
Chaos Computer Club - archive feed
14,494 episodes — Page 50 of 290
PID Loops Control All the Things (camp2023)
Hidden inside basically every physical machine that needs precise control, PID loops are running the show. Quadcopters, self-balancing robots, and even the hot end of your 3D printer all use the same simple routines. Knowing how they work, deep down, and how to set their mystical three parameters is part art and part science, but it's nothing you can't pick up in a quick talk. Nothing explains complex math better than a few hands-on demos, and we'll definitely be tempting the fates here. By the end, you should be confident enough to code up your own PID routines from scratch and get started tuning. about this event: https://pretalx.c3voc.de/camp2023/talk/3HXEEC/
flow3r Badge (camp2023)
Die langjährigen CCC Badge Team Mitglieder schneider und Sec lassen sich von Andi auf der grauen Couch im C3VOC.tv Studio 1 ausfragen. about this event: https://pretalx.c3voc.de/camp2023/talk/1484/
c3 MorningShow (camp2023)
Wetter, Verkehr, etc. about this event: https://pretalx.c3voc.de/camp2023/talk/3HFNWT/
DON’T PANIC (camp2023)
Love it or hate it, blockchain has become a playground for technologists. Blockchain also fuels criminal ecosystems through major hacking incidents. In this talk, we aim to shed light on the most common bug types found in one of the main blockchain frameworks (Substrate) and provide insights and tools to find them. Blockchain bugs present unique challenges for developers and security testers. Drawing from several hundred blockchain security issues we reported, we identified five common issue types. We discuss the potential impact of each issue type and provide practical tips for testing blockchain systems. To promote accessibility to blockchain hacking, we release a fuzzer for Substrate-based chains. During the talk, we demo the fuzzer and showcase typical bugs, including arithmetic errors, reachable panics, and others. about this event: https://pretalx.c3voc.de/camp2023/talk/LMWGLZ/
Mastering the Maze (camp2023)
## How can artificial intelligence support penetration testing? Most processes in for the penetration-testing cycle require detailed knowledge, time and human resources. While the are sophisticated scripts for the reconnaissance and various exploits, creating a detailed plan of the attack path can be complicated and laborious. The use of an enforcement learning algorithm can help penetration-testing identify the various attack vectors and provide a detailed overview of the system landscape. This can automate important aspects of the process and make it more efficient. We like show an overview, on how reinforcement learning can be integrated into the penetration testing process to gain automated access to a system landscape. To achieve this, we show approaches how an AI can be used for lateral movement within the system landscape to subject an entire landscape to the penetration-testing process. We like show an overview, on how reinforcement learning can be integrated into the penetration testing process to gain automated access to a system landscape. about this event: https://pretalx.c3voc.de/camp2023/talk/XBQFGK/
Defeating planned obsolescence for Cisco Meraki switches (camp2023)
Cisco Meraki Ethernet switches are cloud-managed and require a license to function, or do they? In this talk I will discuss developing a FOSS firmware for various Meraki switch models and the challenges faced. This talk will include a hardware overview of various Cisco Meraki Ethernet switch models (past and present). We will look into the Cisco Meraki stock firmware, boot process, and switch management software. Finally, we will discuss the current state of support and what the future holds for open-source firmware on Cisco Meraki network devices. about this event: https://pretalx.c3voc.de/camp2023/talk/Z87KAX/
Peeking over the tape moat (camp2023)
As the threat of ransomware continues to grow, many organizations look towards magnetic tape storage solutions to provide a last line of defense for their data. Tape has a number of interesting properties which set it apart from flash and spinning disk technology, such as an air-gap between the storage media and the reading/writing device, immutability of written data, and a long shelf life. These make it an attractive option for keeping data safe over longer periods of time. Doomsayers have long foretold the death of tape, yet there has never been more data stored on it than today. Tape system users include major financial institutions, government archives, and hyperscaler cloud providers, just to name a few. This presentation will give an introduction to data storage on tape media, potential attack vectors, and mitigations for these. This presentation will have two parts: A brief introduction to how magnetic tape works and is used in a data center, followed by security aspects from an operator's point of view. This presentation is of course just my thoughts on tape and in no way shape or form organized by, approved by, or representing the views of CERN the organization. about this event: https://pretalx.c3voc.de/camp2023/talk/CSYA7B/
Physical Vulnerability Research (camp2023)
Exploring the methodology and exploitation of physical security systems. Locks, access control and alarm systems with real life examples and the practical exploitation thereof. With digital security crossover. about this event: https://pretalx.c3voc.de/camp2023/talk/ADJX98/
DearMEP (camp2023)
How to hack the European Parliament by giving voters a voice in the decisions on the floor. Contacting your representative in Parliament is not as easy as it should be. What are their email addresses, phone numbers, social network profiles? Are they in Brussels or in Strasbourg right now? How much will it cost to call someone in France anyway? What should you even say to them? And does it even make sense to talk to that particular person, or are they so fundamentally opposed to your request that it would be a waste of time? The tool we are developing aims to bring citizens closer to their elected representatives. It empowers users to contact Members of the European Parliament (MEPs) efficiently and with a low entry barrier. The software takes the burden away from users to understand the EU and which MEPs are best to contact on a particular issue. It also knows how to contact them, and even allows the user to call them free of charge. DearMEP is being developed as a white label solution that can be applied to any EU level decision that has to be voted upon in the plenary of the European Parliament. NGOs that campaign around an EU decision can use the software to mobilize the public efficiently with the goal to influence particular plenary votes. Currently, the DearMEP software is tailored to address the whole European Parliament and to be used by citizens from all EU countries to contact MEPs from their countries. In this presentation, we would like to show you the current development state of this tool. We are planning to use DearMEP in the ongoing campaign against the chat control proposal. After that legislative file has concluded, we will release the software under the AGPL free software licence. During the CCCamp we will provide access to the current beta. We would love to hear your feedback. Drop us an email at [email protected]. about this event: https://pretalx.c3voc.de/camp2023/talk/7VSZTC/
Horror Stories from the Automotive Industry (camp2023)
In this talk, we will revisit some of the scariest stories we faced during more than 50 penetration testing and security research projects, with a twist. In the ever-emerging industry of automotive, with old and new OEMs trying to get a share of the pie, many things are at stake, with many things getting overlooked, forgotten, or even deliberately covered. We will go through a journey of critical findings in different targets and the constant battle between penetration testers, developers, and mid to upper management. This will help the audience get an understanding of how the industry behaves right now, what they (and what we) are doing wrong, and how the future of automotive security should be shaped, not only for the sake of security, but also for the sake of safety and reliability. This talk will try to raise awareness on the current state of automotive security, how does the industry behave in the whole spectrum of it (100-year-old OEMs to 2-year-old OEMs and Tier 1 suppliers) and ultimately try to propose a way forward for both the automotive and security industries, with the goal being a safer and more reliable future for everyone, in and out of the streets. Working with some of the biggest OEMs and Tier 1 suppliers on pre-production vehicles gave us an understanding and experience of the whole spectrum of developing a vehicle, from architectural design to homologation and sales. This led us in many realizations and pitfals that the automotive industry falls into, and in order to avoid another Miller/Valasek we have to educate the people of the industry. While most of the people/companies in this industry try to keep the gates closed for apparent reasons, we try to share as much as possible, with the hope of making a change to the industry that will have an impact on how and where it progresses in the future. about this event: https://pretalx.c3voc.de/camp2023/talk/UEHEVD/
Sex Workers Versus Surveillance (camp2023)
Sex workers have always been at the vanguard of technology—in ways that protect and restrict their rights. Laws and policies that impact sex workers never stop at this population so it is imperative that these case studies reach general audiences concerned with human rights as a whole. This talk will include a history of surveillance mechanisms directed against sex workers and will focus on the ways and means that digital surveillance has been impacting sex worker rights of mobility and free expression in recent years. New laws enforcing the censorship of pornography and the collateral damages they levy on reproductive health and LGBTQ+ community building will be discussed as well as border crossing and payment processing. Information about how AI and facial recognition software target sex workers will be detailed as well as the tools, advocacy, social engineering strategies sex workers can use to fight back. This talk is not limited to sex workers and their allies. It will include a primer on why sex worker rights include all human rights and show evidence that these laws are not limited to sex workers at all. LGBTQI+ people and reproductive health activists will be immediately impacted as well as all people who believe in the freedom of information. about this event: https://pretalx.c3voc.de/camp2023/talk/8HF9X9/
Chiptune with GameBoys and Nanoloop2 (camp2023)
Chiptune , 16 step looper, live performed on a NDSLite I make chiptune using Game Boys with the software called Nanoloop2. I will play for 1 hour. You might have heard my loops at Congress, GPN, SHA, CPU and MRMCD. I wrote a few new ones that I presented at GPN21 which can be heard here: https://www.youtube.com/watch?v=-VNmZGe2SN0 For other sound samples please visit my profile https://chaos.social/@bobo_pk or have a look at https://peertube.1312.media/w/cu1fPFfy49kgFhzs8NrgJp UPDATE: btr and nr4 will perform live visuals. I gave this workshop and am planning on doing it again on camp as SOS if you are interested. https://cfp.gulas.ch/gpn21/talk/L8CRA8/ about this event: https://pretalx.c3voc.de/camp2023/talk/MEMSEH/
TrustMeRelay? Investigating Apple's iCloud Private Relay (camp2023)
Apple strongly emphasizes the security and privacy of its devices and services. I analyze the dual-hop architecture, deployed protocols, and inner workings of their privacy-centric, VPN/Tor-alike service iCloud Private Relay. I will talk about my reverse engineering process and falsify Apple's privacy by design and access control claims. Apple's iCloud Private Relay is a novel Internet privacy service allowing users to securely and privately browse the Internet. It is directly implemented into Apple's operating systems and included with all iCloud+ subscriptions. Compared to traditional VPN services, Private Relay's dual-hop architecture separates the knowledge of the user's IP address and their destination website between two different Relays. Apple operates the first Relay while the second one is by one of its four partners: Akamai, CloudFlare, or Fastly. Apple claims its architecture enforces enhanced protection of users' privacy ("privacy by design") while still providing a high-performance browsing experience. Their president of software engineering, Craig Federighi, even mentions that Apple does not want users to have trust in them. Further, the company claims its service incorporates anti-abuse and fraud prevention mechanisms. As Private Relay validates any connection at the account and device level, website operators can trust them. I reverse engineer Private Relay's macOS implementation, present its involved technical components and how they collaborate. With that gained knowledge, I analyze authentication and authorization mechanisms deployed by Private Relay regarding potential ways of abuse. Furthermore, I review the privacy claims regarding the architecture and its deployment. about this event: https://pretalx.c3voc.de/camp2023/talk/7RDPNH/
Fantastic build system failure modes and how to fix them (camp2023)
Rebuilding target files when source files have changed is seems easy, but is not. Commonly used build systems (make, ninja, etc.) are often unable to guarantee both that they rebuild only what needs to be rebuilt and that they do not rebuild what does not need to be rebuilt. I will show how to reliably encounter common build system failure modes and explain which architectural choices lead to those. Using DJB's “redo” design as an example, I will show how build system architecture determines if failure modes can be addressed at all. Lastly, I will speculate why many developers dismiss such issues before encountering them – and some even do afterwards. ”Listen Morty, I hate to break it to you, but what people call a build system is just a bunch of rules that compel computers to output garbage. It hits hard, Morty, then it slowly fades, leaving you stranded with a mis-compiled binary. I did it. Your friends are gonna do it. Break the cycle, Morty. Rise above. Focus on build correctness.” about this event: https://pretalx.c3voc.de/camp2023/talk/CFASNP/
A spontaneous introduction to the demoscene (camp2023)
Because a scheduled speaker didn't appear, BoboPK steps in and gives a short introduction und wrap up of the demoscene. The scene started with the home computer revolution of the early 1980s, and the subsequent advent of software cracking. Crackers altered the code of computer games to remove copy protection, claiming credit by adding introduction screens of their own ("cracktros"). They soon started competing for the best visual presentation of these additions. Through the making of intros and stand-alone demos, a new community eventually evolved, independent of the gaming: and software sharing scenes. about this event: https://pretalx.c3voc.de/camp2023/talk/ZHFJ7Q/
Gespräch (camp2023)
Warum brauchen wir digitales (Bar-)geld? Welche Eigenschaften müsste eine gute digitale Währung haben? Wie könnte sich unser Alltag dadurch verändern? Und wie funktioniert das in der Praxis? Christian Grothoff (GNU Taler), Leena Simon (Digitalcourage) und padeluun (Digitalcourage) diskutieren, Publikumsbeteiligung erwünscht. Die etablierten bisherigen digitale Bezahlmethoden sind alles andere als anonym. Neben den klassischen nicht anonymen Bezahlmethoden durch Überweisung und Kreditkarte (die zunehmend nur noch über den Umweg großer Finanzdienstleister angeboten werden), gibt es privatwirtschaftliche Finanzdienstleister wie Paypal, Amazon Pay und Klarna, die jede Menge Daten sammeln und mit ihrer Marktmacht immer unausweichlicher werden. Darüber hinaus gibt es verschiedene Crypto-Währungen wie den Bitcoin, die aber auch nicht wirklich anonym sind. padeluun und Leena Simon erklären, wie sie sich digitales Bargeld vorstellen. Christian Grothoff ist einer der Erfinder des [GNU Taler](https://taler.net/de/index.html) und berichtet, welches Konzept hinter dem Freie Software-Bezahlsystem steckt und welche praktischen Feldversuche es damit bisher schon gab. about this event: https://pretalx.c3voc.de/camp2023/talk/CVYSWW/
Hackerspaces – Fireside Chat (camp2023)
Fireside Talk about the birth, life, death and rebirth of Hackerspaces about this event: https://pretalx.c3voc.de/camp2023/talk/8544/
Logbuch:Netzpolitik 466 (camp2023)
Logbuch:Netzpolitik (LNP) ist der Versuch, das netzpolitische Geschehen im deutschsprachigen Raum weitgehend neutral, unaufgeregt und meist gut gelaunt in einem regelmässigen Podcast einzufangen. Der Podcast soll Einblicke in die Themen aber auch Verständnis für die Hintergründe bieten. Aufzeichnung einer Live-Sendung auf dem Chaos Communication Camp 2023 in Mildenberg. Vor zahlreichen Gästen haben wir mit Julian Hessenthaler gesprochen, dem Initiator des Ibiza-Videos, das die Korruption der FPÖ-Eliten im allgemeinen und Heinz-Christian Strache im besonderen plastisch demonstriert hat und letztlich zum Scheitern der damaligen ÖVP-FPÖ-Koalition geführt hat. Wir sprechen mit Julian über seine Motivation, seine Erlebnisse, seine Erfahrungen, die Verfolgung, Anklage und Haft, die er letztlich erleiden musste und das System Österreich. about this event: https://logbuch-netzpolitik.de/lnp466-wodka-red-bull
Haecksen (camp2023)
. Chaos Family about this event: https://pretalx.c3voc.de/camp2023/talk/1852/
c3 NewsShow + Brennpunkt "Flaschen" (camp2023)
Die Themen von Tag 3 about this event: https://pretalx.c3voc.de/camp2023/talk/W7LLWD/
A Guided Tour through Tor Network Health and Performance (camp2023)
Since the last time, we were all at camp, several significant changes have happened within the Tor network ecosystem, both technically and socially. In this presentation, we will review some exciting recent updates to the Tor network and look into the world of bad relay tracking, general network health observations, and the situation where multiple extensive Denial of Service attacks have caused a slowdown of the overall network performance. We wish to guide the audience through a number of new technologies that have been added to the network. These innovations include a modern congestion control mechanism, our multi-path circuit feature, Conflux, and a Proof-of-Work (PoW) mechanism to help against Onion Services attacks. Additionally, we will discuss some upcoming changes to the current C Tor code base and our journey towards a Rust Tor relay implementation as part of our Arti re-implementation of Tor. Finally, in addition to the technology modifications, we also would like to talk about some of the social developments happening with the network, amongst others, a new mechanism for handling incoming technical and social proposals from the greater Tor community. about this event: https://pretalx.c3voc.de/camp2023/talk/SMB8SM/
AMA mit Digitalpolitikerin Anke Domscheit-Berg (@anked), MdB, Die LINKE (camp2023)
Aus dem Leben und der Arbeit einer Bundestagsabgeordneten Nach kurzer Vorstellung und Intro könnt Ihr mich alles fragen. Als digitalpolitische Sprecherin der Linksfraktion im Bundestag beantworte ich gern Eure Fragen zum Geschehen im Bundestag, zu digitalpolitischen Themen oder zu allem, was Ihr mich schon immer mal fragen wolltet. about this event: https://fahrplan.alpaka.space/camp-2023/talk/SDESSA/
Resilient solar energy-autonomous infrastructure with Freifunk-OpenMPPT controllers (camp2023)
Freifunk Open-MPPT is an expanding Open-Hardware and Open-Software development project for efficient and resilient energy autonomous infrastructure like communication nodes, environment monitoring, irrigation – and more. The talk presents the currently available models, evolution, scope of current use and presents an outlook of what might follow in the future. The OpenMPPT development project was initiated by Freifunk in 2017 with the first design handling up to 50 Watt PV (solar) power. The intended application was to build cheap and effective solar WiFi mesh nodes with telemetry. At the time of the project's initiation, there were no small and low-cost solar charge controllers available that included maximum power point tracking. Maximum Power Point Tracking is a technique used in solar power systems to optimize the power output from the solar panels by tracking the point where the panels can deliver the maximum amount of power. The OpenMPPT project aimed to fill this gap and provide an open, cost-effective, and repairable DIY alternative for individuals and development NGOs who look for open hardware and software solutions. Initially, the idea was not to replace or compete with more powerful closed hardware and closed software Maximum Power Point Trackers on the market. However, people and development NGOs kept asking for more power and features like the possibility of adding sensors or building irrigation systems, because they want open hardware and software solutions. The development of the Freifunk-OpenMPPTs is following sue. The newer and expanded FF-ESP32 generations of OpenMPPT controllers are based on the ESP32 MCU by Espressif and can handle up to 400 Watt solar power. They can not only power communication nodes, but also solar powered servers in communities that live off-grid or have unstable power. However, people keep on asking for more power... about this event: https://pretalx.c3voc.de/camp2023/talk/EMBRHS/
Datenschutz vor Gericht durchsetzen (camp2023)
Seit 2018 gilt in Europa die DSGVO. Doch kaum einer hält sich daran. Datengetriebenes Online-Marketing verstößt jeden Tag millionenfach gegen Datenschutzrecht. Nicht nur die bekannten Big Player wie Google und Meta handeln mit Profilen von Millionen von Menschen und analysieren jede Interaktion beim Surfen. Spätestens seit der Corona-Pandemie setzen auch öffentliche Stellen wie Universitäten im Zuge einer fehlgeleiteten Digitalisierung Werkzeuge ein, mit denen Menschen überwacht werden. Viele Unternehmen nutzen IT-Tools, deren Funktionsweise sie kaum durchsteigen und deren Sicherheit sie nicht gewährleisten können. So sorgen sie dafür, dass sensible Daten über Betroffene offengelegt werden. Behörden und die Zivilgesellschaft gehen seit mehreren Jahren gegen Verstöße gegen die DSGVO vor. Doch die behördliche Rechtsdurchsetzung verläuft schleppend. Es gibt einen weiteren Weg: Betroffene und Verbände können vor Zivilgerichten ihre Rechte einklagen. Zum Beispiel die Unterlassung einer Datenverarbeitung, die Löschung personenbezogener Daten und sogar Schadenersatz. Wie datenschutzrechtliche Gerichtsverfahren ablaufen, wie Tracking und Datenhandel im Zivilverfahren nachgewiesen werden können und wie man Richter:innen das Internet erklärt, berichten die Rechtsanwält:innen Elisabeth Niekrenz und Tilman Herbrich. about this event: https://pretalx.c3voc.de/camp2023/talk/S7DPYT/
A geometry engine from first principles (camp2023)
Three years ago, I started what I thought would be a six month project to implement some CAM software for 3D printing purposes, without using any of the existing geometry kernels. How hard can it be, right? I made some choices that seem weird but were done for very good reasons, and ended up implementing some things that are actually new and exciting. Here’s the story of the adventure so far. As the adoptive maintainer of one piece of 3D printing toolchain (ImplicitCAD, a programmable 3D modelling tool), I made the possibly unwise decision to implement another part of the toolchain - HSlice, a slicer. For a number of reasons I’ll get into in detail later, I decided to not use any of the existing multi-million-LoC geometry kernels, to implement the whole thing from first principles in Haskell, and to use some exciting new mathematics. All of those decisions were made for good reasons, and all of them came back to bite me. I’m here to tell you about what I’ve built so far, how I ended up as the singular intersection of these technologies, and how much I hate floating point. Then, I’ll tell you what it’s like implementing things whose only documentation is research papers, with math developed this century and algorithms that are still in development now. I’ll tell you about some incredibly cool algorithms involving crashing Austrian motorcycles and attempt to recruit you to work on this stuff too, for free. about this event: https://pretalx.c3voc.de/camp2023/talk/7KRCLF/
Mit Podcasts die Welt verbessern (camp2023)
Die Sondersendung ist ein Podcast-Format des Sendezentrums. Bei dieser Sondersendung wollen wie mit Jugendlichen über ihre Erlebnisse vom Camp sprechen. Wir (Simon, Ebu und Gero) vom [Sondersendung Podcast](https://das-sendezentrum.de/sondersendung) erklären erstmal, was **Live-Podcasting** von einem normalen Vortragsprogramm unterscheidet und wie wir Gero und Ebu von remote zuschalten und trotzdem unsere einzelnen Spuren aufnehmen können. Wir sprechen darüber, wie man Podcasts verwenden kann, um Wissen und Ideen zu verbreiten. Außerdem haben wir **auf der Bühne zwei Plätze frei**, auf die ihr Euch setzen und mit uns sprechen könnt (Achtung: ihr seid dann live und im Nachgang als Aufzeichnung offen im Internet zu sehen). Wir werden mit Euch über zwei Frage sprechen: 1. Hört Ihr Podcast? Wenn ja, welche und was sind Eure Lieblings-Podcasts? Habt ihr selber schon mal Podcasts gemacht? 1. Was habt ihr hier auf dem Camp schon gemacht? Habt ihr Tipps, was die anderen auf jeden Fall bis Samstag noch erleben sollten? Wer dann Fragen zu Podcasting hat, kann direkt auf uns zukommen, auf dem Camp ins [Sendezentrum Village](https://events.ccc.de/camp/2023/hub/camp23/de/assembly/sendezentrum/) kommen oder sich jederzeit in der [Sendegate-Community](https://sendegate.de) anmelden. about this event: https://fahrplan.alpaka.space/camp-2023/talk/EJVJ3P/
The difficult path to Climate Neutrality (camp2023)
Stopping global heating does not just mean building solar panels and wind turbines, and switching to electric vehicles. Many industrial processes have carbon emissions that cannot be avoided with today's technology. Producing cement, steel, glass, plastics, aluminium, and many other products will require new production processes. In the talk, I will discuss some of these examples and the huge challenges that come with these changes. Some background: * https://industrydecarbonization.com/ * https://www.golem.de/news/die-fossilfreie-chemiefabrik-von-elektrischen-crackern-und-gruenen-olefinen-2204-163344.html * https://www.golem.de/news/industrie-wie-die-glasindustrie-vom-erdgas-abhaengt-2206-165969.html about this event: https://pretalx.c3voc.de/camp2023/talk/MRSFXH/
How to Route a Package to Mars (camp2023)
Space missions need data networks, and it's not exactly a TCP/IP world up there. This talk will give an introduction to space data networks. Challenges at the physical layer are not in scope. Instead I will illustrate protocols, routing algorithms, and other schemes that were designed for networking in space. Space Communication is, as many others, a fractured discipline, with many idiosyncratic solutions built for the needs of specific missions. Someone with decades of specialized industry experience could surely give a good picture of recurring problems and industry practices. Unfortunately I don't have those, but thankfully the people who do have been writing standards. (The presupposition becomes less and less true with time anyway, as agencies look towards inter-mission and inter-agency interoperability.) The primary basis for this talk are various documents, published by relevant working groups of the CCSDS and IETF. This talk will be about the protocol ecosystem used in space networking, highlighting some clever technical solutions, and ending on some visions and challenges for the future. I presuppose some knowledge of classic internet protocols and the ISO-OSI layer model, but you should be able to follow the talk without it. (also check out: https://pretalx.c3voc.de/camp2023/talk/YZQYW9/ (german)) about this event: https://pretalx.c3voc.de/camp2023/talk/7FHFZA/
Chatkontrolle ex Machina (camp2023)
Über die Konstruktion und den Bau eines Scanners, um die Überwachung durch die sogenannte Chatkontrolle zu verdeutlichen Regelmäßig gibt es politische Vorhaben, die Kommunikation von Bürger:innen massenhaft zu durchleuchten und auszuwerten. Wie verdeutlicht man Menschen die Gefahren, die derartige Systeme darstellen, wo die Technik dahinter sich doch so abstrakt anfühlt, nicht greifbar ist und "man ja sowieso nichts zu verbergen hat"? Anlässlich des neuesten Vorstoßes der EU-Kommission, der sogenannten Chatkontrolle, versucht Digitalcourage diese Überwachung greif- und sichtbar zu machen. Entstanden ist eine kleine Maschine, die die auf einem Smartphone gespeicherten Inhalte scannt und auswertet. In diesem Talk werden wir über die Idee, Planung und den eigentlichen Bau der Elektronik, Hard- und Software sprechen. Selbstverständlich ist auch jede:r eingeladen, sein mobiles Endgerät zum Schluss selbst auf illegales Material zu prüfen. about this event: https://pretalx.c3voc.de/camp2023/talk/KGKGBB/
Hacks and leaks, then and now (camp2023)
A discussion with Jeremy Hammond and Gabriella Coleman on the evolution of digital resistance, from direct action hacking to whistleblowing. How can hacktivists synergize with street activism to enact revolution? Can the lulz beat back the techno-fascist dystopia and their infosec enablers? We'll present strategies to strengthen decentralized networks, challenge government repression, and practice international solidarity. A discussion on the evolution of digital resistance, from direct action hacking to whistleblowing. How can hacktivists synergize with street activism to enact revolution? Can the lulz beat back the techno-fascist dystopia and their infosec enablers? We'll present strategies to strengthen decentralized networks, challenge government repression, and practice international solidarity. about this event: https://pretalx.c3voc.de/camp2023/talk/CLKXXG/
ALLES! (camp2023)
about this event: https://pretalx.c3voc.de/camp2023/talk/8830/
Wie synthetisiert man DNA (camp2023)
Kurze Erklärung wie DNA bzw Phosphoramiditsynthese funktioniert. DNA ist der code des Lebens. Theoretisch kann jeder im Labor DNA synthetisieren. Die Technik dahinter heißt Phosphoramidit-Synthese und ist auch für Informatiker spannend. about this event: https://pretalx.c3voc.de/camp2023/talk/3YQS3E/
Digitalisierung im Brutvogel-Monitoring (camp2023)
Politik und Verwaltung sind auf kompakte Informationen angewiesen. Ist die Wirklichkeit zu komplex, so wird sie auf Indikatoren reduziert. Dieser Talk beleuchtet den Digitalisierungsprozess am Beispiel des "Monitoring häufiger Brutvögel", dessen Zahlen in Indikatoren auf Bundes- und EU-Ebene eingehen. Die Erfassung von Rohdaten im Gelände war lange Handarbeit, seit letztem Jahr läuft sie fast automatisch. about this event: https://pretalx.c3voc.de/camp2023/talk/JECUTC/
Ethical hacking, good intentions and questionable outcomes (camp2023)
We've all been there, we knocked a company offline while doing some well intended security testing. How many requests per second is considered ethical? How deep into a system can you go, dump the database or not? Reverse shell or touch /tmp/pwned? What are YOUR ethical boundaries? What is ethical? and why? Is buying credentials of the dark web ethical? Is fuzzing a server in a broom closet with millions of requests ethical? Did you know it was a raspberry pie in a broom closet? This talk discusses ethical boundaries, the existence and lack of them, but also the grey areas in between. The spark for this talk has been initiated from the need to ensure that all forms of security testing would be beneficial to all parties concerned and within some ethical boundaries. From secret hacking techniques to open blog posts and CVE's. Hopefully this talk will spark some discussions within the community so we can all go home with a clear conscience and preserve moral high ground. about this event: https://pretalx.c3voc.de/camp2023/talk/ANGUCW/
Produktionsbedingungen digitaler Technologien (camp2023)
Feministische und dekoloniale Kritik liberaler Sichten auf digitale TechnologienBeschreibung: In den jüngeren Debatten um die Regulierung digitaler Technologien kommen überwiegend liberale gesellschaftspolitische Weltbilder zum Tragen. Der Vortrag widmet sich im Gegensatz dazu mit fundierten systemkritischen Perspektiven auf digitale Technologien. Ausgehend von feministischen und dekolonialen Perspektiven werden ökonomische und sozio-politische Strukturen digitalisierter Gesellschaften beleuchtet. Es werden verschiedene Beispiele feministischer und dekolonialer Argumentationen, Forderungen und Projekte umrissen und im Anschluss ausgiebig mit dem Publikum diskutiert. about this event: https://pretalx.c3voc.de/camp2023/talk/G3D8RQ/
LabIX (camp2023)
Hear about our adventure setting up the [Labitat Internet Exchange (LabIX)](https://ix.labitat.dk/) in Copenhagen. Many nice FOSS tools for network routing exist, but we found that technical details on IXPs are not as easily searchable and available as one would like. We will show how PeeringDB and a route server ([AS60247](https://as60247.peeringdb.com/)) help connecting our peers and which BGP filtering strategies we use. Hardware and server housing are of course, also needed in order to physically connect your peering clients. There is also the administrative part: you would need an Autonomous System Number (ASN) in order to do real networking routing, but how do you find a friendly sponsoring Local Internet Registry (LIR) to get a hold of IP resources? And what about the RIPE database entries? Which do we need? about this event: https://pretalx.c3voc.de/camp2023/talk/87V9Z8/
Meshenger (camp2023)
Meshenger is a P2P Android phone app that started out as a demo for community mesh networks. Meshenger started out as an idea to promote off the grid mesh networks and has now reached its initial goal. In this talk I will talk about the idea behind it, the story how it came to be and of course how it works. about this event: https://pretalx.c3voc.de/camp2023/talk/9XPJNG/
Non-English based Programming (camp2023)
This talk offers an overview about difficulties when learning programming for Non-English-Speakers or at least not native English speakers. After the introduction there will be a live demo of some multilingual programming languages and an explanation how to define functions in different programming languages. about this event: https://pretalx.c3voc.de/camp2023/talk/Z8T9HD/
NOC (camp2023)
Leyer talks to the Internet-Manufakur aka "Network Operation Center" about their work. This time he is actually told 3 minutes before that its broadcasted LIVE – but it does not really matter to him anymore. about this event: https://pretalx.c3voc.de/camp2023/talk/camp20231989/
All cops are broadcasting (camp2023)
In this talk we will discuss the radio jailbreaking journey that enabled us to perform the first public disclosure and security analysis of the proprietary cryptography used in TETRA (Terrestrial Trunked Radio): a European standard for trunked radio globally used by government agencies, police, prisons, emergency services and military operators. Besides governemental applications, TETRA is also widely deployed in industrial environments such as factory campuses, harbor container terminals and airports, as well as critical infrastructure such as SCADA telecontrol of oil rigs, pipelines, transportation and electric and water utilities. For over two decades, the underlying algorithms have remained secret and bound with restrictive NDAs prohibiting public scrutiny of this highly critical technology. As such, TETRA was one of the last bastions of widely deployed secret proprietary cryptography. We will discuss in detail how we managed to obtain the primitives and remain legally at liberty to publish our findings. This journey has involved reverse-engineering and exploiting multiple zero-day vulnerabilities in the highly popular Motorola MTM5x00 TETRA radio and its TI OMAP-L138 trusted execution environment (TEE) and covers everything from side-channel attacks on DSPs, through writing decompilers headache-inducing DSP architectures, all the way to exploiting ROM vulnerabilities in the Texas Instruments TEE. about this event: https://pretalx.c3voc.de/camp2023/talk/ATJMB9/
Lesung "Digitale Mündigkeit" (camp2023)
Leena Simon liest aus ihrem Buch "Digitale Mündigkeit" und erklärt, weshalb wir damit die Welt retten könnten. Digitalisierung öffnet uns ein Meer an Zukunftsmöglichkeiten. Gleichzeitig verschließen wir oft die Augen vor den Untiefen und Risiken der technischen Entwicklungen: Social Media verhilft Populisten zum Wahlsieg, Algorithmen befeuern die Spaltung der Gesellschaft, Technik bevormundet uns und raubt uns den Sinn für Verantwortung. Das gefährdet die Grundprinzipien von Freiheit und Demokratie. Leena Simon liebt Technik und pflegt gleichzeitig einen kritischen Blick darauf. Sie macht Mut, sich weder zu verweigern noch auszuliefern, sondern als Einzelne und als Gesellschaft Verantwortung zu übernehmen. Denn mit Mut, Entschlossenheit und Übung können wir wieder mündig sein. Dann finden wir auch die Lösungen für die Herausforderungen unserer Zeit. about this event: https://pretalx.c3voc.de/camp2023/talk/RHWHRW/
Free Software (camp2023)
Today, Information & Communications Technology accounts for 2-3% of global CO2 emissions, on a par with the aviation industry. If nothing changes, by 2050 it's estimated this number will rise to over 30%. Often overlooked is the crucial role of software. It is software which determines hardware's energy consumption, and for how long devices remain in use. That software design can drive environmental harm is still largely unknown to much of the population, let alone that users can already do something about it with Free Software. In early 2023 KDE published the handbook "Applying The Blue Angel Criteria To Free Software", the culmination of a 21-month project funded by the German government. The handbook presents the whys, whats, and hows for certifying software as sustainable with the Blue Angel ecolabel. In this talk I will provide an overview of the environmental harm driven by software and how Free Software is well-positioned to address the issues. I will link the inherent values that come with a Free & Open Source Software license to sustainable software design, and I will present the various ways that Free Software aligns with the Blue Angel ecolabel. Finally, I will provide an overview of the current sustainability goal of KDE and the work of the KDE Eco initiative. This includes publishing the KDE Eco handbook, setting up a measurement lab for FOSS developers, squashing hundreds of efficiency bugs, supporting the sustainability objectives of the FOSS Nigeria project "Renew V", among others. about this event: https://pretalx.c3voc.de/camp2023/talk/YVWNW3/
Fantastic OPRFs and where to find them (camp2023)
An Oblivious Pseudo-Random Function (OPRF) is versatile cryptographic primitive which is the basis for a wide range of protocols and tools. They enable one to outsource randomness computations to another party without having to trust them or make any compromises in confidentiality of the inputs. The most common benefit of using an OPRF, is that it adds strong privacy guarantees to protocols. A well-placed OPRF can also provide confidentiality without needing a PKI infrastructure. In some cases an OPRF can provide strong security guarantees that traditional systems cannot provide. OPRFs are truly one of the most exciting and underappreciated cryptographic building blocks of the last decade. In this talk I am will explain how OPRFs work, properties can achieve, and how OPRFs are used in various protocols. I am going to show some examples of existing free software tools which use or provide OPRFs and how these tools compare to alternative solutions. The talk is structured in two parts, a theoretic part which explains various types of OPRFs, their properties and where and how these are beneficial. And in the second part I will show concrete free software implementations: liboprf, libopaque, sphinx (a password storage that could be run by the NSA) and klutshnik, a threshold key management system, all authored by Yours Truly. I will also touch briefly on standardisation efforts of OPAQUE and OPRF by the IRTF CFRG, to which I contribute. Other examples I will bring will include private set intersection (used for contact discovery or haveibeenpwned-style privacy- respecting compromised account checks), private information retrieval, single-sign-on with privacy, deduplication and secure pattern matching. about this event: https://pretalx.c3voc.de/camp2023/talk/KG9EEV/
Lightning Talks Session 2 (camp2023)
A short session for even shorter talks. Language: English or German -- german -- Du willst was sagen? Das Podium gehört dir. 10 Minuten hast du, dann wird gewechselt. Ein kurzer Vortrag über die Aerodynamik von Enten, Werbung für dein neues Open-Source-Projekt, ein kleiner Hack den du neulich entdeckt hast, gesellschaftliche Kommentare ... alles geht. Zur Verfügung stehen Mikrophon, Beamer und ein Laptop mit USB-Stick, um Präsentationen im PDF-Format zu zeigen. Falls du eine Präsentation von deinem eigenen Gerät zeigen möchtest, würden wir dich bitten, 15 Minuten vor Beginn zu kommen, damit wir die Technik testen können. Am besten meldest du deinen Vortrag bei [email protected] . Spontane Beiträge sind aber auch gern gesehen, wenn am Ende noch Zeit ist. -- english -- Wanna say something? The stage is yours. You have 10 minutes to talk about anything. A short talk about the aerodynamics of ducks; promoting your new open-source project; a small hack that you found; social commentary ... anything goes. Available infrastructure: A microphone, beamer and laptop with a USB-Stick to show slides (PDF format). If you want to use your own device to show your presentation, please come to the stage 15 minutes before the event so we can test the setup. If you want to have a talk, we'd like you to write a short e-mail to [email protected] . However, spontaneous contributions are also welcome if there's still some time left at the end. about this event: https://pretalx.c3voc.de/camp2023/talk/8ZC3K7/
How to survive getting DDoSed by Anonymous, Cyberberkut, Killnet and noname057(16) since 2012 (camp2023)
In this presentation, I will talk about how DDoS attacks were carried out generally in the last 11 years and how they innovated since then; I will also present more specific details about attacks against government websites from bundestag.de in 2012 to ukraine-wiederaufbauen.de and others in February - August 2023. This talk aims to also entertain but mostly educate on how to mitigate current attacks. You can expect technical, not political slides. about this event: https://pretalx.c3voc.de/camp2023/talk/CJLKAK/
Nomic (camp2023)
Come to play the Game of All Games! You will want to tell everybody about it once you’ve played it! Come to play the Game of All Games! You will want to tell everybody about it once you’ve played it! Nomic is a game where every move is to change the game itself. Nomic gives you a first-hand experience of the glory and frustration of democracy, the tricks of lobbyism, the paradox of self-amendment or it could simply be a good fun time, totally depending on the people you are playing with! There’ll be a simple set of initial rules to begin the game with, then for each move, players take turns to suggest a change to the existing rules of the game. Win or lose? You decide!!! Pre-requisite: Be able to articulate yourself in English. about this event: https://fahrplan.alpaka.space/camp-2023/talk/9R7RYA/
Züge (camp2023)
Frag die Teams about this event: https://pretalx.c3voc.de/camp2023/talk/7937/
Flutter (camp2023)
Flutter is a software development kit based on the Dart language enabling developers to create performant cross-platform applications. We'll have an introduction for people with some basic knowledge of Flutter or other cross-platform tool kits and later on a view on advanced topics. In this talk, we will have a look on performance-tuning, useful features as well as some background information on the Flutter framework, it's engine and the Dart runtime. In particular, the following topics will be addressed: - What's this fluttery Flutter? - Animations - example of animations - performance-tuning - UX patterns in Flutter - responsive layouts - routing - hight-quality Widgets - the Flutter Framework - under the hood of Flutter's rendering - Flutter Web, dart2js and what Flutter has (not) to do with JavaScript - Flutter, the bad, the ugly Slides : https://slides.com/theonewiththebraid/flutter about this event: https://fahrplan.alpaka.space/camp-2023/talk/LQLB9F/
c3 MorningShow (camp2023)
Post, Himmel, Züge und Wetter about this event: https://pretalx.c3voc.de/camp2023/talk/JKAVHL/
📶 Analyzing Cellular Basebands with FirmWire 🔎 (camp2023)
Last year, we released FirmWire to the public, an open-source baseband analysis platform. But what even is a baseband and why do we want to analyze it? Hint: It’s a critical part of your phone and a first point of entry for attacks. This talk will answer your questions and provide a hands-on introduction to our framework. This talk will discuss cellular basebands and FirmWire, our open-source platform for baseband firmware. The platform allows researchers to emulate, dynamically debug, introspect, and interact with complex baseband firmware, providing insights about its inner workings in real-time. FirmWire’s integrated ModKit creates and injects custom tasks into the emulated baseband. We leverage the ModKit for full-system fuzzing via AFL++ by creating custom fuzzing tasks interacting with the host, using special hypercalls. With this setup, we uncovered several pre-authentication vulnerabilities in the LTE and GSM stacks of Samsung’s Shannon and MediaTek’s MTK baseband implementations, affecting billions of devices. FirmWire is the outcome of a more than two-year-long international research collaboration between the University of Florida, Vrije Universiteit Amsterdam, TU Berlin, and Ruhr-University Bochum. about this event: https://pretalx.c3voc.de/camp2023/talk/TQXEN7/