Here is my list of the most important talks of the 26th Chaos Communication Congress [26C3] held in Berlin, Germany that was held last week.
Since my German language skills have eroded into near-worthlessness, I’m only going to mention presentations available in the English language.
Many videos are not yet up, but of those that are, these are my picks in order of interest and significance.
It is really great that there are videos up so quickly and without all of the capitalist headaches that we see here in the US. Yes, selling things is important, but kicking out some video to your community is a great thing. Information is supposed to be free, right hacker conferences? Eat your own dogfood, guys.
A Part Time Scientists’ Perspective of Getting to the Moon
We want to use the opportunity the 26C3 presents as a venue to introduce our team. The Part-Time-Scientists are the first German team participating in the Google Lunar X PRIZE. Our presentation would kick off with a quick explanation of what the X PRIZE is, the challenges and gains.
The main part of the presentation will then focus on our progress. That includes a showcase of some hard- and software we’re using. Additionally pictures and videos specifically created for the 26C3. And a brief overview of the GoogleLunarXPrize and it’s overall progress.
They Skype’d in one of the members of the Apollo program, presented a working model of their moon rover, their communication model with Earth from the moon in an open architecture of configured satellite receivers that anyone can use.
Amazing!
From the total lack of network to handset authentication, to the “Of course I’ll give you my IMSI” message, to the iPhone that really wanted to talk to us. It all came as a surprise – stunning to see what $1500 of USRP can do. Add a weak cipher trivially breakable after a few months of distributed table generation and you get the most widely deployed privacy threat on the planet.
Cloning, spoofing, man-in-the-middle, decrypting, sniffing, crashing, DoS’ing, or just plain having fun. If you can work a BitTorrent client and a standard GNU build process then you can do it all, too. Prepare to change the way you look at your cell phone, forever.
“A more wholesome discussion is needed for the security standard that 4 billion people deserve”
There has been a variety of inaccurate press coverage over this talk, so I advise people to watch it for themselves. Something like ~85% of the worlds mobile phones are vulnerable to this proof of concept. Cracking GSM conversations is not new, but this is comprehensive and undeniable.
Cryptome put up a variety of A5 files related to this topic.
Tor and censorship: lessons learned
The perennial TOR talk from Roger Dingledine. This time, he had some new data about China using TOR bridges. Plenty of metrics about usage. Additionally and surprisingly, a call for corporate espionage from Tor users and sympathizers.
I’ll say that last bit again since it kind of blew me away. Roger is looking for people to give the TOR project state secrets and corporate insider implementation details.
I hope you guys like attention.
During the last 12 months WikiLeaks representatives have been talking at numerous conferences, from technology via human rights to media focused, in an effort to introduce WikiLeaks to the world. WikiLeaks has had major document releases that have spawned attention in all major newspapers by now, it has triggered important reform and has established itself as part of the accepted media reality.
The WikiLeaks people give an update on their accomplishments, propose that Iceland become a tax/data haven, and give hints about giving out future WikiLeaks awards to people who contribute to stuff-doing.
SCCP hacking, attacking the SS7
Quite a comprehensive basics and beyond format of talk busting on SS7.
SS7 is like TCP/IP in the 1990s. It used to be quite a secure network because nobody outside the organizations (here, the mobile operators and telecom companies) were connected to it. Now it’s getting interconnected to new actors which are not that trustworthy. Somehow, hackerdom made SS7 come into existence thanks to the massive use of Blue Boxes. Now, hackerdom is getting its toy back! SS7 is nowaday more and more accessible, and as such increasingly vulnerable. So we’re getting exposed to a totally new set of protocols, as secure as TCP/IP in the 1980s. This looks like the Blue Box is coming back to life, in a very different form.
Good stuff. Perfect for anyone who watched the GSM talk or wants to set up Asterisk.
Layer 8 based IP Address hijacking in the end of the days of IPv4
A good primer about ASN and IP block allocation and current hijinks.
In times of the omnipresent scare of IPv4 address shortage and price tags on Internet resources that are raised on a yearly basis some people look for creative means of securing themselves parts of “pre-owned” IP space. This space comes from the various early birds on the net. From major corporations to the US Military: Nobody is safe of getting his unused IP assets nicked. This talk will explain the ways IP assignments are made and how clever and not so clever, greedy and not so greedy IP thieves can get into the possession of valuable IP assets.
It is the end of days for IPv4 (how many times have you heard this before) and I, for one, we welcome our new IPv6 overlords.
Peanut Butter and Plastic: Industrial Revolution
The future of manufacturing will purring next to your computer and plasticizing digital designs into 3D objects. We’re at the dawn of the diamond age with portable 3D printers, decentralized manufacturing, digital design and the rise of personal fabrication.
Bre Pettis talking about his Makerbot stuff. If you haven’t seen it before, it is worth a watch. People like their Makerbots.
Tesla technology; wireless power transfer
Wireless power is a most wanted technology. It has already been invented by Nikola Tesla in 1888. The speaker read the papers, reproduced the theoretical and practical results. The theoretical idea to get highly efficient wireless power transmission is to separate the electric from the magnetic field, because magnetic field lines are closed curves near the device, while the electric field lines reach to infinity and receiver only needs common ground (the earth). This is done by special requirements to the sender and receiver antennas (form of the coil). The antenna form has been modeled in the software nec2 (variant xnec2c on debian). A lowcost PET bottle serves as the hull of the coil. Around 200 windings of insulated copper wire are manually applied to the bottle. A transmission in the range of 10 meters was reached, the power used is 100mW, from signal generator amplitude 10V and 1 MHz frequency. This will be shown.
These are exactly the kind of people who are largely missing from American hacker conferences (with the exception of the quantum crypto people who are very cool indeed); [mad] scientists.
FX brings us up to speed on the Flash family of exploits using colorful metaphors and straight talk.
The talk will discuss a class of in-the-wild malware and exploits, reasons for it’s success as well as reasons why protecting against it in common ways is not effective. This will be done by examining the internals of the attacked subject. Following this, the second part of the talk will present an alternative protection mechanism, which the presenter believes prevents large parts of this class of attacks. The mechanisms and code to do this will be presented and released.
Their lightning talks were also really dense with good new stuff. If you’re looking for something in particular, the lightning talk schedule is found here. Lightning talk summaries and links after the jump.
Recent Comments