Chaos Computer Club - archive feed

Meet Acme, a wonderful company where nice people make beautiful things... and then management and sales want nice statistics. Acme is a company like many others. They have been making beautiful things in their factory and workshops for years, but the recent modernization drive also appears to have another side... What is OT and why is it so special? Join us for a short journey through the wonderful world of industrial automation and the challenges we encountered in our daily engineering lives. about this event: https://pretalx.hackerhotel.nl/hackerhotel-2024/talk/BNJRFV/

Hackerspace Pixelbar was once the hottest hackerspace in the Netherlands, things happened and awesome people gathered once again to fix things. After a terrible fire at hackerspace Pixelbar (Rotterdam) on 28th of June 2023 (https://pixelbar.nl/2023/06/28/Pixelbar-has-experienced-an-unexpected-issue/) There was a need to rebuild the awesome and safe space we got to love. In this talk we will take you on a tour on the process, and how we got to where we are today. Maybe we’ll slide in some exclusive pictures and other cool stuff. Join us for an hour of drama, friendship, memes, hackers and most of all, the warmth(pun intended) of the community about this event: https://pretalx.hackerhotel.nl/hackerhotel-2024/talk/PJZEAZ/

We all love bedtime stories, and these stories are even better when they turn into reality. This cinderella story is about how a big vendor rolled its own algorithm to "encrypt" its firmware images to deter poor hackers like us from fiddling around and potentially uncover flaws. But what if your motive is not to uncover potential flaws, but simply to agnostically fingerprint devices left vulnerable on the internet? Join us into a semi-deepdive of reverse engineering the Fortigate firmware "encryption" to satisfy our own curiosity, but also to make the web that little bit more secure by fingerprinting vulnerable devices in a non-obtrusive manner with the endgoal of notifying the related parties. This talk will go into the process of reverse engineering the Fortigate firmware images with the purpose of developing a non-obtrusive version identification that can be used to fingerprint device firmware versions on the internet, this in turn can be used to notify the related party. Next to a technical deep dive the audience will be presented with a set of questions and thoughts on the topic of encrypting such firmware devices and if this really is the way to go for big vendors, or if these things are only making matters worse by limiting the scope to not just the "bad" people, but also the "good" people. about this event: https://pretalx.hackerhotel.nl/hackerhotel-2024/talk/QB3Z87/

An engineer buys a camera in a second hand store, and finds herself bringing back a defunct film format. When home movies on 8mm film were king, there was a format war between Kodak's Super 8 and Fuji's Single 8. Just like Sony's Betamax in the home video wars, Fuji's technically superior contender lost the battle, and the final Single 8 cartridges were manufactured in about 2010. The physical dimensions of the film are the same though, so here in 2023 it should be possible to load a Single 8 camera with film from a Super 8 cartridge. This is the story of the revival and reinvention of a lost film format through OpenSCAD and 3D printing, done mostly without an original cartridge to copy. about this event: https://pretalx.hackerhotel.nl/hackerhotel-2024/talk/VZC8LK/

Ransomware is still a serious threat to a lot of people and organisations and nowadays using more and more advanced techniques. And now also with new open AI technology, criminals are able to organise a sophisticated attack in minutes to target you and steal your data. This talk will tell us what Ransomware actually is, who’s writing the code and making money out of it, it shows us a bit of the Ransomware history and what types are out there, to better understand what we’re dealing with. And explain all of the ransomware attack stages and what you can do in terms of detection and defence inside your security operations. For the security analysts out there this talk will be beneficial when looking for traces Ransomware attacks are leaving behind. Including a demonstration of a Ransomware scenario making use of open AI technology in a sandboxed environment and show all of the attack stages to learn and recognise the IOCs in a Red and blue teaming scenario. This ain’t everything. I’ll show what kind of information ransomware groups are sharing and what happened when a random organization was hit by a ransomware attack and their sensitive information was published on the dark web.. Life has been good until that day a phishing mail arrived. Out of curiosity you clicked the link in the email and after that the desktop background on your screen changes with the message to immediately transfer an amount of bitcoins to retrieve your files. about this event: https://pretalx.hackerhotel.nl/hackerhotel-2024/talk/CXLP8X/

Critical infrastructure like data centers needs to be well protected. While there is lots of cyber security knowledge around at Hacker Hotel, in this talk we want to share knowledge on the physical security side of protection. Physical security measures are mostly controlled by PLC's. Thus physical security bears cyber risks as well. The talk will cover: How are physical security measures designed? How do you create stand-off distance? (airgap) How are physical security measures pen-tested? What controllers / PLCs and converters are used? (IP, RS-485:IP) The presentation will contain practical examples and crash test movies. about this event: https://pretalx.hackerhotel.nl/hackerhotel-2024/talk/9FQXNF/

How organisations adopt buzzwords from the market and incorporate them into tenders, RFPs etc. During this session we will look at all the marketing buzzwords like SIEM/SOC, we go in-depth on topics such as pentesting, Unicorns, SIEM, signatures and, of course, compliancy vs. security. There will be a short panel discussion on how we as a community can change the mindset and make sure organisations will get the right tooling and knowledge (people) to become more cyber resilient. about this event: https://pretalx.hackerhotel.nl/hackerhotel-2024/talk/XDAAAH/

Nancy and Chantal want to talk about being an ally in the community. more info is coming! Nancy and Chantal will take you through a way to be a better ally. about this event: https://pretalx.hackerhotel.nl/hackerhotel-2024/talk/Y3WFEZ/

In this talk i will share the plans of the Dutch government on building a quantum computer resistive infrastructure. The government actually started last year with its program. Whats the plan of the central government now and in the next years, nation wide and internationally. In this talk i will share the plans of the Dutch government on building a quantum computer resistive infrastructure. The government actually started last year with its program. Whats the plan of the central government now and in the next years, nation wide and internationally. The national intelligence agency (AIVD) also published a migration handbook. What is in this book and how might it help you too. about this event: https://pretalx.hackerhotel.nl/hackerhotel-2024/talk/RFAGVM/

The Dutch Electoral Council has asked a bunch of nerds to help them with new software for the elections. What is needed and how can you help? The Dutch Electoral Council has asked a bunch of nerds to help them with new software for the elections. The main source of truth in the Dutch elections are the paper documents, the software is there to support the process and assist with simple tasks. Given the age and complexity of the current setup, the Council is looking for something new and more simple. By law, it will be open source! This lecture will take you into the inner workings of the Dutch election system and give an insight into the questions the still growing devteam of the Electoral Council asks itself. What exactly does the current software do, how do we plan to make it better and how can you help? Come in, it is open! about this event: https://pretalx.hackerhotel.nl/hackerhotel-2024/talk/WTE3FQ/

Dive into the World of Cybersecurity Excellence with DIVD Academy: A Journey of Skill Enhancement and Threat Mitigation. This talk explores the pivotal role of DIVD Academy in shaping cybersecurity professionals, fostering skill development, and equipping individuals to combat evolving digital threats. Discover the cutting-edge training methodologies, industry insights, and real-world scenarios that make DIVD Academy a cornerstone in the pursuit of cybersecurity mastery. Join us as we unravel the transformative experience awaiting those who embark on the DIVD Academy adventure. In this engaging talk, we delve into the dynamic landscape of cybersecurity through the lens of DIVD Academy. Unpacking the essential components of the academy's curriculum, we explore how it cultivates expertise and resilience in the face of digital adversaries. From hands-on training modules to strategic insights, attendees will gain a comprehensive understanding of the DIVD Academy's role in fostering cybersecurity excellence. Whether you're a seasoned professional or just starting in the field, this talk offers valuable insights into the world of DIVD Academy and its impact on shaping the next generation of cyber defenders. about this event: https://pretalx.hackerhotel.nl/hackerhotel-2024/talk/897EXD/

In security one of the biggest changes will be the fact that on Oct 17th a lot of organisations need to have implemented. A big challenge for many organisations who haven't got a clue. But what do you need to do? And what does that mean? One of the solutions maybe to take a feline approach to NIS2 and fulfill parts of the compliance needs with OpenKAT. Not just for organisations, but also for software solutions that are used with in the chain. In this talk the main points of NIS2 will be explained as well as the parts where automation with OpenKAT can make a change. In security one of the biggest changes will be the fact that on Oct 17th a lot of organisations need to have implemented. A big challenge for many organisations who haven't got a clue. But what do you need to do? And what does that mean? One of the solutions maybe to take a feline approach to NIS2 and fulfill parts of the compliance needs with OpenKAT. Not just for organisations, but also for software solutions that are used with in the chain. In this talk the main points of NIS2 will be explained as well as the parts where automation with OpenKAT can make a change. about this event: https://pretalx.hackerhotel.nl/hackerhotel-2024/talk/NYAXKU/

When we talk about tech stacks we usually think about big organizations running systems, but in the current day and age we too have a large digital footprint. In this talk we will go over mapping out our personal tech stack and start identifying any threats that could be useful to help prevent stalking and harassment, or at least be aware of the risks you encounter so you can make informed choices about data that you share. In the presentation I’ll give an example of a basic threat modeling that can be applied to our personal digital footprint to help improve privacy and protect yourself against nosey governments and digital stalking. We start with creating an overview of all apps, services and accounts that we use and contain personal information, focusing on those that can be exploited for stalking or bullying purposes. From there we will apply threat modeling methods, mainly persona non grata, to identify how they can be exploited by malicious actors. Either working from publicly shared information or who might have gained access to private details in legitimate or illegitimate ways. about this event: https://pretalx.hackerhotel.nl/hackerhotel-2024/talk/JTUNBY/

What is this DES and why is it bad? Should I always use AES-256, bigger is better right? Who are these RSA-dudes in the first place and why do I need 25519 elliptic curves in my life? Is quantum really that bad for encryption and what can I do about it? If these are questions keeping you up at 05:00, then this talk might be for you! Cryptography is not only essential in our modern-day lives, but it has been for thousands of years. After some historical context, we will dive into some modern ciphers like DES, AES, RSA and ECC. I will show you how they work (using simple to understand high-school math and pretty pictures) and how to use them. We will then see how quantum computers are bad for cryptography and show techniques that can counter that. The slides are in English, the spoken language can be English or Dutch (depending on the audience). Pre-talk disclaimer: the provided explanations are very high-level and leave out details that make the ciphers actually secure. **DO NOT USE THEM IN YOUR PROJECTS!** about this event: https://pretalx.hackerhotel.nl/hackerhotel-2024/talk/B7BL3K/

Nico Dekens a.k.a Dutch_OSINTguy, a renowned open source intelligence professional, has noticed recurring patterns in content created using artificial intelligence. He demonstrates how he has used OSINT tools and even basic search engines to locate and identify online accounts that appear to be using autogenerated website content, social media posts, reviews, and hate speech. The proliferation of content generated by artificial intelligence (AI) is just beginning. Recent years have seen online accounts, run by bots, create fake news articles, divisive social media posts, fraudulent product reviews, and more. As mainstream access to AI tools spreads, the opportunities to use the technology for malicious purposes are on the rise. Nico Dekens, a renowned open source intelligence professional, has noticed recurring patterns in content created using artificial intelligence. He demonstrates how he has used OSINT tools and even basic search engines to locate and identify online accounts that appear to be using autogenerated website content, social media posts, reviews, and hate speech. Investigative approaches and techniques are covered, including a list of string text that can be easily searched to locate these types of accounts. There is also a detailed example for generating high-quality deep fake photos using Midjourney. The author takes an ethical stance on the use of artificial intelligence and advocates for validating online content using OSINT investigative methodology. This paper provides an investigative study for identifying AI-generated content. about this event: https://pretalx.hackerhotel.nl/hackerhotel-2024/talk/ED8Z7P/

Ham radio is a nice hobby, with a bit of overlap with the hacker community. It's a very technical hobby, with a lot of variation. Much more than an Old Man talking on the radio all day. Ham radio is a nice hobby, with a bit of overlap with the hacker community. It's a very technical hobby, with a lot of variation. Much more than an Old Man talking on the radio all day. As a licensed HAM you have access to many frequency bands - HF, these are low frequencies that can travel 1000ths of kilometers without repeater - But also frequencies close to 'commercial' products, a ham could use LoRa 433MHz with over 100W to see what that does. - Also on 2.4GHz and 5GHz there is a HAM radio frequency band next to the WiFi band that can be used with much power. - There are a bunch of satellites that can be used for (data) communication as well. I'll show you some possibilities with a HAM radio license, and tell you a bit about how you can get into it. about this event: https://pretalx.hackerhotel.nl/hackerhotel-2024/talk/WAFHXM/

Social Engineering 102: Hacking influence. How to get people to trust your judgement. Your level of influence, in buisines or daily life, has little to do with your level of compentence. It can be very frustrating to see all your great ideas getting shot down by the people in charge. More so when silly ideas dó get accepted. But how does influence work? Hoe can you get the higher-ups to listen and value your contribution for what it really is? about this event: https://pretalx.hackerhotel.nl/hackerhotel-2024/talk/U3BFMC/

Mechanical safe locks are quickly replaced with their electronic counterparts. While there are many benefits, the security implications are far less understood than the mechanical systems. Jan-Willem collects and researches electronic safe locks and will share his thoughts. From dumping chips with lasers to locks which can be opened with ketchup. We use safes to protect our valuables from threats. We trust these systems to keep the assets safe. Mechanical combination locks can be quite cumbersome to operate, and don't have the benefits including auditing, remote access, multi-user, time lock, and much more. But how the additional electronics impacts the security of the safe isn't widely understood. This talk goes into researching the security of electronic safe locks, from reverse engineering known attacks, to learning from scratch. For example, we used laser fault injection to read out the memory of several chips to analyze the code looking for bugs and back doors. While at the low-end, we reverse engineered lock spiking, and use ketchup to open locks. about this event: https://pretalx.hackerhotel.nl/hackerhotel-2024/talk/3PFXDX/

This talk explores the concept of hackersguilds, groups of engineers collaborating to enhance internal information security. Through various activities such as answering inquiries, conducting internal pentesting exercises, and participating in CTF competitions, hackersguilds empower engineers to actively contribute to an organization's security efforts. The talk provides practical insights into initiating and nurturing hackersguilds, fostering a collaborative environment that taps into collective expertise. By leveraging hackersguilds, organizations can enhance resilience against cyber threats and foster a culture of continuous learning. Attendees will gain a comprehensive understanding of hackersguilds' potential for a more secure future. This talk explores the concept of hackersguilds, groups of engineers collaborating to enhance internal information security. Through various activities such as answering inquiries, conducting pentesting exercises, and participating in CTF competitions, hackersguilds empower engineers to actively contribute to an organization's security efforts. The talk provides practical insights into initiating and nurturing hackersguilds, fostering a collaborative environment that taps into collective expertise. By leveraging hackersguilds, organizations can enhance resilience against cyber threats and foster a culture of continuous learning. Attendees will gain a comprehensive understanding of hackersguilds' potential for a more secure future. about this event: https://pretalx.hackerhotel.nl/hackerhotel-2024/talk/K39SKE/

You can hack all sorts of things. Software, hardware. But being a hacker, what makes more sense than to hack oneself? Hackers have been turning themselves into bionic man, but we can also just hack our brain, using just out brain. I am talking about lucid dreaming: dreaming while you are aware of doing so and able to shape your dream. This talk will discuss what we know so far about lucid dreams and how they relate to other special states of the mind. The main focus will be on how to hack your own mind to start experiencing lucid dreams, what you can do in them, and how they differ from real life. What could be more fun than gaining control over your dreamworld? Go to sleep, and find yourself doing things that would be impossible in the real world. Flying? No problem! You can be superman and have it feel more real than reality. Now if that's not a fun hacking project.. about this event: https://pretalx.hackerhotel.nl/hackerhotel-2024/talk/HHBEZH/

More and more decisions are made or prepared automatically, with "computer says no" making it really harmful at crucial moments. For many people, it is then unclear whether you have rights and what those rights are. Yet there are steps you can take to successfully fend for yourself. This talk lays out some hacks and will be the presentation of the report 'Computer says no, but the law says yes'. Good thoughts are frequently accompanied by procedures that are not always well thought out. The victims are often not the organizations, but the customers or citizens on the receiving end of the processes. Sometimes the consequences are severe, such as no longer being able to use your phone, blocking a bank account or credit card to actually closing a bank account. In the presentation of the study "Computer says no, but the law says yes," we look at causes and possible solutions. Of course we lend a hand with advice for businesses, but we also look at legal frameworks that give the common man some guidance. about this event: https://pretalx.hackerhotel.nl/hackerhotel-2024/talk/XVE39C/

WOOt do we want? Freedom for our software! When do we WOOnt it? Now! This talk is about the journey into opensourcing software used and made by our governement. We will introduce you to the Wet Open Overheid (WOO) and explain how this law allows you to request the source of certain software. Then we’ll provide you with a step-by-step guide how you can woo (yes, that’s a new verb we made up) software of your interest and in which cases you may want or not want to do so. This may all sound nice in theory but Mendel will of course also tell you about his personal journey of requesting the DigiD code base and how this eventually lead to opensourcing the complete code base. In contrast to this lovely abstract, the talk will be in Dutch. WOOt do we want? Freedom for our software! When do we WOOnt it? Now! This talk is about the journey into opensourcing software used and made by our governement. We will introduce you to the Wet Open Overheid (WOO) and explain how this law allows you to request the source of certain software. Then we’ll provide you with a step-by-step guide how you can woo (yes, that’s a new verb we made up) software of your interest and in which cases you may want or not want to do so. This may all sound nice in theory but Mendel will of course also tell you about his personal journey of requesting the DigiD code base and how this eventually lead to opensourcing the complete code base. In contrast to this lovely description, the talk will be in Dutch. about this event: https://pretalx.hackerhotel.nl/hackerhotel-2024/talk/FTWP3P/

More information will be added soon, or not... More information will be added soon, or not... about this event: https://pretalx.hackerhotel.nl/hackerhotel-2024/talk/VL9CGG/

Opening and welcome by Dimitri Modderman Opening and welcome by Dimitri Modderman about this event: https://pretalx.hackerhotel.nl/hackerhotel-2024/talk/ZQHVMN/

An overview of the new maps and new metrics added in 2023, and what it did. An overview of the new maps and new metrics added in 2023, and what it did. about this event: https://pretalx.hackerhotel.nl/hackerhotel-2024/talk/ADQKKH/

Lets talk about battery's! Li-ion, salt, H2 or LFP, veel systemen zijn er op dit moment beschikbaar of komen beschikbaar. Alleen zijn er nieuwe regelgevingen op de loer en wordt de positie van de netbeheerder belangrijker. Welke ontwikkelingen zijn er en hoe vormt het zich? Ik neem jullie mee in mijn reis waarin ik een thuisbatterij heb gebouwd. Tijdens mijn presentatie deel ik basale informatie welke ik ook deel met mijn klanten. Kleine discussie is leuk, maar houd de temperatuur in de gaten, geen thermal runaway ;-) EOS, LFP, NCA, Li-Ion, nen4046, netbeheerders, grid capacity (NL), ckomende wetgeving, etc/wvttk about this event: https://pretalx.hackerhotel.nl/hackerhotel-2024/talk/AYHRPY/

We always knew it coulde happen, and thus that it, accoording to Murphey's law, would happen. A member of DIVD got arrested in relation to computer crime. And about a year ago it did, Pepijn van der S. got arrested. In this (no press) talk we will walk you through the events that happened, the impact they had on our organisation and the lessons we learned. Being a, white hat, hackers collective has it's risks. The most obvious risk is a legal risk. And we always considered it likely that a mebmer of DIVD would be arrested in relation to computer crime. And we prepared for it. But then, when it does happen, you find our how prepared you really are. about this event: https://pretalx.hackerhotel.nl/hackerhotel-2024/talk/HYZ7WU/

Kugelschreiber funktionieren bekanntlich nicht in der Schwerelosigkeit. Daher haben die Amerikaner für ihre Astronauten für viel Geld einen speziellen Kugelschreiber entwickelt der auch auch im Weltall funktioniert. Bei der ersten Begegnung zwischen amerikanischen Astronauten und sowjetischen Kosmonauten im All zeigen die Amerikaner stolz ihre neuen Kugelschreiber. Die Sowjets sind erstaunt. Sie verwenden einfach Bleistifte. So oder so ähnlich lautet die Urban Legend zum Space Pen. In diesem Petit Foo untersucht sirgoofy was an der Geschichte dran ist und ob Bleistifte im Weltraum eine gute Idee sind. about this event: https://chaospott.de/

Jedes Jahr nimmt das Chaotikum Video Team Videos auf, z.B. beim Freitalk, der Softwerkskammer, den 5 Minuten Terminen, der NooK oder auf anderen Events. Diese veröffentlichen wir dann auf verschiedenen Plattformen wie z.B. media.ccc.de, youtube und auf unserer eigenen Website. Doch was passiert eigentlich dazwischen? In diesem Vortrag beleuchten Malte und Lukas die Arbeit der letzten Jahre in der Video AG des Chaotikums, Zeigen ein paar Beispiele dafür, wie wir üblicherweise Videos erstellen und führen einen neu erarbeiteten Prozess vor, um hochwertige Untertitel für unsere Videos zu ermöglichen. This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License (CC BY NC ND 4.0). https://creativecommons.org/licenses/by-nc-nd/4.0/ about this event: https://chaotikum.org/blog/project/2024/01/19/freitalk/

Digitale Selbstverteidigung (CCCHH) - Passwörter Gute Passwörter schützen unser digitales Leben vor Diebstahl, Missbrauch und Verlust. Aber was genau macht gute Passwörter aus? Und kann ich was falsch machen beim Umgang damit? In diesem Vortrag des Chaos Computer Clubs Hamburg in der Zentralbibliothek erklären wir, wie Kriminelle arbeiten und was das für uns bedeutet. Wir sprechen darüber, welche Regeln bei Erstellung und Umgang mit Passwörtern wichtig sind und welchen Mehrwert Passwortmanager oder 2-Faktor-Authentisierung bieten. about this event: https://c3voc.de

about this event: https://c3voc.de

Viele Leute kommen mit neuer Motivation und vielen Ideen vom Congress zurück, das aber dann schnell im Alltag untergeht. sirgoofy gibt Tipps wie man dieses Congress-Gefühl und die Motivation behalten kann. about this event: https://chaospott.de/

about this event: https://events.ccc.de/congress/2023/hub/event/37c3_feierlicher_abschluss/

Vorstandsvorsitzende Gitte Schmitz stellt aktuelle Ergebnisse des Deutschen Instituts für Karaokeforschung vor. Liebe Fördermitglieder des Institutes für Karaokeforschung, in den letzten Tagen haben wir uns intensiv mit den Karaoke-Gewohnheiten der örtlichen Bevölkerung des 37C3 im CCH befassen können. Unsere motivierten Proband\*innen im Alter zwischen 17 und 85 Jahren haben uns in dieser repräsentativen Studie direkte Einblicke in ihren Alltag gegeben. Allein dafür sind wir unendlich dankbar, Sie haben der Karaokeforschung einen großen Dienst erwiesen! Nun möchten wir Euch und Ihnen in einer Zwischenpräsentation Insights aus unserem aktuellen Kooperationsprojekt mit dem 37C3 präsentieren – und damit auch die dritte Phase der international angelegten Forschungsarbeit einläuten. Im Namen des gesamten Vorstandes möchte ich mich bei Ihnen recht herzlich für die Unterstützung auch im nächsten Jahr bedanken. Gleichzeitig die Bitte, Ihre Bankverbindung zu überprüfen, um die Arbeit unserer Buchhaltung zu vereinfachen. Wir freuen uns über Ihre Teilnahme an der Präsentation und bitten um eine kurze Bestätigung. Es grüßt Sie herzlich Ihre Gitte Schmitz (Vorsitzende Deutsches Institut für Karaokeforschung) about this event: https://events.ccc.de/congress/2023/hub/event/37c3_herausforderungen_der_aktuellen_karaokeforschung/

Was hat sich im letzten Jahr im Bereich IT-Sicherheit getan? Welche neuen Entwicklungen haben sich ergeben? Welche neuen Buzzwords und Trends waren zu sehen? Wie immer wagen wir den IT-Security-Alptraum-Ausblick auf das Jahr 2024 und darüber hinaus. Denn was wir wirklich wissen wollen, ist ja schließlich: Was kriecht, krabbelt und fliegt in Zukunft auf uns zu und in unseren digitalen Implants herum? Im Zuge von noch mehr Transparenz, Kritik & Selbstkritik und kontinuierlicher nachhaltiger Optimierung aller Prozesse werden wir außerdem frühere Voraussagen hinsichtlich des Eintreffens unserer Weissagungen prüfen. about this event: https://events.ccc.de/congress/2023/hub/event/security_nightmares/

Many teams work hard to arrange the event, this talk allows them to show what they did and who they are. about this event: https://events.ccc.de/congress/2023/hub/event/37c3_infrastructure_review/

Entgegen der Auffassung, die schwule Subkultur hätte durch die digitale Vernetzung einen Aufschwung erhalten und sei in ihrem Aktivismus gestärkt worden, möchte ich eine gegenwärtige Krise der Subkultur markieren und ihren Entstehungskontext durch Onlinedating skizzieren. Schwule Onlineplattformen entstanden, um der Unterdrückung von homosexuellem Verhalten zu entgehen. Zynischerweise sorgen sie heute für eine unterschwellige, fesselnde Regulation homosexueller Menschen. Der Vortrag arbeitet sich zwar vor allem an MSM-Personen (Männer, die Sex mit Männern haben) ab, richtet sich aber ausdrücklich an Hacker:innen jeglicher Sexualität. Der Vortrag zeichnet erstens eine Kulturgeschichte der schwulen Subkultur und erklärt, warum Darkrooms und ähnliche Orte, an denen schwuler Sex in der semi-Öffentlichkeit vollzogen wird, konstitutiv für die schwule Szene waren. Zweitens werden die Effekte der Digitalisierung dieser Orte hin zu Plattformen wie früher GayChat oder heute Grindr aufgezeigt. Drittens wird gezeigt, warum homosexuelle Cruising-Apps wie Grindr kultur- und softwaretechnisch grundlegend anders aufgebaut sind als heterosexuelle Dating-Apps wie Tinder. Mit dem Vortrag möchte ich einen Anstoß geben, Dualismen wie Homo- und Heterosexualität, Cruising und Dating, Promiskuität und Monogamie zu hacken. Ich möchte zeigen, dass Interaktivität auf *Datingplattformen* häufig eine Illusion ist, und versuchen, gemeinsam mit dem Publikum Wege zu finden, den „interpassiven”-Konsumstatus im Onlinedating aufzubrechen. about this event: https://events.ccc.de/congress/2023/hub/event/vom_darkroom_in_die_blackbox/

Debitkarte/girocard geklaut? – Schnell sperren lassen … doch was, wenn die Sperrung nicht so wirksam ist, wie es scheint? Im Rahmen des Vortrages werden Datenschutz- und IT-Sicherheitsmängel im KUNO-Sperrsystem vorgestellt. Das System ist bei > 90 % der Händler in Deutschland im Einsatz und soll seit einem Beschluss der Innenministerkonferenz im Jahr 2005 garantieren, dass das elektronische Lastschriftverfahren (ELV) vor Betrug sicher(er) ist. Im Rahmen des Vortrages wird unter anderem aufgezeigt, wie es Unbefugten/Taschendieben (über Jahre) möglich war, gesperrte EC- & Debitkarten/ girocards für die ELV simpel zu entsperren. Darüber hinaus werden Streifzüge durch die Themen der IT-Sicherheit, des Datenschutzes und Payments vorgenommen – Vergnügen für alle Datenreisenden ist garantiert :) Weitere Infos zu den Lücken (Ende des Jahres) unter: https://giroday.de Das KUNO-Sperrsystem (Kriminalitätsbekämpfung im unbaren Zahlungsverkehr durch Nutzung nichtpolizeilicher Organisationen) wurde vor über 20 Jahren entwickelt, um Betrug mit EC-Lastschriftverfahren einzudämmen. 96 % aller Händler in Deutschland nutzen direkt oder indirekt die KUNO-Sperrdatei, um sich vor Betrug mittels gefälschter Lastschrift zu schützen. Das System wird vom EHI Retail Institute in Kooperation mit der deutschen Polizei und dem Hauptverband des Deutschen Einzelhandels betrieben. Pro Jahr laufen mehr als 120.000 Meldungen über das System. Im Rahmen einer Untersuchung konnte nun ermittelt werden, dass Taschendiebe die entsprechende Sperrung von Girocards/Debitkarten simpel aufheben und weiter Betrug begehen konnten. Durch eine Meldung im Rahmen eines Responsible Disclosure-Verfahrens konnten zahlreiche Mängel im Bereich Datenschutz und IT-Sicherheit aufgedeckt und behoben werden. Im Vortrag wird Tim Philipp Schäfers das KUNO-System genauer vorstellen und Streifzüge durch die Themen der IT-Sicherheit, des Datenschutzes und Payments vornehmen - Vergnügen für alle Datenreisenden (alle Level) ist garantiert :) Weitere Infos zu den Lücken (Ende des Jahres) unter: https://giroday.de Weitere Infos zum KUNO-Sperrsystem: https://de.wikipedia.org/wiki/Kriminalit%C3%A4tsbek%C3%A4mpfung\_im\_unbaren\_Zahlungsverkehr\_durch\_Nutzung\_nichtpolizeilicher\_Organisationen about this event: https://events.ccc.de/congress/2023/hub/event/oh_no_kuno_-_gesperrte_girocards_entsperren/

What occurs when machines learn from one another and engage in self-cannibalism within the generative process? Can an image model identify the happiest person or determine ethnicity from a random image? Most state-of-the-art text-to-image implementations rely on a number of limited datasets, models, and algorithms. These models, initially appearing as black boxes, reveal complex pipelines involving multiple linked models and algorithms upon closer examination. We engage artistic strategies like feedback, misuse, and hacking to crack the inner workings of image-generation models. This includes recursively confronting models with their output, deconstructing text-to-image pipelines, labelling images, and discovering unexpected correlations. During the talk, we will share our experiments on investigating Stable-Diffusion pipelines, manipulating aesthetic scoring in extensive public text-to-image datasets, revealing NSFW classification, and utilizing Contrastive Language-Image Pre-training (CLIP) to reveal biases and problematic correlations inherent in the daily use of these models. The talk will be conducted by sharing various experiments we've done under the umbrella of generative AI models. We will begin with a general idea of how we, as artists/programmers, perceive these models and our research on the workflow of these constructs. Then, we will further elaborate on our exploration of the Stable Diffusion pipeline and datasets. Throughout our investigation, we discovered that some essential parts are all based on the same few datasets, models, and algorithms. This causes us to think that if we investigate deeper into some specific mechanisms, we might be able to reflect on the bigger picture of some political discourses surrounding generative AI models. We deconstructed the models into three steps essential to understanding how they worked: dataset, embedding, and diffusions. Our examples are primarily based on Stable-Diffusion, but some concepts are interchangeable in other generative models. As datasets and machine-learning models grow in scale and complexity, understanding their nuances becomes challenging. Large datasets, like the one for training Stable Diffusion, are filtered using algorithms often employing machine learning. To "enhance" image generation, LAION's extensive dataset underwent filtering with an aesthetic prediction algorithm that uses machine learning to score the aesthetics of an image with a strong bias towards water-color and oil paintings. Besides the aesthetic scoring of images, images are also scored with a not safe-for-work classifier that outputs a probability of an image containing explicit content . This algorithm comes with its own discriminatory tendencies that we explore in the talk and furthermore asks how and by whom we want our datasets to be filtered and constructed. Many generative models are built upon Contrastive Language-Image Pre-training (CLIP) and its open-source version, Open-CLIP, which stochastically relates images and texts. These models connect images and text, digitize text, and calculate distances between words and images. However, they heavily rely on a large number of text-image pairs during training, potentially introducing biases into the database. We conducted experiments involving various "false labelling" scenarios and identified correlations. For instance, we used faces from ThisPersonDoesNotExist to determine "happiness" faces, explored ethnicities and occupations on different looks, and analyzed stock images of culturally diverse food. The results often align with human predictions, but does that mean anything? In the third part, we take a closer look at the image generation process, focusing on the Stable Diffusion pipeline. Generative AI models, like Stable Diffusion, have the ability not only to generate images from text descriptions but also to process existing images. Depending on the settings, they can reproduce input images with great accuracy. However, errors accumulate with each iteration when this AI reproduction is recursively used as input. We observed that images gradually transform into purple patterns or a limited set of mundane concepts depending on the parameters and settings. This raises questions about the models' tendencies to default to learned patterns. about this event: https://events.ccc.de/congress/2023/hub/event/self-cannibalizing_ai/

Hacken geht auch ohne Ohren! In den letzten zwei Jahren haben wir am lebenden Objekt erforscht, wie man Hackspaces für Gehörlose öffnen kann, so dass wir alle gemeinsam an Projekten arbeiten und cooles Zeug bauen können. Kommt vorbei, schaut/lauscht, und nehmt was mit nach Hause! Der Vortrag wird in der Österreichischen Gebärdensprache (ÖGS) gehalten und simultan zu Deutsch übersetzt (bzw. andersherum für Fragen). Hackspaces sind für Gehörlose nicht zugänglich, um ihre Kreativität auszuleben sowie nachhaltige Techniknutzung eigenständig zu erlernen. Das wissenschaftlich-künstlerische Projekt MACH’S AUF! setzt seinen Fokus auf die folgenden Fragen: * Wie kann Technik gestaltet sein, damit sie besser von gehörlosen Menschen genutzt werden kann? * Wie kann eine Zusammenarbeit zwischen Gehörlosen und Hörenden funktionieren? * Wie können Barrieren abgebaut werden, ohne dass gesellschaftliche Randgruppen davon benachteiligt werden? In den letzten zwei Jahren haben Oliver "fussel" Suchanek (es/ihm) und Franz "Stoni" Steinbrecher (er/ihm) viel Zeit, Aufwand und Sorgfalt in diverse Veranstaltungen, Workshops und Aufklärung gesteckt. Ermöglicht wurde das durch die finanzielle Unterstützung vom Chaos Computer Club. Das Ergebnis kann sich sehen lassen: Eine neue Community, in der Hörende und Gehörlose gemeinsam hacken, in der Gehörlose Maschinen bedienen, die vorher unzugänglich waren, und auch ganz neue Projekte wie zum Beispiel die ÖGS-Suchmaschine (http://suche.machs-auf.at/search). Über die Arbeit der ersten zwei Jahre wird Oliver "fussel" Suchanek berichten, so dass ihr unsere Ansätze auch in anderen Spaces anwenden könnt. Seid gespannt auf den Einblick … :) about this event: https://events.ccc.de/congress/2023/hub/event/offnet_eure_spaces_fur_gehorlose/

The EU "e-evidence" regulation is a critical piece of new legislation directly affecting all EU citizens. Proposed in 2017, it has been completed in 2023 as has since become law, mandating a more or less direct, cross border access to all sorts of stored information by law enforcement. I will be addressing how individuals are affected and how the release of e-evidence works technically. Who are the actors? Which types of information can be requested? How are individual rights protected? Having worked on the cross border e-evidence dossier since it's inception in 2017, the talk aims to present an insider view on the proposed procedures and legal protections, the scope of the obligation on industry to promptly provide information to law enforcement as well as the status of the proposed technical implementation including the proposed authentication and encryption of requests as well as the response data provided. As an industry representative participating in the official EU e-evidence implementation task force I am going to take a look at the current, up to date status of the proposed implementation as well as the numerous grey areas to still be addressed both legally as well as technically to make the e-evidence dossier even remotely workable/acceptable for all parties concerned. about this event: https://events.ccc.de/congress/2023/hub/event/dissecting_eu_electronic_evidence/

The Super Nintendo Entertainment System's sound coprocessor, the S-SMP, runs on the mostly-forgotten SPC700 architecture. To understand why the sound of Super Metroid or SMW was so ahead of its time, we will look at all the details of how this processor works and how it plays music. The SPC700 by Sony is an 8-bit architecture that was developed and used as the S-SMP sound coprocessor in the Super Nintendo Entertainment System (SNES). A big leap ahead in sound synthesis capabilities, apart from these few years of glory in the 1990s the architecture enjoyed no further uses and has faded into obscurity outside SNES circles. This talk not only takes a look at the SPC700 architecture, which is both a usual and unusual 8-bit ISA, but also the sound and music capabilities of the SNES S-DSP that it was designed to control. The talk is designed to be approachable by anyone with a basic understanding of how a microprocessor works; in particular, it covers the basics of digital audio necessary to understand the S-DSP's sound synthesis features like ADPCM sample playback or echo buffers. about this event: https://events.ccc.de/congress/2023/hub/event/the_ultimate_spc700_talk/

2023, Tariq Ben Zeyad Brigade (TBZ), a notorious East Libyan land-based militia, went maritime and completed the pullback regime which was installed by Italy and the EU from 2017. They were deeply involved in the failed passage of the boat that sank near Pylos, in which up to 500 people drowned. With the help of low-budget, open-source intelligence, we were the first to unveil how their new vessel operates in the Central Mediterranean and with which European actors they communicate. This talk provides you with the details. After the "summer of migration", from 2017 the EU and Italy set up and equipped the "coastguard" in Libya, consisting of militias, to take back boats with refugees to North Africa and put the people in torture camps. Frontex and a EU military mission take over the aerial surveillance for these pullbacks. 2023, Tariq Ben Zeyad Brigade (TBZ), a notorious East Libyan land-based militia, went maritime and completed this pullback regime. They were deeply involved in the failed passage of the boat that sank near Pylos, in which up to 500 people drowned. For the first time, we unveiled how their new vessel, sponsored by UAE, operates in the Central Mediterranean. We could spot them, intercept communication, and record their crimes. We managed to do so through low-budget, open-source intelligence, voluntary work, and our civil monitoring flights. Our talk materializes at the crossroads of no-border activist nerdiness and broader geopolitical reflections. Starting with our first-hand material, we show TBZ's close ties with condemned war criminals, the smuggling business, the United Arab Emirates, the Frontex agency, and European governments, namely Greece, Italy, and Malta. We see the media being barely interested in the intricacies of Europe's proxy actors, such as TBZ, that help uphold fortress Europe. We will use CCC to discuss what has little space in our daily public work: weird details, daring predictions, and complex interlinkages. about this event: https://events.ccc.de/congress/2023/hub/event/a_libyan_militia_and_the_eu_-_a_love_story/

Mal ehrlich, was haben denn Atome je für uns getan, also außer der Materie im Allgemeinen und Mate im Besonderen? Wir kennen „Quantum Computing“ oder auch „Quantum Communication“. Aber wie sieht es aus mit „Quantum Sensing“ – also quantenbasierter Messtechnik? Lasst uns mit Lasern auf ein paar Atome schießen und sehen, wie schwer die Welt ist. „Quantum“ macht ja alles besser, vielleicht auch die Messtechnik, mit der wir die Erde vermessen. In einem Beitrag auf dem 34C3 habe ich über die Vermessung des Schwerefeldes der Erde gesprochen, die uns einen Einblick in die Umverteilung von Massen auf und innerhalb der Erde ermöglicht. Mit Satelliten werden zum Beispiel die Massenveränderungen an den Eisschilden oder in kontinentalen Grundwasserspeichern beobachtet. Auf der Erdoberfläche selbst wird das Schwerefeld für Anwendungen in Geodäsie, Geophysik oder auch der Hydrologie lokal oder in kleinen Regionen mit Gravimetern am Boden, im Flugzeug oder auf Schiffen vermessen. Im terrestrischen Einsatz werden bereits seit wenigen Jahren so genannte Quantengravimeter eingesetzt, die das Prinzip der Atominterferometrie nutzen. In diesen Instrumenten werden fallende Atome mittels Laser manipuliert, um die Beschleunigung zu messen, der die fallenden Atome unterliegen. Für Weltraumanwendungen ist die Technologie derzeit in der Entwicklung und noch nicht im Einsatz. In diesem Beitrag gebe ich einen kurzen Überblick über das Thema „Quantum Sensing“ mit dem Fokus auf die Erdbeobachtung. Wir schauen uns die Technologie, Anwendungen und aktuelle Entwicklungen an und werfen einen Blick in die Förderlandschaft. Vielleicht starten wir ja auch noch SomeThingQT. about this event: https://events.ccc.de/congress/2023/hub/event/was_haben_atome_je_fur_uns_getan/

Seit ChatGPT ist das Thema Künstliche Intelligenz mittlerweile an fast allen Schulen angekommen. Immer noch soll KI Lehrkräfte entlasten, doch mit der kommenden KI-Verordnung kann sich die Belastung einfach nur verschieben. Der Vortrag gibt ein Update zum Vortrag von der #rC3 2020, was nun konkret auf Schulen zukommen kann und wie KI tatsächlich zu Entlastungen beitragen kann. Schon länger experimentieren Bundesländer und Schulen zusammen mit EdTech-Unternehmen mit KI und Algorithmen in Learning Analytics-Programmen (LA) und sogenannten Intelligenten Tutor Systemen. Wie auch schon bei anderen technologischen Entwicklungen hängt auch bei KI die gesetzliche Regulierung der gelebten Praxis hinterher und Schulen oder auch Schulträger haben bislang keine rechtssichere Grundlage für die Arbeit mit KI. Noch. Doch bereits seit dem Frühjahr 2021 wird in Brüssel an der sogenannten KI-Verordnung gearbeitet, die diese Lücke schließen soll. Nun steht die KI-Verordnung kurz vor dem Abschluss und der Vortrag zeigt, was nun juristisch konkret auf Schulen, Schulträger oder Länder zukommen kann, und gibt ein Update zu den technischen und pädagogischen Herausforderungen, die der Einsatz von KI in der Schule mitbringt. Nur wenn KI richtig und geplant beschafft, eingesetzt und begleitet wird, kann sie zu Entlastungseffekten führen. Der Vortrag stellt die nötigen Schritte vor. about this event: https://events.ccc.de/congress/2023/hub/event/ki_im_klassenzimmer_-_ein_update/

Tech(no)fixes distract our minds and slow down necessary change. We will give examples, explain them and show you how to spot them. The climate catastrophe is imminent and global injustice is rising. Now a lot of new (in part digital) tech (AI, blockchain, big data, fusion, quantum computing, genetic engineering) is supposed to help the transition to a sustainable society. Although some of them can actually help with parts of the transition, they are usually discussed not as tools to assist the broader societal change (economic, legal, social, political changes) but as replacement for the broader societal change. In effect they act as "change placebos" resulting in "placebo change", meaning no change at all. Using concrete examples, this talk wants to 1) show in which ways technological fictions are misused as diversion from the necessary change or already existing other technologies, 2) present reasons and explanations for such misuse and 3) a simple method to spot tech(no)fixes. This talk underlines the necessity to design concrete technical use cases including their social conditions and limitations in order to create a fruitful debate for sustainability-assisting technologies and actually helpful implementations. about this event: https://events.ccc.de/congress/2023/hub/event/tech_no_fixes_beware/

Wir decken Probleme in der Gastronomie auf! ja lol ey wir haben da so Berichte IfG'd und lesen die halt vor. about this event: https://events.ccc.de/congress/2023/hub/event/topf-secret/

Die rapide Entwicklung autonomer Waffensysteme wirft drängende ethische und rechtliche Fragen auf. Ihre Anwendung hat kann weitreichende Auswirkungen auf militärische und zivile Bereiche haben. Der Vortrag beleuchtet die Technologien hinter dieser tödlichen Autonomie und veranschaulicht, wie die Kunstfreiheit von der Industrie angeignet wird, um Überwachungs und Militärtechnologie voranzutreiben. Welche Verwantwortung haben wir als Künstler\*innen, wenn wir digitale Werkzeuge verwenden ? Müssen wir stärker denn je unser Werkzeug und die Partner hinterfragen, denen wir helfen könnten, ihre tötlichen Technologien voranzutreiben ? Mit der raschen Entwicklung und Verbreitung von Roboterwaffen fangen Maschinen an, den Platz des Menschen auf dem Schlachtfeld einzunehmen. Einige Expertinnen aus Militär und Robotik schätzen, dass „Killerroboter" – vollständig autonome Waffen, die ganz ohne menschliches Eingreifen Ziele selektieren und angreifen können – innerhalb von 10 bis 15 Jahren entwickelt werden könnten. Aktuelle Beurteilungen des Militärs sagen aus, dass der Mensch immer eine gewisse Aufsicht über die Entscheidungen hat, tödliche Gewalt anzuwenden, jedoch lassen diese Aussagen oft die Möglichkeit offen, dass autonome Systeme eines Tages selbst die Fähigkeit haben, solche Entscheidungen aus eigener Kraft zu treffen, und somit der Mensch aus dem Entscheidungsprozess herausgenommen wird. In diesem Zusammenhang ist es wahrscheinlich, dass autonome Systeme in naher Zukunft auch in Drohnen und Systemen zum Einsatz kommen, die auf hoher See, an Land und im Weltall autonom operieren können. Und während die Drohnentechnologie als solche keine völkerrechtlichen Probleme bereitet, ist es im Falle von autonomen Waffensystemen, bei denen Entscheidungen über Leben und Tod an Maschinen delegiert werden sollen, die Technik selbst, die grundlegende ethische und (völker-)rechtliche Fragen aufwirft. Die Kriegssituation ist eine Welt der Algorithmen. Die Kunst ist der Anwalt der Gegen Algorithmen. Durch die Entwicklunge in diesem Bereich haben sich durch eine vielzahl an Ereignissen Akteure in Stellung gebracht und versuchen unter anderem mit Hilfe der Kunstfreiheit ihre Technologien in Europa zu verbreiten. Der Vortrag möchte aufzeigen, welche Künstlerischen Möglichkeiten es gegen den "Krieg der Algorithmen" gibt und die Frage aufwerfen, welche Verantwortung wir als Künstler\*innen bei der Nutzung von Technologie haben. Wir müssen stärker den je unser Werkzeug und die Partner hinterfragen, denen wir helfen könnten, ihre Technologien voranzutreiben. about this event: https://events.ccc.de/congress/2023/hub/event/zapfenstreich/

An open source project involving an automated telephone exchange powered by Raspberry Pi, utilizing old rotary phones. The system imitates exchange setups from different countries across the globe, allowing users to feel the genuine experience. Rotary-dial analogue phones were once a necessity, but now they lay dormant on shelves or tucked away in attics. This is largely due to the replacement of traditional landlines with fibre-optic modems, rendering analogue phones obsolete. In addition to their sentimental value, rotary dial phones provide several advantages, including reduced electrosmog emissions, protection against eavesdropping, repurposing outdated technology, and promoting a slower pace of life. The contribution explains how to build a private telephone exchange for eight people using rotary dial phones. The exchange is powered by a Raspberry Pi and custom analogue electronics. The following themes are covered: - The construction of a PBX which resembles telephone exchanges in various countries worldwide, giving users a realistic experience. - Handling of call initiation, routing, full duplex voice transmission and human-machine communication. - The software implementation on the Raspberry Pi running Linux. - A study of enhancing the open-source software with additional functionalities. Due to the readily available Raspberry Pi hardware and software programmability, this project invites everyone to participate. about this event: https://events.ccc.de/congress/2023/hub/event/analog_rotary_phones_get_a_second_life_with_raspberry_pi/

Hype war ja schon immer ein Keyfeature vieler Produkte. Auf dieser kleinen Reise reden wir passend zu einem Streamingevent über Videoschallplatten, VMD, DVD Plus oder Minus, Flexplay, Laserdisc, DIVX und vielleicht auch über ein paar Kickstarter. Es soll eine unterhaltsame Rundreise über Produkte die heute in unseren Wohznzimmern stehen könnten, es aber deutlich nicht tun. Welche Fails und Fehlentscheidungen haben dazu geführt ? Vergesst DVD, vergesst streaming. In der heutigen Folge des Failpodcast reden wir über Bildschallplatten und andere Hypegegenstände die spektakulär gefailt sind. Beim Och Menno Podcast geht es normalerweise über Sachen die irgendwie schief gehen. Diesmal halt in der Unterhaltungsindustrie. Es wird sich um eine Aufzeichnung handeln. about this event: https://events.ccc.de/congress/2023/hub/event/och-menno-fails-bei-unterhaltungsprodukten/