PLAY PODCASTS
Chaos Computer Club - archive feed

Chaos Computer Club - archive feed

14,494 episodes — Page 126 of 290

On the insecure nature of turbine control systems in power generation (36c3)

A deep dive into power generation process, industrial solutions and their security implications. Flavoured with vulnerabilities, penetration testing (security assessment) methodology and available remediation approaches. The research studies a very widespread industrial site throughout the world – power generation plants. Specifically, the heart of power generation – turbines and its DCS – control system managing all operations for powering our TVs and railways, gaming consoles and manufacturing, kettles and surveillance systems. We will share our notes on how those systems are functioning, where they are located network-wise and what security challenges are facing owners of power generation. A series of vulnerabilities will be disclosed along with prioritisation of DCS elements (hosts) and attack vectors. Discussed vulnerabilities are addressed by vendor of one of the most widespread DCS on our planet. During the talk we will focus on methodology how to safely assess your DCS installation, which security issues you should try to address in the first place and how to perform do-it-yourself remediation. Most of the remediation steps are confirmed by vendor which is crucial for industrial owners. about this event: https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10689.html

Dec 28, 20191h 0m

Der Pfad von 4G zu 5G (36c3)

Mit 4G wurde gegenüber früheren Mobilfunktechnologien das Air-Interface komplett neu gestaltet. Mit 5G wird dieses nun auf mögliche Zukunftstechnologien erweitert. Wir stellen die Neuerungen und die Möglichkeiten auf dem 5G-Air-Interface und im Core-Netz gegenüber 4G vor. Die folgenden Themen werden behandelt: Die 5G-Luftschnittstelle: - Subcarrier, Subcarrierspacing, Symbolzeit - OFDMA bei 4G - Guard Period - Resource Block und Referenzsignal - Resource Grid und die Aufgaben der physikalischen Kanäle - Grenzen von 4G und Möglichkeiten mit 5G - Kanalbandbreiten und Frequenzbereiche 5G - Subcarrier-Spacing und Änderungen im Resource Block (MBMS, NBIoT, Data, Low Latency, etc.) - Beispiele von Resource Grids - 5G auf 3,5 GHz und 700 MHz - Berechnung der maximalen Datenrate - TDD und dessen Vorteile und Einschränkungen (Sync, Laufzeit) - Massive MIMO, Multi-User MIMO - statische Beams und Traffic Beams - Mixed Mode - Dynamic Spectrum Sharing - Messung von Antennen bei 5G Netzarchitektur: - Aktueller Stand von 5G (NSA, Anker bei 4G, TDD, CA mit 4G) - 5G NSA und SA - Core-Netzelemete, Schnittstellen und deren Aufgaben - Radionetzwerk, eNB, gNB, Schnittstellen ((e)CPRI, S, X, ...) - Backhaul, 10 Gbit/s Fiber und Richtfunk - Vorstellung 3GPP Specs about this event: https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10542.html

Dec 28, 20191h 0m

A Hacker's Guide to Healthcare: How to Improve Lives with Data (36c3)

Health related personal data is highly sensitive -- and yet it promises an outright methodology shift for the surprisingly conservative healthcare system. This talk provides an overview of beneficial uses of health data, and formulates ways to get involved to make sure the benefits are reaped in a conscientious manner. Healthcare is rapidly becoming digital: security and data privacy call for active participation. But so do questions of quantified fairness and certification of digital medical devices. Hackers can play a crucial part to ensure this benefits patients and citizens, by championing data transparency and standards of evidence. My talk will outline ways to get creative with data beyond scrutinizing governments on information security. For the past year I worked for the German Ministry of Health's in-house think tank (hih) as an advisor on artificial intelligence. I will present my personal views, not those of the Federal Government. about this event: https://fahrplan.chaos-west.de/36c3/talk/AQSTLX/

Dec 28, 201952 min

Hacker Jeopardy (36c3)

The Hacker Jeopardy is a quiz show. The well known reversed quiz format, but of course hacker style. It once was entitled „number guessing for geeks“ by a German publisher, which of course is an unfair simplification. It’s also guessing of letters and special characters. ;) Three initial rounds will be played, the winners will compete with each other in the final. The event will be in German, we hope to have live translation again. about this event: https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11177.html

Dec 27, 20191h 55m

Die #36c3 Wisskomm-Gala (36c3)

Das Wissenschaftskommunikations-Assembly trifft sich auf dem 36c3 um über Wissenschaftskommunikation zu sprechen. Und über andere Themen die ihnen am Herzen liegen. Wir kommunizieren über den einen oder anderen Weg Wissenschaft. Physik, Chemie, Biologie, Pharmazie... Doch schauen wir uns das viele Unwissen in der Welt an, dann scheint das noch nicht auszureichen. Wie können wir Wissenschaft noch besser an die Frau oder den Mann bringen? Wie können wir überhaupt das Interesse dafür wecken? In der Politik gibt es zwar bereits Pläne, die Kommunikation zu verbessern, das Grundsatzpapier des Bundesministeriums für Bildung und Forschung (BMBF) über Wissenschaftskommunikation ist nur ein Beispiel dafür. Nur wirft dies auch die Befürchtung auf, dass Kommunikation dann von eh schon überlasteten, drittmittelfinanziert-prekären Doktorandinnen aufgeladen wird. Oder, dass sie als Freizeitvergnügung betrachtet wird. Oder, dass die hohen Anforderungen für gute Kommunikation unterschätzt werden. Oder, dass Wissenschaftskommunikation als Instrument der Akzeptanzbeschaffung verwendet wird. Richtig ist aber, dass alle von Wissenschaftskommunikation profitieren könnten. Wir möchten uns darüber austauschen, wie Wissenschaft unserer Meinung nach kommuniziert werden sollte. Und auch, welche Themen gerade jetzt mehr Aufmerksamkeit finden sollten. Eine Betrachtung von Wissenschaftler*innen, die gleichzeitig Wissenschaftskommunikator*innen sind - eine Kombination die immer noch recht selten ist. about this event: https://fahrplan.das-sendezentrum.de/36c3/talk/P3M9YV/

Dec 27, 20191h 1m

Inside the Fake Like Factories (36c3)

This talk investigates the business of fake likes and fake accounts: In a world, where the number of followers, likes, shares and views are worth money, the temptation and the will to cheat is high. With some luck, programming knowledge and persistence we obtained thousands of fanpages, You Tube and Instagram account, where likes have been bought from a Likes seller. We were also able to meet people working behind the scenes and we will prove, that Facebook is a big bubble, with a very high percentage of dead or at least zombie accounts. The talk presents the methodology, findings and outcomes from a team of scientists and investigative journalists, who delved into the parallel universe of Fake Like Factories. When you hear about fake likes and fake accounts, you instantly think of mobile phones strung together in multiple lines in front of an Asian woman or man. What if we tell you, that this is not necessarily the whole truth? That you better imagine a ordinary guy sitting at home at his computer? In a longterm investigation we met and talked to various of these so called “clickworkers” - liking, watching, clicking Facebook, You Tube and Instagram for a small amount of money the whole day in their living room. Fortuitously we could access thousand campaigns, Facebook Fanpages, You Tube videos or Instagram accounts. Thousands of websites and accounts, for which somebody bought likes in the past years. But we did not stop the investigation there: We dived deeper into the Facebook Fake Accounts and Fake Likes universe, bought likes at various other Fake Likes sellers. To get the big picture, we also developed a statistical method to calculate the alleged total number of Facebok User IDs, with surprising results. about this event: https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10936.html

Dec 27, 20191h 0m

SELECT code_execution FROM * USING SQLite; (36c3)

SQLite is one of the most deployed software in the world. However, from a security perspective, it has only been examined through the narrow lens of WebSQL and browser exploitation. We believe that this is just the tip of the iceberg. In our long term research, we experimented with the exploitation of memory corruption issues within SQLite without relying on any environment other than the SQL language. Using our innovative techniques of Query Hijacking and Query Oriented Programming, we proved it is possible to reliably exploit memory corruptions issues in the SQLite engine. We demonstrate these techniques a couple of real-world scenarios: pwning a password stealer backend server, and achieving iOS persistency with higher privileges. Everyone knows that databases are the crown jewels from a hacker's point of view, but what if you could use a database as the hacking tool itself? We discovered that simply querying a malicious SQLite database - can lead to Remote Code Execution. We used undocumented SQLite3 behavior and memory corruption vulnerabilities to take advantage of the assumption that querying a database is safe. How? We created a rogue SQLite database that exploits the software used to open it.Exploring only a few of the possibilities this presents we’ll pwn password stealer backends while they parse credentials files and achieve iOS persistency by replacing its Contacts database… The landscape is endless (Hint: Did someone say Windows 10 0-day?). This is extremely terrifying since SQLite3 is now practically built-in to any modern system. In our talk we also discuss the SQLite internals and our novel approach for abusing them. We had to invent our own ROP chain technique using nothing but SQL CREATE statements. We used JOIN statements for Heap Spray and SELECT subqueries for x64 pointer unpacking and arithmetics. It's a new world of using the familiar Structured Query Language for exploitation primitives,laying the foundations for a generic leverage of memory corruption issues in database engines. about this event: https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10701.html

Dec 27, 201946 min

SIM card technology from A-Z (36c3)

Billions of subscribers use SIM cards in their phones. Yet, outside a relatively small circle, information about SIM card technology is not widely known. This talk aims to be an in-depth technical overview. <p>Today, billions of subscribers use SIM cards in their phones. Yet, outside a relatively small circle, information about SIM card technology is not widely known. If at all, people know that once upon a time, they were storing phone books on SIM cards.</p> <p>Every so often there are some IT security news about SIM card vulnerabilities, and SIM card based attacks on subscribers.</p> <p>Let's have a look at SIM card technology during the past almost 30 years and cover topics like <ul> <li>Quick intro to ISO7816 smart cards</li> <li>SIM card hardware, operating system, applications</li> <li>SIM card related specification bodies, industry, processes</li> <li>from SIM to UICC, USIM, ISIM and more</li> <li>SIM toolkit, proactive SIM</li> <li>eSIM</li> </ul> </p> about this event: https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10737.html

Dec 27, 20191h 3m

Hack_Curio (36c3)

Hacking and hackers can be hard to visualize. In the popular imagination, the figure alternates between a menacing, hooded figure or some sort of drugged-out and depressed juvenile hero (or perhaps a state-sponsored hacker). To counter such images, a group of us have spearheaded a new digitally-based video project, Hack_Curio that features hacker-related videos, culled from a range of sources, documentary film, newscasts, hacker conference talks, advertising, and popular film. In this talk, the Hack-Curio creators and builders will briefly discuss the purpose and parameters of Hack_Curio and spend most of the talk featuring our funniest, most compelling videos around hacking from around the world. We will use these to reflect on some of the more obscure or less commented on cultural and political features of hacking--features that will address regional and international dimensions of the craft and its impacts around the world. Hacking and hackers can be hard to visualize. In the popular imagination, the figure alternates between a menacing, hooded figure or some sort of drugged-out and depressed juvenile hero (or perhaps a state-sponsored hacker). To counter such images, a group of us (Chris Kelty, Gabriella Coleman, and Paula Bialski) have spearheaded a new digitally-based video project, Hack_Curio that features hacker-related videos, culled from a range of sources, documentary film, newscasts, hacker conference talks, advertising, and popular film. In this talk, the Hack-Curio creators and builders, will briefly discuss the purpose and parameters of Hack_Curio and spend most of the talk featuring our funniest, most compelling videos around hacking from around the world. We will use these to reflect on some of the more obscure or less commented on cultural and political features of hacking--features that will address regional and international dimensions of the craft and its impacts around the world. We will begin our talk by telling the audience what drove to build this website and what we learned in the process of collaborating with now over fifty people to bring it into being. After our introduction, we will showcase about 7-10 videos drawn from quite different sources (ads, parodies, movie clips, documentary film, and talks) and from different parts of the world (Mexico, Germany, South Africa, France) in order to discuss the cultural significance of hacking in relation to regional and international commonalities and differences. Finally, we will finish with a short reflection on why such a project, based on visual artifacts, is a necessary corollary to text-based discussions, like books and magazines, covering the history and contemporary faces of hacking. about this event: https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10875.html

Dec 27, 201958 min

Let’s play Infokrieg (36c3)

Manche Spiele will man gewinnen, andere will man einfach nur spielen. Bei vielen Spielen will man beides. Spielen macht Spaß. Gewinnen auch. Warum also nicht immer und überall spielen? Warum nicht Politik spielen wie einen Multiplayer-Shooter? Mit motivierten Kameraden und ahnungslosen Gegnern? Mit zerstörbarer Umgebung, erfolgreichen Missionen und zu erobernden Flaggen? Teile der radikalen Rechten tun das mit Erfolg. Der Vortrag schaut sich einige Beispiele aus Deutschland und den USA näher an. Wir sprechen von “Spielifizierung”, wenn typische Elemente von Spielmechaniken genutzt werden, um in spielfremden Kontexten motivationssteigernd zu wirken. Während diese Strategie vor allem wirtschaftlich genutzt wird, um Kundenbindung und Mitarbeiterproduktivität zu erhöhen, ist sie auch zu einem zunehmend wichtigen Teil politischer Kultur geworden. Insbesondere Online-Communities verwenden Spielelemente, Memes/Lore und spielnahe Unterhaltungsformate, um ihre sozialen Beziehungen und jene zur Realität zu gestalten und zu strukturieren. Innerhalb solcher Beziehungen war es nur eine Frage der Zeit, bis archetypische NPCs wie der gewöhnliche Troll sich zu Lone-Wolf-Spielercharakteren entwickeln, Rudel bilden und sich in einem stetig wachsenden und ausdifferenzierenden System von Gilden und meritokratischen Jagdverbänden organisieren würden. Die Politisierung solcher neuer Stammesgesellschaften ist eine logische Konsequenz dieser Evolution. Der Vortrag beleuchtet einerseits den US-kulturellen Hintergrund des Feldes: von der Spielmetapher als legitimierenden Rahmen in der “Manosphere”, “#Gamergate” und Operationen der chan-übergreifenden /pol/-Community. Andererseits sucht er Strategien, die darauf abzielen, Teile des politischen Diskurses zu “gamen”, zu kapern und zu verstärken, auch in deutscher Trollkultur auf, vom genreprägenden “Drachengame” bis zu explizit politischen Initiativen wie “Reconquista Germanica”... und dem live gestreamten Terror einer neuen faschistischen Subkultur. about this event: https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10639.html

Dec 27, 201946 min

2. Podcast-Selbstkritiktreffen (36c3)

Jenny Günther, Moritz Klenk, Nicolas Wöhrl und Stefan Schulz laden alle anwesenden Podcaster und Podcasthörer zum 2. Podcast-Selbstkritiktreffen ein. Jenny Günther, Moritz Klenk, Nicolas Wöhrl und Stefan Schulz laden alle anwesenden Podcaster und Podcasthörer zum 2. Podcast-Selbstkritiktreffen ein. Im vergangenen Jahr haben wir die eher schweren Themen diskutiert - Formate & Finanzen. Dieses Jahr rücken wir etwas näher an den Alltag am Aufnahmegerät heran: Wir möchten über Workflows reden, die Organisation von Sendungen, den Umgang mit Gästen und Publikum. Auf der Bühne wird wieder ein leerer Stuhl stehen. Alle, die gehört werden wollen, werden gehört. Jenny Günther ist Politpodcasterin mit Herz, Moritz Klenk ist Monologpodcaster mit Doktortitel, Nicolas Wöhrl ist Spaßpodcaster mit Feuertornado, Stefan Schulz ist Fernsehpodcaster ohne Sendeschluss. about this event: https://fahrplan.das-sendezentrum.de/36c3/talk/Y3VESL/

Dec 27, 20191h 29m

Broken Beyond Repair - No Patch for Verfassungsschutz: Kritische Analyse der Verfassungsschutzberichte (36c3)

<p>Der deutsche Inlandsgeheimdienst bietet seit Jahrzehnten mit seinen Berichten eine interessante Propaganda an. Dieser wollen wir in diesem Talk auf den Zahn fühlen. Dazu ordnen wir die Erwähnungen von linken und antifaschistischen Akteur:innen kritisch ein. Dabei legen wir die Ideologie des sog. Verfassungsschutzes offen. Die Verfassungsschutzämter veröffentlichen jährlich Berichte über ihre Arbeit – auch im Netz. Doch die Berichte wurden zumeist nach 5 Jahre depubliziert. Wir sammeln alte und neue Berichte auf [Verfassungschutzberichte.de](https://vsberichte.de). Mit diesem digitalen Archiv vereinfachen wir die Recherche. Neben einer Suche lassen sich so z. B. Erwähnungen von Begriffen oder Organisationen im zeitlichen Verlauf betrachten. Einige interessante Resultate stellen wir in dem Vortrag vor.</p> about this event: https://fahrplan.chaos-west.de/36c3/talk/RAFTCU/

Dec 27, 201949 min

Practical Cache Attacks from the Network and Bad Cat Puns (36c3)

Our research shows that network-based cache side-channel attacks are a realistic threat. Cache attacks have been traditionally used to leak sensitive data on a local setting (e.g., from an attacker-controlled virtual machine to a victim virtual machine that share the CPU cache on a cloud platform). With our attack called NetCAT, we show this threat extends to untrusted clients over the network, which can now leak sensitive data such as keystrokes in a SSH session from remote servers with no local access. The root cause of the vulnerability is a recent Intel feature called DDIO, which grants network devices and other peripherals access to the CPU cache. Originally, intended as a performance optimization in fast networks, we show DDIO has severe security implications, exposing servers in local untrusted networks to remote side-channel attacks. Increased peripheral performance is causing strain on the memory subsystem of modern processors. For example, available DRAM throughput can no longer sustain the traffic of a modern network card. Scrambling to deliver the promised performance, instead of transferring peripheral data to and from DRAM, modern Intel processors perform I/O operations directly on the Last Level Cache (LLC). While Direct Cache Access (DCA) instead of Direct Memory Access (DMA) is a sensible performance optimization, it is unfortunately implemented without care for security, as the LLC is now shared between the CPU and all the attached devices, including the network card. In this talk, we present the first security analysis of DDIO. Based on our analysis, we present NetCAT, the first network-based cache attack on the processor’s last-level cache of a remote machine. We show that NetCAT can break confidentiality of a SSH session from a third machine without any malicious software running on the remote server or client. The attacker machine does this by solely sending network packets to the remote server. netcat is also a famous utility that hackers and system administrators use to send information over the network. NetCAT is a pun on being able to read data from the network without cooperation from the other machine on the network. However, we received very mixed reactions on that pun. More details on this in the talk. The vulnerability was acknowledged by Intel with a bounty and CVE-2019-11184 was assigned to track this issue. The public disclosure was on September 10, 2019. about this event: https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10884.html

Dec 27, 201942 min

Uncover, Understand, Own - Regaining Control Over Your AMD CPU (36c3)

The AMD Platform Security Processor (PSP) is a dedicated ARM CPU inside your AMD processor and runs undocumented, proprietary firmware provided by AMD. It is a processor inside your processor that you don't control. It is essential for system startup. In fact, in runs before the main processor is even started and is responsible for bootstrapping all other components. This talk presents our efforts investigating the PSP internals and functionality and how you can better understand it. Our talk is divided into three parts: The first part covers the firmware structure of the PSP and how we analyzed this proprietary firmware. We will demonstrate how to extract and replace individual firmware components of the PSP and how to observe the PSP during boot. The second part covers the functionality of the PSP and how it interacts with other components of the x86 CPU like the DRAM controller or System Management Unit (SMU). We will present our method to gain access to the, otherwise hidden, debug output. The talk concludes with a security analysis of the PSP firmware. We will demonstrate how to provide custom firmare to run on the PSP and introduce our toolchain that helps building custom applications for the PSP. This talk documents the PSP firmware's proprietary filesystem and provides insights into reverse-engineering such a deeply embedded system. It further sheds light on how we might regain trust in AMD CPUs despite the delicate nature of the PSP. about this event: https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10942.html

Dec 27, 201956 min

Kritikalität von Rohstoffen - wann platzt die Bombe? (36c3)

Einführung in das Forschungsfeld der Kritikalitätsanalysen. Anhand der Rohstoffe Tantal, Wolfram, Zinn und Gold werden exemplarisch die quantitativen und qualitativen Indikatoren für eine Versorgungsengpassanalyse vorgestellt. Moderne High-Tech-Produkte benötigen chemische Elemente, die in spezifischen Rohstoffen (z. B. Erze) vorkommen. Dabei unterliegen Verfügbarkeit und Preis dieser Rohstoffe in hohem Maße den Einflussfaktoren der Konzentrationsrisken, politischen Risiken, Angebotsreduktions- und Nachfrageanstiegsrisiken. Da Unternehmen oftmals über Jahre hinweg an bestimmte Rohstoffe gebunden sind, müssen sie den Unsicherheiten mit vielfältigen Strategien begegnen. Vom Abbau und der Verarbeitung bis zur Nutzung und Entsorgung wird die gesamte Wertschöpfungskettenkritikalität bewertet. Dadurch können Verwundbarkeiten von Unternehmen und Ländern durch Rohstoffengpässe objektiv identifiziert und Handlungsempfehlungen definiert werden. Die Kritikalitätsanalyse wird am Beispiel der 3TG-Materialien (Tantal, Wolfram, Zinn und Gold) veranschaulicht. about this event: https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10598.html

Dec 27, 20191h 3m

Warum die Card10 kein Medizinprodukt ist (36c3)

<p>Es soll grundlegend erklärt werden, nach welchen Kriterien Medizinprodukte entwickelt werden. Dazu werden die wichtigsten Regularien (Gesetze, Normen, ...) vorgestellt die von den Medizinprodukteherstellern eingehalten werden müssen. Diese regeln, was die Hersteller umsetzen müssen (und was nicht). Hier wird auch die Frage beantwortet, warum beispielsweise die Apple-Watch (oder genauer gesagt nur zwei Apps) ein Medizinprodukt sind aber die card10 nicht. Dieser Vortrag gibt Antworten auf die folgenden Fragen:</p> <ul> <li>Was ist denn überhaupt ein Medizinprodukt?</li> <li>Was steht dazu im Gesetz?</li> <li>Was haben Normen damit zu tun?</li> <li>Was tun die Hersteller überlicherweise um diese Anforderungen umzusetzen?</li> <li>Wie sieht ein typischer Entwicklungsprozess aus?</li> <li>Wie sieht es mit Security und Safety aus?</li> <li>Warum sind Innovationen so schwer?</li> <li>Was passiert nach der Entwicklung?</li> <li>Wer überwacht das alles?</li> </ul> <p>Es wird Schwerpunktmäßig die EU betrachtet um die Dauer des Vortrags nicht zu sprengen.</p> about this event: https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10950.html

Dec 27, 20191h 2m

The KGB Hack: 30 Years Later (36c3)

This spring marked the 30th anniversary of the public uncovering of the so-called KGB Hack, bringing with it a number of new articles remembering the event and forging bridges to the present. This spring marked the 30th anniversary of the public uncovering of the so-called KGB Hack, bringing with it a number of new articles remembering the event and forging bridges to the present. The 36C3 seems an excellent opportunity to take a look back at the instance of hacking which, even more so than previous events like the BTX and NASA Hacks, brought the CCC into the focus of the (West-)German public – and, additionally, the Federal Office for the Protection of the Constitution (Verfassungsschutz) and the Federal Intelligence Service (Bundesnachrichtendienst). This talk aims to focus on the uncovering of the KGB Hack, which began in 1986 when Clifford Stoll, a systems administrator at the University of California in Berkeley, noticed an intruder in his laboratory’s computer system – and, unlike other admins of the time, decided to do something about it. It took three more years of relentless investigation on Stoll’s part and laborious convincing of the authorities of the United States and the Federal Republic of Germany to trace back the intruder to a group of young men loosely connected to the CCC who worked with the KGB, selling information gained from breaking into US military computers to the Soviet Union. In March of 1989, the widely watched West-German television news program "ARD Im Brennpunkt" informed the public of the “biggest instance of espionage since the Guillaume affair”. It presented a new quality of high tech espionage, undertaken by “computer freaks”, somewhat shady-seeming young men connected to the Chaos Computer Club. The reporting on the KGB Hack had a tremendously negative effect on the public image of hackers in general and the CCC in particular. Now the “computer freaks” were no longer seen as benevolent geeks who pointed out flaws in computer systems - they were criminals, working with the Russians, harming their own country. Sounds familiar? It’s an image which has been lingering until today. about this event: https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11031.html

Dec 27, 201947 min

Storing energy in the 21st centruy (36c3)

The 21st century will be powered by electricity. I'm a journalist in the field of science and technology reporting. I followed the development of electricity storage and generation for over 10 years. In this talk I will outline the current state of electricity storage technology and its limitations. There is a gap between the intermittent availability of electricity generation and demand for it. Cobalt and Lithium are increasingly limited in supply and their production is often produced using unsustainable means. Alternatives are being development and will be presented. Some of these technologies are in the form of chemical batteries and some use very surprisingly simple technologies. I will be giving an introduction into future technologies for electricity storage currently in development. Some of these are batteries without rare materials and others are not batteries at all. about this event: https://fahrplan.chaos-west.de/36c3/talk/RUCJJQ/

Dec 27, 201952 min

Was geht alles schief in der Elektromobilität (36c3)

<p>Ein gemütlicher Schnack unter Ingenieuren warum die Elektromobilität nicht ins Rollen kommt und warum Wasserstoff noch nicht so richtig in Deutschland explodiert ist. Wir werden aus unseren Erfahrungen mit Elektromobilität, der Freude der Wartezeit auf ein Auto und anderen Problemchen schnacken. Sollten wir nicht von einem E-Roller oder Sofa überfahren worden sein vorher ^^ Wer auch ein E Auto hat oder sich über ERoller aufregen will darf gerne dazukommen. Das große Och Menno Special zur Elektromobilität.</p> about this event: https://fahrplan.das-sendezentrum.de/36c3/talk/UDRLSJ/

Dec 27, 201956 min

Buying Snacks via NFC with GNU Taler (36c3)

##### Motivation In the digital age the privacy has become an important matter. But with the current digital payment methods the privacy of the user is not guaranteed. To avoid the data sharing, the Taler team implemented a digital form of cash. ##### Project To demonstrate the payment system we developed an interface for a snack machine based on GNU Taler. This implementation allows the customer to pay with a smartphone app via NFC or QR-Code. ##### Team The project was realized by Taler in cooperation with two students from Bern University of Applied Sciences. In the talk the audience will become a little insight into the GNU Taler Project and the aim of the developed Snack Machine Interface. The approach to develop an interface between the Taler Backend and the snack machine will be explained as well as the challenges which come with such a project. Further the implemented hard- and software stacks are presented. about this event: https://talks.oio.social/36c3-oio/talk/MMB78C/

Dec 27, 201917 min

Code for Germany. Gute Taten mit offenen Daten (36c3)

Seit fünf Jahren setzen sich innerhalb des Netzwerks [„Code for Germany“](https://codefor.de) in ganz Deutschland rund 300 Ehrenamtliche für offene Daten ein und bauen damit Anwendungen für alle. Auch 2019 ist bei uns einiges passiert, was wir euch hier vorstellen wollen. Wir haben uns beispielsweise mit Daten zu Umwelt, Politik und jeder Menge Kartenmaterial beschäftigt und viele neue Projekte am Start. Manche glänzen schon richtig, andere suchen noch Unterstützung. Im Talk erklären wir, was offene Daten eigentlich sind, was man daraus bauen kann und wie man bei uns mitmachen kann. [Code for Germany](https://codefor.de) ist ein Netzwerk von Gruppen ehrenamtlich engagierter Freiwilliger. Wir nutzen unsere Fähigkeiten, um unsere Städte und das gesellschaftliche Miteinander positiv zu gestalten. Wir setzen uns für mehr Transparenz, Offene Daten und Partizipation in unseren Städten ein. Wir vermitteln insbesondere zwischen Zivilgesellschaft, Verwaltung und Politik und nutzen unsere Fähigkeiten, um die Kommunikation zwischen diesen zu verbessern und notwendige Impulse zu setzen, damit die Möglichkeiten der offenen und freien Digitalisierung so vielen Menschen wie möglich zugute kommen. about this event: https://cfp.verschwoerhaus.de/36c3/talk/EGBN8W/

Dec 27, 201930 min

Rosa Listen (36c3)

"Eine Regierung hat auch die Pflicht uns vor zukünftigen Regimen zu schützen." Anhand der Rosa Liste möchte ich aufzeigen weshalb das ein wichtiger Grundsatz moderner Demokratien ist. In der Weimarer Republik und der Ersten Republik Österreich wurden Listen angelegt in denen zahlreiche Daten über tatsächliche oder vermeintliche Homosexuelle gesammelt und auf Vorrat gespeichert wurden. In der NS-Diktatur wurden diese Listen genutzt, um eine möglichst große Anzahl Homosexueller in Konzentrationslager (KZ) zu bringen. In diesen bekamen sie den berühmten Rosa Winkel als Kennzeichnung, wodurch sie auch Repressalie von anderen Insassen ausgesetzt waren. Noch heute gilt die Rosa Liste als eines der schlimmsten Beispiele wie auf Vorrat gespeicherte Daten missbraucht werden können. Als Datenschützer und Bisexueller möchte ich näher auf diesen besonderen Teil der Geschichte eingehen und aufzeigen was daraus lernen sollten. about this event: https://fahrplan.chaos-west.de/36c3/talk/GZGQK3/

Dec 27, 201934 min

Science for future? (36c3)

This talk is to show the current state of the discussion on climate change and the necessary and possible changes from a scientific perpesctive. It is to give some typical relevant answers and to foster the resiliance against climate sceptic questioning. This is one of the main tasks the scientist for future are trying to tackle. The climate crisis is already existing and it is going to become worse. Looking at the pure facts of the changing climate, the acidication of the oceans, the slowly but steady rising of the sea level and the strengthening earth response effects, which make thing worse, it is hard to stay optimistic on the development of human kind on this planet. This lead to the largest social movement in Germany since the second world war fighting for a limitation of climate change to a maximum average temperature increase of 1.5°C. On the other hand, this movement is often disputed. Since the necessary changes are not liked by everyone, the engagement of especially students was attacked also by politicians – even declaring that they should leave such issues to the professionals. At this point scientist for future joined together to support the demands of the students and declare, „they are right“. This support is urgently needed. People have many open questions. The necessary changes are involving all societies in the world. In Germany, one of the most disputed topics is the field of energy, its generation, distribution and use. Is it actually possible to go for 100% renewable energies? What would this lead to? These are typical questions – which are not easy to answer. Other typical questions are more fundamental, since climate sceptics are increasing in their relevance and their social media outreach. Thus a lot of people encouter questions, they cannot answer. This talk is to show the current state of the discussion on climate change and the necessary and possible changes from a scientific perpesctive. It is to give some typical relevant answers and to foster the resiliance against climate sceptic questioning. This is one of the main tasks the scientist for future are trying to tackle. about this event: https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10991.html

Dec 27, 20191h 3m

What the World can learn from Hongkong (36c3)

The people of Hong Kong have been using unique tactics, novel uses of technology, and a constantly adapting toolset in their fight to maintain their distinctiveness from China since early June. Numerous anonymous interviews with protesters from front liners to middle class supporters and left wing activists reveal a movement that has been unfairly simplified in international reporting. The groundbreaking reality is less visible because it must be - obfuscation and anonymity are key security measures in the face of jail sentences up to ten years. Instead of the big political picture, this talk uses interviews with a range of activists to help people understand the practicalities of situation on the ground and how it relates to Hongkong's political situation. It also provides detailed insights into protestors' organisation, tactics and technologies way beyond the current state of reporting. Ultimately, it is the story of how and why Hongkongers have been able to sustain their movement for months, even faced with an overwhelming enemy like China. This is the story of how and why Hongkongers have been able to sustain their movement so long, even faced with an overwhelming enemy like China. The protestors have developed a range of tactics that have helped them minimise capture and arrests and helped keep the pressure up for five months: They include enforcing and maintaining anonymity, both in person and online, rapid dissemination of information with the help of the rest of the population, a policy of radical unanimity to maintain unity in the face of an overwhelming enemy and Hongkongers’ famous “be water” techniques, through which many of them escaped arrest. about this event: https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10933.html

Dec 27, 20191h 31m

LibreSilicon's Standard Cell Library (de) (36c3)

(en) We make Standard Cells for LibreSilicon available, which are open source and feasible. And we like to talk and demonstrate what we are doing. (de) Wir machen Standardzellen für LibreSilicon verfügbar, welche Open Source und nutzbar sind. Wir möchten darüber sprechen und vorführen, was wir tun. (en) LibreSilicon develops a free and open source technology to fabricate chips in silicon and provides all information to use them - or technical spoken - a Process Design Kit (PDK). On one abstraction level higher, user always using with their design compile tools a Standard Cell Library (StdCellLib) with basic blocks like logic gates, latches, flipflops, rams, and even pad cells. From a programmers point of view, as a PDK is comparable to a language like C, the Standard Cell Library becomes comparable to libc. All commercial available Standard Cell Libraries containing a small subset of all useful cells only, limited just by the manpower of the vendor. They are hand-crafted and error-prone. Unfortunately Standard Cell Libraries are also commercial exploited with Non-disclosure agreement (NDAs) and heavily depend on the underlying PDKs. Our aim is to become the first free and open source Standard Cell Library available. The lecture shows, how far we are gone, with makefile controlled press-button solution which generates a substantial number of Standard Cells by automated processing and respecting the dependencies in the generated outputs. (de) LibreSilicon entwickelt eine freie und offene Technologie um Siliziumchips herstellen zu können. Dies umfasst alle notwendigen Informationen dies zu tun, oder technisch gesagt, ein Process Design Kit (PDK - engl: Prozessbauskasten). Die Anwender nutzen überwiegend auf einer Abstraktionsebene höher mit ihren Design Compiler meist jedoch die Standardzellenbibliothek (StdCellLib) mit Basisblöcken wie Logikgattern, Latches, FlipFlops, Speicherzellen oder auch Padzellen. Aus Sicht eines Programmierers wäre das PDK vergleichbar einer Sprachdefinition wie C, die darauf aufsetzende Standardzellbibliothek (StdCellLib) dann vergleichbar mit der libc. Nun enthalten alle nur kommerziell verfügbaren Standardzellenbibliotheken lediglich eine kleine Teilmenge aller nützlichen Zellen, limitiert durch die Arbeitskräfte beim Hersteller. Sie sind handgemacht und fehlerträchtig. Unglücklicherweise sind die kommerziellen Standardzellbibliotheken stark vom PDK abhängig und mit Geheimhaltungsvereinbarungen gepflastert. Unser Ziel ist es, die erste freie und offene Standardzellbibliothek zu werden. Dieser Talk zeigt, wie weit wir bereits gekommen sind, mit Hilfe der Makefile-gesteuerten Lösung eine beachtliche Anzahl an Standardzellen und deren Ausgabeformate als Abhängigkeiten automatisiert zu generieren. about this event: https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10784.html

Dec 27, 20191h 0m

The Great Escape of ESXi (36c3)

VMware ESXi is an enterprise-class, bare-metal hypervisor developed by VMware for deploying and serving virtual computers. As the hypervisor of VMware vSphere, which is the world's most prevailing, state-of-the-art private-cloud software, ESXi plays a core role in the enterprise's cloud infrastructure. Bugs in ESXi could violate the security boundary between guest and host, resulting in virtual machine escape. While a few previous attempts to escape virtual machines have targeted on VMware workstation, there has been no public VMware ESXi escape until our successful demonstration at GeekPwn 2018. This is mainly due to the sandbox mechanism that ESXi has adopted, using its customized filesystem and kernel. In this talk, we will share our study on those security enhancements in ESXi, and describe how we discover and chain multiple bugs to break out of the sandboxed guest machine. During the presentation, we will first share the fundamentals of ESXi hypervisor and some of its special features, including its own customized bootloader, kernel, filesystem, virtual devices and so on. Next, we will demonstrate the attack surfaces in its current implementations and how to uncover security vulnerabilities related to virtual machine escape. In particular, we will anatomize the bugs leveraged in our escape chain, CVE-2018-6981 and CVE-2018-6982, and give an exhaustive delineation about some reliable techniques to manipulate the heap for exploitation, triggering arbitrary code execution in the host context. Meanwhile, due to the existence of sandbox mechanism in ESXi, code execution is not enough to pop a shell. Therefore, we will underline the design of the sandbox and explain how it is adopted to restrict permissions. We will also give an in-depth analysis of the approaches leveraged to circumvent the sandbox in our escape chain. Finally, we will provide a demonstration of a full chain escape on ESXi 6.7. about this event: https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10505.html

Dec 27, 201940 min

Digitalisierte Migrationskontrolle (36c3)

Die sogenannten digitalen Assistenzsysteme des BAMF, „intelligente Grenzen“ in der EU und immer größer werdende Datenbanken: Wer ins Land kommt und bleiben darf, wird immer mehr von IT-Systemen bestimmt. Davon profitiert die Überwachungsindustrie, während Menschen von automatisierten Entscheidungen abhängig werden. Deutschland hat in den letzten Jahren massiv in Technik investiert, um Asylverfahren zu digitalisieren. Biometrische Bilder mit Datenbanken abgleichen, Handys ausgelesen und analysieren, Sprache durch automatische Erkennungssysteme schleifen. Ganz abgesehen von der Blockchain, die alles noch besser machen soll. Doch nicht nur in Deutschland werden zum Zweck der Migrationskontrollen immer mehr Daten genutzt. In Norwegen werden Facebook-Profile Geflüchteter ausgewertet, in Dänemark sogar USB-Armbänder. Die Grenzagentur Frontex soll für „intelligente Grenzen“ sorgen, Datenbanken werden EU-weit ausgebaut und zusammengelegt. Rechtschutzmechanismen versagen größtenteils. Worum es dabei geht? Schnellere Abschiebungen. Wer davon profitiert? Die Überwachungsindustrie. In Vorbereitung von Klageverfahren bringt die Gesellschaft für Freiheitsrechte e.V. (GFF) gemeinsam mit der Journalistin Anna Biselli im Laufe des Dezembers eine Studie heraus, die sich diesem Thema genauer widmet. Die Ergebnisse der Studie wollen Lea Beckmann und Anna Biselli gemeinsam vorstellen und kontextualisieren. Anna Biselli ist Informatikerin und Journalistin und arbeitet seit Jahren zu Fragen der Digitalisierung von Migrationskontrolle. Lea Beckmann ist Juristin und Verfahrenskoordinatorin der Gesellschaft für Freiheitsrechte e.V. (GFF). Die GFF ist eine NGO, die durch strategische Gerichtsverfahren Grund- und Menschenrechte stärkt und zivilgesellschaftliche Partnerorganisationen rechtlich unterstützt. In vielen ihrer Verfahren setzt sich die GFF dabei für Datenschutz und einen verantwortungsvollen Einsatz von Technologie und gegen Diskriminierung ein. about this event: https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10766.html

Dec 27, 201955 min

SaveTheInternet - Die Urheberrechtsreform als Zündfunke demokratischer Teilhabe (36c3)

Eine kurze Erzählung von den Anfängen der Protestbewegung bis heute und darüber hinaus. Wenn eine spontan gebildete Menge an Menschen beginnt die Werkzeuge der Demokratie zu nutzen ist das vorläufige Ergebnis eine der größten Petitionen weltweit und über 200.000 kreativ Protestierende auf den Straßen Europas. War es das schon oder kommt da noch etwas? Welche Auswirkungen haben demokratische Werkzeuge wie Petitionen und Demonstrationen? Kann man die nächsten Proteste voraussehen oder wie entstehen Wellen der Aufmerksamkeit? Hat sich eine neue Empörung zum ersten oder zum letzen Mal aufgetan? Von vernetzen Livestreams während der Proteste bis zu Community Aktionen wie Meme-Events und Briefraids. about this event: https://talks.oio.social/36c3-oio/talk/VSV8Y8/

Dec 27, 201925 min

Aufregen oder Abregen?! (36c3)

Der Einmischen Podcast ist für ein paar Rant und sich eher Aufregen bekannt unser Politiklehrer Thomas ist da eher der zynische Pol der Podcastszene. Beide versuchen in dem kleinen Jahresrückblick mal die Aufreger auf ein Minimum zu senken. Unterhaltung garantiert. Der Einmischen Podcast ist für ein paar Rant und sich eher Aufregen bekannt unser Politiklehrer Thomas ist da eher der zynische Pol der Podcastszene. Beide versuchen in dem kleinen Jahresrückblick mal die Aufreger auf ein Minimum zu senken. Unterhaltung garantiert. about this event: https://fahrplan.das-sendezentrum.de/36c3/talk/9ASKAV/

Dec 27, 20191h 1m

Reading politics of the supposedly neutral (36c3)

Algorithms bear the image of their makers, and toil like their servants. Technology of any sort cannot be neutral, as it is embedded in a social matrix of why it was created and what work it performs. An algorithm, its context, and what it lacks should be understood as a political statement carrying great consequences, and as a society we should respond to each as needed, engaging the purveyors of these algorithms on a political level as well as legal and economic. Three algorithmic systems are revealed to embody various class interests. First, a population ecology modeled simply by a pair of predator-prey equations leads one to conclude that socialist revolution and compulsory leisure are the only routes to avoiding civilizational collapse. Second, a formula for labor supply reduces us to lazy drones who work as little as possible to support our choice of lifestyle. Finally, advertising on Wikipedia could yield a multi-billion-dollar fortune—shall we put it up for sale or double-down on radical equality among all people? (1) The [Human and Nature Dynamics](https://www.sciencedirect.com/science/article/pii/S0921800914000615) (HANDY) model is the first to pair environmental resource consumption with class conflict, each as a predator-prey cycle. In one cycle we overrun and out-eat the other species on Earth, who grow back slowly, and in the other cycle elites out-compete commoners in their consumption, to the point of even causing commoners to die of hunger. One can say that socialist revolution is embedded in a statement like this. Indeed, something must be done about the growing power of over-consuming elites before they doom us all. I will give a tour using this [interactive explorer](https://adamwight.github.io/handy-explorer/). (2) A second example is a run-of-the-mill, capitalist formula for labor supply, to explain our collective decision to go to work in the morning. Loosely, it is to`optimize(Consumption, hours worked)` for the constraint `Consumption ≤ wage x hours + entitlement`. In other words, this formula assumes we are lazy, greedy, individual agents, each motivated only by obtaining the greatest comfort for the least labor. The worker who internalizes this formula will fight for fewer hours of work and higher wages for themself, will find shortcuts to spend less money to increase purchasing power, and in this idealized world can be expected to vote in favor of social democratic minimum incomes. A company following this formula, on the other hand, will fight against all of these worker gains, and will act to depress government welfare or minimum incomes until workers are on the edge of starvation in order to squeeze longer hours out of them. What's missing from this formula is, all the ways out of the trap. Mutual aid and connections among ourselves to protect the most vulnerable individuals, pooling resources, and any other motivation to work besides mortal fear and hedonism.—One can easily imagine a radically different paradigm for work, in which labor is dignified and fulfilling. To understand this world in formulas, labor supply is measured in education levels, self-direction, and other positive feedback loops which raise productivity. (3) Wikipedia and its sister projects have never worn the shackles of paid advertising, although they sit on a potential fountain of revenue in the tens of billions of dollars per year—not to mention the value of the influence over public opinion that such a propaganda machine might achieve. `Revenue = Ads per visit x Visits` Analyzed venally, Wikipedia becomes an appealing portfolio acquisition, which would jeopardize the entire free-open movement. From a different perspective, that of an organizer in an editor’s association, slicing pageview and (non)-advertising data might allow for more effective resource-sharing among the many chapter organizations. In a third analysis using a flow of labor, power, and funds, we can see the Wikimedia Foundation as engaged in illegitimate expropriation, turning editors into sharecroppers and suppressing decentralized growth. These twists all come about through variations on an equation. Which shall we choose? about this event: https://cfp.verschwoerhaus.de/36c3/talk/TNSGB8/

Dec 27, 201921 min

Mehr als ein Hobby? (36c3)

<p>In diesem Talk werden erstmalig Ergebnisse einer Online-Studie mit 653 Podcastproduzierenden vorgestellt. Seitdem vor etwa 15 Jahren die ersten Podcasts im deutschsprachigen Raum produziert und veröffentlicht wurden, ist die Zahl podcastender Personen enorm gestiegen – ein Ende des Wachstums ist nicht abzusehen. Dennoch sind Podcaster_innen bisher kaum Gegenstand psychologischer Forschung geworden. Wie lassen sich deutschsprachige Podcastproduzierende charakterisieren? Was sind die zentralen Motive, die dazu führen, mit dem Podcasten zu beginnen? Gibt es Geschlechterunterschiede? Auf Basis einer Stichprobe von 653 Podcaster_innen sollen diese Fragen erstmals für den deutschsprachigen Raum beantwortet werden.</p> about this event: https://fahrplan.das-sendezentrum.de/36c3/talk/NZR3VR/

Dec 27, 201942 min

"Unvorstellbare Einzelfälle" und "neue Phänomene"? - Kontinuitäten des rechten Terrors (36c3)

<p>Christchurch, El Paso, Walter Lübcke, Halle – seit 2019 verbinden wir diese Orte und Namen mit rechtem Terror. Auf jeden Anschlag folgte auch in diesem Jahr eine öffentliche Debatte, in der rechter Terror meist als neues Phänomen erscheint. Je größer jedoch die Häufung der Anschläge, desto absurder erscheinen die Worte von „unvorstellbaren Einzelfällen“, begangen von „verrückten Einzeltätern“. Diese Erzählungen haben einen anderen Zweck, als rechten Terror die Grundlage zu entziehen. Sie sollen sagen: ‚Wir hätten es nicht wissen können, hätten nichts tun können und werden auch zukünftig nichts verhindern‘. Dabei ist das Gegenteil der Fall: Rechter Terror hat auch nach 1945 nie aufgehört und obwohl an jedem Fall etwas Spezielles ist, so gibt es doch Gemeinsamkeiten und Kontinuitätslinien. Rechtsterroristen und Rechtsterroristinnen wie etwa der NSU oder Anders Breivik kämpften immer mit den Mitteln der Zeit für die Umsetzung ihrer Ziele: Der Umsturz der Gesellschaft durch massive Gewalt, um ihre wahlweise autoritäre, heteronormative, völkische Vision einer Volksgemeinschaft verwirklichen zu können. Aus dieser Geschichte des rechten Terrors und den gesellschaftlichen Reaktionen darauf können wir lernen ihnen etwas entgegenzusetzen. Caro Keller von NSU-Watch wird anhand exemplarischer Fälle die wichtigen Kontinuitätslinien herausarbeiten. Vor diesem Hintergrund nimmt sie auch den aktuellen rechten Terror, Phänomene wie toxische Männlichkeit oder „Gamification of Terror“ in den Blick. Es wird aufgezeigt, ob und wie wir als Antifaschist*innen und Gesellschaft dieses Wissen gegen rechten Terror einsetzen können.</p> about this event: https://fahrplan.chaos-west.de/36c3/talk/CBGVT9/

Dec 27, 201951 min

(Post-Quantum) Isogeny Cryptography (36c3)

There are countless post-quantum buzzwords to list: lattices, codes, multivariate polynomial systems, supersingular elliptic curve isogenies. We cannot possibly explain in one hour what each of those mean, but we will do our best to give the audience an idea about why elliptic curves and isogenies are awesome for building strong cryptosystems. It is the year 2019 and apparently quantum supremacy is finally upon us [1,2]. Surely, classical cryptography is broken? How are we going to protect our personal communication from eagerly snooping governments now? And more importantly, who will make sure my online banking stays secure? The obvious sarcasm aside, we should strive for secure post-quantum cryptography in case push comes to shove. Post-quantum cryptography is currently divided into several factions. On the one side there are the lattice- and code-based system loyalists. Other groups hope that multivariate polynomials will be the answer to all of our prayers. And finally, somewhere over there we have elliptic curve isogeny cryptography. Unfortunately, these fancy terms "supersingular", "elliptic curve", "isogeny" are bound to sound magical to the untrained ear. Our goal is to shed some light on this proposed type of post-quantum cryptography and bring basic understanding of these mythical isogenies to the masses. We will explain how elliptic curve isogenies work and how to build secure key exchange and signature algorithms from them. We aim for our explanations to be understandable by a broad audience without previous knowledge of the subject. [1] https://www.quantamagazine.org/john-preskill-explains-quantum-supremacy-20191002/ [2] https://www.nature.com/articles/d41586-019-02936-3 about this event: https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10543.html

Dec 27, 201952 min

Mathematical diseases in climate models and how to cure them (36c3)

Making climate predictions is extremely difficult because climate models cannot simulate every cloud particle in the atmosphere and every wave in the ocean, and the model has no idea what humans will do in the future. I will discuss how we are using the Julia programming language and GPUs in our attempt to build a fast and user-friendly climate model, and improve the accuracy of climate predictions by learning the small-scale physics from observations. Climate models are usually written in Fortran for performance reasons at the expense of usability, but this makes it hard to hack and improve existing models. Bigger supercomputers can resolve smaller-scale physics and help improve accuracy but cannot resolve all the small-scale physics so we need to take a different approach to climate modeling. In this talk I will discuss why modeling the climate on a computer is so difficult, and how we are using the Julia programming language to develop a fast and user-friendly climate model that is flexible and easy to extend. I will also discuss how we can leverage GPUs to embed high-resolution simulations within a global climate model to resolve and learn the small-scale physics allowing us to simulate the climate more accurately, as the the laws of physics will not change even if the climate does. about this event: https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11155.html

Dec 27, 201949 min

Geheimdienstliche Massenüberwachung vs. Menschenrechte (36c3)

Der Europäische Menschenrechtsgerichtshof beschäftigt sich nun schon seit Jahren mit der Frage, ob die durch Edward Snowden öffentlich bekanntgewordene geheimdienstliche Massenüberwachung mit der Europäischen Menschenrechtskonvention kompatibel ist. Wie ist der Stand der Dinge? Dieses Jahr gab es zwei neuerliche Anhörungen in Straßburg, die sich mit der britischen und schwedischen Massenüberwachung durch die Geheimdienste auseinandersetzten. Im Vortrag werden die bisher gefällten Urteile und die neuen vorgetragenen Argumente beleuchtet. Insbesondere der britische Fall ist das erste Mal, dass der Gerichtshof nicht nur die Massenüberwachung an der Menschenrechtskonvention misst, sondern auch das Datenkarussell zwischen den Geheimdiensten, namentlich dem GCHQ und der NSA. Wegen der schon Mitte Januar vom Bundesverfassungsgericht anberaumten mündlichen Anhörung zum BND-Gesetz wird sich ein Teil des Vortrags auch mit der deutschen geheimdienstlichen Massenüberwachung beschäftigen. Der CCC hat eine Stellungnahme zur Ausland-Ausland-Fernmeldeaufklärung abgegeben, deren Inhalt kurz zusammengefasst wird. Offenlegung: Ich bin eine der Beschwerdeführerinnen in dem britischen Fall. about this event: https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11141.html

Dec 27, 20191h 2m

The Internet of rubbish things and bodies (36c3)

Once you start looking at electronic trash you see it everywhere: in laptops of course but also increasingly in cars, fridges, even inside the bodies of humans and other animals. The talk will look at how artists have been exploring the e-junk invasion. Régine Debatty is a curator, critic and founder of http://we-make-money-not-art.com/, a blog which has received numerous distinctions over the years, including two Webby awards and an honorary mention at the STARTS Prize, a competition launched by the European Commission to acknowledge "innovative projects at the interface of science, technology and art". Régine writes and lectures internationally about the way artists, hackers, and designers use science and technology as a medium for critical discussion. She also created A.I.L. (Artists in Laboratories), a weekly radio program about the connections between art and science for Resonance104.4fm in London (2012–14), is the co-author of the “sprint book” New Art/Science Affinities, published by Carnegie Mellon University (2011) and is currently co-writing a book about culture and artificial intelligence. about this event: https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11236.html

Dec 27, 201952 min

Intel Management Engine deep dive (36c3)

Reverse engineering a system on a chip from sparse documentation and binaries, developing an emulator from it and gathering the knowledge needed to develop a replacement for one of the more controversial binary blobs in the modern PC. The Intel Management Engine, a secondary computer system embedded in modern chipsets, has long been considered a security risk because of its black-box nature and high privileges within the system. The last few years have seen increasing amounts of research into the ME and several vulnerabilities have been found. Although limited details were published about these vulnerabilities, reproducing exploits has been hard because of the limited information available on the platform. The ME firmware is the root of trust for the fTPM, Intel Boot Guard and several other platform security features, controlling it allows overriding manufacturer firmware signing, and allows implementing many background management features. I have spent most of past year reverse engineering the OS, hardware and links to the host (main CPU) system. This research has led me to create custom tools for manipulating firmware images, to write an emulator for running ME firmware modules under controlled circumstances and allowed me to replicate an unpublished exploit to gain code execution. In this talk I will share the knowledge I have gathered so far, document my methods and also explain how to go about a similar project. I also plan to discuss the possibility of an open source replacement firmware for the Management Engine. The information in this talk covers ME version 11.x, which is found in 6th and 7th generation chipsets (Skylake/Kabylake era), most of the hardware related information is also relevant for newer chipsets. about this event: https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10694.html

Dec 27, 20191h 0m

re:claimID - Self-sovereign, Decentralised Identity Management and Personal Data Sharing [YBTI/wefixthenet session] (36c3)

In this talk we present re:claimID, a decentralized, self-sovereign identity management system. re:claimID allows users to reclaim authority over their identities and personal data. The system is built on top if a state-of-the-art, decentralized directory service: The GNU Name System. Built-in cryptographic mechanisms allow users to selectively disclose personal data and the directory service ensures that this data is accessible to authorized parties even if the user is offline. Through OpenID Connect, integration and use of re:claimID is straight-forward and authorization flows are familiar. In this talk, we present the current state of re:claimID as well as a future roadmap. Today, users are often required to share personal data, like email addresses, to use services on the web. As part of normal service operation, such as notifications or billing, services require access to -- ideally fresh and correct -- user data. Sharing attributes in the Web today is often done via centralized service providers to reduce data redundancy and to give services access to current, up-to-date information even if the user is currently offline. Abuse of this power is theoretically limited by local laws and regulations. But, the past has shown that even well-meaning identity providers struggle to keep user data safe as they become major targets for hackers and nation state actors while striving for monetizing anonymized statistics from these data. We advocate for a new, decentralized way for users to manage their identities for the following reasons: * The current state of omniscient identity providers is a significant threat to the users' privacy. * Users must completely trust the service provider with respect to protecting the integrity and confidentiality of their identity in their interest. * The service provider itself is facing substantial liability risks given the responsibility of securely managing potentially sensitive personal data of millions of users. We present re:claimID, a decentralized identity service with the following properties: * Self-sovereign: You manage your identities and attributes locally on your computer. No need to trust a third party service with your data. * Decentralized: You can share your identity attributes securely over a decentralized name system. This allows your friends to access your shared data without the need of a trusted third party. * Standard-compliant: You can use OpenID Connect to integrate reclaim in your web sites. about this event: https://talks.oio.social/36c3-oio/talk/XHLTUD/

Dec 27, 201944 min

The challenges of Protected Virtualization (36c3)

Firmware protection for Virtual Machines against buggy or malicious hypervisors is a rather new concept that is quickly gaining traction among the major CPU architectures; two years ago AMD introduced Secure Encrypted Virtualization (AMD SEV), and now IBM is introducing Protected Virtualization for the s390x architecture. This talk will present the motivations and the overall architecture of Protected Virtualization, the general challenges for Linux both as a guest and as a hypervisor with KVM and Qemu. The main challenges presented will be, among others: * secure VM startup * attestation * I/O * interrupts * Linux guest support * KVM and Qemu changes * swap and migration While the talk will have some technical content, it should be enjoyable for anyone who tinkers with KVM and virtualization. Knowledge of the s390x architecture is not required. about this event: https://fahrplan.chaos-west.de/36c3/talk/73DECY/

Dec 27, 201940 min

Wikimedia Cloud Services introduction (36c3)

Find out what kind of free services Wikimedia provides for you. Wikimedia Cloud Services is a collection of services that the Wikimedia Foundation offers, free of charge, to anyone who can use them for furthering the goals of the Wikimedia movement. This includes Toolforge, a hosting service for tools written in various languages; Cloud VPS, full virtual private servers for advanced development beyond the capabilities of Toolforge; convenient access to Wikimedia project data; and more! Link and other useful information: https://www.wikidata.org/wiki/User:Lucas_Werkmeister/36c3-wmcs-intro about this event: https://cfp.verschwoerhaus.de/36c3/talk/ENN7EF/

Dec 27, 201914 min

Refactoring qaul.net in Rust (Internet independent mesh communication App) (36c3)

Concepts, goals, implementations and the lessons learned from rewriting qaul.net decentralized messenger in rust. qaul.net is a Internet independent wifi mesh communication app with fully decentralized messaging, file sharing and voice chat. At the moment we are rewriting the entire application in rust, implementing our experience of 8 years off the grid peer2peer mesh communication, with a mobile first approach and a network agnostic routing protocoll wich can do synchronous as well as delay tolerant messaging. We are currently rewriting qaul.net 2.0 in rust with a new network agnostic routing protocol, identity based routing and delay tolerant messaging. The talk will show our learnings and the journey ahead of us at the alpha stage of the rewrite. * Homepage: https://qaul.net * Code Repository: https://git.open-communication.net/qaul/qaul.net about this event: https://talks.oio.social/36c3-oio/talk/C33LPX/

Dec 27, 201925 min

Server Infrastructure for Global Rebellion (36c3)

In this talk Julian will outline his work as sysadmin, systems and security architect for the climate and environmental defense movement Extinction Rebellion. Responsible for 30 server deployments in 11 months, including a community hub spanning dozens of national teams (some of which operate in extremely hostile conditions), he will show why community-owned free and open source infrastructure is mission-critical for the growth, success and safety of global civil disobedience movements. An extension of an earlier talk at C-Base Berlin, Julian will give an overview of his own discoveries, platform choices, successes and mistakes meeting the needs of 5-figure at-risk server memberships, from geo-political and legal challenges, to arrest opsec and uptime resilience in the face of powerful adversaries driving attacks on infrastructure and seized activist devices spanning many countries before and during periods of mass civil disobedience. In particular the talk is a call for all sysadmins, opsec and infosec professionals and enthusiasts to rise up and join the fight for current and future generations of all life. about this event: https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11008.html

Dec 27, 20191h 3m

Climate Modelling (36c3)

When climate activists say you should listen to the science they usually refer to reports by the Intergovernmental Panel on Climate Change (IPCC). The IPCC is an Intergovernmental organization (IGO) providing an objective summary of scienctific results regarding climate change, its impacts and its reasons. The simulation of future climate is one fundamental pillar within climate research. But what is behind it? How does the science sector look like? How do we gain these insights, what does it mean? This lecture aims at answering these questions. In particular, it provides an overview about some basic nomenclature for a better understanding of what climate modelling is about.<br> The following topics will be addressed: <ul> <li>Who does climate modelling?<br> Which institutes, infrastructures, universities, initiatives are behind it and which are the conferences climate scientists go to. What background do climate scientists have? </li> <li>What is the difference between climate projections and weather predictions? Why is it called a climate projection and not climate prediction? While climate scientists are not able to predict weather at a specific date in a decade, why does it still make sense to propose general trends under certain conditions? </li> <li>What is a climate model, what is an impact model and what is the difference between these? What are components and features of the different kind of models? Here, some examples will be shortly presented (e.g.atmosphere, ocean, land, sea ice). </li> <li>Quite a few models are open source and freely accessible. If there is time I will shortly show you how you could install an impact model (example mHM) on your local PC. How accessible is the data used for the projections for the IPCC reports?</li> <li>Overview over the used infrastructure (for example JUWELS, a supercomputer in Jülich), programming languages, software components </li> </ul> about this event: https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10896.html

Dec 27, 201946 min

From Managerial Feudalism to the Revolt of the Caring Classes (36c3)

One apparent paradox of the digitisation of work is that while productivity in manufacturing is skyrocketing, productivity in caring professions (health, education) is actually declining - sparking a global wave of labour struggle. Existing economic paradigms blind us to understanding how economies have come to be organised. We meed an entirely new discipline, based on a different set of values. about this event: https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11241.html

Dec 27, 201959 min

Emergency VPN: Analyzing mobile network traffic to detect digital threats (36c3)

The access to surveillance technology by governments and other powerful actors has increased in the last decade. Nowadays malicious software is one of the tools to-go when attempting to monitor and surveil victims. In contrast, the target of these attacks, typically journalists, lawyers, and other civil society workers, have very few resources at hand to identify an ongoing infection in their laptops and mobile devices. In this presentation we would like to introduce the Emergency VPN, a solution we developed at the Czech Technical University as part of the CivilSphere project. The Emergency VPN is designed to provide a free and high quality security assessment of the network traffic of a mobile device in order to early identify mobile threats that may jeopardize the security of an individual. The presentation will cover the design of the Emergency VPN as a free software project, the instructions of how a user can work with it, and some success cases where we could detect different infections on users. We expect attendees will leave this session with a more clear overview of what the threat landscape looks like, what are the options for users that suspect their phone is infected, and how the Emergency VPN can help in those cases. More information about the Emergency VPN can be found at CivilSphere's website: https://www.civilsphereproject.org about this event: https://fahrplan.chaos-west.de/36c3/talk/EARPZB/

Dec 27, 201922 min

How (not) to build autonomous robots (36c3)

Over the past 2 years we've been building delivery robots - at first thought to be autonomous. We slowly came to the realization that it's not something we could easily do; but only after a few accidents, fires and pr disasters. We've all seen the TV show Silicon Valley, but have you actually peered underneath the curtain to see what's happening? In this entertaining talk, Sasha will share his first hand experience at building (and failing) a robotics delivery startup in Berkeley. Over the course of 2.5 years this startup built hundreds of robots, delivered thousands of orders, and had one robot stolen. The talk will look over the insanity that's involved with building an ambitious startup around a crazy vision; sharing the ups and downs of the journey. It will also touch up lightly on the technology that drives it and the simplistic approach to AI/machine learning this company took. about this event: https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10601.html

Dec 27, 201954 min

Plundervolt: Flipping Bits from Software without Rowhammer (36c3)

We present the next step after Rowhammer, a new software-based fault attack primitive: Plundervolt (CVE-2019-11157). Many processors (including the widespread Intel Core series) expose privileged software interfaces to dynamically regulate processor frequency and operating voltage. We show that these privileged interfaces can be reliably exploited to undermine the system's security. In multiple case studies, we show how the induced faults in enclave computations can be leveraged in real-world attacks to recover keys from cryptographic algorithms (including the AES-NI instruction set extension) or to induce memory safety vulnerabilities into bug-free enclave code. Fault attacks pose a substantial threat to the security of our modern systems, allowing to break cryptographic algorithms or to obtain root privileges on a system. Fortunately, fault attacks have always required local physical access to the system. This changed with the Rowhammer attack (BlackHat USA 2015, CCC 2015), which for the first time enabled an attacker to mount a software-based fault attack. However, as countermeasures against Rowhammer are developed and deployed, fault attacks require local physical access again. In this CCC talk, we present the next step, a long-awaited alternative to Rowhammer, a second software-based fault attack primitive: Plundervolt. Dynamic frequency and voltage scaling features have been introduced to manage ever-growing heat and power consumption in modern processors. Design restrictions ensure frequency and voltage are adjusted as a pair, based on the current load, because for each frequency there is only a certain voltage range where the processor can operate correctly. For this purpose, many processors (including the widespread Intel Core series) expose privileged software interfaces to dynamically regulate processor frequency and operating voltage. In this talk, we show that these privileged interfaces can be reliably exploited to undermine the system's security. We present the Plundervolt attack, in which a privileged software adversary abuses an undocumented Intel Core voltage scaling interface to corrupt the integrity of Intel SGX enclave computations. Plundervolt carefully controls the processor's supply voltage during an enclave computation, inducing predictable faults within the processor package. Consequently, even Intel SGX's memory encryption/authentication technology cannot protect against Plundervolt. In multiple case studies, we show how the induced faults in enclave computations can be leveraged in real-world attacks to recover keys from cryptographic algorithms (including the AES-NI instruction set extension) or to induce memory safety vulnerabilities into bug-free enclave code. We finally discuss why mitigating Plundervolt is not trivial, requiring trusted computing base recovery through microcode updates or hardware changes. We have responsibly disclosed our findings to Intel on June 7, 2019. Intel assigned CVE-2019-11157 to track this vulnerability and refer to mitigations. The scientific paper on Plundervolt will appear at the IEEE Security & Privacy Symposium 2020. The work is the result of a collaboration of Kit Murdock (The University of Birmingham, UK), David Oswald (The University of Birmingham, UK), Flavio D. Garcia (The University of Birmingham, UK), Jo Van Bulck (imec-DistriNet, KU Leuven, Belgium), Daniel Gruss (Graz University of Technology, Austria), and Frank Piessens (imec-DistriNet, KU Leuven, Belgium). about this event: https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10883.html

Dec 27, 201949 min

Look at ME! - Intel ME Investigation (36c3)

Look at ME! - Intel ME Investigation With Intel's Firmware Support Package (FSP) and the recent release of a [redistributable firmware binary](https://edk2.groups.io/g/devel/message/50920/eml) for the Management Engine, it has become possible to share full firmware images for modern x86 platforms and potentially audit the binaries. Yet, reverse engineering, decompilation and disassembly are still not permitted. However, thanks to previous research, we can have a closer look at the binary data and come to a few conclusions. This talk briefly summarizes the fundamentals of developing custom and open source firmware, followed by a quick guide through the process of analyzing the binaries without actually violating the terms to understand a few bits, and finally poses a statement on the political issues that researchers, repair technicians and software developers are facing. about this event: https://fahrplan.chaos-west.de/36c3/talk/EZU78C/

Dec 27, 201924 min

Observations on societal and technological changes in the DPRK (36c3)

The Democratic People's Republic of Korea (North Korea) is a hot topic in the media. The peninsula is changing rapidly, but how is that reflected in life on the ground? What is it like to live in Pyongyang? Are the externally reported societal changes and developments in technology also visible in everyday life? This talk will describe modern urban life in Pyongyang, and the recent forces driving change. The talk will particularly focus on observations around the state of youth mindset towards change and technology. For example, what are the future elites' attitudes towards entrepreneurship in an officially communist country? What small signals of changing attitudes can we observe that might influence the opening of the county? Presenting the realities of this environment leads us to the demo of consumer technology, and presented that opportunities for both societal change and technological development might be broader than we often see. We will present this deep dive to North Korea from the perspective of two foreigners who have been spending months at a time in Pyongyang and have been studying it since 2012. about this event: https://talks.oio.social/36c3-oio/talk/GWFPXV/

Dec 27, 201953 min

A Deep Dive Into Unconstrained Code Execution on Siemens S7 PLCs (36c3)

A deep dive investigation into Siemens S7 PLCs bootloader and ADONIS Operating System. Siemens is a leading provider of industrial automation components for critical infrastructures, and their S7 PLC series is one of the most widely used PLCs in the industry. In recent years, Siemens integrated various security measures into their PLCs. This includes, among others, firmware integrity verification at boot time using a separate bootloader code. This code is baked in a separated SPI flash, and its firmware is not accessible via Siemens' website. In this talk, we present our investigation of the code running in the Siemens S7-1200 PLC bootloader and its security implications. Specifically, we will demonstrate that this bootloader, which to the best of our knowledge was running at least on Siemens S7-1200 PLCs since 2013, contains an undocumented "special access feature". This special access feature can be activated when the user sends a specific command via UART within the first half-second of the PLC booting. The special access feature provides functionalities such as limited read and writes to memory at boot time via the UART interface. We discovered that a combination of those protocol features could be exploited to execute arbitrary code in the PLC and dump the entire PLC memory using a cold-boot style attack. With that, this feature can be used to violate the existing security ecosystem established by Siemens. On a positive note, once discovered by the asset owner, this feature can also be used for good, e.g., as a forensic interface for Siemens PLCs. The talk will be accompanied by the demo of our findings. about this event: https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10709.html

Dec 27, 20191h 2m