Chaos Computer Club - SHA2017: Still Hacking Anyway (mp3)

A summary extraordinaire. #Community about this event: https://c3voc.de

TLS can be limiting, OAuth is a (somewhat working) mess. What would happen if we redesigned things from scratch? Fenrir is a federated protocol built with both heavy security and high flexibility in mind, with lots of new and interesting security properties. #NetworkSecurity about this event: https://c3voc.de

The history of cryptography is a history of failures. Stronger ciphers replaced broken ones, to be in turn broken again. Quantum cryptography is offering a hope to end this replacement cycle, for its security premises on the laws of quantum physics and not on limitations of human ingenuity and computing. But, can our nascent quantum technology implement quantum cryptography securely? The talk introduces today's quantum cryptography techniques, then shows how to compromise their security by exploiting imperfections in engineering implementations. #DeviceSecurity #Science #NetworkSecurity about this event: https://c3voc.de

In this talk you'll be given a very technical overview of DDoS and mitigation techniques; their effectiveness will be evaluated with real-life examples. #NetworkSecurity about this event: https://c3voc.de

What do design flaws, implementation errors, 0days etc. look like in physical locks? #PhysicalSecurity #Software about this event: https://c3voc.de

The SHA2017 Badge overview. #Making about this event: https://c3voc.de

Although IoT is already embedded in our everyday lives, our security and privacy are sometime left behind for comfort and other reasons, despite the serious impact that IoT vulnerabilities may have on our digital and physical security. Bluetooth Low Energy (BLE), also known as Bluetooth Smart is the most popular protocol used for interfacing IoT and smart devices. Broadly used in the healthcare, fitness, security, and home-entertainment industries, nowadays we encounter BLE in almost every aspect of our lives (e.g. in wearables, sensors, medical devices, security products, etc.). In this lecture I will survey key security issues in the BLE protocol, as well as presenting a possible architecture for BLE Man-in-the-Middle (MitM) attack together with the related necessary equipment. In addition, will introduce some of the available tools and how they can be used to perform penetration-testing on BLE applications and will discuss possible mitigations to secure them. #NetworkSecurity #IoT about this event: https://c3voc.de

USB connectivity has become ubiquitous. The sheer variety of usb-connected devices— ranging from computers and game consoles to resource-constrained embedded systems— has resulted in a wide variety of vendor-specific protocols and custom USB software stacks. Being able to fuzz, monitor, mitm, or emulate USB can often be a foot in the door for working with black box systems; whether your goal is to build tools that work with existing hardware and software, find vendor interfaces or vulnerabilities to execute custom code, or to play NSA. We introduce FaceDancer 2.0, with more supported hardware, higher speeds, and advanced capabilities for monitoring and mitming USB connections. #DeviceSecurity about this event: https://c3voc.de

In this talk, I will present a new version of my tool Tinfoleak, the most complete OSINT open-source tool for Twitter. I will show real examples of how to exploit the information in social networks for investigative tasks. The goal is to see, what kind of information can be extracted about a person or a location, and the purpose with which it can be used, with a live demo. Among other information, I will show useful information for security forces, private investigators, pentesters, social engineers, journalists, security analysts and anyone interested in the privacy or analysis of social networks for investigative purposes. #Privacy #Society about this event: https://c3voc.de

about this event: https://c3voc.de

History, relevance and future of penis imagery in culture. A radical way to deter hackers or just a stupid idea. Using your most private key in new and inventive ways. #Society #DeviceSecurity about this event: https://c3voc.de

Using encryption and onion routing is all fine and dandy, but both can be detected and both can, at the very least, be severely hampered or even be cut off.<br/> However, the Internet nowadays is full of services and systems that autonomously, and continuously, send data to users all over the world.<br/> These messages or interactions are seen as formalities and have become a blind spot, even with security minded people; they are just the fixtures of the Internet.<br/> In this lecture I want to try and effect a change of mind when looking at these fixtures and to show ways how to hack them.<br/> Hack them, not to pwn them or to corrupt them, but rather hack them to use as communications method when all else is either watched, broken or blocked.<br/> Not in the same way as 'just sending a few base64 encoded tweets', but really... #NetworkSecurity #Privacy about this event: https://c3voc.de

Infrastructure talk from Productiehuis, NOC and other interested teams. #Making #Sharing #NetworkSecurity about this event: https://c3voc.de

We use traceroutes to explore and visualise interconnectedness between devices on the internet (specifically: RIPE Atlas probes). This talk is about exploring the interconnectedness within a country ("are local paths local"), and also about exploring the interconnectedness between hackerspaces. #NetworkSecurity about this event: https://c3voc.de

India has rolled out a 'voluntary' biometric ID card to all of its billion-plus citizens. Which is fascinating from a social, technical and fundamental rights perspective. This talk is about both intended and unintended consequences of this grand experiment, with a focus on the (implicit) assumptions we tend to make about technology. #Society #Privacy #SurveillanceState about this event: https://c3voc.de

Car security is, not surprisingly, a hot topic; after all they are fast and heavy computer controlled machinery that nowadays come with all kinds of internet connectivity. So we decided to have a look at it. In our presentation, we’ll first cover some theory behind the IT-part of car architecture. We’ll discuss attack vectors and their likelihood of success, and then discuss the various vulnerabilities we found. Finally, we will combine these vulnerabilities into a remote attack. Depending on the disclosure process with the vendor, which is pending, we might be able to demonstrate the attack. #DeviceSecurity #IoT about this event: https://c3voc.de

In this presentation I will present the cryptographic aspects of a new secure filesystem called SEF. The goals of this project is to create a filesystem that is secure, robust and easy to understand. The goal of this presentation is two fold. One is to present cryptographic primitive that can be used to design secure filesystems as opposed to the current practice of laying encryption just below or above the filesystem. The second is to solicit feedback on the security of my design. #DeviceSecurity about this event: https://c3voc.de

CVE-2017-2636 is a 7-year old race condition in the Linux kernel that was fixed by Alexander Popov in March, 2017. This vulnerability affected all major Linux distributions. It can be exploited to gain a local privilege escalation. In this presentation Alexander will describe the PoC exploit for CVE-2017-2636. He will explain the effective method of hitting the race condition and show the following exploitation techniques: turning double-free into use-after-free, heap spraying and stabilization, SMEP bypass. #DeviceSecurity about this event: https://c3voc.de

When the Australian media use the word “clusterfuck” in headlines describing a Government data-matching program that’s sending people to debt collectors, you know you have a campaign the community will connect with. Lyndsey Jackson, instigator of Australia’s #notmydebt, introduces the approach behind this collaborative social media campaign, and discusses some of the challenges, and rewards, of crowdsourced resistance. #Privacy #Society #SurveillanceState about this event: https://c3voc.de

The ultimate Hackerspace; From Panopticon-prison to Hackervillage-Castle-compound #Community #Making about this event: https://c3voc.de

Converting ambient energy into electrical energy to power wireless autonomous devices instead of batteries opens up a variety of opportunities to design electronic systems that last a life time, and don't ever need maintenance. This talk discusses the state of the art in energy harvesting, focusing on light, heat, and vibrations, and elaborating new storage media such as solid state cells and super capacitors. The emphasis is on practical applications and examples rather than theory, aiming to guide the audience on the way to removing batteries from their own creations and replacing them by energy harvesters. about this event: https://c3voc.de

Off Grid is a different kind of hacking game, and it is fully moddable. The game logic runs on Lua under the hood, and all the computers you hack, whether desktop PCs or IoT devices are their own Lua VMs allowing modders and hackers to create their own LUA hackable devices, hacking tools, and data types. This flexibility allows anyone to model real life or cutting edge hacks in the game, so next time you find a bleeding edge exploit, why write a white paper, when you could model it in a mod and pass it on for people to play? #Games #DeviceSecurity about this event: https://c3voc.de

This talk will show and compare different forms of political campaigns during election times, including Free Software tools. Best methods to be used for the different forms of campaigning will be explained in a way for you to pick it up and make it work for your topic. Let's put pressure bottom-up again! #Politics about this event: https://c3voc.de

How does internet influence your life? This lecture will be about my ongoing project Life Needs Internet (2012-2017) which documents digital culture through handwritten letters. Recent letters came from Brazil, China, France, India, Ghana and Papua. All handwritten letters are translated and documented on www.lifeneedsinternet.com. Together these letters create an archaeological insight into digital culture. The audience can participate in the project by writing their own handwritten letter during the lecture. #Society #Sharing about this event: https://c3voc.de

This talk focuses on the thesis assignment of Willem Westerhof. During this thesis it was discovered that a weak spot exists withing the Powergrid, allowing an attacker to perform a distributed attack using PV-installations to cause massive (nation-wide/continental) power outages. #NetworkSecurity #PhysicalSecurity about this event: https://c3voc.de

Many of the things we use on a daily basis are becoming smart and connected. The Internet of Things (IoT) will improve our lives by helping us reach our fitness goals, reduce resource consumption, increasing productivity, and track and secure our assets. Many embedded developers realize the potential benefits of the IoT and are actively developing various applications, from connected home devices to wearables to home security systems. However, along with these benefits come risks. No one wants to design an application that’s prone to hacking or data theft. One of the most complicated and crucial trade-offs in IoT security is the commissioning of wireless devices onto a network. This lecture presents a review of common commissioning methods and their security tradeoffs. #IoT #NetworkSecurity about this event: https://c3voc.de

The Internet isn't global. Only half of the world is connected to the Internet, English is still the largest language in terms of content and knowledge is increasingly privatized either through patented code (owned mostly by Sillicon Valley companies) or via obscure trade agreements pushed by the United States. How is the Internet used in Latin America to organize, resist repression and counter digital colonialism? #Society #Patents #Politics about this event: https://c3voc.de

A talk outlining the process of turning a personal electronic project into a successful kit business. #Making about this event: https://c3voc.de

Open Networking or "Web scale networking" is the concept where you're no longer tied into a single vendor for a network solution. You're free to choose you're own hardware and software. #NetworkSecurity about this event: https://c3voc.de

Our vision is to increase transparency behind personalization algorithms. <a href="https://facebook.tracking.exposed" target="_blank">facebook.tracking.exposed</a>, is two things: a web browser add-on that collects the stories visible in your Facebook Newsfeed, and a website that aggregates that data from all the users who have the addon installed. Our mission is to help researchers and users assessing how current filtering mechanisms work. Personalization algorithms should be modified in order to minimize the dangerous social effects of which they are indirectly responsible and to maximize the values, both individual and social, that algorithms should incorporate. #Social about this event: https://c3voc.de

Legal lecture on Cybercrime for non-legal-experts #Society #Politics about this event: https://c3voc.de

Our barrier-free documentary "Information. What are they looking at?" takes an inclusive approach to communicating knowledge around privacy violations through mass surveillance by governments and corporations. Addressing a diverse audience our we prioritise shifting the representational power from discourse dominating white men towards the expertise of women and people of color. #Privacy #SurveillanceState about this event: https://c3voc.de

The complexity of implementing a policy (law) and related operational and technical procedures to regulate the uses of Trojan by Law Enforcement in a way that protect civil rights while not preventing investigations from going on with the right balance of juridical/technical implementation. #Legal #Politics #Society about this event: https://c3voc.de

This talk demonstrates how to make fake gemstones and related accessories using only a 3D printer and kitchen, as well as various pointers to make your own designs. #Making about this event: https://c3voc.de

The talk aims to be an introduction to LED lighting, how to create lighting hardware, what regulations and protocols are involved and how lighting can generally improve human wellbeing. #Society #Making #PhysicalSecurity about this event: https://c3voc.de

This presentation introduces "phishing spam", an open-source Spearphishing Toolkit, and has a surprising ending with an ethical + philosophical twist. This is the kindof story that only comes from the trenches.. #Experimental about this event: https://c3voc.de

The idea of how to transform brainwaves in images and sounds is not new, but with the new digital technologies, it becomes more accessible. During this lecture, will be present how to get this impulses from cheap sensors, and process it with free/open source tools. #Making #Sharing about this event: https://c3voc.de

How do we know what good is. Are we creating something worth making? Are we lost in our own dogma? When do we step back and let the smoke clear before getting back to work? Important questions. Let's ask them out loud about this event: https://c3voc.de

In which we experiment with generative music, based on chaotic systems and cellular automata. Continuous sounds will be made using discrete systems, and discrete sounds will be made using continuous systems. #Making about this event: https://c3voc.de

This talk will introduce a couple of less well known applications of cryptography. about this event: https://c3voc.de

Helping participants to find the best and most secure tools and configurations to automate acquiring TLS certificates and deploying them to use. Bring your own infra ;) #NetworkSecurity about this event: https://c3voc.de

This talk is about the collaboration and Responsible Disclosure in a school environment by a high school hacker. #Sharing #Training about this event: https://c3voc.de

When designing technologies, networked systems, and measurements on the Internet, we must be aware of their implications and consequences for the society and participants. As engineers, scientists, programmers and other experts, we have moral obligations towards our peers, users of technologies we create, and the wider communities. In this talk I want to talk both about general ethical considerations, and specific examples of moral dilemmas that come from building the RIPE Atlas system, and conducting measurements that reveal workings of Internet infrastructure and services. #Society #NetworkSecurity about this event: https://c3voc.de

From thieves to prison breaks to secret tools, the murky world of the criminal locksmith is explored. It will not be a practical lesson in theft (sorry). #PhysicalSecurity about this event: https://c3voc.de

Your pentesting goal: getting the data. You decide to do it physically. How to go about? #PhysicalSecurity about this event: https://c3voc.de

A-Frame is an open-source web framework by Mozilla for easily creating VR experiences which work on all platforms. In this session you will learn to use various concepts & APIs of A-Frame and create interactive VR scenes on the web, all you need to get started is a basic knowledge of HTML & JS. about this event: https://c3voc.de

Many of us are reliant on the digital communication tools and reference platforms that are created by companies. These platforms - some with more users than the population of any country - are controlled by proprietary algorithms, governed through binding Terms of Services (ToS), allow for access to third-party services. This talk will take stock of six intrusive forces that exploit invasive data collection that I have coined ‘MIMICS’: Manipulation (of our feeds and search results), Indexing (of our clicks, pageviews and social graphs), Monitoring (our content consumption patterns to shape future results), Interception (of data via upstream surveillance), Censorship (through arbitrarily enforced content moderation policies) and ‘Siloing’ (which forces users to keep their data within the walled gardens of a single platform). #Society #Politics #Legal #SurveillanceState about this event: https://c3voc.de

We can intentionally build and improve the sociotechnical systems of which we are a part, or we can be haphazard in the worlds we create. The things which we personally find fulfilling and useful may not hold true at scale. This talk lays a framework for approaching societal-level change through being scientifically minded and taking active steps to test and implement greater equality and autonomy while respecting both. Weaponized Social was a series of events, discussions, actions, and surrounding community over the course of 2015 used to examine the network effects of human interaction, to encourage the healthy and to <strong>de</strong>weaponize the powerful tools at our fingertips. This talk reviews the lessons we learned about inequalities and institutional violence, the processes and tools for exploiting or combatting it, and personal responsibility. #Society #Sharing about this event: https://c3voc.de

Independent observers are noting a decrease in Freedom of speech worldwide. In its 2016 report, Reporter without Borders unveils a "climate of fear and tension combined with increasing control over newsrooms by governments and private-sector interests.", while Amnesty International's report on the State of the World Human Rights states that "2016 was the year when the cynical use of 'us vs them' narratives of blame, hate and fear took on a global prominence to a level not seen since the 1930s. Too many politicians are answering legitimate economic and security fears with a poisonous and divisive manipulation of identity politics in an attempt to win votes". At the same time, the United Nations Statistics Division insist on the unprecedented literacy rate achieved by Mankind globally. Human beings have more and more things to say. With this project, we present Silent Protest : a wearable DIY protest network build of inexpensive network gear and open source software. Its goal is to facilitate Freedom of Speech, enable Art sharing in countries where this Human Right is being challenged by authorities, and offer a customizable portable Anonymous Protest Network platform reliable and affordable enough to be build in third world countries and developed countries alike. #Privacy #Society #Software #Making about this event: https://c3voc.de

about this event: https://c3voc.de