Chaos Computer Club - SHA2017: Still Hacking Anyway (mp3)

In this talk, I will present a new version of my tool Tinfoleak, the most complete OSINT open-source tool for Twitter. I will show real examples of how to exploit the information in social networks for investigative tasks. The goal is to see, what kind of information can be extracted about a person or a location, and the purpose with which it can be used, with a live demo. Among other information, I will show useful information for security forces, private investigators, pentesters, social engineers, journalists, security analysts and anyone interested in the privacy or analysis of social networks for investigative purposes. #Privacy #Society about this event: https://c3voc.de

The SHA2017 Badge overview. #Making about this event: https://c3voc.de

A summary extraordinaire. #Community about this event: https://c3voc.de

Using encryption and onion routing is all fine and dandy, but both can be detected and both can, at the very least, be severely hampered or even be cut off.<br/> However, the Internet nowadays is full of services and systems that autonomously, and continuously, send data to users all over the world.<br/> These messages or interactions are seen as formalities and have become a blind spot, even with security minded people; they are just the fixtures of the Internet.<br/> In this lecture I want to try and effect a change of mind when looking at these fixtures and to show ways how to hack them.<br/> Hack them, not to pwn them or to corrupt them, but rather hack them to use as communications method when all else is either watched, broken or blocked.<br/> Not in the same way as 'just sending a few base64 encoded tweets', but really... #NetworkSecurity #Privacy about this event: https://c3voc.de

History, relevance and future of penis imagery in culture. A radical way to deter hackers or just a stupid idea. Using your most private key in new and inventive ways. #Society #DeviceSecurity about this event: https://c3voc.de

What do design flaws, implementation errors, 0days etc. look like in physical locks? #PhysicalSecurity #Software about this event: https://c3voc.de

about this event: https://c3voc.de

The history of cryptography is a history of failures. Stronger ciphers replaced broken ones, to be in turn broken again. Quantum cryptography is offering a hope to end this replacement cycle, for its security premises on the laws of quantum physics and not on limitations of human ingenuity and computing. But, can our nascent quantum technology implement quantum cryptography securely? The talk introduces today's quantum cryptography techniques, then shows how to compromise their security by exploiting imperfections in engineering implementations. #DeviceSecurity #Science #NetworkSecurity about this event: https://c3voc.de

In this talk you'll be given a very technical overview of DDoS and mitigation techniques; their effectiveness will be evaluated with real-life examples. #NetworkSecurity about this event: https://c3voc.de

India has rolled out a 'voluntary' biometric ID card to all of its billion-plus citizens. Which is fascinating from a social, technical and fundamental rights perspective. This talk is about both intended and unintended consequences of this grand experiment, with a focus on the (implicit) assumptions we tend to make about technology. #Society #Privacy #SurveillanceState about this event: https://c3voc.de

Infrastructure talk from Productiehuis, NOC and other interested teams. #Making #Sharing #NetworkSecurity about this event: https://c3voc.de

We use traceroutes to explore and visualise interconnectedness between devices on the internet (specifically: RIPE Atlas probes). This talk is about exploring the interconnectedness within a country ("are local paths local"), and also about exploring the interconnectedness between hackerspaces. #NetworkSecurity about this event: https://c3voc.de

TLS can be limiting, OAuth is a (somewhat working) mess. What would happen if we redesigned things from scratch? Fenrir is a federated protocol built with both heavy security and high flexibility in mind, with lots of new and interesting security properties. #NetworkSecurity about this event: https://c3voc.de

Although IoT is already embedded in our everyday lives, our security and privacy are sometime left behind for comfort and other reasons, despite the serious impact that IoT vulnerabilities may have on our digital and physical security. Bluetooth Low Energy (BLE), also known as Bluetooth Smart is the most popular protocol used for interfacing IoT and smart devices. Broadly used in the healthcare, fitness, security, and home-entertainment industries, nowadays we encounter BLE in almost every aspect of our lives (e.g. in wearables, sensors, medical devices, security products, etc.). In this lecture I will survey key security issues in the BLE protocol, as well as presenting a possible architecture for BLE Man-in-the-Middle (MitM) attack together with the related necessary equipment. In addition, will introduce some of the available tools and how they can be used to perform penetration-testing on BLE applications and will discuss possible mitigations to secure them. #NetworkSecurity #IoT about this event: https://c3voc.de

USB connectivity has become ubiquitous. The sheer variety of usb-connected devices— ranging from computers and game consoles to resource-constrained embedded systems— has resulted in a wide variety of vendor-specific protocols and custom USB software stacks. Being able to fuzz, monitor, mitm, or emulate USB can often be a foot in the door for working with black box systems; whether your goal is to build tools that work with existing hardware and software, find vendor interfaces or vulnerabilities to execute custom code, or to play NSA. We introduce FaceDancer 2.0, with more supported hardware, higher speeds, and advanced capabilities for monitoring and mitming USB connections. #DeviceSecurity about this event: https://c3voc.de

The Internet isn't global. Only half of the world is connected to the Internet, English is still the largest language in terms of content and knowledge is increasingly privatized either through patented code (owned mostly by Sillicon Valley companies) or via obscure trade agreements pushed by the United States. How is the Internet used in Latin America to organize, resist repression and counter digital colonialism? #Society #Patents #Politics about this event: https://c3voc.de

A-Frame is an open-source web framework by Mozilla for easily creating VR experiences which work on all platforms. In this session you will learn to use various concepts & APIs of A-Frame and create interactive VR scenes on the web, all you need to get started is a basic knowledge of HTML & JS. about this event: https://c3voc.de

The ultimate Hackerspace; From Panopticon-prison to Hackervillage-Castle-compound #Community #Making about this event: https://c3voc.de

In which we experiment with generative music, based on chaotic systems and cellular automata. Continuous sounds will be made using discrete systems, and discrete sounds will be made using continuous systems. #Making about this event: https://c3voc.de

From thieves to prison breaks to secret tools, the murky world of the criminal locksmith is explored. It will not be a practical lesson in theft (sorry). #PhysicalSecurity about this event: https://c3voc.de