00:00 PM
|enddate=2012/05/02 22:00:00 PM
|title=Chaotic Congress Cinema Nr. 17
|visible=Yes
}}
[[Category:Chaotic-Congress-Cinema]]

Wir schauen uns die Aufzeichnung von Congress-Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

Weitere Informationen unter [http://wiki.attraktor.org/index.php/Category:Chaotic-Congress-Cinema Chaotic Congress Cinema].

== From Press Freedom to the Freedom of information ==
Why every citizen should be concerned

This talk is about:

+ Information freedom and the issues for the citizens
+ RWB ressources: a “human network”
+ RWB needs: Get involved!

** Freedom of information and citizen issues

+ Why defend media freedom, journalists and bloggers? Because without
a free press, no cause can make its voice heard, no human rights
violation can be reported.

Specific examples of information vital to the public (links below): -
the tainted baby formula scandal in China exposed by the netizen Zhao
Lianhai, who was arrested as a result - Organized crime denounced by
netizens, some of whom have been killed. Rascatripas, the moderator of
the Nuevo Laredo en Vivo website, murdered on 9 November 2011 - RWB
sees how the media and methods of spreading news and information are
evolving, and is adapting to the changes - RWB helps all kinds of
“information producers” including professional journalists and
bloggers and takes positions on the problems specific to new media
WikiLeaks hounded - Capacity building and e-advocacy: RWB provides
bloggers, cyber-dissidents and journalists with the means to continue
reporting and circulating information. Provision of censorship
circumvention tools (including VPN) and online security training,
circulation of viral campaigns, awareness campaigns, information about
online risks.

** RWB’s resources: a “human network”

+ A human network: 150 correspondents worldwide + informal contacts
+ Strong lobbying capacity (European Parliament and Washington)
+ A legal committee
+ Handbook for Bloggers and Handbook for Journalists during Elections
+ Training (in Thailand, in Paris in February, in China and elsewhere
in the future)
+ Virtual Shelter project: Creation of electronic safe and website for
hosting censored content

** RWB’s needs: Get involved!

+ Need for people whose technical skills can help us to evaluate a
country’s Internet, by carrying out tests to determine the filters
used, the presence of Deep Packet Inspection and so on.
+ Need for technicians who can tell us about the safety of the various
communications methods used. Which governments monitor Skype, IRC,
BBM, and Google Talk? Which email service or VoIP to use?
+ Need for the help of experts in viral marketing, search engine
marketing and information monitoring.
+ Need for contacts in companies that cooperate with Internet
censorship (or former employees)
+ Need for the help of jurists in different countries to analyze the
growing number of laws that regulate the Internet

== Links ==

+ `Tainted baby formula scandal in China <http://en.rsf.org/china-
authorities-refuse-to-register-26-10-2010,38663.html>`__
+ `Rascatripas, the moderator of the Nuevo Laredo en Vivo website,
murdered on 9 November 2011 <http://en.rsf.org/mexique-fourth-netizen-
murdered-in-two-14-11-2011,41385.html>`__
+ `RWB helps bloggers in Egypt <http://en.rsf.org/egypt-jailed-
blogger-resumes-hunger-17-09-2011,41015.html>`__
+ `Problems specific to new media WikiLeaks hounded <http://en.rsf.org
/wikileaks-hounded-04-12-2010,38958.html>`__

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4742.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4742-en-from_press_freedom_to_the_freedom_of_information_h264.mp4>

== Bitcoin - An Analysis ==

Bitcoin is the first distributed, digital currency. It received a lot
of attention recently as it questions the state monopoly to issue
legal tender. It relies on distributed proof-of-work concepts to
ensure money-like characteristics.

The existence and potential widespread use of such a distributed, non-
centralized, non-regulated currency questions the ability of
governments to control money supply, issue debt, and tax its populace.

Transactions in bitcoin form a publicly accessible network of economic
relations, which can be extracted from the transaction history
available to all users in the P2P-network of bitcoin.

Using re-identification algorithms it is possible to attack the
proposed anonymity of users. While this is already an interesting
security issue, the insight into a real-world economic experiment
allows for the first time the empirical test of community structures
in such social networks, which is definitely more substantial than the
"I-like"-network in facebook and the like.

In this presentation, we show results on network analysis of the money
flow, the behavior of individuals, and the overall scalability of P2P-
currencies. At the same time we will discuss advanced "financial
instruments" that one might find in the transactions.

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4746.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4746-en-bitcoin_an_analysis_h264.mp4>

Termin:Chaotic-Congress-Cinema-28C3 Nr. 16

2012-04-11T17:43:48Z

Muelli:

{{Termin
|date=2012/04/25 01:00:00 AM
|enddate=2012/04/25 01:00:00 AM
|title=Chaotic Congress Cinema Nr. 16
|visible=Yes
}}
[[Category:Chaotic-Congress-Cinema]]

Wir schauen uns die Aufzeichnung von Congress-Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

Weitere Informationen unter [http://wiki.attraktor.org/index.php/Category:Chaotic-Congress-Cinema Chaotic Congress Cinema].

== Frag den Staat ==
Praktische Informationsfreiheit

FragDenStaat.de startete am 1. August 2011 als Plattform zum Stellen
von Anfragen nach dem Informationsfreiheitsgesetz und veröffentlicht
dort die Korrespondenz mit den Behörden nach dem Vorbild von
whatdotheyknow.com and befreite-dokumente.de. Der Vortrag wird die
Plattform vorstellen, zeigen wie die Seite Antragssteller bei ihrem
Recht auf Akteneinsicht unterstützt und die interessantesten Vorfälle
genauer beleuchten.

FragDenStaat.de ging als Projekt der Open Knowledge Foundation
Deutschland mit Unterstützung von u.a. Transparency International,
Mehr Demokratie und der Access Info am 1. August 2011 online. Ein
halbes Jahr später gibt es viel veröffentlichte Korrespondenz mit
Behörden zu begutachten, die einige spannende Geschichten enthalten
und interessante Fragen aufwerfen. Hat man Recht auf Akteneinsicht in
die Gutachten des Wissenschaftlichen Dienstes des Bundestags? Sind
Datenshops mit dem IFG vereinbar? Und wie muss man das
Informationsfreiheitsgesetz verbessern, damit es auch in Zeiten von
Open Data funktioniert? Im Vortrag möchte ich unter anderem auf diese
Fragen eingehen, Statistiken der Plattform präsentieren (welche
Behörde antwortet am schnellsten etc.), erklären welche Mittel und
Wege es gibt, um Informationen von staatlicher Stelle zu erlangen und
dazu aufrufen, diese Mittel auch aktiv zu nutzen.

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4740.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4740-de-frag_den_staat_h264.mp4>

== Resilience Towards Leaking or Why Julian Assange Might Be Wrong
After All ==

In his now (in)famous pamphlet "Conspiracy as Governance" Julian
Assange (JA) argues about the need for leaking as an efficient way to
destroy "unjust" groups as the neo-feudalistic ones - luring the
conspiracy theory leaning hacker community into his belief system.
Eventually, JA used a biologistic argument on the benefits and
drawbacks that uncontrolled leaking might pose for "just" and "unjust"
systems, arriving at the conclusion that "unjust" systems are hurt
more and thus will be less viable, essentially being destroyed by more
"just" systems. While an innovative proposal, the underlying
assumptions on complexity, network theory, and especially the
evolutionary perspectives were never critically assessed. Some blogs
and media raised questions on details and potential threats to
innocent bystanders. Still, fundamental problems with the philosophy
were never addressed.

This paper argues against the general validity of such theories. In
particular, we will refute some of the biologistic arguments.
Theoretical biology has long ago pointed out the hidden complexity in
evolutionary processes and as such the envisioned "leaking revolution"
might be a limited artifact: there might even arise situations where
the leaking envisioned and encouraged by Wikileaks and the like can
actually strengthen some "conspiracies".

In this paper I will describe some research questions, that should be
answered before given the “leaking philosophy” an unconditioned
“thumbs-up”. Empirically, for example, a potential strengthening is
illustrated by the rise of a 'neo-feudalistic economy', which is
linked closely to the paradigm of "intellectual property" as it is to
the security-financial-political complex. The players have effectively
created a closed network or a "conspiracy" and might be resilient
towards Wikileaks-like attacks. The paper concludes with an
alternative to that proposal; in particular, a way to deal with the
'conspiracy' that might be coined the rise of the neo-feudalistic
society (which in itself is a self-sustainable, self-amplifying
feedback loop, not necessarily a conscious conspiracy).

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4741.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4741-en-neo_feudalism_or_why_julian_assange_might_be_wrong_after_all_h264.mp4>

Termin:Chaotic-Congress-Cinema-28C3 Nr. 16

2012-04-11T17:27:08Z

Muelli: Created page with " {{Termin |date=2012/04/18 20:30:00 PM |enddate=2012/04/18 22:00:00 PM |title=Chaotic Congress Cinema Nr. 16 |visible=Yes }} Category:Chaotic-Congress-Cinema Wir schauen uns..."

{{Termin
|date=2012/04/18 20:30:00 PM
|enddate=2012/04/18 22:00:00 PM
|title=Chaotic Congress Cinema Nr. 16
|visible=Yes
}}
[[Category:Chaotic-Congress-Cinema]]

Wir schauen uns die Aufzeichnung von Congress-Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

Weitere Informationen unter [http://wiki.attraktor.org/index.php/Category:Chaotic-Congress-Cinema Chaotic Congress Cinema].

== Frag den Staat ==
Praktische Informationsfreiheit

FragDenStaat.de startete am 1. August 2011 als Plattform zum Stellen
von Anfragen nach dem Informationsfreiheitsgesetz und veröffentlicht
dort die Korrespondenz mit den Behörden nach dem Vorbild von
whatdotheyknow.com and befreite-dokumente.de. Der Vortrag wird die
Plattform vorstellen, zeigen wie die Seite Antragssteller bei ihrem
Recht auf Akteneinsicht unterstützt und die interessantesten Vorfälle
genauer beleuchten.

FragDenStaat.de ging als Projekt der Open Knowledge Foundation
Deutschland mit Unterstützung von u.a. Transparency International,
Mehr Demokratie und der Access Info am 1. August 2011 online. Ein
halbes Jahr später gibt es viel veröffentlichte Korrespondenz mit
Behörden zu begutachten, die einige spannende Geschichten enthalten
und interessante Fragen aufwerfen. Hat man Recht auf Akteneinsicht in
die Gutachten des Wissenschaftlichen Dienstes des Bundestags? Sind
Datenshops mit dem IFG vereinbar? Und wie muss man das
Informationsfreiheitsgesetz verbessern, damit es auch in Zeiten von
Open Data funktioniert? Im Vortrag möchte ich unter anderem auf diese
Fragen eingehen, Statistiken der Plattform präsentieren (welche
Behörde antwortet am schnellsten etc.), erklären welche Mittel und
Wege es gibt, um Informationen von staatlicher Stelle zu erlangen und
dazu aufrufen, diese Mittel auch aktiv zu nutzen.

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4740.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4740-de-frag_den_staat_h264.mp4>

== Resilience Towards Leaking or Why Julian Assange Might Be Wrong
After All ==

In his now (in)famous pamphlet "Conspiracy as Governance" Julian
Assange (JA) argues about the need for leaking as an efficient way to
destroy "unjust" groups as the neo-feudalistic ones - luring the
conspiracy theory leaning hacker community into his belief system.
Eventually, JA used a biologistic argument on the benefits and
drawbacks that uncontrolled leaking might pose for "just" and "unjust"
systems, arriving at the conclusion that "unjust" systems are hurt
more and thus will be less viable, essentially being destroyed by more
"just" systems. While an innovative proposal, the underlying
assumptions on complexity, network theory, and especially the
evolutionary perspectives were never critically assessed. Some blogs
and media raised questions on details and potential threats to
innocent bystanders. Still, fundamental problems with the philosophy
were never addressed.

This paper argues against the general validity of such theories. In
particular, we will refute some of the biologistic arguments.
Theoretical biology has long ago pointed out the hidden complexity in
evolutionary processes and as such the envisioned "leaking revolution"
might be a limited artifact: there might even arise situations where
the leaking envisioned and encouraged by Wikileaks and the like can
actually strengthen some "conspiracies".

In this paper I will describe some research questions, that should be
answered before given the “leaking philosophy” an unconditioned
“thumbs-up”. Empirically, for example, a potential strengthening is
illustrated by the rise of a 'neo-feudalistic economy', which is
linked closely to the paradigm of "intellectual property" as it is to
the security-financial-political complex. The players have effectively
created a closed network or a "conspiracy" and might be resilient
towards Wikileaks-like attacks. The paper concludes with an
alternative to that proposal; in particular, a way to deal with the
'conspiracy' that might be coined the rise of the neo-feudalistic
society (which in itself is a self-sustainable, self-amplifying
feedback loop, not necessarily a conscious conspiracy).

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4741.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4741-en-neo_feudalism_or_why_julian_assange_might_be_wrong_after_all_h264.mp4>

Chaotic-Congress-Cinema

2012-02-25T22:43:27Z

Muelli: learnt Mediawiki syntax to not embed the files themselves

== Chaotic Congress Cinema ==

Wir schauen uns die Aufzeichnung von Congress Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

==Logo==

[[File:28CCCinema.png|border|link=http://wiki.attraktor.org/index.php/Chaotic-Congress-Cinema|none]]
(als [[:File:28CCCinema.pdf|PDF]], [[:File:28CCCinema.svg|SVG]] oder [[:File:28CCCinema.eps|EPS]])

== Planung ==

Die Planung ist absichtlich super simpel gestaltet um den Busfaktor zu erhoehen. Die Chance ist gross, dass du einen Termin organisieren kannst, wenn du weisst, wie ein Computer und ein Beamer anzuschalten gehen.

* Das nächste Video finden: Aufsteigend nach der Talk-ID. Siehe: http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/ bzw. http://events.ccc.de/congress/2011/Fahrplan/events/4581.en.html, bei dem 4581 die Talk-ID ist
* Termin im Wiki eintragen. Bei Schreibfaulheit kann auch auf [https://hg.cryptobitch.de/cccinema Software] zurueckgegriffen werden.
* Prüfen, ob genug Getränke und Knabberkram vorhanden ist. Chips sollten im Küchenschrank und Getränke im Kühlschrank oder Lager sein. Falls nicht, einfach bei [http://encyclopediadramatica.com/Krautchan#Bernd Bernd] melden
* Video auf dem Rechner, beim Beamer herunterladen: wget http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/

[[Category:Chaotic-Congress-Cinema]]

Chaotic-Congress-Cinema

2012-02-24T18:31:41Z

Muelli: /* Planung */ updated for this year.

== Chaotic Congress Cinema ==

Wir schauen uns die Aufzeichnung von Congress Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

==Logo==

[[File:28CCCinema.png|border|link=http://wiki.attraktor.org/index.php/Chaotic-Congress-Cinema|none]]
(als [[File:28CCCinema.pdf|PDF]], [[File:28CCCinema.svg|SVG]] oder [[File:28CCCinema.eps|EPS]])

== Planung ==

Die Planung ist absichtlich super simpel gestaltet um den Busfaktor zu erhoehen. Die Chance ist gross, dass du einen Termin organisieren kannst, wenn du weisst, wie ein Computer und ein Beamer anzuschalten gehen.

* Das nächste Video finden: Aufsteigend nach der Talk-ID. Siehe: http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/ bzw. http://events.ccc.de/congress/2011/Fahrplan/events/4581.en.html, bei dem 4581 die Talk-ID ist
* Termin im Wiki eintragen. Bei Schreibfaulheit kann auch auf [https://hg.cryptobitch.de/cccinema Software] zurueckgegriffen werden.
* Prüfen, ob genug Getränke und Knabberkram vorhanden ist. Chips sollten im Küchenschrank und Getränke im Kühlschrank oder Lager sein. Falls nicht, einfach bei [http://encyclopediadramatica.com/Krautchan#Bernd Bernd] melden
* Video auf dem Rechner, beim Beamer herunterladen: wget http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/

[[Category:Chaotic-Congress-Cinema]]

Chaotic-Congress-Cinema

2012-02-24T18:23:18Z

Muelli: /* Banner plus Snippet zum Einbinden */ removed section. Let's hope people are smart enough to create img tags themselves.

== Chaotic Congress Cinema ==

Wir schauen uns die Aufzeichnung von Congress Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

==Logo==

[[File:28CCCinema.png|border|link=http://wiki.attraktor.org/index.php/Chaotic-Congress-Cinema|none]]
(als [[File:28CCCinema.pdf|PDF]], [[File:28CCCinema.svg|SVG]] oder [[File:28CCCinema.eps|EPS]])

== Planung ==

* Das nächste Video finden: Aufsteigend nach der Talk-ID. Siehe: http://ftp.ccc.de/congress/27C3/mp4-h264-HQ/ bzw. http://events.ccc.de/congress/2010/Fahrplan/events/3952.en.html, bei dem 3952 die Talk-ID ist
* Termin im Wiki eintragen
* Prüfen, ob genug Getränke und Knabberkram vorhanden ist. Chips sollten im Küchenschrank und Getränke im Kühlschrank oder Lager sein. Falls nicht, einfach bei [http://encyclopediadramatica.com/Krautchan#Bernd Bernd] melden
* Video auf dem Rechner, beim Beamer herunterladen: wget http://ftp.ccc.de/congress/27C3/mp4-h264-HQ/

[[Category:Chaotic-Congress-Cinema]]

Chaotic-Congress-Cinema

2012-02-24T18:21:45Z

Muelli: /* Logo */ added new logos \o/

== Chaotic Congress Cinema ==

Wir schauen uns die Aufzeichnung von Congress Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

==Logo==

[[File:28CCCinema.png|border|link=http://wiki.attraktor.org/index.php/Chaotic-Congress-Cinema|none]]
(als [[File:28CCCinema.pdf|PDF]], [[File:28CCCinema.svg|SVG]] oder [[File:28CCCinema.eps|EPS]])

==Banner plus Snippet zum Einbinden==

[[File:Ccc-small.png|border|link=http://wiki.attraktor.org/index.php/Chaotic-Congress-Cinema|none]]

<pre>
<a href="http://wiki.attraktor.org/index.php/Chaotic-Congress-Cinema">
<img src="http://wiki.attraktor.org/images/7/7a/Ccc-small.png" alt="Chaotic Congress Cinema" />
</a>
</pre>

== Planung ==

* Das nächste Video finden: Aufsteigend nach der Talk-ID. Siehe: http://ftp.ccc.de/congress/27C3/mp4-h264-HQ/ bzw. http://events.ccc.de/congress/2010/Fahrplan/events/3952.en.html, bei dem 3952 die Talk-ID ist
* Termin im Wiki eintragen
* Prüfen, ob genug Getränke und Knabberkram vorhanden ist. Chips sollten im Küchenschrank und Getränke im Kühlschrank oder Lager sein. Falls nicht, einfach bei [http://encyclopediadramatica.com/Krautchan#Bernd Bernd] melden
* Video auf dem Rechner, beim Beamer herunterladen: wget http://ftp.ccc.de/congress/27C3/mp4-h264-HQ/

[[Category:Chaotic-Congress-Cinema]]

File:28CCCinema.eps

2012-02-24T18:20:56Z

Muelli: Category:Chaotic-Congress-Cinema

[[Category:Chaotic-Congress-Cinema]]

File:28CCCinema.svg

2012-02-24T18:20:45Z

Muelli: Category:Chaotic-Congress-Cinema

[[Category:Chaotic-Congress-Cinema]]

File:28CCCinema.png

2012-02-24T17:59:06Z

Muelli: + Category

28C3-Version von Nono \o/ Aus [[File:28CCCinema.pdf]] mit ImageMagick gerendert.

[[Category:Chaotic-Congress-Cinema]]

File:28CCCinema.pdf

2012-02-24T17:58:33Z

Muelli: + Category

Neue Version fuer den 28C3 von Nono \o/ Mit Barcode der URL zum CCCinema Wiki-Eintrag.

[[Category:Chaotic-Congress-Cinema]]

File:28CCCinema.png

2012-02-24T17:54:43Z

Muelli: 28C3-Version von Nono \o/ Aus File:28CCCinema.pdf mit ImageMagick gerendert.

28C3-Version von Nono \o/ Aus [[File:28CCCinema.pdf]] mit ImageMagick gerendert.

File:28CCCinema.pdf

2012-02-24T17:54:01Z

Muelli: Neue Version fuer den 28C3 von Nono \o/ Mit Barcode der URL zum CCCinema Wiki-Eintrag.

Neue Version fuer den 28C3 von Nono \o/ Mit Barcode der URL zum CCCinema Wiki-Eintrag.

Main Page

2012-02-24T17:47:18Z

Muelli: /* Und hier kommt Ihr ins Spiel */ fixed minor typos

__NOTOC__
<div style="float:right; padding-left:1em;">
<div style="border: 1px solid #000; background:#67b8dc;color:#fff;padding: 0.1em 1em; font-size: 80%; ">
<big>'''Location'''</big>
</div>
<div style="border:1px solid #000000;border-top-width:0px; padding: 0px 0px; margin-bottom:0.5em;background:#ffffff;">
* '''Adresse:''' Mexikoring 21 (City Nord)<br/>22297 Hamburg
* '''Koordinaten:''' 53.602915, 10.022873
* '''OpenStreetMap:''' [http://www.openstreetmap.org/?lat=53.603016&lon=10.022952&zoom=18&layers=M Go]
* '''Google Maps:''' [http://maps.google.com/maps?f=d&source=s_d&saddr=53.602915,10.022873&daddr=&geocode=&hl=en&mra=dme&mrcr=0&mrsp=0&sz=19&sll=53.602983,10.022873&sspn=0.001372,0.00213&ie=UTF8&ll=53.603007,10.022691&spn=0.002744,0.004259&t=h&z=18 Go]
* Details: [[Mex | Wegbeschreibung]]
* Unsere Tür ist gerade:<br>{{DoorisStatus}}
</div>
</div>

= Attraktor e.V. Hamburg =

<div class="attraktorbg center">
Jede Technologie läßt Neues realisierbar werden - wenn man sie beherrscht.<br />
<br/>
Wir wenden uns an alle, die danach streben, selbst zu durchschauen, kreativ zu werden und Technik nach eigenem Belieben auszuschöpfen. Jene, deren Antrieb sich in einer Frage wiederfindet: "<em>Was geht noch?</em>"
</div>
<br/>
<div>Die nächsten [[Veranstaltungen]] im Attraktor:

{{Calendar-Next10}}

Liste der nächsten Veranstaltungen im [http://wiki.attraktor.org/calendar.ics VCS/ICS-Format].

[[Calendar|Vollständiger Kalender]], tragt dort bitte eure Termine und Veranstaltungen ein.
</div>

== Aktuelles ==
<div style="text-align:center; padding:10px;">
<div style="margin:auto; width:800px; padding:3px; background-color:rgb(249,249,249); border:1px solid rgb(204,204,204);">
[[File:Cacertbanner.png|left|link=//wiki.attraktor.org/Termin:CaCert_Assurer_Training2|800px|:CAcert Assurer Training am 14. Februar 2012]]
CAcert Assurer Training am 14. Februar 2012
</div>
</div>

== Mehr Raum für Kreativität ==
<div style="text-align:center; padding:10px;">
[[File:Raum.png|border|none|link=]]
</div>
Einen Platz schaffen wo Menschen ihre Ideen, Visionen und Projekte umsetzen können, daß ist unser Ziel. An einem Ort mit inspirierenden Umfeld zu arbeiten, sich auszutauschen, oder einfach unter Gleichgesinnten zu sein.
Dafür haben wir einen über 300m2 großen Raum, der darauf wartet mit Leben gefüllt zu werden.
Der Vortragsbereich ist mit einem Beamer ausgestattet und bietet mehr als 70 Personen einen Sitzplatz. Wird er nicht für Vorträge benötigt, kann man ihn entweder als große Freifläche oder zum Arbeitsbereich mit Tischen umstellen. Nicht der Raum bestimmt den Zweck, sondern der Zweck den Raum.
Die Kickerecke, ein gemütlicher Bereich mit Sofas und die gerade entstehende Werkstatt runden die Möglichkeiten ab. Also kommt vorbei und schaut euch um!

== Und hier kommt Ihr ins Spiel ==

Vorträge, Workshops, Projekte, Treffen und Zusammenkünfte. Ob einmalige Events oder regelmäßige. Ein paar Stunden oder über mehrere Tage. All dies ist in den Räumen möglich. Was wir dazu brauchen seid Ihr!
Wenn Dich also interessiert was sich schon heute für Gruppen bei uns treffen, was für Veranstaltungen anstehen oder Du einen Platz für Dich und deine Gruppe suchst, sprich uns an oder besuche unsere Webseite. Wir freuen uns auf Dich.

== Mitglied werden! ==

Neue Mitglieder sind immer gerne gesehen. Wer Mitglied werden möchten, kann sich hier den [[Media:Attraktor-Mitgliedsantrag.pdf‎|Mitgliedsantrag]] im PDF-Format herunterladen.

== Spenden ==

Da die Unterhaltung der Räumlichkeiten, der Werkstatt, sowie die Durchführung von Projekten, Workshops und Vorträgen neben viel Zeit, eben, auch Geld kostet, freuen wir uns natürlich über Zuwendungen in Form von Geld- und Sachspenden. Mehr Informationen sind auf unserer [[Spenden|Spendenseite]] zu finden.

== Wie komme ich mit dem Attraktor in Kontakt? ==

Zum Beispiel über unsere [https://lists.attraktor.org/listinfo/attraktionen Mailingliste]. Dort gibt es Neuigkeiten und Diskussionen rund um den Attraktor. Oder Ihr schickt uns einfach eine [mailto:office@attraktor.org E-Mail].

== Unsere Untermieter ==

* [http://www.ccc.de/ Chaos Computer Club e.V.]
* [http://www.hamburg.ccc.de/ CCC Hansestadt Hamburg e.V.]
* [http://www.ssdev.org/ Sportsfreunde der Sperrtechnik - Deutschland e.V.]
* [http://wiki.vorratsdatenspeicherung.de/Ortsgruppen/Hamburg Arbeitskreis Vorratsdatenspeicherung OG Hamburg]

Termin:Chaotic-Congress-Cinema-28C3 Nr. 15

2012-01-23T20:20:48Z

Muelli: Created page with " {{Termin |date=2012/04/11 20:00:00 PM |enddate=2012/04/11 22:00:00 PM |title=Chaotic Congress Cinema Nr. 15 |visible=Yes }} Category:Chaotic-Congress-Cinema Wir schauen uns..."

{{Termin
|date=2012/04/11 20:00:00 PM
|enddate=2012/04/11 22:00:00 PM
|title=Chaotic Congress Cinema Nr. 15
|visible=Yes
}}
[[Category:Chaotic-Congress-Cinema]]

Wir schauen uns die Aufzeichnung von Congress-Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

Weitere Informationen unter [http://wiki.attraktor.org/index.php/Category:Chaotic-Congress-Cinema Chaotic Congress Cinema].

== Defending mobile phones ==

Cell phone users face an increasing frequency and depth of privacy
intruding attacks. Defense knowledge has not scaled at the same speed
as attack capabilities. This talk intends to revert this imbalance.

Most severe attack vectors on mobile phones are due to an outdated
technology base that lacks strong cryptographic authentication or
confidentiality. Given this discrepancy between protection need and
reality, a number of countermeasures were developed for networks and
phones to better protect their users.

We explain the most important measures and track their deployment.
Furthermore, we will release tools to measure the level of
vulnerability of networks. Sharing the results of these measurements
will hopefully create problem awareness and demand for more security
by phone users around the world.

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4736.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4736-en-defending_mobile_phones_h264.mp4>

== Echtes Netz ==
Kampagne fr Netzneutralitt

Anfang 2012 startet "Echtes Netz", die Kampagne für Netzneutralität,
die vom Digitale Gesellschaft e.V. initiert und von der stiftung
bridge gefördert wird. Die Kampagne macht sich zur Aufgabe, das
Bewusstsein für den Wert eines echten Netzes zu steigern und mit
Offline- und Onlineaktionen für eine gesetzliche Verankerung der
Netzneutralität zu werben.

Der Vortrag gibt einen Überblick auf die Debatte rund um die
Netzneutralität in Deutschland und der EU und einen einen Ausblick auf
die Kampagne.

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4738.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4738-de-echtes_netz_h264.mp4>

Termin:Chaotic-Congress-Cinema-28C3 Nr. 14

2012-01-23T20:20:39Z

Muelli: Created page with " {{Termin |date=2012/04/04 20:00:00 PM |enddate=2012/04/04 22:00:00 PM |title=Chaotic Congress Cinema Nr. 14 |visible=Yes }} Category:Chaotic-Congress-Cinema Wir schauen uns..."

{{Termin
|date=2012/04/04 20:00:00 PM
|enddate=2012/04/04 22:00:00 PM
|title=Chaotic Congress Cinema Nr. 14
|visible=Yes
}}
[[Category:Chaotic-Congress-Cinema]]

Wir schauen uns die Aufzeichnung von Congress-Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

Weitere Informationen unter [http://wiki.attraktor.org/index.php/Category:Chaotic-Congress-Cinema Chaotic Congress Cinema].

== Datamining for Hackers ==
Encrypted Traffic Mining

This talk presents Traffic Mining (TM) particularly in regard to VoiP
applications such as Skype. TM is a method to digest and understand
large quantities of data.

Voice over IP (VoIP) has experienced a tremendous growth over the last
few years and is now widely used among the population and for business
purposes. The security of such VoIP systems is often assumed, creating
a false sense of privacy. Stefan will present research into leakage of
information from Skype, a widely used and protected VoIP application.
Experiments have shown that isolated phonemes can be classified and
given sentences identified. By using the dynamic time warping (DTW)
algorithm, frequently used in speech processing, an accuracy of 60%
can be reached. The results can be further improved by choosing
specific training data and reach an accuracy of 83% under specific
conditions

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4732.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4732-en-datamining_for_hackers_h264.mp4>

== Reverse-engineering a Qualcomm baseband ==

Despite their wide presence in our lives, baseband chips are still
nowadays poorly known and understood from a system point of view. Some
presentations have hilighted vulnerabilities in GSM stacks across
various models of basebands (cf. 27c3: *All your baseband are belong
to us* by R-P. Weinmann). However none of them actually focused on the
details of how a baseband operating system really works. This is the
focus of our presentation. From the study of a simple 3G USB stick
equipped with a Qualcomm baseband, we will discuss how to dump the
volatile memory, reverse-engineer the proprietary RTOS, and ultimately
execute and debug code while trying to preserve the real-time system
constraints.
== Introduction ==
The following work has resulted from a straightforward observation:
security in the baseband world is something hard to reach. Anyone
trying to get into it is confronted with two obstacles. At the network
level, one has to apprehend the extremely massive 3GPP specifications.
At the system level, basebands are just undocumented and closed-source
pieces of code running in embedded chips. Consequently, a baseband is
mostly seen as a blackbox running code for a terrifyingly complex
network stack.

Given the complexity of the involved network protocols, and the fact
that telephony stacks are historically old pieces of code, it is
fairly acceptable to think that vulnerabilities can be found inside
basebands. Ralf-Philipp Weinmann has already demonstrated this claim
during the 27C3 event in 2010. Finding and triggering vulnerabilities
in basebands sound very appealing, but we have to remember that these
are only preliminary steps before the final exploitation. And for any
exploitation to succeed, one has to know the environment into which
the code is currently running. What is the architecture? What is the
operating system? What does the memory look like? How is structured
the heap? Can I safely return to some point and resume the execution?

For those reasons and out of curiosity, I started exploring the core
of a Qualcomm baseband. The targeted device is the Icon 225 3G USB
stick. It embeds a MSM6280 Qualcomm baseband based on the ARMv5TEJ
architecture, plus two proprietary DSPs. No application processor is
present on those USB sticks. Qualcomm basebands are also notably
present on HTC phones.
== Dumping the device memory ==
The first step for understanding the baseband code is to manage to get
a look at it. Plugging the USB stick fires up three serial ports over
the USB link. The first one is used to handle Hayes commands to
control the modem. The two other ones are unknown at first glance.
However I remarked that a little tool for SIM-unlocking a device made
use of one of those serial ports. After dumping the USB packets, it
appeared this serial link actually handles diagnostic commands for
Qualcomm. The protocol used is very simple and allows at least writing
and executing code into a small region of the memory.

Injecting a custom payload allowed me to quickly dump the entire
contents of the memory (32MB). On the ARM architecture, the first
piece of code to be executed is a ROM located at 0xffff0000. Reverse-
engineering this primary bootloader (PBL) gives us the entry point to
the secondary bootloader (SBL). Then disassembling the RAM dump from
this address clearly indicates we have one-to-one physical to virtual
memory mapping.
== Reverse engineering the RTOS ==
The embedded code inside the baseband is a proprietary operating
system from Qualcomm. The real-time microkernel seems to be called
REX, while the operating system itself is named AMSS.

I have reverse-engineered most part of the microkernel primitives
including:

+ the scheduler
+ the inter-tasks communication mechanism
+ the asynchronous/deferred procedure calls mechanism
+ the timers
+ the heap memory structure and allocation routines

The kernel implements lightweight processes called tasks. All tasks
share the same virtual address space. MMU is set up at boot time with
a virtual to physical mapping and the first 12MB of memory are marked
read-only. NX is not enabled (thus everything is executable).

Three tasks are created automatically at boot time:

+ the idle task
+ the DPC task, responsible for dispatching deferred procedure calls
+ the main task, responsible for running all the other tasks

When fully started, AMSS is made up of approximatively 70 running
tasks. They are dedicated to hardware management (DSP, USB, USIM,
Vocoder, ...), network stacks management for each layer (GSM L1/L2/L3,
SMS, RRC, LLC, and so on), and miscellaneous features (in particular
the diagnostic task). Although the USB stick is only intended to be
used for data over 3G, the operating system is a full-blown baseband
supporting all kinds of telephony stacks and features.

The tasks communicate with each other by the mean of signals and
buffer queues. A command buffer is pushed on a FIFO queue and a signal
is sent to the task for processing.

Regarding the memory allocation management, the operating system
mainly uses two kinds of heaps. The first heap has a classical *free
blocks-tracking* structure where tasks can allocate arbitrary memory
blocks using the malloc/free functions. Another kind of heap is also
used on top of the former to represent the memory as a contiguous
stream of data that tasks can produce and consume (suited for network
data flow).
== Code execution and debugging ==
Static analysis of the whole operating system is possible, but the
code is pretty massive and a lot of interactions between different
tasks are involved at run-time. Since code execution is possible on
the device, I investigated how to dynamically debug system code. I
present here the architecture of the debugger I am currently writing
(this is still a work in progress).

The main point is to be able to debug the operating system with the
fewest possible side-effects. In a nutshell, the debugger has to be
real-time compliant as much as possible. For the communication with
the debugger, I decided to reuse the diagnostic task channel over USB
by implementing custom command handlers. The debugger then relies on
the GDB server protocol implemented over the diagnostic channel
protocol, itself being over USB.

We have access to the interrupt vectors, and we can put BKPT
instructions anywhere as well (everything is running in ARM supervisor
mode and we can disable the MMU if necessary). If the exception
address is a watchpoint, we dump the state of registers and stack, and
set up a DPC to acknowledge the debugger of the event. Then execution
is immediately resumed. If the exception address is a breakpoint, then
we set up a DPC for the debugger and put the task into a wait state
allowing other tasks to be immediately scheduled. The execution for
the waiting task can be resumed by the debugger by sending it a
special signal.

The debugger is making use of its own separated heap and queue at a
high address, not to interfere with other operating system tasks while
processing debug events.

Of course some tasks will need to process code at timely events,
especially those at the lowest layers, so specific care has to be
taken not to put breakpoints that would possibly break the RF
processing.

ARMv5 has no native support for single-stepping the code. Single-step
is implemented by predicting the next PC address and putting a
breakpoint at it.
== Notes and further thoughts ==
Information about the code execution environment on basebands is
clearly lacking in the literature. On the contrary of previous
presentations on the same topic, this presentation focuses on the
details of a proprietary baseband operating system, in this case
Qualcomm's. I intend to do a demonstration of the debugger for the
presentation, and to release the source code later on.

Future areas of work may include a study of the proprietary DSPs and
the possibility to locally *fuzz* the baseband without using a base
station.

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4735.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4735-en-reverse_engineering_a_qualcomm_baseband_h264.mp4>

Termin:Chaotic-Congress-Cinema-28C3 Nr. 13

2012-01-23T20:20:23Z

Muelli: Created page with " {{Termin |date=2012/03/28 20:00:00 PM |enddate=2012/03/28 22:00:00 PM |title=Chaotic Congress Cinema Nr. 13 |visible=Yes }} Category:Chaotic-Congress-Cinema Wir schauen uns..."

{{Termin
|date=2012/03/28 20:00:00 PM
|enddate=2012/03/28 22:00:00 PM
|title=Chaotic Congress Cinema Nr. 13
|visible=Yes
}}
[[Category:Chaotic-Congress-Cinema]]

Wir schauen uns die Aufzeichnung von Congress-Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

Weitere Informationen unter [http://wiki.attraktor.org/index.php/Category:Chaotic-Congress-Cinema Chaotic Congress Cinema].

== DC+, The Protocol ==
Technical defense against data retention law

The idea of Dining Cryptographers-Networks (DC) offers a much better
anonymity compared to MIX-Networks: Defined anonymity sets, no need to
trust in a central service, no possible attack for data retention.

In this talk you will learn about DC-Networks, advanced key generation
methods (resulting in a DC+-Network) and a library to make DC-Networks
available to your programs.
== Links ==

+ `A DC+-Server <https://github.com/klobs/erlang-DC>`__
+ `A DC+-Library <https://github.com/klobs/dc-->`__
+ `Multicast on top of DC-Networks
<https://github.com/klobs/libmulticastDC>`__
+ `https://github.com/klobs/DCoffee
<https://github.com/klobs/DCoffee>`__

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4723.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4723-en-dc_plus_the_protocol_h264.mp4>

== Crowdsourcing Genome Wide Association Studies ==
Freeing Genetic Data from Corporate Vaults

It was only a couple of years ago that generating genetic information
about individuals was expensive and laborious work. Modern techniques
have drastically cut cost and time needed to get an insight into one's
genome and have ultimately led to the formation of personal genetics
companies – like 23andMe, deCODEme and others – that now offer direct-
to-customer genetic testing. With a price tag of those tests starting
at about 100 €, the number of people that do such tests is on the
rise. By now, 23andMe alone has over 100.000 paying customers, with
over 60.000 of them willing to donate their genetic data and to
actively participate in research projects by filling out surveys, e.g.
on their medical histories. This has resulted in a high-quality
dataset with genetic information of 60.000 individuals. The best part:
The data has already been paid for by the participants in the
research.

Who would not love to get their hands on data like this?
Unfortunately, the data sits locked away in corporate vaults,
inaccessible to interested (citizen) scientists. But what if we could
change this?

We've created openSNP, a central, open source, free-to-use repository
which lets customers of genotyping companies upload their genotyping
data and annotate them with phenotypes. OpenSNP provides its users
with the latest scientific research on their genotypes and lets
scientists download annotated genotypes to make science more open.

Companies that perform Direct-To-Customer (DTC) genetic tests have now
been around for about six years, with 23andMe – founded in 2006 – and
deCODEme being two of the oldest companies on the market. Their
customers receive a test tube via mail, spit into this tube and send
it back to their DTC company to get their genetic information
analyzed. The tests performed by DTC companies do not utilize the more
famous DNA sequencing, but rely on faster and cheaper DNA microarrays
instead.

Microarrays screen for around 1 million genetic markers, called Single
Nucleotide Polymorphisms (SNPs). A SNP is a genomic variation, where a
single base is changed at one site between members of a population.
Usually a SNP has only two alleles (variants) and occurs with a
frequency of at least 1% in the population. Spread over the whole
human genome, each of us carries around 10 million variable sites,
where 10% are covered by DTC-companies. Because of their uniqueness,
SNPs can be used as markers associated with certain conditions. For
example, there are variations of SNPs that are associated with
elevated risks of developing breast cancer or Alzheimer’s. Other SNPs
can be used to predict how a person metabolizes chemicals or drugs.

23andMe uses the results of consenting customers to perform their own
genome wide association studies (GWAS). Those studies check for
statistical differences between different groups. In a simple example
one could have a group that is known to have Alzheimer’s and a
control-group that does not have Alzheimer’s. Given enough
participants, one can then look for genetical variants that are over-
or underrepresented in one of the groups. The variants that are found
by this method can then be used as predictors for Alzheimer’s.

We feel that research projects all over the world and science in
general would benefit from a rich, freely available source of linked,
genetic data. And although genome wide association studies need a
minimum number of participants to be able to find significant
variations, it is not necessary to have 30.000 participants in your
study. There are many publications with significant results with a
total number of participants of less than 5000 individuals. Given the
current number of 23andMe customers, one only needs 5 % of them to
participate in freely sharing their genetic information together with
basic information on some medical conditions or other variations to
reach the critical mass to be able to perform simple association
studies! While many people have already started to publish their
results on GitHub et al. and movements like DIYBio are starting to
take off, there are no real efforts to create a repository to
centrally collect this kind of data.

But what if one could create an open platform to collect this kind of
linked data? Is it possible to perform crowd-sourced association
studies to create new knowledge about our genes? With the creation of
openSNP we have tried (and are still trying) to find out.

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4730.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4730-en-crowdsourcing_genome_wide_association_studies_h264.mp4>

Termin:Chaotic-Congress-Cinema-28C3 Nr. 12

2012-01-23T20:20:12Z

Muelli: Created page with " {{Termin |date=2012/03/21 20:00:00 PM |enddate=2012/03/21 22:00:00 PM |title=Chaotic Congress Cinema Nr. 12 |visible=Yes }} Category:Chaotic-Congress-Cinema Wir schauen uns..."

{{Termin
|date=2012/03/21 20:00:00 PM
|enddate=2012/03/21 22:00:00 PM
|title=Chaotic Congress Cinema Nr. 12
|visible=Yes
}}
[[Category:Chaotic-Congress-Cinema]]

Wir schauen uns die Aufzeichnung von Congress-Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

Weitere Informationen unter [http://wiki.attraktor.org/index.php/Category:Chaotic-Congress-Cinema Chaotic Congress Cinema].

== Pentanews Game Show 2k11/3 ==
42 new questions, new jokers, same concept, more fun than last year!

The Penta News Game Show rehashes a collection of absurd, day-to-day
news items of 2011 to entertain the audience, let the Net participate,
and make it's winners heroes.

The Penta News Game Show rehashes a collection of absurd, day-to-day
news items of 2011. The contestants will have to answer 42 questions
for your entertainment.

If they can't answer you (Yes, you on the Internet.) can help out.
> Get your IRC clients ready. Further, a Web browser will be of great
help. < p>
If you have participated in last years show you will enjoy a few
adjustments and new jokers.
== Links ==

+ `Questions and Answers <http://www.c3d2.de/news/28c3-pentanews-
answers.html>`__

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4721.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4721-en-pentanews_game_show_2k11_h264.mp4>

== NPC - Nerds Pissing Contest ==
Mein Ruby ist besser als dein urxvt!

Hier geht es um die Gretchenfrage: „Welches Tool ist das beste?“ Dabei
treten zwei Teams gegeneinander an und müssen live verschiedene
$RANDOM_NERD_TASK auf ihren eigenen Rechnern lösen. Wer dabei zeigt,
dass sein Tool das schnellere, schlankere, mächtigere, längere,
größere^w^w^w^wist, gewinnt. Durch das Programm führen Jan „git-zsh-
keynote-firefox“ Wulfes und Benjamin „bzr-fish-latexbeamer-chrome“
Kellermann.

In dieser Ausgabe des NPCs geht es darum herauszufinden, welcher
Editor der beste ist. Zwei Teams (à 1-4 Teilnehmer) treten mit dem
Editor ihrer Wahl gegeneinander an, um diese religiöse Frage zu
beantworten.

Nach einer dreiminütigen Laudatio zum Editor ihrer Wahl müssen sie in
der Pflicht vorgegebene Aufgaben vor den Augen des Publikums möglichst
schnell und elegant lösen. Hierzu dürfen die Teams ihre
Konfigurationsdateien verwenden.

In der Kür muss jedes Team die Stärken seines Editors durch einen
kleinen Stunt präsentieren, welcher dann vom jeweils anderen Team
ebenfalls gestanden oder sogar getoppt werden muss.

Publikum aufgepasst eure Skills sind gefragt, wir wollen Euch mit
einbeziehen: per Chat könnt Ihr dem Team auf der Bühne beim Lösen der
Aufgaben helfen.

Bewerbungen für Teammitgliedschaften und Eure Fragen könnt Ihr vorab
an Email: `pissing28c3@c3d2.de <mailto:pissing28c3@c3d2.de>`__
richten.

Ihr könnt Euch auf folgende Fragen unsererseits vorbereiten:

`============8<============================
Das Spiel wird grob folgende Dinge abfragen:

• Ihr dürft Eure eigene Konfiguration mitbringen
• Wir wollen zum Beispiel sehen, wie gut sich Euer Editor zum programmieren eignet.
- Zeigt uns wie gut euer Syntax-Highlighting & automatische Code-Einrückung
für verschiedenste Sprachen funktioniert.
- Taugt Euer Editor als IDE? Dann zeigt uns, dass er die von uns
vorgegebenen Refactoring-Aufgaben löst.
- Jede gute IDE unterstützt die Programmierer mit Einbindung von
Online-Doku. Wie kann das Euer Tool? Zeigt uns das in zwei von Euch
vorbereiteten Programmiersprachen.
- Wie gut ist Make/Compiler/Debugger integrierbar?
• Wie gut unterstützt er Euch bei der Textproduktion?
- Wir prüfen die Rechtschreibkontrolle.
- Wir möchten sehen, ob Euer Editor die businessüblichen Formate
verarbeiten kann.
- Wie gut er Euch in langen Texten navigieren lässt.
- Nette Features, wie parallele Bearbeitung durch mehrere Benutzer werden
positiv bewertet.
• Wissen heisst wissen wo es steht.
- Wie gut ist Euer Editor dokumentiert?
- Wie leicht findet man die passende Doku?
• Konfigurierbarkeit
- Wir möchten, dass Ihr ein kleines Syntax-Highlighting implementiert.
- Euren Editor um eine kleine Funktion erweitert.
`

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4722.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4722-de-dick_size_war_for_nerds_h264.mp4>

Termin:Chaotic-Congress-Cinema-28C3 Nr. 11

2012-01-23T20:20:05Z

Muelli: Created page with " {{Termin |date=2012/03/14 20:00:00 PM |enddate=2012/03/14 22:00:00 PM |title=Chaotic Congress Cinema Nr. 11 |visible=Yes }} Category:Chaotic-Congress-Cinema Wir schauen uns..."

{{Termin
|date=2012/03/14 20:00:00 PM
|enddate=2012/03/14 22:00:00 PM
|title=Chaotic Congress Cinema Nr. 11
|visible=Yes
}}
[[Category:Chaotic-Congress-Cinema]]

Wir schauen uns die Aufzeichnung von Congress-Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

Weitere Informationen unter [http://wiki.attraktor.org/index.php/Category:Chaotic-Congress-Cinema Chaotic Congress Cinema].

== Privacy Invasion or Innovative Science? ==
Academia, social media data, and privacy

A practical discussion of how potentially revolutionary, yet ethically
questionable data---such as that from facebook---is currently being
handled in academia.

With every day that passes, the users of social media websites are
providing scientists with ever-richer, larger datasets on human
behavior. At the same time, machine-learning techniques allow us to
exploit this data to accurately predict who these users are and how
they will behave in the future. I begin this talk by outlining the
need for public datasets containing rich information on individuals
and their social relations. I then show how in practice, distribution
and use of such datasets by academics is awkward and confused. I
conclude with some consideration of how "enhancing" datasets by, for
example, inferring missing or hidden data using machine learning
classifiers, creates yet another ethical grey-zone.

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4712.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4712-en-mining_your_geotags_h264.mp4>

== What is in a name? ==
Identity-Regimes from 1500 to the 2000s

Starting with the history of birth-registration an overview on the
historical regimes of naming and identifying people from the 15th to
the 20th century is given. the talk will show examples of the
different identity media through time and their standardization with
the rise of the Westphalian nation state and the subsequent
developments after the French Revolution and during the 20th century.
The goal of the talk is to show the complexity of the phenomenon of
personal names and their media and the need for an informed debate on
who and how naming and identification in the digital age is achieved.

In July 2011 Google opened the social network named Google+,
immediately spawning a fierce debate about its real-name policy
barring users from opening accounts with pseudonyms. Just a few days
later Facebooks Vice President Randi Zuckerberg echoed Google's
sentiment, asserting: “(…) anonymity on the Internet has to go away.”
Finally in early August Germanys minister of the interior demanded an
end of anonymity on the Internet.

My proposed talk is not concerned with the relation of anonymity and
pseudonymity and free speech, discrimination and empowerment that
dominated the ‘real-name’ “nymwars” on the internet.

Instead it seeks to de-familiarize the notion of the ‘real name’ by
exposing central aspects of the media-history of names, situating
personal names in relation to the development of statehood and
capitalism between the 1500 and the 2000s.

I thus will outline the history and function of birth-registration as
introduced in the wake of the reformation in 1543 and its subsequent
secularization during the rise of the Westaphalian nation state.

This includes an overview of the international standardization of both
identity papers and personal naming regimes during the 19th century in
the context of post-1789 development of statehood and colonization.
Moving to the 2oth century I will provide examples of the development
and standardization of the passport-system after WWI, and conclude my
talk with a synopsis of administrative digital identity vision of the
early nineties.

The goal of the talk is first de-familiarize the notion of the
personal-name by showing its complex historical and material
background, secondly to contextualize the current developments of
digital identity regimes (Neuer Personalausweis, Google+, NSTIC etc)
within the larger and longer-term developments of statehood and
capitalist societies. Thirdly my talk will show that a name never was
ones own but always an intersection of administrative, media-technical
and personal interventions and as such is currently becoming a
contested phenomenon again, requiring an informed debate about what is
in a name.

Duration 40 mins, presentation style will be slides and accompanying
talk, discussion afterwards.

Bio:

Christoph Engemann studied psychology at the University of Bremen and
became a Ph.D fellow of the Bremen International Graduate School of
Social Sciences in 2002. Between 2003 and 2006 he was named a Non-
Residential-Fellow at the Center for Internet and Society Stanford Law
School.

Christoph took part in the 2005 Doctoral Summer School of the Oxford
Internet Institute and was a lecturer at the Science, Technology and
Society Program at the University of Texas in 2007 and 2008. Since
February 2010 he works as researcher and lecturer at the
Internationales Kolleg für Kulturtechnikforschung und
Medienphilosophie at the Bauhaus University Weimar. In 2011 Christoph
was a faculty member at the Weimar-Princeton Summer School for Media
Studies on the topic of surveillance.

Christoph is member of the DFG-research network "Digital Citizens and
their Identity"

His main areas of research are Governmediality; Digital Identity/Media
of Identification and their History; Electronic Government; Genealogy
of the Transaction; Political Economy of Internet.

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4713.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4713-en-what_is_in_a_name_h264.mp4>

Termin:Chaotic-Congress-Cinema-28C3 Nr. 10

2012-01-23T20:19:57Z

Muelli: Created page with " {{Termin |date=2012/03/07 20:00:00 PM |enddate=2012/03/07 22:00:00 PM |title=Chaotic Congress Cinema Nr. 10 |visible=Yes }} Category:Chaotic-Congress-Cinema Wir schauen uns..."

{{Termin
|date=2012/03/07 20:00:00 PM
|enddate=2012/03/07 22:00:00 PM
|title=Chaotic Congress Cinema Nr. 10
|visible=Yes
}}
[[Category:Chaotic-Congress-Cinema]]

Wir schauen uns die Aufzeichnung von Congress-Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

Weitere Informationen unter [http://wiki.attraktor.org/index.php/Category:Chaotic-Congress-Cinema Chaotic Congress Cinema].

== The future of cryptology: which 3 letters algorithm(s) could be our
Titanic? ==
RMS Olympic, RMS Titanic, HMHS Britannic vs Discrete Logarithm,
Integer factorization, Conjectured hard problems

The lessons and best practices of the titanic will be extracted. Are
we ready?

This will be a co-presentation (Jean-Jacques Quisquater / David
Samyde) and occasional friendly exchange, with point and counter-point
of different contrasting views on the impact of solving integer
factorization and some other difficult problem in cryptography.

The idea is to perform a provocative comparison between the
'unbreakable' RSA algorithm and the unsinkable Titanic.

Receiving his RSA Conference Lifetime Achievement Award, Rivest said
that it has not been demonstrated mathematically that factorization
into primes is difficult. So “Factoring could turn out to be easy,”
and according to him “maybe someone here will find the method”.

Since 1994 and Shor's algorithm, the danger of quantum computer is
known: breaking RSA in polynomial time. Factoring large numbers is
conjectured to be computationally infeasible on classic non quantum
computers. No efficient algorithm is known and the research in the
last 30 years did not show enormous progress.

Iceberg existence is predicted but not shown yet.

According to Rivest a variety of alternative schemes have been
developed in the decades since RSA was published, and a new system
could probably be adopted quickly.

This relies on solving factorization only, but several other cases can
be considered, in some of them the action to replace RSA with a new
algorithm could require more work than initially planned (solution to
discrete logarithm).

Managing the risk and the threat of the resolution of any major
problem used in cryptography is crucial. This presentation challenges
the conventional thinking using lessons learned from history.

RSA users are everywhere so what could be the consequences of a break
in the real world? What were the errors made on the Titanic? Can the
best practices used be improved or just translated into a new scheme?
What would be the impact of solving the RSA assumption on
cryptography?

The outline is: History of factorization Titanic primes and RSA keys
Complexity, classes of algorithms and practical costs Risk analysis
and Threat management Probability estimation and proactive monitoring
From best to worst case Best methods and lessons learned Multiple
scenari (Im)possibility of accurate prediction What to expect and how
to be ready Conclusion

Andrew Grove, former CEO of Intel said "Only the paranoid survive".
Forecasting the presence of a strategic inflection point is hard. What
to expect at the time of the next major cryptanalysis breakthrough?
What history teaches? What remains to be done? Are we ready?

The format will be a co-presentation (Jean-Jacques Quisquater/David
Samyde) and occasional friendly debate or exchange, with point and
counter-point of different contrasting views on the impact of solving
integer factorization in Information Security.

At the last RSA conference, Ronald Rivest, Adi Shamir and Leonard
Adleman received the RSA Conference Lifetime Achievement Award. They
were rewarded for the creation of the RSA cryptosystem and their
magnificient contribution to the field of cryptography. Rivest during
his speech said that it has not been demonstrated mathematically that
factorization into primes is difficult. So "Factoring could turn out
to be easy," and according to him "maybe someone here will find the
method".

Since 1994 and Shor's algorithm, the cryptographic community is aware
of the danger of quantum computer for the the integer factorization
problem. With a sufficient number of qubits, Shor's algorithm can be
used to break RSA in polynomial time. Since last year RSA conference
the first commercially available quantum computer with 128-qubit chip
has been sold to an american company. But some criticism and a
controversy are present around the real potential of this solution.

A well accepted assumption is that factoring large numbers is
computationally infeasible on classic non quantum computers. No
classical algorithm is known and the research in the last 30 years did
not show enormous progress even if the improvements to the field of
integer factorization are important since the existence of RSA.

The consequences of solving integer factorization in polynomial time
would be to render the RSA scheme vulnerable. According to Ron Rivest
a variety of alternative schemes have been developed in the decades
since RSA was published, and a new system could probably be adopted
quickly.

Some new encryption/signature schemes are available but they do not
all rely on some problems that can be proven to be very hard in all
cases and instances. The difference between a solid proof and a
conjecture is important but it is not because a problem is proven hard
that it is enough and sufficient to use it to build a secure
cryptosystem. The knapsack problem is NP-complete to solve exactly but
it can be difficult to create a secure cryptosystem from it. Leonard
Adleman broke the Ron Graham and Adi Shamir enhancement of the Merkle-
Hellman scheme and so did Serge Vaudenay who broke the Chor-Rivest
knapsack cryptosystem.

Discrete logarithm, graph isomorphism and integer factorization are
NP-intermediate problems and they are not known to be to be P or NP-
complete. Solving the discrete logarithm problem brings a solution to
the integer factorization problem in a trivial manner. The lack of
recent progress on the resolution of the discrete logarithm helps and
supports integer factorization. But in general an advance in one of
them can be translated into the other one. This is not automatic,
however it can be expected.

Cryptographic problems rely massively on the integer factorization and
discrete logarithm problems. Few other systems exist and amongst this
group some algorithms suffer from cryptanalysis methods, reducing
their usage to specific cases. The worldwide presence, acceptance and
usage, of RSA are huge therefore if the algorithm would be compromised
then a lot of companies would have no choice and would be forced to
switch to another encryption system.

The quick and rapid adoption of a new system would play an important
part in maintaining a high level of trust in security. Because public
key cryptography secures Internet and ecommerce, banking and financial
transactions, governments communications and much more, the new
system(s) should be proven to be secure and quickly deployed.

The assumption of Ron Rivest about the difficulty of integer
factorization relies on the fact that the solution to factorization
would not create more perturbations in the field of encryption
algorithms and would not enable new cryptanalytic methods on potential
replacement solutions. In such a case his statement about replacing
RSA with a new method is correct. However several other cases can be
considered, and in some of them the action to replace RSA with a new
algorithm could require more work than initially planned. In the same
manner big companies can not really afford (and not only on the
financial side) to replace one encryption algorithm by another one and
to experience a failure of the new system just after its deployment.

This presentation challenges the conventional thinking, indeed
factorization is at the core of number theory and a limited number of
top researchers do really work and understand it. But a tremendous
amount of money and business is secured relying on the resistance of
this problem to years of attack by talented minds. The entire world
use the RSA algorithm and trusts its security. This is so true that
some scheme do not even plan a replacement plan and some certificates
never expire.

In the greek mythology Cassandra received from Apollo the ability to
predict the future, but she could not provide any evidence data of her
predictions. She foresaw the destruction of Troy using the Trojan
Horse, the death of Agamemnon, and her own troubles but she could not
forestall these tragedies. Ron Rivest did not provide any new method
to solve factorization but he clarified the possible existence of a
solution. When the inventor of the system starts to consider that a
solution can exits it seems to be time to be open minded. If a
solution can be reached, so what?

Andrew Grove, former CEO of a silicon manufacturer highlighted in his
book "Only the paranoid survive." the importance of Cassandras in an
organization. According to Grove, they can help to predict a strategic
inflection point.

Factorization in a practical manner would be a strategic inflection
point but could also not be limited to integer factorization only and
extend to other fields. A much more elegant method to the problem of
the decomposition of a composite in primes even inspired movie makers
and Hollywood (Sneakers by Phil Alden Robinson) or book writers
(Tetraktys by Ari Juels). What is the reality of such an assumption,
is this pure science or pure fiction. Are these people Cassandras or
is it simply impossible ? Through the usage of comparisons and
metaphors the authors deal with what would be the lessons to learn
from the resolution of factorization in different cases.

It is difficult to make accurate predictions and cryptographers
learned with time that even the most brilliant of them and/or the
giants amongst the community can make bad predictions. The inventors
of RSA stated in Martin Gardner's column (August 1977) of Scientific
American that it would require 40 quadrillion years to factorize
RSA-129 (426 bits). Derek Atkins lead the work that proved them wrong
few years later.

The recent history of cryptanalysis teaches us that some schemes are
weaker than expected and the general perception of the cryptologic
community can be modified very quickly. A good example is the lack of
collision resistance of the MD5 hash function designed by Ron Rivest.

The co authors believe that any prediction about the time separating
us from the existence of an elegant solution to the integer
factorization problems makes no sense. The art of prediction is much
more difficult than doing simple comparisons.

The existence of a practical solution to factorize would have the
effect of an earthquake to the world of cryptography and computer
security. Predicting earthquake is not really possible and the recent
past brings to our mind all the colateral effects that can be related
to an earthquake. In real life seismologists monitor many phenomena
that are considered to be possible precursors of earthquakes. This
presentation will develop a simple model based on common sense to
explain what could be the consequences of an improvement of integer
factorization according to the probability of its apparition.

If the perception of the cryptologic community would be drastically
modified about factorization, what could be the consequences on
cryptography and security in the real world? Can the best practises
used with RSA be improved or even translated into a new scheme? What
would be the impact of solving the RSA assumption on numerous other
algorithm ?

In the case of a resolution of the integer factorization problem,
several scenari are possible. They all have different implications and
conclusions. This presentation consider each main scenario according
to a level of relevance and details the impact and the consequences of
the new discovery on different fields including computer security,
governance, cloud security, cyberwar and cyber weapons and other
fields.

Managing the risk of the creation of a solution to any major problem
used in cryptography is important for the whole industry. In general
cryptographers consider that non linear improvements in their field
take time and that all algorithm are deprecated before to be
absolutely broken. This presentation will challenge some of these
statements.

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4710.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4710-en-the_future_of_cryptology_h264.mp4>

== The Atari 2600 Video Computer System: The Ultimate Talk ==
The history, the hardware and how to write programs

Going more retro than the Commodore C=64: The Atari 2600 VCS was the
breakthrough for video games in your own living room. This lecture
will cover a bit of the history on how it came to live, describes the
hardware used and shows how to write your own code for it.

The Atari 2600 Video Computer System (VCS for short) was the first
wide-spread gaming console. It features 128 bytes of RAM, 4k bytes of
addressable ROM. This was enough to keep it in production for more
than 13 years.

This lecture divides in three parts:

The first part will cover the history on how it came to live. Learn
why the Atari 2600 is technically half a Commodore creation. Learn why
Motorola was really angry about that deal. Can you imagine on how the
software was created, since there were no PCs or workstations
available at this time? Get to view the probably first easter egg in
the history of video games.

The second part will provide an intern view of the chips used in the
Atari 2600: the 6507 CPU, the 6532 RIOT (RAM-I/O-Timer) and the TIA
(Television Interface Adapter). It will also show why "racing the
beam" is so important.

The third part will show how to write your own code. What registers
you have and how to use them. Using emulators, the Harmony cartridge
and a self-designed cart that will hopefully be finished by the time
of the talk.

Still got questions? 2600vcs@svolli.dynxs.de

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4711.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4711-en-the_atari_2600_video_computer_system_the_ultimate_talk_h264.mp4>

Termin:Chaotic-Congress-Cinema-28C3 Nr. 09

2012-01-23T20:19:51Z

Muelli: Created page with " {{Termin |date=2012/02/29 20:00:00 PM |enddate=2012/02/29 22:00:00 PM |title=Chaotic Congress Cinema Nr. 9 |visible=Yes }} Category:Chaotic-Congress-Cinema Wir schauen uns ..."

{{Termin
|date=2012/02/29 20:00:00 PM
|enddate=2012/02/29 22:00:00 PM
|title=Chaotic Congress Cinema Nr. 9
|visible=Yes
}}
[[Category:Chaotic-Congress-Cinema]]

Wir schauen uns die Aufzeichnung von Congress-Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

Weitere Informationen unter [http://wiki.attraktor.org/index.php/Category:Chaotic-Congress-Cinema Chaotic Congress Cinema].

== Power gadgets with your own electricity ==
escape the basement and make the sun work for you

This talk, consisting of five distinct parts, is intended to show the
audience how to get electricity without needing a grid connection. It
will give information on

+ Which energy sources to use
+ What to power with them
+ What equipment to get
+ How to wire it up
+ And some wishful thinking Participants should be able to assemble
their own small-scale energy-generating systems after listening.

Renewable energy isn't for wealthy investors only. You can have it,
too.

In this talk we'll show you how to power your own stuff from the sun,
wind and other sources of energy.

The talk is divided into 5 different parts:

#. A really short introduction into the available power sources like
sun, wind etc. We'll show some pipe-dreams where more hacking is
needed to make it work like salt-gradient energy or damming the
mediterranean sea.
#. We'll show you how much power you can expect from which source.
We'll also show you what affects power output for various technologies
(example: Sun needs to be shining for solar power. We'll show you how
much sunshine you can expect at your place.)
#. As a follow-up to part 2 we'll show you the amount of power various
things need. You can do the math yourself afterwards to see what you
can power from your balcony.
#. Building the system, the easy and fully-legal way: Build your own
independent grid with optional storage. We'll show what you need for a
small-scale solar system independent of the power network. Works well
for caravans, camping, gardens and allotments. There will be real
solar panels on stage. You will see schematics, parts lists and
instructions. We'll give some hints where to aquire the necessary
stuff without paying too much.
#. The difficult way: Put your own power into the public grid. We'll
show you what you need to do this. This can either make your purse
fill up automatically (big installations earning feed-in tariffs) or
it can (in theory) make your electricity meter go backwards - but
that's not actually allowed. Once the electrical company recognizes
what you are doing (and German law requires you to tell them)
unfortunately they will install a digial meter. Digital meters will
not count backwards like the Ferraris counters do now...

The speakers have built and are operating various small-scale power
systems and come from an engineering and commercial background.

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4706.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4706-en-power_gadgets_with_your_own_electricity_h264.mp4>

== Your Disaster/Crisis/Revolution just got Pwned ==
Telecomix and Geeks without Bounds on Security and Crisis Response

Software is becoming more and more important in organizing response to
all kinds of crises, whether that means activists responding to an
unjust government or aid workers helping with the aftermath of a
disaster. Security often isn't the first thing people think about in
these situations -- they have work to get done, just like the rest of
us, and many of these tools are built in the heat of the moment. In a
crisis, a lack of security can make a small disaster into a big one.
In this talk, we'll look at real world experiences of the security and
privacy problems in the field, and how to fix them, at both large and
small levels.

People are using technology to try to save the world, whether in the
disaster response world, or in activist or revolutionary work. Many of
the people involved are not technologists. Many of the people building
tools for these situations do not understand security. This is a
problem because: Privacy issues for disaster response Creepy uncle
Creepy government agency Gaming the aid process with crowdsourced
reports Activists and revolutionaries are subject to direct attack,
coercion, harrassment, etc. A few problems: People are using generic
tools that don't provide the guarantees they need People are writing
special-purpose tools without understanding the problem People are
writing tools which intentionally subvert their users People don't
understand the problems they're causing with how they use tools To fix
this: Build specialist tools with a deep understanding of the real
problems Get the help you need to make tools secure Ask for help Help
disaster/activist ICT projects if you know your security Build
security into generic tools, even if you're not planning on
revolutionaries using them, because you never know when you're going
to need to overthrow a government on twittter. Learn/teach about
security and what it takes to use existing tools well Build a security
culture in your organization
== Links ==

+ `Telecomix <http://telecomix.org/>`__
+ `Geeks Without Bounds <http://gwob.org/bridging-the-gap-between-
traditional-relief-and-new-vtc>`__

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4707.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4707-en-your_disaster_crisis_revolution_just_got_pwned_h264.mp4>

Termin:Chaotic-Congress-Cinema-28C3 Nr. 08

2012-01-23T20:19:46Z

Muelli: Created page with " {{Termin |date=2012/02/22 20:00:00 PM |enddate=2012/02/22 22:00:00 PM |title=Chaotic Congress Cinema Nr. 8 |visible=Yes }} Category:Chaotic-Congress-Cinema Wir schauen uns ..."

{{Termin
|date=2012/02/22 20:00:00 PM
|enddate=2012/02/22 22:00:00 PM
|title=Chaotic Congress Cinema Nr. 8
|visible=Yes
}}
[[Category:Chaotic-Congress-Cinema]]

Wir schauen uns die Aufzeichnung von Congress-Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

Weitere Informationen unter [http://wiki.attraktor.org/index.php/Category:Chaotic-Congress-Cinema Chaotic Congress Cinema].

== Building a Distributed Satellite Ground Station Network - A Call To
Arms ==
Hackers need satellites. Hackers need internet over satellites.
Satellites require ground stations. Let's build them!

As proposed by Nick Farr et al at CCCamp11, we - the hacker community
- are in desperate need for our own communication infrastructure. So
here we are, answering the call for the Hacker Space Program with our
proposal of a distributed satellite communications ground station
network. An affordable way to bring satellite communications to a
hackerspace near you. We're proposing a multi-step approach to work
towards this goal by setting up a distributed network of ground
stations which will ensure a 24/7 communication window - first
tracking, then communicating with satellites. The current state of a
proof of concept implementation will be presented.

This is a project closely related to the academic femto-satellite
movement, ham radio, Constellation@Home.

The area of small satellites (femto-satellite <0.1 kg up to mini-
satellite 100-500 kg) is currently pressed forward by Universities and
enables scientific research at a small budget. Gathered data, both
scientific and operational, requires communication between satellites
and ground stations as well as to the final recipients of the data.
One either has to establish own transmission stations or rent already
existing stations. The project “distributed ground station” is an
extension to the project which will offer, at its final expansion
state, the ability to receive data from satellites and relay them to
the final recepients. It is therefore proposed that a world-wide
distributed network of antennas is to be set up which will be
connected via the internet allowing the forwarding of received signals
to a central server which will in turn forward signals to further
recepients. Individual antennas will be set up by volunteers (Citizen
Scientists) and partner institutions (Universities, institutes,
companies). The core objective of the project is to develop an
affordable hardware platform (antenna and receiver) to be connected to
home computers as well as the required software. This platform should
enable everyone to receive signals from femto-satellites at a budget
and in doing so, eradicating black patches where there is currently no
ground station to receive signals of satellites passing over-head.
Emphasise is put on contributions by volunteers and ham radio
operators who can contribute both passively by setting up a receiver
station or actively by shaping the project making it a community
driven effort powered by open-source hardware and applications.

Purposes The distributed ground stations will enable many different
uses. Using distributed ground stations one could receive beacon
signals of satellites and triangulate their position and trajectory.
It would therefore be possible to determine the kepler elements right
after launching of a new satellite without having to rely on official
reports made at low frequency. Beacon tracking is also not limited to
just satellites but can be used to track other objects like weather
balloons and areal drones and record their flight paths. Additionally,
beacon signals (sender ID, time, transmission power) could be
augmented with house-keeping data to allow troubleshooting in cases
where a main data feed is interrupted. Details regarding the protocol
and maximum data packet length are to be defined during the
feasibility study phase. Furthermore, distributed ground stations can
be used as "data dumping" receivers. This can be used to reduce load
on the main ground station as well as to more quickly distribute data
to final recipients. The FunCube project, an out-reach project to
schools, is already using a similar approach. Another expansion stage
would be increasing the bandwidth of the individual receivers. As a
side-effect, distributed ground station could also be used to analyse
meteorite scattering and study effects in the ionosphere by having a
ground-based sender with a known beacon signal to be reflected off
meteorites and/or the iononosphere and in turn received by the
distributed ground stations. Depending on the frequency used further
applications in the field of atmospheric research, eg. local and
regional properties of the air and storm clouds, can be imagined.
Depending on local laws and guidelines, antennas could also be used to
transmit signals. The concept suggests the following expansion stages:

#. Feasibility study for the individual expansion stages
#. Beacon-Tracking and sender triangulation
#. Low-bandwidth satellite-data receiver (up to 10 Kbit/s)
#. High-bandwidth satellite-data receiver (up to 10 Mbit/s)
#. Support for data transmission Each stage is again split up into
sub-projects to deal with hardware and software design and develoment,
prototyping, testing and batch/mass production, Network The networking
concept demands that all distributed ground stations are to be
connected via the internet. This can be achieved using the
Constellation platform. Constellation is a distributed computing
project used already for various simulations related to aerospace
applications. The system is based on computation power donated by
volunteers which is combined to effectively build a world-wide
distributed super-computer. The software used to do this is BOINC
(Berkeley Open Infrastructure for Network Computing) which also offers
support for additional hardware to eg. establish a sensor network.
Another BOINC-project is the Quake Quatcher Network which is using
accelleration sensors built into laptops or custom USB-dongles to
detected earthquakes. Constellation could be enhanced to allow use of
the distributed ground station hardware. Constellation is an academic
student group of the DGLR (german aerospace society) at Stuttgart
University and is supported by Rechenkraft.net e.V and Selfnet e.V..
Ham radio and volunteers Special consideration is given to the ham
radio community. Femto-satellites make use of the ham radio bands in
the UHF, VHF, and S-Band range. As a part of the ham radio community
ham radio operators should be treated as part of the network. Ham
radio operators hold all required knowledge about the technology
required to operate radio equipment and are also well distributed
world-wide. To also make the system attractive to volunteers, hardware
should be designed in a way that allows manufacturing and distribution
on a budget. All designs should also be made public to allow own and
improved builds of the system by the community. The hardware should be
designed to be simple to use correctly and hard to be used wrong.
Supporters > [1] Constellation Plattform, aerospaceresearch.net
constellation [2] shackspace Stuttgart, www.shackspace.de References
[1] IRS Kleinsatelliten, Universität Stuttgart, kleinsatelliten.de [2]
Constellation Plattform, aerospaceresearch.net/constellation [3]
BOINC, Berkely University, boinc.edu [4] Quake Catcher Network,
qcn.stanford.eu [5] DGLR Bezirksgruppe Stuttgart, stuttgart.dglr.de
[6] Rechenkraft.net e.V., rechenkraft.net [7] Selfnet e.V., selfnet.de

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4699.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4699-en-building_a_distributed_satellite_ground_station_network_h264.mp4>

== What is WhiteIT and what does it aim for? ==
Why you probably want to be concerned about it and similiar alliances.

This talk will be about the WhiteIT project, initiated by Mr
Schünemann, German Minister of Interior in the state of Lower Saxony.

The WhiteIT project is concerned with combating the online-
distribution of child abuse material. WhiteIT tries to develop tools
and processes to cooperatively suppress the disemination and
(re-)distribution of said material.

During the Talk the lecturer will try to encourage some open source
intelligence. So please consider bringing a laptop, netbook or tablet
with you to help gather and collect certain informations right away.

Being involved with the WhiteIT project, the lecturer will use this
opportunity to speak freely about his concerns regarding certain
aspects of the endeavour. The talk will try to explain some of the
projects aims as well as technical tools and processes developed and
why he thinks this also concerns you as well.

Although the talk will mainly be concerned with WhiteIT and its
members, it will also be of concern for other nationals as there are
some global players involved.

The Talk will be somewhat interactive asking you to crowdsource
certain information that the lecturer could not get hold off, so
please bring a laptop, netbook or tablet with you to be able access a
wiki/etherpad.

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4700.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4700-en-what_is_whiteit_h264.mp4>

Termin:Chaotic-Congress-Cinema-28C3 Nr. 07

2012-01-23T20:18:58Z

Muelli: Created page with " {{Termin |date=2012/02/15 20:00:00 PM |enddate=2012/02/15 22:00:00 PM |title=Chaotic Congress Cinema Nr. 7 |visible=Yes }} Category:Chaotic-Congress-Cinema Wir schauen uns ..."

{{Termin
|date=2012/02/15 20:00:00 PM
|enddate=2012/02/15 22:00:00 PM
|title=Chaotic Congress Cinema Nr. 7
|visible=Yes
}}
[[Category:Chaotic-Congress-Cinema]]

Wir schauen uns die Aufzeichnung von Congress-Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

Weitere Informationen unter [http://wiki.attraktor.org/index.php/Category:Chaotic-Congress-Cinema Chaotic Congress Cinema].

== Implementation of MITM Attack on HDCP-Secured Links ==
A non-copyright circumventing application of the HDCP master key

A man-in-the-middle attack on HDCP-secured video links is
demonstrated. The attack is implemented on an embedded Linux platform,
with the help of a Spartan-6 FPGA, and is capable of operating real-
time on HD video links. It utilizes the HDCP master key to derive the
corresponding private keys of the video source and sink through
observation and computation upon the exchanged public keys. The man-
in-the-middle then genlocks its raster and cipher state to the
incoming video stream, enabling it to do pixel by pixel swapping of
encrypted data. Since the link does no CRC or hash verification of the
data, one is able to forge video using this method.

Significantly, the attack enables forging of video data without
decrypting original video data, so executing the attack does not
constitute copyright circumvention. Therefore, this novel and
commercially useful application of the HDCP master key impairs
equating, in a legal sense, the master key with circumvention.
Finally, the embodiment of the exploit is entirely open-source,
including the hardware and the Verilog implementation of the FPGA.

BACKGROUND & CONTEXT

In September 2010, the HDCP master key was circulated via Pastebin.
Speculation ensued around the application of the master key to create
HDCP strippers, which would enable the circumvention of certain
copyright control mechanisms put in place around video links.
Unfortunately, this is a legally risky application, for a number of
reasons, including potential conflicts with DMCA legislation that
criminalizes the circumvention of copyright control mechanisms.

This talk discloses a new use for the HDCP master key that side-steps
some of the potential legal issues. This hack never decrypts video;
without decryption, there is no circumvention, and as a result the
DMCA cannot apply to this hack. Significantly, by demonstrating a
bona-fide commercially significant purpose for the HDCP master key
that does not circumvent an access control measure, this hack impairs
the equating of trafficking or possession of the HDCP master key to
circumvention and/or circumvention-related crimes.

The main purpose of this hack is to enable the overlay of video
content onto an HDCP encrypted stream. The simple fact that a trivial
video overlay becomes an interesting topic is illustrative of the
distortion of traditional rights and freedoms brought about by the
DMCA. While the creation of derivative works of video through dynamic
compositing and overlay (such as picture in picture) seems intuitively
legal and natural in a pre-HDCP world, the introduction of HDCP made
it difficult to build such in-line equipment. The putative purpose
role of HDCP in the digital video ecosystem is to patch the plaintext-
hole in the transmission of otherwise encrypted video from shiny disks
(DVDs, BDs) to the glass (LCD, CRT). Since the implementation of video
overlay would typically require manipulation of plaintext by
intermediate processing elements, or at least the buffering of a
plaintext frame where it can be vulnerable to readout, the creation of
such devices has generally been very difficult to get past the body
that controls the granting of HDCP keys, for fear that they can be
hacked and/or repurposed to build an HDCP stripper. Also, while a
manufacturer could implement such a feature without the controlling
body's blessing, they would have to live in constant fear that their
device keys would be revoked.

While the applications of video overlay are numerous, the basic
scenario is that while you may be enjoying content X, you would also
like to be aware of content Y. To combine the two together would
require a video overlay mechanism. Since video overlay mechanisms are
effectively banned by the HDCP controlling organization, consumers are
slaves to the video producers and distribution networks, because
consumers have not been empowered to remix video at the consumption
point.

The specific implementation of this hack enables the overlay of a
WebKit browser over any video feed; a concrete example of the
capability enabled by this technology is the overlay of twitter feeds
as "news crawlers" across a TV program, so that one may watch
community commentary in real-time on the same screen. While some TV
programs have attempted to incorporate twitter feeds into the show,
the incorporation has always been on the source side, and as such
users are unable to pick their hashtags. Now, with this hack, the same
broadcast program (say, a political debate) can have a very different
viewing experience based on which hashtag is keyed into the viewer's
twitter crawler.

TECHNICAL IMPLEMENTATION

A Spartan-6 FPGA was used to implement a TMDS-compatible source and
sink. TMDS is the signaling standard used by HDMI and DVI. The basic
pipeline within the FPGA deserializes incoming video and reserializes
it to the output. In this trivial mode, it is simply a signal
amplifier for the video.

In order to enable the overlay of a WebKit browser, an 800 MHz ARM-
based Linux computer is connected to the FPGA. The Linux computer is
based upon the PXA168 by Marvell, and it features 128 MB of DDR2 and a
microSD card for firmware. The distribution is based upon Angstrom and
it is built using OpenEmbedded with the help of buildbot. The entire
build system for the Linux computer is available through a public EC2
cloud image that anyone can copy and rent from Amazon.

From the Linux computer's standpoint, the FPGA emulates a parallel RGB
LCD, and thus from the programming standpoint looks simply like a
framebuffer at /dev/fb0. There is also a device management interface
revealed through I2C that is managed using the standard Linux I2C
driver. The I2C management interface handles routine status requests,
such as reading the video timing and PLL state, and also handles
reading out sections of snooping buffers, the significance of which
will be discussed later. The FPGA also has a chroma-key feature where
a magic color (240,0,240) is remapped to "transparent".

The FPGA itself is bootstrapped through a programming interface where
the device’s compiled bitstream is sent to the FPGA by writing to
/dev/fpga. There are also IOCTLs available on /dev/fpga that enable
other meta-level functions such as resetting the FPGA or querying its
configuration state.

In addition to passing through the TMDS signal, the FPGA also has the
ability to listen to *and* manipulate the DDC. The DDC is an I2C link
found on HDMI cables that enables the reporting of monitor capability
records (EDIDs) and also is the medium upon which the key exchange
happens. Therefore, being able to listen to this passively is of great
importance to the hack. The FPGA implements a "shadow-RAM" which
records all reads and writes to specific addresses that fall within
the expected address ranges for EDID and HDCP transactions.

The FPGA also implements a "squash-RAM" which is used to override bits
on the I2C bus. Since I2C is an open collector standard, overriding a
1 to a 0 is trivial; but, overriding a 0 to a 1 requires an active
pull-up. The hardware implements a beefy FET on the DDC to enable
overriding 0's to 1's. The DDC implementation uses a highly
oversampled I2C state machine. I2C itself only runs at 100 kHz, but
the state machine implementation runs at 26 MHz. This allows the state
machine to determine the next state of the I2C bus and decide to
override or allow the transaction on-the-fly. The "squash-RAM" feature
is used to override the EDID negotiation such that the video source is
only informed of modes that the FPGA implementation can handle. For
example, this implementation cannot handle 3D TV resolutions, so the
reporting of such capabilities from the TV is squashed before it can
get to the video source. This causes the source to automatically limit
its content to be within the hardware capabilities of the FPGA, and to
be within the resolutions that are supported by the WebKit UI.

The key exchange on HDCP consists of three pieces of data being passed
back and forth: the source public key (Aksv), the sink public key
(Bksv), and a piece of shared state (An). The order in which these are
written is well-defined. The completion of the transfer of the final
byte of Aksv serves as a trigger to initialize the cipher states of
the source and the sink. During this time period, each device computes
the dot-product of the other device's KSV with their internal private
key (which is a table of forty 56-bit numbers) and derives a shared
secret, known as Km. This is basically an implementation of Blom's
Scheme.

In order to implement the man-in-the-middle attack, the three pieces
of data are recorded, and the authentication trigger is passed from
the FPGA to the Linux computer through an udev event. udev triggers a
program that reads the KSVs from the snoop memory, and performs a
computation upon the HDCP master key and the KSVs to derive the
private keys that mirrors those found in each of the source and sink
devices. In a nutshell, the computation loops through the 40x40 matrix
of the HDCP master key, and based upon the KSV having a 1 at a
particular bit position it sums in the corresponding 40-entry row or
column of the master key to the 40-entry private key vector. The use
of a row or columns depends upon if the KSV belongs to a source or a
sink.

Once the private keys vectors have been derived, they can be
multiplied in exactly the same fashion as would be found in the source
or sink to derive the shared secret, Km.

This shared secret, Km, is then written into the FPGA's HDCP engine,
and the cipher state is ready to go. In practice, the entire
computation can happen in real-time, but some devices go faster or
slower than others, so it is hard to guarantee it always completes in
time, particularly with the variable interrupt latency of the udev
handler. As a result, the actual link negotiation caches the value of
Km from previous authentications, and the udev event primarily
verifies that Km hasn't changed (note that for each given source and
sink pair, Km is static and never changes, so unless users are pulling
cables out and swapping them between devices, Km is essentially
static). If the Km has changed, it updates the Km in the FPGA and
forces a 150ms hot plug event, which re-initiates the authentication,
thereby making the transaction fairly reliable yet effectively real-
time.

Significantly, this system as implemented is incapable of operating
without having the public keys provided by both the source and the
sink. This means that it cannot "create" an HDCP link: this
implementation is not an operational HDCP engine on its own. Rather,
it requires the user of this overlay hack to "prove" it has previously
purchased a full HDCP link through evidence of valid public keys. This
“proof of purchase” exhausts the proprietary rights to the link
associated with first sale doctrine.

Once the FPGA's HDCP cipher state is matched to the video source's
cipher state, one can now selectively encrypt different pixels to
replace original pixels, and the receiver will decrypt all without any
error condition. This is because encryption is done on a pixel by
pixel basis and the receiver does little in the way of verification.
The lack of link verification is in fact quite intentional and
necessary. The natural bit error rate of HD video links is atrocious;
but this is acceptable, because the human eye probably won't detect
bit errors even on the level of 1 in every 10,000 bits (at high error
rates, users see a “sparkle” or “snow” on the screen, but largely the
image is intact). Therefore, this latitude in allowing pixel-level
corruption is necessary to keep consumer costs low; otherwise, much
higher quality cables would be required along with FEC techniques to
achieve a bit error rate that is compatible with strict cryptographic
verification techniques such as full-frame hashing.

The selection of which pixel to swap is done by observing the color of
the overlay's video. The overlay video is not encrypted and is
generated by the user, so there is no legal violation to look at the
color of the overlay video. Note that other pixel-combining methods,
such as alpha blending, would necessitate the decryption of video. If
the overlay video matches a certain chroma key color, the incoming
video is selected; otherwise, the overlay video is selected. This
allows for the creation of transparent "holes" in the UI. Since the UI
is rendered by a WebKit browser, chroma-key is implemented by simply
setting the background color in the CSS of the UI pages to magic-pink.
This makes the default state of a web page transparent, with all items
rendered on top of it opaque.

Note that pixel-by-pixel manipulation of the incoming video feed is
done without any real buffering of the video. A TMDS pixel "lives"
inside the FPGA for less than a couple dozen clock cycles: the
lifetime of a pixel is simply the latency of the pipelines and the
elastic buffers required to deskew wire length differences between
differential pairs. This means that the overlay video from the Linux
computer must be strictly available at exactly the right time, or else
the user will see the overlay jitter and shake. In order to avoid such
artifacts, the time resolution requirement of the pixel
synchronization is stricter than the width of a pixclock period, which
can be as short as dozen nanoseconds.

In order to accomplish this fine-grain synchronization, a genlock
mechanism was implemented where vertical retrace signals (which are
unencrypted) trigger an interrupt that initiates the readout of
/dev/fb0 to the FPGA. However, the interrupt jitter of a non-realtime
Linux is *much* larger than a single pixel time, so in order to absorb
this uncertainty, a dynamic genlock engine was implemented in the
FPGA. An 8-line overlay video FIFO is used to provide the timing
elasticity between the Linux computer and the primary video feed; and
the vertical sync interrupt-to-pixel-out latency of the Linux computer
is dynamically measured by the FPGA and pre-compensated. In effect,
the FPGA measures how slow the Linux box's reflexes are, and requests
for the frame to start coming in advance of when the data is needed.
These measures, along with a few lines of FIFO, ensure pixel
availability at the precise time when the pixel is needed.

SUMMARY

A system has been described that enables a man-in-the-middle attack
upon HDCP secured links. The attack enables the overlay of video upon
existing streams; an example of an application of the attack is the
overlay of a personalized twitter feed over video programs. The attack
relies upon the HDCP master key and a snooping mechanism implemented
using an FPGA. The implementation of the attack never decrypts
previously encrypted video, and it is incapable of operating without
an existing, valid HDCP link. It is thus an embodiment of a bona-fide,
non-infringing and commercially useful application of the HDCP master
key. This embodiment impairs the equating of the HDCP master key with
copyright circumvention purposes.

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4686.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4686-en-implementation_of_mitm_attack_on_hdcp_secured_links_h264.mp4>

== Introducing Osmo-GMR ==
Building a sniffer for the GMR satphones

The latest member of the Osmocom-family projects, osmo-gmr focuses on
the GMR-1 (GEO Mobile Radio) air interface used in some satellite
Phones. This talk will shortly present the GMR protocol, the Thuraya
network that uses this protocol in the Eurasian/African and Australian
continents and finally details how you can capture samples and process
them for analysis using osmo-gmr.

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4688.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4688-en-introducing_osmo_gmr_h264.mp4>

Termin:Chaotic-Congress-Cinema-28C3 Nr. 06

2012-01-23T20:02:29Z

Muelli: Created page with " {{Termin |date=2012/02/08 20:00:00 PM |enddate=2012/02/08 22:00:00 PM |title=Chaotic Congress Cinema Nr. 6 |visible=Yes }} Category:Chaotic-Congress-Cinema Wir schauen uns ..."

{{Termin
|date=2012/02/08 20:00:00 PM
|enddate=2012/02/08 22:00:00 PM
|title=Chaotic Congress Cinema Nr. 6
|visible=Yes
}}
[[Category:Chaotic-Congress-Cinema]]

Wir schauen uns die Aufzeichnung von Congress-Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

Weitere Informationen unter [http://wiki.attraktor.org/index.php/Category:Chaotic-Congress-Cinema Chaotic Congress Cinema].

== Apple vs. Google Client Platforms ==
How you end up being the Victim.

We will discuss the two different approaches Apple and Google take for
the client platforms iPad and Chromebook, how they are similar and how
they are not.

From the security architecture and integrity protection details to
your account and identity that links you firmly back to the respective
vendor, we will provide the big picture with occasional close-up
shots. Here is what powers the vendor has over you, or what powers he
gives to arbitrary unwashed attackers at conferences through fails in
logic, binary or HTML.
== Links ==

+ `Recurity Labs <http://www.recurity-labs.com>`__

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4676.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4676-en-apple_vs_google_client_platforms_h264.mp4>

== Effective Denial of Service attacks against web application
platforms ==
We are the 99% (CPU usage)

This talk will show how a common flaw in the implementation of most of
the popular web programming languages and platforms (including PHP,
ASP.NET, Java, etc.) can be (ab)used to force web application servers
to use 99% of CPU for several minutes to hours for a single HTTP
request.

This attack is mostly independent of the underlying web application
and just relies on a common fact of how web application servers
typically work.

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4680.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4680-en-effective_dos_attacks_against_web_application_platforms_h264.mp4>

Termin:Chaotic-Congress-Cinema-28C3 Nr. 05

2012-01-23T20:02:03Z

Muelli: Created page with " {{Termin |date=2012/02/01 20:00:00 PM |enddate=2012/02/01 22:00:00 PM |title=Chaotic Congress Cinema Nr. 5 |visible=Yes }} Category:Chaotic-Congress-Cinema Wir schauen uns ..."

{{Termin
|date=2012/02/01 20:00:00 PM
|enddate=2012/02/01 22:00:00 PM
|title=Chaotic Congress Cinema Nr. 5
|visible=Yes
}}
[[Category:Chaotic-Congress-Cinema]]

Wir schauen uns die Aufzeichnung von Congress-Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

Weitere Informationen unter [http://wiki.attraktor.org/index.php/Category:Chaotic-Congress-Cinema Chaotic Congress Cinema].

== Bionic Ears ==
Introduction into State-of-the-Art Hearing Aid Technology

In many social situations being hearing impaired is a serious
handicap, not only for elderly people. Today's hearing aids are tiny
computers that do a decent job in signal processing. During the last
years, the progress in this technology was significant, amongst other
things by switching from analog to digital devices. Since this field
becomes more and more related to computer technology, there is even
more improvement to be expected. In particular, it turns into a more
and more interesting playground for hackers.

Unfortunately, we are still quite far away from what was promised as
the future in that 70es TV series "The Bionic Woman" [1]. Starting
with a brief introduction about audiology, I will present current
technical solutions (and political non-solutions) for hearing aids.
Besides the hearing aids themselves, there exist a couple of
interesting peripheral solutions for specific situations such as using
the phone, listening to concerts and talks, or just consuming music
with an mp3 player. All these not only enhance the user's life, they
also open the door for creative hacks. Although the hearing-aid
hacking community is still rather small, I will present some current
projects and ideas for future ones.

Infos about the talk including (sometime soon ;)) slides:
http://www.hackandhear.com

[1] http://en.wikipedia.org/wiki/The *Bionic*Woman
== Links ==

+ `hand and hear <http://hackandhear.com>`__

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4669.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4669-en-bionic_ears_h264.mp4>

== Die Koalition setzt sich aber aktiv und ernsthaft dafr ein ==
Sprachlicher Nebel in der Politik

Aktuelle politische Texte (Reden, Interviews) werden auf Leerformeln,
Füllsel und Übertreibungen untersucht, die den Text entlarven, selbst
wenn der Autor versucht, die Hörer bzw. Leser einzulullen, bestimmte
sprachliche Mittel verraten, welche eigentlichen Meinungen sich im
Text verstecken. Auf diese Weise wird in den Texten sichtbar, was
Wilson und Shea als „Fnord“ bezeichnen.

Der Sprachwissenschaftler Victor Klemperer hat festgestellt: „Was
jemand willentlich verbergen will, sei es vor anderen, sei es vor sich
selber, auch was er unbewusst in sich trägt: Die Sprache bringt es an
den Tag.“ Besonders deutlich wird das an Ausdrucksmitteln, die als
„Nebelsprech“ bezeichnet werden können: Es handelt sich dabei vor
allem um sprachliche Füllsel (Pleonasmen), die im jeweiligen Kontext
nichts zur Bedeutung eines Textes beitragen, sondern einer Aussage nur
Nachdruck verleihen sollen, den die Aussage gar nicht benötigen würde,
wenn sie ernstgemeint wäre. So heißt es im Koalitionskompromiss zum
Weiterbau der A100 in Berlin: „Das Projekt des 16. Bauabschnitts der
BAB 100 wird nicht grundsätzlich aufgegeben. Die Koalition setzt sich
aber aktiv und ernsthaft dafür ein, dass eine Umwidmung der
Bundesmittel ermöglicht wird." Die Adverbien „aktiv“ und „ernsthaft“
haben hier eine entlarvende Wirkung, denn ein passiver und
scherzhafter Einsatz für eine Forderung ist ja gar nicht vorstellbar.
In der Rhetorik spricht man in diesem Zusammenhang von einer Hyperbel,
die allerdings im vorliegenden Fall misslungen ist, denn die
hyperbolische Steigerung legt nahe, dass mit Aktivitäten in diesem
Zusammenhang möglicherweise nicht zu rechnen ist. Auch wenn
„vorbehaltlos, rückhaltlos und umfassend analysiert“ wird (Merkel),
sollte man hellhörig werden, denn was „völlig ungefährlich“ und
„gänzlich unbedenklich“ ist, hat meist einen Haken.

Analysiert werden Texte zum „Atomausstieg“, zur
Vorratsdatenspeicherung und zu weiteren aktuellen Themen, vor allem
aus der Netzpolitik.

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4675.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4675-de-politik_neusprech_2011_h264.mp4>

Termin:Chaotic-Congress-Cinema-28C3 Nr. 04

2012-01-23T20:01:30Z

Muelli: /* Links */

{{Termin
|date=2012/02/01 20:00:00 PM
|enddate=2012/02/01 22:00:00 PM
|title=Chaotic Congress Cinema Nr. 4
|visible=Yes
}}
[[Category:Chaotic-Congress-Cinema]]

Wir schauen uns die Aufzeichnung von Congress-Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

Weitere Informationen unter [http://wiki.attraktor.org/index.php/Category:Chaotic-Congress-Cinema Chaotic Congress Cinema].

== Cellular protocol stacks for Internet ==
GPRS, EDGE, UMTS, HSPA demystified

Almost everyone uses the packet oriented transmission modes of
cellular networks. However, unlike TCP/IP, Ethernet and Wifi, not many
members of the hacker commnunity are familiar with the actual protocol
stack for those services.

This talk is aimed to give an in-depth explanation how the lower layer
protocols on the air and wired interfaces for packet data services in
cellular networks are structured.

For 2.5/2.75G, this includes RLC/MAC, NS, BSSGP, LLC, SNDCP, GTP For
3G/3.5G, this includes RRC, RLC, PDCP, NBAP, RANAP
=== Links ===

OpenBSC project (includes OsmoSGSN) <http://openbsc.osmocom.org/>

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4663.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4663-en-cellular_protocol_stacks_for_internet_h264.mp4>

== Electronic money: The road to Bitcoin and a glimpse forward ==
How the e-money systems can be made better

The proposed talk provides a definition of the problem of creating
e-money and after a review of the state of the art points out possible
solutions and proposes questions for discussion for the properties of
electronic money system.
=== Electronic money: The road to Bitcoin and a glimpse ahead ===
Abstract : *The proposed talk provides a definition of the problem of
creating e-money and after a review of the state of the art points out
possible solutions and proposes questions for discussion for the
properties of electronic money system.*
=== 1. What is electronic money and different means of currency ===
Definition of electronic money and distinction from similar means of
exchange.

Electronic money is defined as monetary value which is:

+ stored on an electronic device;
+ issued on receipt of funds; and
+ accepted as a means of payment by persons other than the issuer.

Working e-money examples: PayPal and MoneyBookers

Other means of exchange, similar to e-money:
Alternative/Social/Timeshare/Community currencies; Loyalty and Voucher
systems.
> Working examples: WIR and Ven currencies (Bitcoin)< p>
What makes them different from e-money? (convertible only one-way, not
a legal tender, mostly backed by trust only, etc)

*Optional*: Pros and cons of the abovementioned means of exchange.
=== 2. Defining the e-money problem: What electronic money should do? ===
Risks and requirements to the solution for electronic money from
technical, legal and business standpoint. The basic human problem of
reaching a consensus and trust in a group.
=== General system risks: ===

+ Credit Liability
+ Credit Abuse
+ Counterfeiting
+ Unauthorized Withdrawal
+ Purchase Order Modification
+ Double Spending
+ Failure to Credit Payment
+ Denial of Service
+ Repudiation
+ Failure to deliver
+ Framing
+ Secrecy

=== Legal and accounting: ===

+ Dispute resolution
+ Money laundering and finance of terrorism
+ Tax evasion prevention
+ Consumer protection requirements
+ Ways to negotiate and conclude a contract
+ Auditability
+ Reverse and chargeback transactions
+ How the burden of proof is distributed

=== Business: ===
Costs for:

+ Registration
+ Operation
+ Support
+ Marketing
+ Customer and merchant negotiation

=== Accent on the most important human problems: ===

+ Identification and authorization (which is the required minimum?)
+ Achieving consensus and easy dispute resolution in a group.
+ Determine the state of the system at any given moment
+ Trust (between the peer users or trust in the central authority)

=== 3. How the risks and requirements have been traditionally addressed? ===
Review of the cryptographic, legal and procedural methods from the
existing e-money protocols. Еmphasis on anonymity and privacy
problems.

The review of the existing systems will be a distinction between:

+ Online and offline systems > Example: PayPal and Blind signature
PayWord based systems
+ Centralized and decentralized systems > Example: Liberty Reserve and
Ripple BitCoin
+ Hard and Soft systems > Example: BitCoin and Credit card based money
and payment protocols< li>

How do they solve the problems of trust and consensus in a certain
group?

How they provide anonymous transactions and keep user privacy? Are
independent jurisdictions a (contribution to) the solution?

Calculated risk, insurance and responsibility/role delegation as
patches to the existing problems.

Which of the above systems may be deemed "legal"? (what do the central
banks think)

*Optional*: Few words for Blind signature and PayWord techniques and
the protocols around them
=== 4. The great step forward. The contribution of Bitcoin ===
Emphasis on decentralization and (relative) anonymity features of
Bitcoin. How the combination of a way to create(mint) coins and to
timestamp the state of their distribtion created the first working
non-centralised currency. What, in my opinion, contributed for the
Bitcoin popularity.

=== 5. The problems of Bitcoin ===
What Bitcoin doesn't provide or doesn't provide in an effective
manner:

+ Cost of creating money
+ Method of reaching a consensus, based on computing power
+ No "real value" to back it
+ Settlement risk not covered
+ Scalability issues
+ All the lacking features of a "soft" currency

Is it decentralized or distributed system? (having in mind the
introduction of "trust points")
=== 6. A Glimpse forward ===
How can anonymous e-money be made better (more effective and
accessible). Proposal (and discussion) of the possible enchancements.
=== How to issue e-money in more effective manner? ===
Possible solutions are to issue money based on:

+ Exchange for FIAT money or back by any other valuable stock (gold, land, silver);
+ IOU credit/debit principle from the community currencies;
+ Some fair distribution as an alternative to:
+ Solving a math problem (as Bitcoin does)

How do these solution relate to the speed the new money are accepted and used?
=== How to reach a consensus in a group in a more effective manner? ===

+ Is practical byzantine tolerance more effective than distributed timestamping?
+ Can and should we consider any centralized authority?
+ Should we consider decentralized money impossible and settle for distributed money?
+ Can a Webtrust (OpenPGP alike) scheme of trust be applied? What social identification (friend of a friend) can contribute?
+ Can we use/rely on public/official timestamping services and how this can be used as a better proof?
+ How triple accounting techniques may help?

=== How to achieve anonimity and preserve privacy? ===

+ Is complete anonymity possible? What are the achievable levels of anonymity?
+ Can the user set a "mode" of a transaction, sacrificing some protection?
+ To what extend the existing bank secrecy will suffice?
+ Jurisdictional independence as a possible solution / significant contributor.
+ What anonymizing technical methods are possible?

More general question: Should a good e-money currency be made
according to the legal requirements of the EU directive and made legal
tender?

If not are features like: consumer protection (reverse and refund
transactions), auditability and settlement risk coverage need to be
implemented and at what cost?

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4668.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4668-en-electronic_money_h264.mp4>

Termin:Chaotic-Congress-Cinema-28C3 Nr. 04

2012-01-23T20:00:51Z

Muelli: /* How to issue e-money in more effective manner? */ more markup

{{Termin
|date=2012/02/01 20:00:00 PM
|enddate=2012/02/01 22:00:00 PM
|title=Chaotic Congress Cinema Nr. 4
|visible=Yes
}}
[[Category:Chaotic-Congress-Cinema]]

Wir schauen uns die Aufzeichnung von Congress-Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

Weitere Informationen unter [http://wiki.attraktor.org/index.php/Category:Chaotic-Congress-Cinema Chaotic Congress Cinema].

== Cellular protocol stacks for Internet ==
GPRS, EDGE, UMTS, HSPA demystified

Almost everyone uses the packet oriented transmission modes of
cellular networks. However, unlike TCP/IP, Ethernet and Wifi, not many
members of the hacker commnunity are familiar with the actual protocol
stack for those services.

This talk is aimed to give an in-depth explanation how the lower layer
protocols on the air and wired interfaces for packet data services in
cellular networks are structured.

For 2.5/2.75G, this includes RLC/MAC, NS, BSSGP, LLC, SNDCP, GTP For
3G/3.5G, this includes RRC, RLC, PDCP, NBAP, RANAP
== Links ==

+ `OpenBSC project (includes OsmoSGSN)
<http://openbsc.osmocom.org/>`__
+ `http:// <http://>`__

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4663.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4663-en-cellular_protocol_stacks_for_internet_h264.mp4>

== Electronic money: The road to Bitcoin and a glimpse forward ==
How the e-money systems can be made better

The proposed talk provides a definition of the problem of creating
e-money and after a review of the state of the art points out possible
solutions and proposes questions for discussion for the properties of
electronic money system.
=== Electronic money: The road to Bitcoin and a glimpse ahead ===
Abstract : *The proposed talk provides a definition of the problem of
creating e-money and after a review of the state of the art points out
possible solutions and proposes questions for discussion for the
properties of electronic money system.*
=== 1. What is electronic money and different means of currency ===
Definition of electronic money and distinction from similar means of
exchange.

Electronic money is defined as monetary value which is:

+ stored on an electronic device;
+ issued on receipt of funds; and
+ accepted as a means of payment by persons other than the issuer.

Working e-money examples: PayPal and MoneyBookers

Other means of exchange, similar to e-money:
Alternative/Social/Timeshare/Community currencies; Loyalty and Voucher
systems.
> Working examples: WIR and Ven currencies (Bitcoin)< p>
What makes them different from e-money? (convertible only one-way, not
a legal tender, mostly backed by trust only, etc)

*Optional*: Pros and cons of the abovementioned means of exchange.
=== 2. Defining the e-money problem: What electronic money should do? ===
Risks and requirements to the solution for electronic money from
technical, legal and business standpoint. The basic human problem of
reaching a consensus and trust in a group.
=== General system risks: ===

+ Credit Liability
+ Credit Abuse
+ Counterfeiting
+ Unauthorized Withdrawal
+ Purchase Order Modification
+ Double Spending
+ Failure to Credit Payment
+ Denial of Service
+ Repudiation
+ Failure to deliver
+ Framing
+ Secrecy

=== Legal and accounting: ===

+ Dispute resolution
+ Money laundering and finance of terrorism
+ Tax evasion prevention
+ Consumer protection requirements
+ Ways to negotiate and conclude a contract
+ Auditability
+ Reverse and chargeback transactions
+ How the burden of proof is distributed

=== Business: ===
Costs for:

+ Registration
+ Operation
+ Support
+ Marketing
+ Customer and merchant negotiation

=== Accent on the most important human problems: ===

+ Identification and authorization (which is the required minimum?)
+ Achieving consensus and easy dispute resolution in a group.
+ Determine the state of the system at any given moment
+ Trust (between the peer users or trust in the central authority)

=== 3. How the risks and requirements have been traditionally addressed? ===
Review of the cryptographic, legal and procedural methods from the
existing e-money protocols. Еmphasis on anonymity and privacy
problems.

The review of the existing systems will be a distinction between:

+ Online and offline systems > Example: PayPal and Blind signature
PayWord based systems
+ Centralized and decentralized systems > Example: Liberty Reserve and
Ripple BitCoin
+ Hard and Soft systems > Example: BitCoin and Credit card based money
and payment protocols< li>

How do they solve the problems of trust and consensus in a certain
group?

How they provide anonymous transactions and keep user privacy? Are
independent jurisdictions a (contribution to) the solution?

Calculated risk, insurance and responsibility/role delegation as
patches to the existing problems.

Which of the above systems may be deemed "legal"? (what do the central
banks think)

*Optional*: Few words for Blind signature and PayWord techniques and
the protocols around them
=== 4. The great step forward. The contribution of Bitcoin ===
Emphasis on decentralization and (relative) anonymity features of
Bitcoin. How the combination of a way to create(mint) coins and to
timestamp the state of their distribtion created the first working
non-centralised currency. What, in my opinion, contributed for the
Bitcoin popularity.

=== 5. The problems of Bitcoin ===
What Bitcoin doesn't provide or doesn't provide in an effective
manner:

+ Cost of creating money
+ Method of reaching a consensus, based on computing power
+ No "real value" to back it
+ Settlement risk not covered
+ Scalability issues
+ All the lacking features of a "soft" currency

Is it decentralized or distributed system? (having in mind the
introduction of "trust points")
=== 6. A Glimpse forward ===
How can anonymous e-money be made better (more effective and
accessible). Proposal (and discussion) of the possible enchancements.
=== How to issue e-money in more effective manner? ===
Possible solutions are to issue money based on:

+ Exchange for FIAT money or back by any other valuable stock (gold, land, silver);
+ IOU credit/debit principle from the community currencies;
+ Some fair distribution as an alternative to:
+ Solving a math problem (as Bitcoin does)

How do these solution relate to the speed the new money are accepted and used?
=== How to reach a consensus in a group in a more effective manner? ===

+ Is practical byzantine tolerance more effective than distributed timestamping?
+ Can and should we consider any centralized authority?
+ Should we consider decentralized money impossible and settle for distributed money?
+ Can a Webtrust (OpenPGP alike) scheme of trust be applied? What social identification (friend of a friend) can contribute?
+ Can we use/rely on public/official timestamping services and how this can be used as a better proof?
+ How triple accounting techniques may help?

=== How to achieve anonimity and preserve privacy? ===

+ Is complete anonymity possible? What are the achievable levels of anonymity?
+ Can the user set a "mode" of a transaction, sacrificing some protection?
+ To what extend the existing bank secrecy will suffice?
+ Jurisdictional independence as a possible solution / significant contributor.
+ What anonymizing technical methods are possible?

More general question: Should a good e-money currency be made
according to the legal requirements of the EU directive and made legal
tender?

If not are features like: consumer protection (reverse and refund
transactions), auditability and settlement risk coverage need to be
implemented and at what cost?

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4668.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4668-en-electronic_money_h264.mp4>

Termin:Chaotic-Congress-Cinema-28C3 Nr. 04

2012-01-23T19:59:51Z

Muelli: some markup fixed

{{Termin
|date=2012/02/01 20:00:00 PM
|enddate=2012/02/01 22:00:00 PM
|title=Chaotic Congress Cinema Nr. 4
|visible=Yes
}}
[[Category:Chaotic-Congress-Cinema]]

Wir schauen uns die Aufzeichnung von Congress-Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-)

Weitere Informationen unter [http://wiki.attraktor.org/index.php/Category:Chaotic-Congress-Cinema Chaotic Congress Cinema].

== Cellular protocol stacks for Internet ==
GPRS, EDGE, UMTS, HSPA demystified

Almost everyone uses the packet oriented transmission modes of
cellular networks. However, unlike TCP/IP, Ethernet and Wifi, not many
members of the hacker commnunity are familiar with the actual protocol
stack for those services.

This talk is aimed to give an in-depth explanation how the lower layer
protocols on the air and wired interfaces for packet data services in
cellular networks are structured.

For 2.5/2.75G, this includes RLC/MAC, NS, BSSGP, LLC, SNDCP, GTP For
3G/3.5G, this includes RRC, RLC, PDCP, NBAP, RANAP
== Links ==

+ `OpenBSC project (includes OsmoSGSN)
<http://openbsc.osmocom.org/>`__
+ `http:// <http://>`__

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4663.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4663-en-cellular_protocol_stacks_for_internet_h264.mp4>

== Electronic money: The road to Bitcoin and a glimpse forward ==
How the e-money systems can be made better

The proposed talk provides a definition of the problem of creating
e-money and after a review of the state of the art points out possible
solutions and proposes questions for discussion for the properties of
electronic money system.
=== Electronic money: The road to Bitcoin and a glimpse ahead ===
Abstract : *The proposed talk provides a definition of the problem of
creating e-money and after a review of the state of the art points out
possible solutions and proposes questions for discussion for the
properties of electronic money system.*
=== 1. What is electronic money and different means of currency ===
Definition of electronic money and distinction from similar means of
exchange.

Electronic money is defined as monetary value which is:

+ stored on an electronic device;
+ issued on receipt of funds; and
+ accepted as a means of payment by persons other than the issuer.

Working e-money examples: PayPal and MoneyBookers

Other means of exchange, similar to e-money:
Alternative/Social/Timeshare/Community currencies; Loyalty and Voucher
systems.
> Working examples: WIR and Ven currencies (Bitcoin)< p>
What makes them different from e-money? (convertible only one-way, not
a legal tender, mostly backed by trust only, etc)

*Optional*: Pros and cons of the abovementioned means of exchange.
=== 2. Defining the e-money problem: What electronic money should do? ===
Risks and requirements to the solution for electronic money from
technical, legal and business standpoint. The basic human problem of
reaching a consensus and trust in a group.
=== General system risks: ===

+ Credit Liability
+ Credit Abuse
+ Counterfeiting
+ Unauthorized Withdrawal
+ Purchase Order Modification
+ Double Spending
+ Failure to Credit Payment
+ Denial of Service
+ Repudiation
+ Failure to deliver
+ Framing
+ Secrecy

=== Legal and accounting: ===

+ Dispute resolution
+ Money laundering and finance of terrorism
+ Tax evasion prevention
+ Consumer protection requirements
+ Ways to negotiate and conclude a contract
+ Auditability
+ Reverse and chargeback transactions
+ How the burden of proof is distributed

=== Business: ===
Costs for:

+ Registration
+ Operation
+ Support
+ Marketing
+ Customer and merchant negotiation

=== Accent on the most important human problems: ===

+ Identification and authorization (which is the required minimum?)
+ Achieving consensus and easy dispute resolution in a group.
+ Determine the state of the system at any given moment
+ Trust (between the peer users or trust in the central authority)

=== 3. How the risks and requirements have been traditionally addressed? ===
Review of the cryptographic, legal and procedural methods from the
existing e-money protocols. Еmphasis on anonymity and privacy
problems.

The review of the existing systems will be a distinction between:

+ Online and offline systems > Example: PayPal and Blind signature
PayWord based systems
+ Centralized and decentralized systems > Example: Liberty Reserve and
Ripple BitCoin
+ Hard and Soft systems > Example: BitCoin and Credit card based money
and payment protocols< li>

How do they solve the problems of trust and consensus in a certain
group?

How they provide anonymous transactions and keep user privacy? Are
independent jurisdictions a (contribution to) the solution?

Calculated risk, insurance and responsibility/role delegation as
patches to the existing problems.

Which of the above systems may be deemed "legal"? (what do the central
banks think)

*Optional*: Few words for Blind signature and PayWord techniques and
the protocols around them
=== 4. The great step forward. The contribution of Bitcoin ===
Emphasis on decentralization and (relative) anonymity features of
Bitcoin. How the combination of a way to create(mint) coins and to
timestamp the state of their distribtion created the first working
non-centralised currency. What, in my opinion, contributed for the
Bitcoin popularity.

=== 5. The problems of Bitcoin ===
What Bitcoin doesn't provide or doesn't provide in an effective
manner:

+ Cost of creating money
+ Method of reaching a consensus, based on computing power
+ No "real value" to back it
+ Settlement risk not covered
+ Scalability issues
+ All the lacking features of a "soft" currency

Is it decentralized or distributed system? (having in mind the
introduction of "trust points")
=== 6. A Glimpse forward ===
How can anonymous e-money be made better (more effective and
accessible). Proposal (and discussion) of the possible enchancements.
== How to issue e-money in more effective manner? ==
Possible solutions are to issue money based on:

+ Exchange for FIAT money or back by any other valuable stock (gold,
land, silver);
+ IOU credit/debit principle from the community currencies;
+ Some fair distribution as an alternative to:
+ Solving a math problem (as Bitcoin does)

How do these solution relate to the speed the new money are accepted
and used?
=== How to reach a consensus in a group in a more effective manner? ===

+ Is practical byzantine tolerance more effective than distributed
timestamping?
+ Can and should we consider any centralized authority?
+ Should we consider decentralized money impossible and settle for
distributed money?
+ Can a Webtrust (OpenPGP alike) scheme of trust be applied? What
social identification (friend of a friend) can contribute?
+ Can we use/rely on public/official timestamping services and how
this can be used as a better proof?
+ How triple accounting techniques may help?

=== How to achieve anonimity and preserve privacy? ===

+ Is complete anonymity possible? What are the achievable levels of
anonymity?
+ Can the user set a "mode" of a transaction, sacrificing some
protection?
+ To what extend the existing bank secrecy will suffice?
+ Jurisdictional independence as a possible solution / significant
contributor.
+ What anonymizing technical methods are possible?

More general question: Should a good e-money currency be made
according to the legal requirements of the EU directive and made legal
tender?

If not are features like: consumer protection (reverse and refund
transactions), auditability and settlement risk coverage need to be
implemented and at what cost?

* Pentabarf: <http://events.ccc.de/congress/2011/Fahrplan/events/4668.en.html>
* Video: <http://ftp.ccc.de/congress/28C3/mp4-h264-HQ/28c3-4668-en-electronic_money_h264.mp4>