PLAY PODCASTS
Chaos Computer Club - archive feed

Chaos Computer Club - archive feed

14,494 episodes — Page 38 of 290

Hacking influence (hackerhotel2024)

Social Engineering 102: Hacking influence. How to get people to trust your judgement. Your level of influence, in buisines or daily life, has little to do with your level of compentence. It can be very frustrating to see all your great ideas getting shot down by the people in charge. More so when silly ideas dó get accepted. But how does influence work? Hoe can you get the higher-ups to listen and value your contribution for what it really is? about this event: https://pretalx.hackerhotel.nl/hackerhotel-2024/talk/U3BFMC/

Feb 10, 202438 min

Opening electronic safe locks with ketchup and lasers (hackerhotel2024)

Mechanical safe locks are quickly replaced with their electronic counterparts. While there are many benefits, the security implications are far less understood than the mechanical systems. Jan-Willem collects and researches electronic safe locks and will share his thoughts. From dumping chips with lasers to locks which can be opened with ketchup. We use safes to protect our valuables from threats. We trust these systems to keep the assets safe. Mechanical combination locks can be quite cumbersome to operate, and don't have the benefits including auditing, remote access, multi-user, time lock, and much more. But how the additional electronics impacts the security of the safe isn't widely understood. This talk goes into researching the security of electronic safe locks, from reverse engineering known attacks, to learning from scratch. For example, we used laser fault injection to read out the memory of several chips to analyze the code looking for bugs and back doors. While at the low-end, we reverse engineered lock spiking, and use ketchup to open locks. about this event: https://pretalx.hackerhotel.nl/hackerhotel-2024/talk/3PFXDX/

Feb 10, 202443 min

Hacking your Dreams (hackerhotel2024)

You can hack all sorts of things. Software, hardware. But being a hacker, what makes more sense than to hack oneself? Hackers have been turning themselves into bionic man, but we can also just hack our brain, using just out brain. I am talking about lucid dreaming: dreaming while you are aware of doing so and able to shape your dream. This talk will discuss what we know so far about lucid dreams and how they relate to other special states of the mind. The main focus will be on how to hack your own mind to start experiencing lucid dreams, what you can do in them, and how they differ from real life. What could be more fun than gaining control over your dreamworld? Go to sleep, and find yourself doing things that would be impossible in the real world. Flying? No problem! You can be superman and have it feel more real than reality. Now if that's not a fun hacking project.. about this event: https://pretalx.hackerhotel.nl/hackerhotel-2024/talk/HHBEZH/

Feb 10, 202448 min

Build your own hackersguild! (hackerhotel2024)

This talk explores the concept of hackersguilds, groups of engineers collaborating to enhance internal information security. Through various activities such as answering inquiries, conducting internal pentesting exercises, and participating in CTF competitions, hackersguilds empower engineers to actively contribute to an organization's security efforts. The talk provides practical insights into initiating and nurturing hackersguilds, fostering a collaborative environment that taps into collective expertise. By leveraging hackersguilds, organizations can enhance resilience against cyber threats and foster a culture of continuous learning. Attendees will gain a comprehensive understanding of hackersguilds' potential for a more secure future. This talk explores the concept of hackersguilds, groups of engineers collaborating to enhance internal information security. Through various activities such as answering inquiries, conducting pentesting exercises, and participating in CTF competitions, hackersguilds empower engineers to actively contribute to an organization's security efforts. The talk provides practical insights into initiating and nurturing hackersguilds, fostering a collaborative environment that taps into collective expertise. By leveraging hackersguilds, organizations can enhance resilience against cyber threats and foster a culture of continuous learning. Attendees will gain a comprehensive understanding of hackersguilds' potential for a more secure future. about this event: https://pretalx.hackerhotel.nl/hackerhotel-2024/talk/K39SKE/

Feb 10, 202440 min

Cyberonderzoeksraad: Computer says no, the law says yes (hackerhotel2024)

More and more decisions are made or prepared automatically, with "computer says no" making it really harmful at crucial moments. For many people, it is then unclear whether you have rights and what those rights are. Yet there are steps you can take to successfully fend for yourself. This talk lays out some hacks and will be the presentation of the report 'Computer says no, but the law says yes'. Good thoughts are frequently accompanied by procedures that are not always well thought out. The victims are often not the organizations, but the customers or citizens on the receiving end of the processes. Sometimes the consequences are severe, such as no longer being able to use your phone, blocking a bank account or credit card to actually closing a bank account. In the presentation of the study "Computer says no, but the law says yes," we look at causes and possible solutions. Of course we lend a hand with advice for businesses, but we also look at legal frameworks that give the common man some guidance. about this event: https://pretalx.hackerhotel.nl/hackerhotel-2024/talk/XVE39C/

Feb 9, 202441 min

WOOt does the government do? (hackerhotel2024)

WOOt do we want? Freedom for our software! When do we WOOnt it? Now! This talk is about the journey into opensourcing software used and made by our governement. We will introduce you to the Wet Open Overheid (WOO) and explain how this law allows you to request the source of certain software. Then we’ll provide you with a step-by-step guide how you can woo (yes, that’s a new verb we made up) software of your interest and in which cases you may want or not want to do so. This may all sound nice in theory but Mendel will of course also tell you about his personal journey of requesting the DigiD code base and how this eventually lead to opensourcing the complete code base. In contrast to this lovely abstract, the talk will be in Dutch. WOOt do we want? Freedom for our software! When do we WOOnt it? Now! This talk is about the journey into opensourcing software used and made by our governement. We will introduce you to the Wet Open Overheid (WOO) and explain how this law allows you to request the source of certain software. Then we’ll provide you with a step-by-step guide how you can woo (yes, that’s a new verb we made up) software of your interest and in which cases you may want or not want to do so. This may all sound nice in theory but Mendel will of course also tell you about his personal journey of requesting the DigiD code base and how this eventually lead to opensourcing the complete code base. In contrast to this lovely description, the talk will be in Dutch. about this event: https://pretalx.hackerhotel.nl/hackerhotel-2024/talk/FTWP3P/

Feb 9, 202454 min

Top secret surprise (hackerhotel2024)

More information will be added soon, or not... More information will be added soon, or not... about this event: https://pretalx.hackerhotel.nl/hackerhotel-2024/talk/VL9CGG/

Feb 9, 202414 min

Opening Hackerhotel 2024 (hackerhotel2024)

Opening and welcome by Dimitri Modderman Opening and welcome by Dimitri Modderman about this event: https://pretalx.hackerhotel.nl/hackerhotel-2024/talk/ZQHVMN/

Feb 9, 20241h 1m

Basisbeveiliging / Internet Cleanup Foundation - State of the map (hackerhotel2024)

An overview of the new maps and new metrics added in 2023, and what it did. An overview of the new maps and new metrics added in 2023, and what it did. about this event: https://pretalx.hackerhotel.nl/hackerhotel-2024/talk/ADQKKH/

Feb 9, 202438 min

EOS/Thuisbatterij techtalk (hackerhotel2024)

Lets talk about battery's! Li-ion, salt, H2 or LFP, veel systemen zijn er op dit moment beschikbaar of komen beschikbaar. Alleen zijn er nieuwe regelgevingen op de loer en wordt de positie van de netbeheerder belangrijker. Welke ontwikkelingen zijn er en hoe vormt het zich? Ik neem jullie mee in mijn reis waarin ik een thuisbatterij heb gebouwd. Tijdens mijn presentatie deel ik basale informatie welke ik ook deel met mijn klanten. Kleine discussie is leuk, maar houd de temperatuur in de gaten, geen thermal runaway ;-) EOS, LFP, NCA, Li-Ion, nen4046, netbeheerders, grid capacity (NL), ckomende wetgeving, etc/wvttk about this event: https://pretalx.hackerhotel.nl/hackerhotel-2024/talk/AYHRPY/

Feb 9, 202433 min

A black hat in our white hat collective... a lesson in (incident response|human trust|pr|.*) (hackerhotel2024)

We always knew it coulde happen, and thus that it, accoording to Murphey's law, would happen. A member of DIVD got arrested in relation to computer crime. And about a year ago it did, Pepijn van der S. got arrested. In this (no press) talk we will walk you through the events that happened, the impact they had on our organisation and the lessons we learned. Being a, white hat, hackers collective has it's risks. The most obvious risk is a legal risk. And we always considered it likely that a mebmer of DIVD would be arrested in relation to computer crime. And we prepared for it. But then, when it does happen, you find our how prepared you really are. about this event: https://pretalx.hackerhotel.nl/hackerhotel-2024/talk/HYZ7WU/

Feb 9, 202445 min

Space Pen (petitfoo)

Kugelschreiber funktionieren bekanntlich nicht in der Schwerelosigkeit. Daher haben die Amerikaner für ihre Astronauten für viel Geld einen speziellen Kugelschreiber entwickelt der auch auch im Weltall funktioniert. Bei der ersten Begegnung zwischen amerikanischen Astronauten und sowjetischen Kosmonauten im All zeigen die Amerikaner stolz ihre neuen Kugelschreiber. Die Sowjets sind erstaunt. Sie verwenden einfach Bleistifte. So oder so ähnlich lautet die Urban Legend zum Space Pen. In diesem Petit Foo untersucht sirgoofy was an der Geschichte dran ist und ob Bleistifte im Weltraum eine gute Idee sind. about this event: https://chaospott.de/

Feb 7, 20248 min

Malte, TVLuke: Die Arbeit der Video AG [FreiTalk N8] (chaotikum)

Jedes Jahr nimmt das Chaotikum Video Team Videos auf, z.B. beim Freitalk, der Softwerkskammer, den 5 Minuten Terminen, der NooK oder auf anderen Events. Diese veröffentlichen wir dann auf verschiedenen Plattformen wie z.B. media.ccc.de, youtube und auf unserer eigenen Website. Doch was passiert eigentlich dazwischen? In diesem Vortrag beleuchten Malte und Lukas die Arbeit der letzten Jahre in der Video AG des Chaotikums, Zeigen ein paar Beispiele dafür, wie wir üblicherweise Videos erstellen und führen einen neu erarbeiteten Prozess vor, um hochwertige Untertitel für unsere Videos zu ermöglichen. This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License (CC BY NC ND 4.0). https://creativecommons.org/licenses/by-nc-nd/4.0/ about this event: https://chaotikum.org/blog/project/2024/01/19/freitalk/

Jan 26, 202449 min

Starkes Passwort, sichere Identität (ccchh-extras)

Digitale Selbstverteidigung (CCCHH) - Passwörter Gute Passwörter schützen unser digitales Leben vor Diebstahl, Missbrauch und Verlust. Aber was genau macht gute Passwörter aus? Und kann ich was falsch machen beim Umgang damit? In diesem Vortrag des Chaos Computer Clubs Hamburg in der Zentralbibliothek erklären wir, wie Kriminelle arbeiten und was das für uns bedeutet. Wir sprechen darüber, welche Regeln bei Erstellung und Umgang mit Passwörtern wichtig sind und welchen Mehrwert Passwortmanager oder 2-Faktor-Authentisierung bieten. about this event: https://c3voc.de

Jan 26, 20241h 48m

Exploring eUICCs and eSIMS using pySim, lpac and osmo-smdpp (osmodevcall)

about this event: https://c3voc.de

Jan 17, 20241h 25m

Preserving the Congress Feeling (petitfoo)

Viele Leute kommen mit neuer Motivation und vielen Ideen vom Congress zurück, das aber dann schnell im Alltag untergeht. sirgoofy gibt Tipps wie man dieses Congress-Gefühl und die Motivation behalten kann. about this event: https://chaospott.de/

Jan 3, 202422 min

37C3: Feierlicher Abschluss (37c3)

about this event: https://events.ccc.de/congress/2023/hub/event/37c3_feierlicher_abschluss/

Dec 30, 202326 min

37C3 カラオケ – Herausforderungen der aktuellen Karaokeforschung (37c3)

Vorstandsvorsitzende Gitte Schmitz stellt aktuelle Ergebnisse des Deutschen Instituts für Karaokeforschung vor. Liebe Fördermitglieder des Institutes für Karaokeforschung, in den letzten Tagen haben wir uns intensiv mit den Karaoke-Gewohnheiten der örtlichen Bevölkerung des 37C3 im CCH befassen können. Unsere motivierten Proband\*innen im Alter zwischen 17 und 85 Jahren haben uns in dieser repräsentativen Studie direkte Einblicke in ihren Alltag gegeben. Allein dafür sind wir unendlich dankbar, Sie haben der Karaokeforschung einen großen Dienst erwiesen! Nun möchten wir Euch und Ihnen in einer Zwischenpräsentation Insights aus unserem aktuellen Kooperationsprojekt mit dem 37C3 präsentieren – und damit auch die dritte Phase der international angelegten Forschungsarbeit einläuten. Im Namen des gesamten Vorstandes möchte ich mich bei Ihnen recht herzlich für die Unterstützung auch im nächsten Jahr bedanken. Gleichzeitig die Bitte, Ihre Bankverbindung zu überprüfen, um die Arbeit unserer Buchhaltung zu vereinfachen. Wir freuen uns über Ihre Teilnahme an der Präsentation und bitten um eine kurze Bestätigung. Es grüßt Sie herzlich Ihre Gitte Schmitz (Vorsitzende Deutsches Institut für Karaokeforschung) about this event: https://events.ccc.de/congress/2023/hub/event/37c3_herausforderungen_der_aktuellen_karaokeforschung/

Dec 30, 202342 min

37C3 Infrastructure Review (37c3)

Many teams work hard to arrange the event, this talk allows them to show what they did and who they are. about this event: https://events.ccc.de/congress/2023/hub/event/37c3_infrastructure_review/

Dec 30, 20231h 11m

Security Nightmares (37c3)

Was hat sich im letzten Jahr im Bereich IT-Sicherheit getan? Welche neuen Entwicklungen haben sich ergeben? Welche neuen Buzzwords und Trends waren zu sehen? Wie immer wagen wir den IT-Security-Alptraum-Ausblick auf das Jahr 2024 und darüber hinaus. Denn was wir wirklich wissen wollen, ist ja schließlich: Was kriecht, krabbelt und fliegt in Zukunft auf uns zu und in unseren digitalen Implants herum? Im Zuge von noch mehr Transparenz, Kritik & Selbstkritik und kontinuierlicher nachhaltiger Optimierung aller Prozesse werden wir außerdem frühere Voraussagen hinsichtlich des Eintreffens unserer Weissagungen prüfen. about this event: https://events.ccc.de/congress/2023/hub/event/security_nightmares/

Dec 30, 20231h 7m

Vom Darkroom in die Blackbox (37c3)

Entgegen der Auffassung, die schwule Subkultur hätte durch die digitale Vernetzung einen Aufschwung erhalten und sei in ihrem Aktivismus gestärkt worden, möchte ich eine gegenwärtige Krise der Subkultur markieren und ihren Entstehungskontext durch Onlinedating skizzieren. Schwule Onlineplattformen entstanden, um der Unterdrückung von homosexuellem Verhalten zu entgehen. Zynischerweise sorgen sie heute für eine unterschwellige, fesselnde Regulation homosexueller Menschen. Der Vortrag arbeitet sich zwar vor allem an MSM-Personen (Männer, die Sex mit Männern haben) ab, richtet sich aber ausdrücklich an Hacker:innen jeglicher Sexualität. Der Vortrag zeichnet erstens eine Kulturgeschichte der schwulen Subkultur und erklärt, warum Darkrooms und ähnliche Orte, an denen schwuler Sex in der semi-Öffentlichkeit vollzogen wird, konstitutiv für die schwule Szene waren. Zweitens werden die Effekte der Digitalisierung dieser Orte hin zu Plattformen wie früher GayChat oder heute Grindr aufgezeigt. Drittens wird gezeigt, warum homosexuelle Cruising-Apps wie Grindr kultur- und softwaretechnisch grundlegend anders aufgebaut sind als heterosexuelle Dating-Apps wie Tinder. Mit dem Vortrag möchte ich einen Anstoß geben, Dualismen wie Homo- und Heterosexualität, Cruising und Dating, Promiskuität und Monogamie zu hacken. Ich möchte zeigen, dass Interaktivität auf *Datingplattformen* häufig eine Illusion ist, und versuchen, gemeinsam mit dem Publikum Wege zu finden, den „interpassiven”-Konsumstatus im Onlinedating aufzubrechen. about this event: https://events.ccc.de/congress/2023/hub/event/vom_darkroom_in_die_blackbox/

Dec 30, 202342 min

Oh no: KUNO - Gesperrte Girocards entsperren (37c3)

Debitkarte/girocard geklaut? – Schnell sperren lassen … doch was, wenn die Sperrung nicht so wirksam ist, wie es scheint? Im Rahmen des Vortrages werden Datenschutz- und IT-Sicherheitsmängel im KUNO-Sperrsystem vorgestellt. Das System ist bei > 90 % der Händler in Deutschland im Einsatz und soll seit einem Beschluss der Innenministerkonferenz im Jahr 2005 garantieren, dass das elektronische Lastschriftverfahren (ELV) vor Betrug sicher(er) ist. Im Rahmen des Vortrages wird unter anderem aufgezeigt, wie es Unbefugten/Taschendieben (über Jahre) möglich war, gesperrte EC- & Debitkarten/ girocards für die ELV simpel zu entsperren. Darüber hinaus werden Streifzüge durch die Themen der IT-Sicherheit, des Datenschutzes und Payments vorgenommen – Vergnügen für alle Datenreisenden ist garantiert :) Weitere Infos zu den Lücken (Ende des Jahres) unter: https://giroday.de Das KUNO-Sperrsystem (Kriminalitätsbekämpfung im unbaren Zahlungsverkehr durch Nutzung nichtpolizeilicher Organisationen) wurde vor über 20 Jahren entwickelt, um Betrug mit EC-Lastschriftverfahren einzudämmen. 96 % aller Händler in Deutschland nutzen direkt oder indirekt die KUNO-Sperrdatei, um sich vor Betrug mittels gefälschter Lastschrift zu schützen. Das System wird vom EHI Retail Institute in Kooperation mit der deutschen Polizei und dem Hauptverband des Deutschen Einzelhandels betrieben. Pro Jahr laufen mehr als 120.000 Meldungen über das System. Im Rahmen einer Untersuchung konnte nun ermittelt werden, dass Taschendiebe die entsprechende Sperrung von Girocards/Debitkarten simpel aufheben und weiter Betrug begehen konnten. Durch eine Meldung im Rahmen eines Responsible Disclosure-Verfahrens konnten zahlreiche Mängel im Bereich Datenschutz und IT-Sicherheit aufgedeckt und behoben werden. Im Vortrag wird Tim Philipp Schäfers das KUNO-System genauer vorstellen und Streifzüge durch die Themen der IT-Sicherheit, des Datenschutzes und Payments vornehmen - Vergnügen für alle Datenreisenden (alle Level) ist garantiert :) Weitere Infos zu den Lücken (Ende des Jahres) unter: https://giroday.de Weitere Infos zum KUNO-Sperrsystem: https://de.wikipedia.org/wiki/Kriminalit%C3%A4tsbek%C3%A4mpfung\_im\_unbaren\_Zahlungsverkehr\_durch\_Nutzung\_nichtpolizeilicher\_Organisationen about this event: https://events.ccc.de/congress/2023/hub/event/oh_no_kuno_-_gesperrte_girocards_entsperren/

Dec 30, 202354 min

Self-cannibalizing AI (37c3)

What occurs when machines learn from one another and engage in self-cannibalism within the generative process? Can an image model identify the happiest person or determine ethnicity from a random image? Most state-of-the-art text-to-image implementations rely on a number of limited datasets, models, and algorithms. These models, initially appearing as black boxes, reveal complex pipelines involving multiple linked models and algorithms upon closer examination. We engage artistic strategies like feedback, misuse, and hacking to crack the inner workings of image-generation models. This includes recursively confronting models with their output, deconstructing text-to-image pipelines, labelling images, and discovering unexpected correlations. During the talk, we will share our experiments on investigating Stable-Diffusion pipelines, manipulating aesthetic scoring in extensive public text-to-image datasets, revealing NSFW classification, and utilizing Contrastive Language-Image Pre-training (CLIP) to reveal biases and problematic correlations inherent in the daily use of these models. The talk will be conducted by sharing various experiments we've done under the umbrella of generative AI models. We will begin with a general idea of how we, as artists/programmers, perceive these models and our research on the workflow of these constructs. Then, we will further elaborate on our exploration of the Stable Diffusion pipeline and datasets. Throughout our investigation, we discovered that some essential parts are all based on the same few datasets, models, and algorithms. This causes us to think that if we investigate deeper into some specific mechanisms, we might be able to reflect on the bigger picture of some political discourses surrounding generative AI models. We deconstructed the models into three steps essential to understanding how they worked: dataset, embedding, and diffusions. Our examples are primarily based on Stable-Diffusion, but some concepts are interchangeable in other generative models. As datasets and machine-learning models grow in scale and complexity, understanding their nuances becomes challenging. Large datasets, like the one for training Stable Diffusion, are filtered using algorithms often employing machine learning. To "enhance" image generation, LAION's extensive dataset underwent filtering with an aesthetic prediction algorithm that uses machine learning to score the aesthetics of an image with a strong bias towards water-color and oil paintings. Besides the aesthetic scoring of images, images are also scored with a not safe-for-work classifier that outputs a probability of an image containing explicit content . This algorithm comes with its own discriminatory tendencies that we explore in the talk and furthermore asks how and by whom we want our datasets to be filtered and constructed. Many generative models are built upon Contrastive Language-Image Pre-training (CLIP) and its open-source version, Open-CLIP, which stochastically relates images and texts. These models connect images and text, digitize text, and calculate distances between words and images. However, they heavily rely on a large number of text-image pairs during training, potentially introducing biases into the database. We conducted experiments involving various "false labelling" scenarios and identified correlations. For instance, we used faces from ThisPersonDoesNotExist to determine "happiness" faces, explored ethnicities and occupations on different looks, and analyzed stock images of culturally diverse food. The results often align with human predictions, but does that mean anything? In the third part, we take a closer look at the image generation process, focusing on the Stable Diffusion pipeline. Generative AI models, like Stable Diffusion, have the ability not only to generate images from text descriptions but also to process existing images. Depending on the settings, they can reproduce input images with great accuracy. However, errors accumulate with each iteration when this AI reproduction is recursively used as input. We observed that images gradually transform into purple patterns or a limited set of mundane concepts depending on the parameters and settings. This raises questions about the models' tendencies to default to learned patterns. about this event: https://events.ccc.de/congress/2023/hub/event/self-cannibalizing_ai/

Dec 30, 202353 min

Öffnet eure Spaces für Gehörlose! (37c3)

Hacken geht auch ohne Ohren! In den letzten zwei Jahren haben wir am lebenden Objekt erforscht, wie man Hackspaces für Gehörlose öffnen kann, so dass wir alle gemeinsam an Projekten arbeiten und cooles Zeug bauen können. Kommt vorbei, schaut/lauscht, und nehmt was mit nach Hause! Der Vortrag wird in der Österreichischen Gebärdensprache (ÖGS) gehalten und simultan zu Deutsch übersetzt (bzw. andersherum für Fragen). Hackspaces sind für Gehörlose nicht zugänglich, um ihre Kreativität auszuleben sowie nachhaltige Techniknutzung eigenständig zu erlernen. Das wissenschaftlich-künstlerische Projekt MACH’S AUF! setzt seinen Fokus auf die folgenden Fragen: * Wie kann Technik gestaltet sein, damit sie besser von gehörlosen Menschen genutzt werden kann? * Wie kann eine Zusammenarbeit zwischen Gehörlosen und Hörenden funktionieren? * Wie können Barrieren abgebaut werden, ohne dass gesellschaftliche Randgruppen davon benachteiligt werden? In den letzten zwei Jahren haben Oliver "fussel" Suchanek (es/ihm) und Franz "Stoni" Steinbrecher (er/ihm) viel Zeit, Aufwand und Sorgfalt in diverse Veranstaltungen, Workshops und Aufklärung gesteckt. Ermöglicht wurde das durch die finanzielle Unterstützung vom Chaos Computer Club. Das Ergebnis kann sich sehen lassen: Eine neue Community, in der Hörende und Gehörlose gemeinsam hacken, in der Gehörlose Maschinen bedienen, die vorher unzugänglich waren, und auch ganz neue Projekte wie zum Beispiel die ÖGS-Suchmaschine (http://suche.machs-auf.at/search). Über die Arbeit der ersten zwei Jahre wird Oliver "fussel" Suchanek berichten, so dass ihr unsere Ansätze auch in anderen Spaces anwenden könnt. Seid gespannt auf den Einblick … :) about this event: https://events.ccc.de/congress/2023/hub/event/offnet_eure_spaces_fur_gehorlose/

Dec 30, 202337 min

Dissecting EU electronic evidence (37c3)

The EU "e-evidence" regulation is a critical piece of new legislation directly affecting all EU citizens. Proposed in 2017, it has been completed in 2023 as has since become law, mandating a more or less direct, cross border access to all sorts of stored information by law enforcement. I will be addressing how individuals are affected and how the release of e-evidence works technically. Who are the actors? Which types of information can be requested? How are individual rights protected? Having worked on the cross border e-evidence dossier since it's inception in 2017, the talk aims to present an insider view on the proposed procedures and legal protections, the scope of the obligation on industry to promptly provide information to law enforcement as well as the status of the proposed technical implementation including the proposed authentication and encryption of requests as well as the response data provided. As an industry representative participating in the official EU e-evidence implementation task force I am going to take a look at the current, up to date status of the proposed implementation as well as the numerous grey areas to still be addressed both legally as well as technically to make the e-evidence dossier even remotely workable/acceptable for all parties concerned. about this event: https://events.ccc.de/congress/2023/hub/event/dissecting_eu_electronic_evidence/

Dec 30, 202342 min

The Ultimate SPC700 Talk (37c3)

The Super Nintendo Entertainment System's sound coprocessor, the S-SMP, runs on the mostly-forgotten SPC700 architecture. To understand why the sound of Super Metroid or SMW was so ahead of its time, we will look at all the details of how this processor works and how it plays music. The SPC700 by Sony is an 8-bit architecture that was developed and used as the S-SMP sound coprocessor in the Super Nintendo Entertainment System (SNES). A big leap ahead in sound synthesis capabilities, apart from these few years of glory in the 1990s the architecture enjoyed no further uses and has faded into obscurity outside SNES circles. This talk not only takes a look at the SPC700 architecture, which is both a usual and unusual 8-bit ISA, but also the sound and music capabilities of the SNES S-DSP that it was designed to control. The talk is designed to be approachable by anyone with a basic understanding of how a microprocessor works; in particular, it covers the basics of digital audio necessary to understand the S-DSP's sound synthesis features like ADPCM sample playback or echo buffers. about this event: https://events.ccc.de/congress/2023/hub/event/the_ultimate_spc700_talk/

Dec 30, 202359 min

A Libyan Militia and the EU - A Love Story? (37c3)

2023, Tariq Ben Zeyad Brigade (TBZ), a notorious East Libyan land-based militia, went maritime and completed the pullback regime which was installed by Italy and the EU from 2017. They were deeply involved in the failed passage of the boat that sank near Pylos, in which up to 500 people drowned. With the help of low-budget, open-source intelligence, we were the first to unveil how their new vessel operates in the Central Mediterranean and with which European actors they communicate. This talk provides you with the details. After the "summer of migration", from 2017 the EU and Italy set up and equipped the "coastguard" in Libya, consisting of militias, to take back boats with refugees to North Africa and put the people in torture camps. Frontex and a EU military mission take over the aerial surveillance for these pullbacks. 2023, Tariq Ben Zeyad Brigade (TBZ), a notorious East Libyan land-based militia, went maritime and completed this pullback regime. They were deeply involved in the failed passage of the boat that sank near Pylos, in which up to 500 people drowned. For the first time, we unveiled how their new vessel, sponsored by UAE, operates in the Central Mediterranean. We could spot them, intercept communication, and record their crimes. We managed to do so through low-budget, open-source intelligence, voluntary work, and our civil monitoring flights. Our talk materializes at the crossroads of no-border activist nerdiness and broader geopolitical reflections. Starting with our first-hand material, we show TBZ's close ties with condemned war criminals, the smuggling business, the United Arab Emirates, the Frontex agency, and European governments, namely Greece, Italy, and Malta. We see the media being barely interested in the intricacies of Europe's proxy actors, such as TBZ, that help uphold fortress Europe. We will use CCC to discuss what has little space in our daily public work: weird details, daring predictions, and complex interlinkages. about this event: https://events.ccc.de/congress/2023/hub/event/a_libyan_militia_and_the_eu_-_a_love_story/

Dec 30, 202358 min

Tech(no)fixes beware! (37c3)

Tech(no)fixes distract our minds and slow down necessary change. We will give examples, explain them and show you how to spot them. The climate catastrophe is imminent and global injustice is rising. Now a lot of new (in part digital) tech (AI, blockchain, big data, fusion, quantum computing, genetic engineering) is supposed to help the transition to a sustainable society. Although some of them can actually help with parts of the transition, they are usually discussed not as tools to assist the broader societal change (economic, legal, social, political changes) but as replacement for the broader societal change. In effect they act as "change placebos" resulting in "placebo change", meaning no change at all. Using concrete examples, this talk wants to 1) show in which ways technological fictions are misused as diversion from the necessary change or already existing other technologies, 2) present reasons and explanations for such misuse and 3) a simple method to spot tech(no)fixes. This talk underlines the necessity to design concrete technical use cases including their social conditions and limitations in order to create a fruitful debate for sustainability-assisting technologies and actually helpful implementations. about this event: https://events.ccc.de/congress/2023/hub/event/tech_no_fixes_beware/

Dec 30, 202345 min

Was haben Atome je für uns getan? (37c3)

Mal ehrlich, was haben denn Atome je für uns getan, also außer der Materie im Allgemeinen und Mate im Besonderen? Wir kennen „Quantum Computing“ oder auch „Quantum Communication“. Aber wie sieht es aus mit „Quantum Sensing“ – also quantenbasierter Messtechnik? Lasst uns mit Lasern auf ein paar Atome schießen und sehen, wie schwer die Welt ist. „Quantum“ macht ja alles besser, vielleicht auch die Messtechnik, mit der wir die Erde vermessen. In einem Beitrag auf dem 34C3 habe ich über die Vermessung des Schwerefeldes der Erde gesprochen, die uns einen Einblick in die Umverteilung von Massen auf und innerhalb der Erde ermöglicht. Mit Satelliten werden zum Beispiel die Massenveränderungen an den Eisschilden oder in kontinentalen Grundwasserspeichern beobachtet. Auf der Erdoberfläche selbst wird das Schwerefeld für Anwendungen in Geodäsie, Geophysik oder auch der Hydrologie lokal oder in kleinen Regionen mit Gravimetern am Boden, im Flugzeug oder auf Schiffen vermessen. Im terrestrischen Einsatz werden bereits seit wenigen Jahren so genannte Quantengravimeter eingesetzt, die das Prinzip der Atominterferometrie nutzen. In diesen Instrumenten werden fallende Atome mittels Laser manipuliert, um die Beschleunigung zu messen, der die fallenden Atome unterliegen. Für Weltraumanwendungen ist die Technologie derzeit in der Entwicklung und noch nicht im Einsatz. In diesem Beitrag gebe ich einen kurzen Überblick über das Thema „Quantum Sensing“ mit dem Fokus auf die Erdbeobachtung. Wir schauen uns die Technologie, Anwendungen und aktuelle Entwicklungen an und werfen einen Blick in die Förderlandschaft. Vielleicht starten wir ja auch noch SomeThingQT. about this event: https://events.ccc.de/congress/2023/hub/event/was_haben_atome_je_fur_uns_getan/

Dec 30, 202343 min

KI im Klassenzimmer - ein Update! (37c3)

Seit ChatGPT ist das Thema Künstliche Intelligenz mittlerweile an fast allen Schulen angekommen. Immer noch soll KI Lehrkräfte entlasten, doch mit der kommenden KI-Verordnung kann sich die Belastung einfach nur verschieben. Der Vortrag gibt ein Update zum Vortrag von der #rC3 2020, was nun konkret auf Schulen zukommen kann und wie KI tatsächlich zu Entlastungen beitragen kann. Schon länger experimentieren Bundesländer und Schulen zusammen mit EdTech-Unternehmen mit KI und Algorithmen in Learning Analytics-Programmen (LA) und sogenannten Intelligenten Tutor Systemen. Wie auch schon bei anderen technologischen Entwicklungen hängt auch bei KI die gesetzliche Regulierung der gelebten Praxis hinterher und Schulen oder auch Schulträger haben bislang keine rechtssichere Grundlage für die Arbeit mit KI. Noch. Doch bereits seit dem Frühjahr 2021 wird in Brüssel an der sogenannten KI-Verordnung gearbeitet, die diese Lücke schließen soll. Nun steht die KI-Verordnung kurz vor dem Abschluss und der Vortrag zeigt, was nun juristisch konkret auf Schulen, Schulträger oder Länder zukommen kann, und gibt ein Update zu den technischen und pädagogischen Herausforderungen, die der Einsatz von KI in der Schule mitbringt. Nur wenn KI richtig und geplant beschafft, eingesetzt und begleitet wird, kann sie zu Entlastungseffekten führen. Der Vortrag stellt die nötigen Schritte vor. about this event: https://events.ccc.de/congress/2023/hub/event/ki_im_klassenzimmer_-_ein_update/

Dec 30, 202342 min

Topf Secret (fireshonks)

Wir decken Probleme in der Gastronomie auf! ja lol ey wir haben da so Berichte IfG'd und lesen die halt vor. about this event: https://events.ccc.de/congress/2023/hub/event/topf-secret/

Dec 30, 202311 min

Zapfenstreich (37c3)

Die rapide Entwicklung autonomer Waffensysteme wirft drängende ethische und rechtliche Fragen auf. Ihre Anwendung hat kann weitreichende Auswirkungen auf militärische und zivile Bereiche haben. Der Vortrag beleuchtet die Technologien hinter dieser tödlichen Autonomie und veranschaulicht, wie die Kunstfreiheit von der Industrie angeignet wird, um Überwachungs und Militärtechnologie voranzutreiben. Welche Verwantwortung haben wir als Künstler\*innen, wenn wir digitale Werkzeuge verwenden ? Müssen wir stärker denn je unser Werkzeug und die Partner hinterfragen, denen wir helfen könnten, ihre tötlichen Technologien voranzutreiben ? Mit der raschen Entwicklung und Verbreitung von Roboterwaffen fangen Maschinen an, den Platz des Menschen auf dem Schlachtfeld einzunehmen. Einige Expertinnen aus Militär und Robotik schätzen, dass „Killerroboter" – vollständig autonome Waffen, die ganz ohne menschliches Eingreifen Ziele selektieren und angreifen können – innerhalb von 10 bis 15 Jahren entwickelt werden könnten. Aktuelle Beurteilungen des Militärs sagen aus, dass der Mensch immer eine gewisse Aufsicht über die Entscheidungen hat, tödliche Gewalt anzuwenden, jedoch lassen diese Aussagen oft die Möglichkeit offen, dass autonome Systeme eines Tages selbst die Fähigkeit haben, solche Entscheidungen aus eigener Kraft zu treffen, und somit der Mensch aus dem Entscheidungsprozess herausgenommen wird. In diesem Zusammenhang ist es wahrscheinlich, dass autonome Systeme in naher Zukunft auch in Drohnen und Systemen zum Einsatz kommen, die auf hoher See, an Land und im Weltall autonom operieren können. Und während die Drohnentechnologie als solche keine völkerrechtlichen Probleme bereitet, ist es im Falle von autonomen Waffensystemen, bei denen Entscheidungen über Leben und Tod an Maschinen delegiert werden sollen, die Technik selbst, die grundlegende ethische und (völker-)rechtliche Fragen aufwirft. Die Kriegssituation ist eine Welt der Algorithmen. Die Kunst ist der Anwalt der Gegen Algorithmen. Durch die Entwicklunge in diesem Bereich haben sich durch eine vielzahl an Ereignissen Akteure in Stellung gebracht und versuchen unter anderem mit Hilfe der Kunstfreiheit ihre Technologien in Europa zu verbreiten. Der Vortrag möchte aufzeigen, welche Künstlerischen Möglichkeiten es gegen den "Krieg der Algorithmen" gibt und die Frage aufwerfen, welche Verantwortung wir als Künstler\*innen bei der Nutzung von Technologie haben. Wir müssen stärker den je unser Werkzeug und die Partner hinterfragen, denen wir helfen könnten, ihre Technologien voranzutreiben. about this event: https://events.ccc.de/congress/2023/hub/event/zapfenstreich/

Dec 30, 202338 min

Analog rotary phones get a second life with raspberry pi (37c3)

An open source project involving an automated telephone exchange powered by Raspberry Pi, utilizing old rotary phones. The system imitates exchange setups from different countries across the globe, allowing users to feel the genuine experience. Rotary-dial analogue phones were once a necessity, but now they lay dormant on shelves or tucked away in attics. This is largely due to the replacement of traditional landlines with fibre-optic modems, rendering analogue phones obsolete. In addition to their sentimental value, rotary dial phones provide several advantages, including reduced electrosmog emissions, protection against eavesdropping, repurposing outdated technology, and promoting a slower pace of life. The contribution explains how to build a private telephone exchange for eight people using rotary dial phones. The exchange is powered by a Raspberry Pi and custom analogue electronics. The following themes are covered: - The construction of a PBX which resembles telephone exchanges in various countries worldwide, giving users a realistic experience. - Handling of call initiation, routing, full duplex voice transmission and human-machine communication. - The software implementation on the Raspberry Pi running Linux. - A study of enhancing the open-source software with additional functionalities. Due to the readily available Raspberry Pi hardware and software programmability, this project invites everyone to participate. about this event: https://events.ccc.de/congress/2023/hub/event/analog_rotary_phones_get_a_second_life_with_raspberry_pi/

Dec 30, 202342 min

Och Menno-Fails bei Unterhaltungsprodukten (fireshonks)

Hype war ja schon immer ein Keyfeature vieler Produkte. Auf dieser kleinen Reise reden wir passend zu einem Streamingevent über Videoschallplatten, VMD, DVD Plus oder Minus, Flexplay, Laserdisc, DIVX und vielleicht auch über ein paar Kickstarter. Es soll eine unterhaltsame Rundreise über Produkte die heute in unseren Wohznzimmern stehen könnten, es aber deutlich nicht tun. Welche Fails und Fehlentscheidungen haben dazu geführt ? Vergesst DVD, vergesst streaming. In der heutigen Folge des Failpodcast reden wir über Bildschallplatten und andere Hypegegenstände die spektakulär gefailt sind. Beim Och Menno Podcast geht es normalerweise über Sachen die irgendwie schief gehen. Diesmal halt in der Unterhaltungsindustrie. Es wird sich um eine Aufzeichnung handeln. about this event: https://events.ccc.de/congress/2023/hub/event/och-menno-fails-bei-unterhaltungsprodukten/

Dec 30, 202337 min

Should e-voting experience of Estonia be copied? (37c3)

Although electronic voting has been used 13 times in various elections in Estonia since 2005, the legal, procedural and technical problems are far from solved, but have rather backfired in political situation getting more complicated. Electronic voting is hard to observe because one can't directly see into computers. In case of Estonia, the cryptographic measures to verify the processes are only partially implemented, but as voters have to download a voting application that implements a protocol with a public specification, observers/voters can obtain a special insight into processes by implementing their own tools to cast and verify the votes. Engaging in that kind of participative observation with special tools in 2023 parliamentary elections in Estonia it appeared that the official voting software implemented the process that was not following the specification up to the point of diverging from requirements set in laws and subordinate regulative acts. In addition to couple of vote containers that were processed ignoring the requirements, in the end it appeared that arguably all 312 181 electronic votes cast with official voting application had invalid digital signatures and failed to specify electoral district in vote text. In paper ballot elections these kinds of ballots would have been declared invalid without hesitation, but electoral complaints filed about such electronic votes were dismissed without explanation of why ballots clearly not conforming to legal requirements were counted. This has resulted in a parliament where 22 of 101 representatives have arguably gained their mandate based on invalid ballots, but moreover this indicates that after about 20 years of electronic voting in Estonia, in order to run the elections huge amounts of legal and technical make-believe is needed. If manageable in small scale pilots and elections with low importance, this is hardly a case with 51% of the voters in parliamentary elections casting their votes online -- during times of political polarisation raising to unprecedented heights. about this event: https://events.ccc.de/congress/2023/hub/event/should_e-voting_experience_of_estonia_be_copied/

Dec 30, 202339 min

Blackbox Chemieindustrie (37c3)

Am Anfang von jedem Chip, jedem Computer, jedem Plastik steht die Chemieindustrie. Sie ist Deutschlands größter Industrieverbraucher an fossilen Ressourcen wie Öl und Gas. Wir stellen eine neue Studie „Blackbox Chemieindustrie“ des BUND zum Energie- und Ressourcenbedarf der Industrie vor. Die angeblich klimaneutralen Transformationspläne der Industrie werden kritisch hinterfragt und echte Lösungen werden aufgezeigt. Flammschutzmittel für Elektrogeräte, die Metalllegierung zum Löten und Plastik für fast alle Anwendungen im Alltag – all diese Materialen produziert die Chemische Industrie. Sie steht am Anfang der Wertschöpfungskette. Die Materialien, die sie herstellt definiert das Spektrum, mit dem Produktdesigner\*innen arbeiten können. Schockierend ist: Die Industrie verwendet nicht nur fossile Rohstoffe für viele ihrer Produkte, sondern ist auch größter Industrieverbraucher von Energie in Deutschland. Allein für die Produktion von Plastik für Verpackungen verwendet die Industrie in Deutschland mehr Primärenergie, als das Land Slowenien insgesamt. Viele Produkte der Industrie bergen Umwelt- und Gesundheitsgefahren und kein deutsches Chemieunternehmen hat eine Strategie ihre Schadstoffe zu reduzieren. Tatsächlich produzieren und exportieren die Unternehmen sogar weiterhin Schadstoffe, die in der EU längst verboten sind. Dass es so nicht weiter gehen kann erkennt auch die Industrie. Ihre angeblich klimaneutralen Transformationspfade sind technisch und wirtschaftlich nicht sinnvoll und gehen mit einem enormen Anstieg an nicht verfügbarer erneuerbarer Energie und Wasserstoff einher. Der Bedarf übersteigt was die Bundesregierung für ganz Deutschland vorsieht. Wir zeigen auf: Die Transformation der Chemieindustrie kann nicht nur innerhalb dieser Branche gedacht werden. Es darf jetzt nicht in Technologien investiert werden, die Scheinlösungen sind. Die Herausforderungen Klimakrise, Verschmutzung und Biodiversitätskrise müssen jetzt angegangen werden durch echte Defossilisierung, Ressourceneinsparung und Kreislaufwirtschaft und einer Umstellung auf sichere und nachhaltige Chemikalien. about this event: https://events.ccc.de/congress/2023/hub/event/blackbox_chemieindustrie/

Dec 30, 202341 min

Link-Extremismus und Pressefreiheit (37c3)

Ein Journalist von Radio Dreyeckland steht vor Gericht, weil er das Archiv der verbotenen Internetplattform linksunten.indymedia verlinkt hat. Der Vortrag gibt einen Einblick in das Verfahren und zeigt, wann Links strafbar sein können – und wann nicht. Im Januar 2023 kam es zu Durchsuchungen der Redaktionsräume des Senders Radio Dreyeckland sowie der Wohnungen zweier Journalisten. Anlass der Durchsuchungen und der Beschlagnahme mehrerer Laptops war ein Artikel des Senders, in dem auf ein Archiv von linksunten.indymedia verlinkt wurde. Die Internetplattform war 2017 nach Vereinsrecht verboten worden. Die Staatsschutzabteilung der Staatsanwaltschaft Karlsruhe sieht in dem Artikel eine strafbare Unterstützung einer verbotenen Vereinigung. Das Oberlandesgericht Stuttgart hat inzwischen – anders als zuvor das Landgericht – die Anklage gegen den Journalisten zugelassen und entschieden, dass die Durchsuchung rechtmäßig war. Die Hauptverhandlung soll im kommenden Jahr stattfinden. Der Vortrag gibt einen Einblick in das Verfahren und ordnet es kritisch ein. Dabei wird insbesondere der Frage nachgegangen, wie Links rechtlich zu bewerten sind und wie der Staat gegen (linke) Medien vorgeht. about this event: https://events.ccc.de/congress/2023/hub/event/link-extremismus_und_pressefreiheit/

Dec 30, 202340 min

Making homebrew for your very own Vector Super Computer (37c3)

The NEC Vector Engine (VE) isn't a GPU. It's a member of the only family of vector computers still alive today. Imagine a second CPU with a different instruction set running on the same Linux system. While obscure, it's a very approachable and hackable platform that is an addictingly fun machine to program and allows you to play with all the technologies seen in high-performance computing (HPC) today. I am going to cover lightheartedly what a small community learned about this singular hardware they shared: bemoaning a dangerous power plug standard, (ab)using this scientific simulation power house to run code never intended, some firmware and driver reversing, "rooting" a VE and more. I will also be giving an introduction to core concepts in HPC with knowledge transferable to any other (university) computer cluster and hopefully encouraging students and scientists to use those by making them seem less alien and hostile. The talk will explain unfamiliar concepts in more common terms like: Vector registers are just registers where CPUs can store multiple numbers which belong together and are processed independent of each other together in same operation. This allows a higher processing performance similar to how moving a pallet of same sized boxes can be quicker than just moving the boxes on their own. And will then use those new terms drawing comparisons like: 512 bits long are the largest vector registers available with any other CPU available today compared to 16348 bits long vector registers of which each VE core has 64 of. This puts it in a class of its own among CPUs. If you weren't scrared off by this you shouldn't find the talk to technical. If you have a deep grasp on computing technology and wonder if this talk might interesting then you will hear about some implementation choices from NEC drawing reactions deep from the Kubler-Ross stages of Grief. There will be a short introduction to the VE instruction set highlight a few instructions which are "fun" or otherwise "interesting" and might have some general computing https://en.wikipedia.org/wiki/Fast\_inverse\_square\_root trivia https://vaibhavsagar.com/blog/2019/09/08/popcount/ associtated. The different offloading modes of a VE are introduced, one of which is enterily novel and which also emphasizes the uniqueness and sheer quirkyness. Programs executing on a Vector Engine run in a Linux environment thus one could make many applications run on this accelerator unlocking GPU like performance for them without a need for rewrites if said code can make use of these big vector registers and the massive memory bandwidth available to them. So it's unsupprising that it is enourmously fun to touch up identified bottelnecks and see some application get 200x faster with handful of fixes. We can call hardware homebrewed if we make 2048 run on it, can't we? The presentation about hacks people which joined my "vect.or.at" Vector Engine PUBNIX (basically a shared linux computer) did will cover such speeds ups, mention the state of an ongoing attempt to port the Rust programming languages to it, attempts of digital perservationism and progress towards making the vector engine truely yours by "rooting" it to mess with hardware settings otherwise unavailable. The introduction to HPC portion will be structured as an argument claiming "A NEC Vector Engine would turn your (Linux) computer into a small super computer" and use this as motivation to introduce what such a super computer or HPC cluster is, how you can make it work for you and common software packages used. A few performance "tripping" hazards also are mentioned. about this event: https://events.ccc.de/congress/2023/hub/event/making_homebrew_for_your_very_own_vector_super_computer/

Dec 30, 202339 min

Fortbildung Cyber-Astrologie & KI-Karma (37c3)

Dass es sich bei Digitalisierung um eine magische Angelegenheit handelt, der durch Regulierung großer Social-Media-Konzerne per Definition nicht beizukommen ist, ist auf politischer Ebene schon lange bekannt. Der Markt für esoterische Dienstleistungen rund um Digitalisierungsfragen ist daher vermutlich immens – und eröffnet viele Möglichkeiten für cyberfeinstofflich begabte Entrepreneurs & Digital-Okkultisten. Ganz nebenbei lernen wir, welche Maschen unseriöse Akteure (auch jenseits der Eso-Szene) anwenden, um mit den Sorgen und Ängsten von Menschen Geld zu machen. In diesem kostenlosen Basis-Seminar werden Dir die wichtigsten Skills zur Erbringung ganzheitlicher Digital-Spiritualitäts-Dienstleistungen vermittelt, mit denen Du direkt in die Selbstständigkeit durchstarten kannst. Wir lernen von den Besten – wir lernen vom Esoterik-Markt, der ja bekanntlich nicht erst seit der Crosspromotion in einschlägigen Corona-Telegram-Gruppen boomt: 1. Digital Forecasting: Warum umständliche Modelle konzipieren, wenn Du den direkten Zugriff auf die Akasha-Datenbank der Weltweisheit verkaufen kannst? In diesem Block geht es um die wichtigsten Wahrsager-Skills (Cold Reading, Hot Reading, Barnum-Effekt). 2. Healing statt Patching: Anwendung ganzheitlich-spiritueller Security-Konzepte auf homöopathischer Basis für Kundennetzwerke mit Schwerpunkt auf dem souveränen Umgang mit Beschwerden & Erstverschlimmerungen. 3. Belebte Netzwerke: Lehren aus der Wasserbelebung & kompatible Geschäftsideen („Serverraum der Neuen Zeit“, Manifestieren von RAM, KI-Karma) 4. Mental-Antivirus: Installationsanleitung für feinstoffliche Unterstützungssoftware zur Ego-Mitigation (thought terminating cliches, Conspiracy & Cult-Groupware as a Service) 5. Upscaling: Innovative Pyramiden- und Schneeballsysteme zwecks ganzheitlicher Gewinnabschöpfung. Melden Sie sich jetzt für das KOSTENLOSE Basis-Seminar an, und Sie bekommen (wenn die Speicherblöcke günstig stehen) unseren limitierten feinschwingenden 5G-Sticker für ihr EDV-Gerät GRATIS dazu. +++ von unabhängigen Cyber-Schamaninnen empfohlen +++ Bild: Charlotte von Hirsch about this event: https://events.ccc.de/congress/2023/hub/event/fortbildung_cyber-astrologie_ki-karma/

Dec 30, 202341 min

Mobile reverse engineering to empower the gig economy workers and labor unions (37c3)

[Reversing.works](https://reversing.works) will outline five years of experience linking trade unions, gig economy workers, GDPR and mobile app reverse engineering. Goal: to replicate an effective form of resistance. This talk will describe our efforts to introduce a new toolkit and mindset for unions and gig workers, which is essential in an era where, for a growing number of people, "an app is their boss". Our work highlights the critical role of technical literacy in improving workers' bargaining power, particularly in collective bargaining. By demystifying the technology that governs them, we aim to equip workers with the tools to assert their rights and shape a fairer working landscape. Since 2019, our team, back in time known as [Tracking.Exposed](https://tracking.exposed) and now operating as [Reversing.Works](https://reversing.works), has focused on connecting mobile app reverse engineering with GDPR and workers' rights. We want to tell this story, all the missteps, the low-hanging fruit that hacktivists across Europe can grab, and the opportunities that new regulations open up in this sense. In 2023, a [report](https://reversing.works/posts/2023/10/report-exercising-workers-rights-in-algorithmic-management-systems/) written for the European Trade Union Institute summarized our investigation into Glovo, in this talk we'll talk about how to repeat the investigations and, with varying complexity, how unionist and activists can start identifying potential data breaches and labor rights violations in mobile apps used by gig economy workers. about this event: https://events.ccc.de/congress/2023/hub/event/mobile_reverse_engineering_to_empower_the_gig_economy_workers_and_labor_unions/

Dec 30, 202341 min

Getting started with threat modelling (fireshonks)

How to take your first steps in threat modelling, or an opportunity to extend and/or reorient an existing threat modelling programme. Systems created by humans will contain flaws. In order to shine a light on these flaws, you can use a technique called threat modelling. There are hundreds if not thousands of different threat modelling methods that can be used to tease apart the structure of a system in search for security issues. In this talk, we will cover the key principles behind these methods, enabling anyone to study and mend the architecture of a system. In covering the basics, we will also critically reflect on the direction of much research and practice, sketching the relevance of threat modelling for addressing contemporary challenges and highlighting the role that you can play in making a security impact. *As preparation for or follow-up of this talk, [see this recorded training](https://archive.org/details/getting_started_with_threat_modelling).* *The recorded training can be watched either before or after the live talk. The talk takes a more reflective and critical look at threat modelling, diving into its underlying history and the current state of research, while also providing a space for Q&A and the sharing of experiences.* about this event: https://events.ccc.de/congress/2023/hub/event/getting-started-with-threat-modelling/

Dec 30, 20231h 26m

From Hacker to Furry - Why cat ears are just the beginning (37c3-meta)

The chairman of Europe's biggest furry conference explores the metaphysical and historical connection between furries and the information technology / hacker sphere through a bunch of war stories, anecdotes and drunken shower thoughts. Also a chance to ask a fandom veteran anything you can come up with you always (or never) wanted to know about furries. The chairman of Europe's biggest furry conference explores the metaphysical and historical connection between furries and the information technology / hacker sphere through a bunch of war stories, anecdotes and drunken shower thoughts. Also a chance to ask a fandom veteran anything you can come up with you always (or never) wanted to know about furries. about this event: https://c3voc.de

Dec 29, 20231h 19m

Och Menno (37c3)

Das merkwürdigste aus militärischer Forschung. Military grade Firewall, Military grade Vollbit Verschlüsselungen etc .. das neuste Buzzword wird wieder durch das Marketing getrieben ? Als Gegenargument gibt es nun die besten militärischen Fehlentwicklungen aus 4 Jahren Och Menno Podcast. Fliegende Panzer und Uboote sind ja genauso logisch wie das vom Marketing. about this event: https://events.ccc.de/congress/2023/hub/event/och-menno-military-grade-bullshit/

Dec 29, 202339 min

What your phone won’t tell you (37c3)

Your phone’s internal communication contains precious data. It can be analyzed to detect fake base stations used in cellular attacks. For that, we reverse-engineered a proprietary communication channel between the phone’s OS and modem. Connecting to cellular networks around the world is a highly complex task. iPhones contain a baseband chip (also referred to as a modem) for that purpose. It communicates via a high-level interface with the smartphone’s application processor running iOS. So far, Apple hasn’t been able to build such basebands in-house. Instead, starting from the iPhone 12, they exclusively rely on Qualcomm basebands. Qualcomm’s basebands use a proprietary protocol for external communication, the Qualcomm MSM Interface. We reverse-engineered its iOS implementation and built a framework to extract the protocol’s packet structures from iOS firmware. Our iOS Wireshark dissector uses these packet structures and enables us to monitor the flow of packets between the baseband and iOS. This allows us to gain new insights into the iPhone’s wireless communication infrastructure, including its satellite connectivity. Our tooling also provides a novel way to directly interact with the baseband chip in jailbroken iPhones, bypassing iOS and unlocking hidden capabilities of the baseband. Fake or Rouge base stations can be set up by individuals using readily available software-defined radios. Adversaries can utilize them to capture IMSIs of nearby smartphones, track their location, or exploit vulnerable basebands. iPhone users usually don’t notice such attacks, and there are (almost) no protection mechanisms implemented in iOS. During our research, we discovered Apple’s internal cell location database, which is intended for determining approximate positions. Our CellGuard iOS app combines this database with the QMI analysis framework to monitor various parameters of connected cells, verify their authenticity, and alert users in case there’s suspicious activity. The app even works on non-jailbroken iPhones. We evaluated the app in a lab environment with SDRs and real-world tests since February 2023 and are steadily improving it for a release next year. about this event: https://events.ccc.de/congress/2023/hub/event/what_your_phone_won_t_tell_you/

Dec 29, 202338 min

Breathing Life into Legacy: An Open-Source Emulator of Legacy Apple Devices (37c3)

This talk presents QEMU-iOS, an open-source emulator of legacy Apple devices. I outline the process of emulating an iPod Touch 2G, discussing the technical challenges and reverse engineering methodologies applied. The talk starts with an overview of the project's goals and then outlines the reverse engineering process, utilizing tools like Ghidra for disassembling the Apple bootloader, XNU kernel, and other binaries. Then, I describe QEMU, a popular framework for emulation, and show how essential iPod Touch peripherals such as the touchscreen, storage, and display have been implemented. Finally, this talk touches upon the implications of open-sourcing this project, its contribution to the emulation and reverse engineering landscape, and its potential for future efforts to emulate newer Apple devices. During the past decades, Apple has created iconic devices that have found a place in the hands and hearts of millions of people around the world. As many of these devices have become obsolete, the importance of preserving their digital essence has grown. The emulation of legacy devices with software allows enthusiasts and researchers to explore and interact with them long after the original hardware has ceased to be available. Emulation, therefore, allows the digital preservation of obsolete hardware, ensuring these devices are accessible to future generations. This talk describes a multi-year project named QEMU-iOS that lays the groundwork for emulating legacy Apple devices. In particular, we have focussed on emulating the iPod Touch 2G using QEMU, an open-source framework for hardware emulation. Yet, even emulating an old device with a few peripherals compared to contemporary devices is challenging since the specifications and inner workings of many peripherals are proprietary and completely undocumented. The talk first describes the overall project motivation, goals, and vision. Then, I will discuss the reverse engineering process where multiple undocumented peripherals of the iPod Touch have been analyzed to understand and replicate their specifications in software. A key talking point will be the working of essential peripherals, including the cryptographic engines, the LCD, the Flash memory controller, various hardware communication protocols, the touchscreen driver, and other peripherals. The talk will also detail the booting procedure of the iPod Touch, elaborating on the emulation of the iBoot bootloader, the XNU kernel, and the Springboard application in iOS. Getting the boot chain up and running required extensive debugging efforts using powerful reverse engineering tools such as Ghidra to disassemble and analyze all essential binaries in the boot procedure. After outlining the reverse engineering process, I will present the implementation of QEMU-iOS, which entails a functional emulator that boots the iOS operating system, renders the display, and responds to touches on the screen. The final part of this talk will touch upon the implications of open-sourcing this project, its contribution to the broader emulation and reverse engineering landscape, and the potential it holds for future efforts in emulating other legacy Apple devices, as well as the viability of emulating newer devices with advanced peripherals such as the Neural Engine. I will also discuss existing approaches, highlight where QEMU-iOS differs, and summarize the lessons learned while emulating these devices. This talk is designed for a wide range of people, whether you are new to reverse engineering and emulation or have experience in these fields. The goal is to explain the technical challenges faced during this project in a way that's easy for beginners to understand while also providing more in-depth insights I discovered while working on QEMU-iOS. Through this talk, the aim is not only to share the technical knowledge gained from this project but also to explore the merits of emulation and reverse engineering to keep old devices alive. about this event: https://events.ccc.de/congress/2023/hub/event/breathing_life_into_legacy_an_open-source_emulator_of_legacy_apple_devices/

Dec 29, 202341 min

Bringing the Hack Back into the Chaos (fireshonks)

While more and more hackerspaces have been founded in the recent years, there are many different topics that are being discussed at the same time: AI, 3D printing, Arduino, social and political questions, and lots more. Where are the hacks though? Things are happening, and with this talk, we want to talk about them and call for exchange. At Chaospott in Essen, we have developed rich tools to interact with and inspect hardware, enabling people to bring their gadgets to new life and run their own code, be it on TV boxes, network cameras, or appliances of various kinds. In other words, should a cloud service go down or unmaintained software get compromised, we revive what would otherwise be bricks. about this event: https://events.ccc.de/congress/2023/hub/event/bringing-the-hack-back-into-the-chaos/

Dec 29, 202357 min

Buffered Daemons (37c3)

The work titled Buffered Daemons is a sound performance that attempts to explore the concepts of translation and non-local interaction in the sound realm. It does so by playing with the idiosyncrasies of audio representation/playback and mobilises them through the creation of an expanded musical situation. In the piece, three different containers of sound are presented: acoustic(Sound diffusion in the architecture), digital (computer based sound algorithms) and analogue (electromagnetic tape and analog processing). This containers, or buffers, are then being intertwined by the performer creating thus sonic textures that interplay with the resonances of the space. The strategy for the sound performance is to articulate a metaphor of a circular-buffer, a data structure used in Computer Science, to the idea brought upon in Derrida’s interview with Ornette Coleman, in which Improvisation practice in music is understood as a reading in which the borders between reading and writing are obfuscated. The work is inspired by the concept of daemon and non-locality explored by Timothy Morton in his reading of Plato’s Ion as well as Ursula K. Le Guin’s The Carrier Bag Theory of Fiction. about this event: https://events.ccc.de/congress/2023/hub/event/buffered_daemons/

Dec 29, 202331 min

Encapsulated Electromyography with Myo and Raspi (fireshonks)

Let's talk ten year old tech! The myo armband was once a really strange way to control a computer, and then became a way to do fine-grained myomuscular electrical detection research. This is a talk about how to hook a myo to a Raspberry Pi 3B+ in 2023, and from there how to have the armband communicate over serial to other devices. We choose to use it to control a Programmable Air system for pneumatic control of muscular robots. Let's talk ten year old tech! The Myo armband from Thalmic Labs was once a really strange way to control a computer, and then became a pretty good way to do fine-grained myomuscular electrical detection research for prosthetics. These processes usually have a high cost or involve less-portable computing systems. In order to make a robotic effect that can be deployed apparently independently, it's more interesting to have a low-cost, encapsulated system. In this talk we'll walk through what it takes in 2023 to have a Thalmic Myo armband talk to a Raspberry Pi 3B+ using Python. We'll provide a demonstration of a pneumatic robot based on the Programmable Air system controlled over serial using the armband. The goal of this project is to have access to strong mechanical advantage without the compromises of servos or stepper motors, and with some of the organic feel possible with air or water systems. about this event: https://events.ccc.de/congress/2023/hub/event/encapsulated-electromyography-with-myo-and-raspi/

Dec 29, 202340 min

Rückkanal bei der Podcasterei: (37c3)

Offene Diskussion im Fishbowl-Format: <a href="https://sendegate.de/t/37c3-session-rueckkanal-bei-der-podcasterei-twitter-ist-tot-es-lebe-das-fediverse/16719">https://sendegate.de/t/37c3-session-rueckkanal-bei-der-podcasterei-twitter-ist-tot-es-lebe-das-fediverse/16719</a> about this event: https://events.ccc.de/congress/2023/hub/event/rckkanal-bei-der-podcasterei-twitter-ist-tot-es-lebe-das-fediverse/

Dec 29, 20231h 22m

Unlocked: PICing a wireless door access system (37c3)

Mainframe, Oldenburg's Hackerspace, needed a wireless door lock solution. We do not trust vendors advertising promises about the device security and had a closer look. Attend this talk for a presentation about an unusual variant of lock picking, which does not involve any wrenches, hooks or half-diamond picks. Instead the used tools are a software defined radio, PIC programmer and some self-developed software to gain access without using the original key remote control. If you had fun watching the [Hörmann BiSecur talk at 34C3](https://media.ccc.de/v/34c3-9029-uncovering_vulnerabilities_in_hoermann_bisecur), this talk is for you! If you haven't watched it, it is highly recommended to catch up on it before attending this talk. While it is about a different product from a different vendor, there are many parallels and it can be seen as a sequel talk. The plan for this talk is to first have a look at the radio signals from the door lock using a SDR. After making sense of the used message protocol, the hardware is analyzed to understand how it works and how to get access to the used micro-controllers (PIC18LF45K80 & PIC16LF1829). In the next step, the firmware from the read-protected PIC microcontroller is extracted by extending the existing PIC attacks. Last but not least the results will be demonstrated. about this event: https://events.ccc.de/congress/2023/hub/event/unlocked_picing_a_wireless_door_access_system/

Dec 29, 202338 min