Here is my list of the most important talks of the 26th Chaos Communication Congress [26C3] held in Berlin, Germany that was held last week.
Since my German language skills have eroded into near-worthlessness, I’m only going to mention presentations available in the English language.
Many videos are not yet up, but of those that are, these are my picks in order of interest and significance.
It is really great that there are videos up so quickly and without all of the capitalist headaches that we see here in the US. Yes, selling things is important, but kicking out some video to your community is a great thing. Information is supposed to be free, right hacker conferences? Eat your own dogfood, guys.
A Part Time Scientists’ Perspective of Getting to the Moon
We want to use the opportunity the 26C3 presents as a venue to introduce our team. The Part-Time-Scientists are the first German team participating in the Google Lunar X PRIZE. Our presentation would kick off with a quick explanation of what the X PRIZE is, the challenges and gains.
The main part of the presentation will then focus on our progress. That includes a showcase of some hard- and software we’re using. Additionally pictures and videos specifically created for the 26C3. And a brief overview of the GoogleLunarXPrize and it’s overall progress.
They Skype’d in one of the members of the Apollo program, presented a working model of their moon rover, their communication model with Earth from the moon in an open architecture of configured satellite receivers that anyone can use.
From the total lack of network to handset authentication, to the “Of course I’ll give you my IMSI” message, to the iPhone that really wanted to talk to us. It all came as a surprise – stunning to see what $1500 of USRP can do. Add a weak cipher trivially breakable after a few months of distributed table generation and you get the most widely deployed privacy threat on the planet.
Cloning, spoofing, man-in-the-middle, decrypting, sniffing, crashing, DoS’ing, or just plain having fun. If you can work a BitTorrent client and a standard GNU build process then you can do it all, too. Prepare to change the way you look at your cell phone, forever.
“A more wholesome discussion is needed for the security standard that 4 billion people deserve”
There has been a variety of inaccurate press coverage over this talk, so I advise people to watch it for themselves. Something like ~85% of the worlds mobile phones are vulnerable to this proof of concept. Cracking GSM conversations is not new, but this is comprehensive and undeniable.
Cryptome put up a variety of A5 files related to this topic.
Tor and censorship: lessons learned
The perennial TOR talk from Roger Dingledine. This time, he had some new data about China using TOR bridges. Plenty of metrics about usage. Additionally and surprisingly, a call for corporate espionage from Tor users and sympathizers.
I’ll say that last bit again since it kind of blew me away. Roger is looking for people to give the TOR project state secrets and corporate insider implementation details.
I hope you guys like attention.
During the last 12 months WikiLeaks representatives have been talking at numerous conferences, from technology via human rights to media focused, in an effort to introduce WikiLeaks to the world. WikiLeaks has had major document releases that have spawned attention in all major newspapers by now, it has triggered important reform and has established itself as part of the accepted media reality.
The WikiLeaks people give an update on their accomplishments, propose that Iceland become a tax/data haven, and give hints about giving out future WikiLeaks awards to people who contribute to stuff-doing.
SCCP hacking, attacking the SS7
Quite a comprehensive basics and beyond format of talk busting on SS7.
SS7 is like TCP/IP in the 1990s. It used to be quite a secure network because nobody outside the organizations (here, the mobile operators and telecom companies) were connected to it. Now it’s getting interconnected to new actors which are not that trustworthy. Somehow, hackerdom made SS7 come into existence thanks to the massive use of Blue Boxes. Now, hackerdom is getting its toy back! SS7 is nowaday more and more accessible, and as such increasingly vulnerable. So we’re getting exposed to a totally new set of protocols, as secure as TCP/IP in the 1980s. This looks like the Blue Box is coming back to life, in a very different form.
Good stuff. Perfect for anyone who watched the GSM talk or wants to set up Asterisk.
Layer 8 based IP Address hijacking in the end of the days of IPv4
A good primer about ASN and IP block allocation and current hijinks.
In times of the omnipresent scare of IPv4 address shortage and price tags on Internet resources that are raised on a yearly basis some people look for creative means of securing themselves parts of “pre-owned” IP space. This space comes from the various early birds on the net. From major corporations to the US Military: Nobody is safe of getting his unused IP assets nicked. This talk will explain the ways IP assignments are made and how clever and not so clever, greedy and not so greedy IP thieves can get into the possession of valuable IP assets.
It is the end of days for IPv4 (how many times have you heard this before) and I, for one, we welcome our new IPv6 overlords.
Peanut Butter and Plastic: Industrial Revolution
The future of manufacturing will purring next to your computer and plasticizing digital designs into 3D objects. We’re at the dawn of the diamond age with portable 3D printers, decentralized manufacturing, digital design and the rise of personal fabrication.
Bre Pettis talking about his Makerbot stuff. If you haven’t seen it before, it is worth a watch. People like their Makerbots.
Tesla technology; wireless power transfer
Wireless power is a most wanted technology. It has already been invented by Nikola Tesla in 1888. The speaker read the papers, reproduced the theoretical and practical results. The theoretical idea to get highly efficient wireless power transmission is to separate the electric from the magnetic field, because magnetic field lines are closed curves near the device, while the electric field lines reach to infinity and receiver only needs common ground (the earth). This is done by special requirements to the sender and receiver antennas (form of the coil). The antenna form has been modeled in the software nec2 (variant xnec2c on debian). A lowcost PET bottle serves as the hull of the coil. Around 200 windings of insulated copper wire are manually applied to the bottle. A transmission in the range of 10 meters was reached, the power used is 100mW, from signal generator amplitude 10V and 1 MHz frequency. This will be shown.
These are exactly the kind of people who are largely missing from American hacker conferences (with the exception of the quantum crypto people who are very cool indeed); [mad] scientists.
FX brings us up to speed on the Flash family of exploits using colorful metaphors and straight talk.
The talk will discuss a class of in-the-wild malware and exploits, reasons for it’s success as well as reasons why protecting against it in common ways is not effective. This will be done by examining the internals of the attacked subject. Following this, the second part of the talk will present an alternative protection mechanism, which the presenter believes prevents large parts of this class of attacks. The mechanisms and code to do this will be presented and released.
Their lightning talks were also really dense with good new stuff. If you’re looking for something in particular, the lightning talk schedule is found here. Lightning talk summaries and links after the jump.
Day 2: HTTP / Torrent [ All English language ]
With the premise that government data is the property of the people and disclosing pdfs on a government website is insufficient, so they’re going to scrape, gather, manipulate data, develop applications, and present (they hope) interesting uses of this data to the public@opendatahack
FCUK: MiFare Classic Universal Toolkit
Updated RFID card toolkit
The German Privacy Foundation
An OpenPGP v2 card (a smartcard) and a reader
Supports keys up to 3072 bit
OWASP favicon enumeration
Nmap 5.10 beta has favicon scanning built in
Decentralized social networking with web of trusthttp://esw.w3.org/topic/foaf+ssl
They give away money to projects.Focused on privacy and making the internet a better place and they may give you some.
8:30 Plug and play sensor input
No drivers needed
26:30 Open RFID
Different from other RFID haxing kits because it works with low frequency tags. Most are 13MHz, this one can do 125KHz as well.
Board is size of a cc, no battery required, firmware upgradable, GPL, Active attacks; emulation/brute force
Schleuder: Yet Another Crypto-mailinglist Manager
OpenPGP encrypted mailinglist
Written in Ruby
GNU GPL v2
Relieves users from key management
Users managed by signature, not email address
41:45 ClockTamer: Universal clock source
Open source hardware/software highly accurate clock source
50:30 Some cool audio demo thing
56:30 Hackable:1 mobile gnome initiative
1:01:30 WAFP: Web Application FingerPrinter
Written in Ruby
Fetches static files from web applications and compares checksums to a database
An anything-to-anything recompiler
Examples: The Homebrew Channel
1:15:45 Yet Another XMPP Instant Messenger
1:19:45 Hackable Devices [ccc wiki]
1:26:00 Atari Coldfire Project
Objective: To build a new Atari compatible computer
Open hardware: PCB schema is free
Open source as much as possible
1:35:30 Cheating at Flash Games
[ The rest are in German ]
Unauthorized access to “secure” flash drives live demo
Interesting defacements using RF or Wifi controlled lighting devices
13:00 The OpenBTS Project
Very few fixed phone lines in the undeveloped world
Looks like GSM to a phone and SIP to a network
Low power and encourages lightweight architectures on GPRS and 2G networks.
29:00 The Future of Hacker Meetings
Large CCC events are over capacity
Greater number of smaller events
Use hackerspaces.org wiki to publicize events
34:00 [German] Droid Army
DROIDARMY is about the idea to push the development of a robot control based on android phones. Machines, robots and new devices with the interoperability of the google services and other off the shelf solutions can lower the costs of product development significantly and shorten time to market. Collaboration capabilities of cloud computing tools could let multiple robots work on one issue together.
P2P VPN network for anonymization based on I2P network and Tor.
Creates anonymous network layer where both client and server are anonymous to each other.
Any kind of IP data supported; frees protocol restrictions from Tor hidden nodes
50:00 Free Art and Technology Lab
The Free Art and Technology Lab is an organization dedicated to enriching the public domain through the research and development of creative technologies and media. The entire FAT network of artists, engineers, scientists, lawyers, musicians and Bornas are committed to supporting open values and the public domain through the use of emerging open licenses, support for open entrepreneurship and the admonishment of secrecy, copyright monopolies and patents.
Basically a bunch of trolls, so naturally the crowd loved it. Apparently trolling is now established art.
1:11:30 Remuco: Wireless remote control for Linux media players
1:17:00 Breaking Verilog-2005 Obfuscation: The DRM of digital design
1:25:30 Formica swarm robots
Kit now for sale and shipping in February for ₡30
25mm x 25mm in size.
1:38:30 What happens at the expiration of database protection
Talk of database and copyright law in Sweden and the EU
Proposes a Project Gutenberg for databases that copyright protection has expired
1:57:00 Student Robotics
Robitics kit design for primary schools
Runs an autonomous robotics competition
Students code their robot controls in python
Pingback: Secrets, Wikileaks, and Hacktivism « Bad Penny·