Chaos Computer Club - SHA2017: Still Hacking Anyway (mp3)

This presentation will explain in detail how the tor network can grow with a minimum of effort. It will also zoom in on the problem of centralisation and how we can evade it and still make the network grow even larger. I'll try to explain to you how you can do this with configuration management. Even the smallest of organisations can use this way to expand the network and to allow us to browse the internet more securely. #NetworkSecurity about this event: https://c3voc.de

Talk by Henk (waag Society) and Evelyn Austin (Bits of Freedom). Cryptokids does just that. In a collaboration with Waag Society, Bits of Freedom and Network Democracy, we develop a series of lessons for kids aged ten to fourteen, in which they gain insight into the technical structure of the Internet, how data works, who is actually in charge online and why privacy matters. But more importantly, we try to empower them and provide tools for them to be more secure and to take charge of their own data when they surf the web. In this lecture we will explain the project. Why and how we started, where we are now, and what are the lessons learned. #Kids #Society #NetworkSecurity about this event: https://c3voc.de

Standards bodies, infrastructure providers, internet governance organizations and operators are getting more attention nowadays, but how are these institutions impacting human rights? In this talk we'll introduce you to the slippery acronym world of the IETF, ICANN, IEEE, ITU, 3GPP, RFCs, IXPs, RIRs and we promise you won't be bored! We'll try tot uncover parts that are crucial for what is (im)possible on the Internet, but that normally stay hidden. As a bonus we'll show you what you can do! #Politics #Society about this event: https://c3voc.de

In 2016, the VUSec system security group from Vrije Universiteit Amsterdam published three top-notch research papers on the topic of Rowhammer exploitation, leading to international media attention and even a prestigious PWNIE award. In this talk, we present key concepts of our research and provide an introduction to Rowhammer exploitation to the public. We describe how attackers can use the Flip Feng Shui exploitation vector to reliably attack cloud, desktop, and mobile platforms. #DeviceSecurity about this event: https://c3voc.de

Since early 2015, the University of Twente, SURFnet and SIDN collaborate in the OpenINTEL project. The goal of this project is to perform long-term, large-scale active measurements of the global DNS namespace. Our current coverage is around 60% of the global DNS and included .com, .net, .org, .nl (and other ccTLDs) and most new gTLDs. This talk will explain how we measure at this scale, collecting some 2.2 billion data points per day, and what we can learn about the evolution of the Internet from this data. Examples include adoption of cloud e-mail services and mail security measures, domains crafted for performing DDoS attacks, domains crafted for spam, and many others. #NetworkSecurity about this event: https://c3voc.de

Privacy laws are complex and vague. They offer little concrete guidelines for engineers. Privacy design strategies address this issue. They translate vague legal norms into concrete design goals. These can be used to start the conversation on how to design your system in a privacy friendly way from the very start. The outcome is a system that addresses privacy well, but may not be perfect. But that is good enough! #Privacy about this event: https://c3voc.de

What will the recent rapid progress in machine learning and AI mean for the fields of computer security and privacy? This talk gives a tour of some answers, and some unanswered questions. It will discuss new types of attacks and surveillance that are becoming possible due with modern neural networks, and some new research problems that the computer security community should be working on. #MachineLearning #Privacy about this event: https://c3voc.de

What does it mean to be free in a world where surveillance is the dominant business model? Databrokers turn our data into thousands of reputation scores, which are increasingly impacting our chances to get a job, a loan, insurance or even a date. As awareness of this grows we see a growing culture of self-censorship and risk-aversion. In the long term these chilling effects could seriously 'cool down' society. about this event: https://c3voc.de

LDraw™ is an open standard for LEGO CAD programs that allow the user to create virtual LEGO models and scenes. You can use it to document models you have physically built, create building instructions just like LEGO, render 3D photo realistic images of your virtual models and even make animations. The possibilities are endless. Unlike real LEGO bricks where you are limited by the number of parts and colors, in LDraw nothing is impossible. -- http://ldraw.org/ #Software #Kids #Making about this event: https://c3voc.de

Last decades I have made 3 films with technological aspects. Since I am not a nerd, but a writer/ journalist/ filmmaker with an interest in technology, science and, I can offer SHA to show my 3 films (eventually the last one TEETH with a short lecture). For debate and for fun. You can find more about me and my work on my own company http://poppeenpartners.nl/ #Community #Robot about this event: https://c3voc.de

Angels that would like to be a Herald have to attend one of the introductions. This is the third introduction. You will learn how to engage and control a crowd, how to handle a microphone. Heralds are the face of the event and function as a kind of Host on the stage, introducing speakers, moderating Q&As and making sure that everything happends on time about this event: https://c3voc.de

Modern vessels are equipped with all kinds of electronics, to easy navigation, assist in manoevring and -by far the most important- assist in the safety of the ship and its passengers. In this talk, we will evaluate the security principles that have been used to design these systems and how we can break into the onboard systems. #NetworkSecurity #PhysicalSecurity #DeviceSecurity about this event: https://c3voc.de

Viola van Alphen is activist, writer and former director of multimedia event GOGBOT, which was awarded as the Most Innovative Event of the Netherlands. In Oct she organizes Manifestations @ Dutch Design Week, reach: 290.000 visitors. Theme: Will the Future Design Us? sub theme: Internet of Women Things: on Need-driven innovation, what role do we want technology to have? </br> </br> With themes like the Googlization of Everything, Japanoiiid, Singularity is Near..Resistance is Futile, Mediapolis, Meme’s, Atompunk, the festival always seems to address one or more issues that create controversy and encourage the visitors to be more actively engaged in technology and the role they want technology to have and definitely to not have in the future. Themes around Privacy, Security and Hacking. </br> </br> The festival is free of entrance, taking art out of the museums and presenting it in the public space. With international artists, young talent and collaborations with i.e. VU University and University Twente, European Space Agency, NASA, Nanolab Twente, Mddr_ Lab, WORM, Lebowski StreetArt publishers, Anonymous, FEMEN, Hackerspaces, etc. </br> </br> With projects like Google Birth, Baghdad Car Bomb Wrecks of Jonas Staal, Tinkebels underwear-vending-machines, Workspace for “Terrorists” from Atelier van Lieshout, Autonomous Spaceships, etc etc. </br> </br> Together with a group of artists, Viola hacked herself into the Museum of Modern Art NYC using A.R. app LAYAR, which afterwards officially got added to the MoMA’s program.</br> </br> During the presentation she will show several examples of (tech) art, robots and activism. </br> </br> One of the goals to show worldwide professional artists active in the field of Security, Privacy and Hacking, but also build bridges between artists and hackers, and to (hopefully) take away previous experiences in seeing bad art and amateur art. </br></br> Saturday 11-23h you can experience Freerk Wieringa's exoskeleton: wear this and control a 3m high steel robot. www.freerkwieringa.nl </br></br> #Making #Robot #Art #Exoskeleton #Activism #Privacy #DDW #Design #Futurism #WillTheFutureDesignUs about this event: https://c3voc.de

The internet of things (IoT) is just at the beginning of its development, but there are already various examples of so-called fails, which are not coming from the pen of science fiction authors. In my talk, I present current examples that I collected as a journalist and did write about that might sound like science fiction, but actually have already taken place. I am also presenting collected solutions on how to make IoT a little bit more failure free and more privacy save. #IoT #Privacy #NetworkSecurity about this event: https://c3voc.de

For a long time automobile manufacturers designed their cars as closed systems with no security in mind. Recently security researchers have demonstrated how vulnerable vehicles are to cyber-attacks. Once compromised the vehicle is at the mercy of the hackers: by remotely taking over control of the car, they can perform dramatic actions with severe safety-related consequences for the passengers. This issue comes from the design of automobiles and the communication protocols they use. To function properly a vehicle makes use of different computers called “Electronic Control Units” (ECU) to perform various operations such as breaking or steering. Connected all together on the in-vehicle networks, the ECUs communicate with each other using simple protocols involving no security features, assuming the legitimacy and the trustworthiness of their peers. The lack of security mechanisms makes it difficult to guarantee the confidentiality, integrity and availability of automotive systems. Moreover the complexity of the situation increases with the rise of connected vehicles, communicating with each other (Vehicle-2-Vehicle communications, V2V) and with the infrastructure (Vehicle-2-Infrastructure communications, V2I). #PhysicalSecurity #DeviceSecurity #NetworkSecurity #IoT about this event: https://c3voc.de

Four years ago, in a tent at OHM 2013, the Mailpile project and crowd-funding campaign were launched. Our goal was to create a new Free Software e-mail solution that raised the bar on usability, security and privacy. This talk will discuss what has happened since. #Privacy #Software about this event: https://c3voc.de

Experiments in edible network infrastructures #Experimental about this event: https://c3voc.de

A timely reaction to security incidents is without doubts important. And while the techniques of digital forensics can come pretty close to perfect for single-host systems with small hard drive capacity, things can get easily messy with 10+ systems, a mixture of operating systems & mobile devices of various brands, or gigabit network traffic that is partly encrypted. This talk contains two parts. For one, the do's and don’ts for incident response from a forensic examiner’s point of view. Is it better to pull the plug, or gracefully shut the machine down, how to capture network traffic, and what to do if the machine is still running and you’d like to image the RAM. In particular, I’ll present a few methods how to capture network traffic for small networks that don’t have a dedicated monitoring port available, and what to do with them. Secondly, a list of things that went wrong when reality kicked in and good intentions do more harm than good. This will include the problems of tool dependency for specific tasks, free log aggregation using graylog and why there is no such thing a s a free lunch, GRR and the riddle for the perfect toolchain. #NetworkSecurity #Science about this event: https://c3voc.de

In this talk I'm going to go through the problems people are facing in moving from HTTP to HTTPS, why it's sometimes not seen as worthy of the time investment. Which things are broken in web TLS at the moment, but moreover how we actually already have the tools addressing most of the problems and how to use them effectively. I'll also cover the plumbing behind the transactions, the protocols used and different possibilities to automate it all... #Privacy #NetworkSecurity about this event: https://c3voc.de

A bug in Gstreamer could be used to own a Linux Desktop system. TCPDump released a security update fixing 42 CVEs. We have far too many security critical bugs in the free and open source software stack. But we have powerful tools to find them - we just have to use them. #Software #DeviceSecurity #Sharing about this event: https://c3voc.de

How does the public view whistleblowers? Would they use social media, blogs or other methods to blow the whistle? We report on gold-standard public polls across 4 European countries. We will present recent cases in Europe, and track the progress - and setbacks - in European protections. #Privacy #Society #Politics #SurveillanceState about this event: https://c3voc.de

European Commission plans are underway to introduce an extra copyright for news sites and an obligation for internet platforms to surveil all user uploads in the EU. We can still stop these dangerous plans, but not without your help. #Copyright #Politics about this event: https://c3voc.de

DNA is the code of life. It encodes how we are built, how nature operates. Science learns more and more about this uniquely digital language. This talk will excite hackers & anyone who knows a little bit about computing, since it turns out DNA is better explained in terms of bits than in terms of classical biology. Prepare to be blown away! about this event: https://c3voc.de

Tesla Model S, Jeep Cherokee, Mitsubishi Outlander, Nissan Leaf… The list of hacked cars grows every day and security has become a priority in the automotive industry. Until now, most of the security research and security development has been focusing in the higher layers of the software and in car interfaces like the WiFi, Bluetooth, USB or CAN. We, however, tried to assess security at lowest level possible: the microcontrollers in the ECUs. #PhysicalSecurity #DeviceSecurity #IoT about this event: https://c3voc.de

<p><b>BRING YOUR LAPTOPS. CHARGE THEM!</b></p> <p>Ever wondered how webpages arrive in your browser? How zmap works? Want to get your first hands-on experience using wireshark?</p> <p>To learn all that you need to learn the basic networking concepts. You're in luck as this is a hands-on networking workshop preceded by a lecture. We will cover such topics as the ISO/OSI model, Ethernet, IP, TCP, UDP, routing, and wireshark. <p> <p>The workshop at 33c3 was over-crowded, so this is a chance for those who couldn't attend, to make it this time.</p> #Training about this event: https://c3voc.de

You will get inspiration how you can teach your kids computational thinking. #Society #Science #Kids about this event: https://c3voc.de

Detecting a breach is hard, detecting someone who targets your network specifically is even harder. As pentesters, we notice that we often remain undetected and breaching an infrastructure via an external server generally goes unnoticed. However, indications of our breach could definitely have been picked up, we could have been detected. So, why weren’t we? This talk focusses on using simple detection mechanisms that detect specific post exploitation steps. We demonstrate simple tricks that can be used as a final warning mechanism. We choose to focus on the behaviour of an attacker and give them what they want. Is the attacker using Mimikatz? Give them (fake) credentials. Are they using Responder? Broadcast WPAD queries! Port scanning the network? Give them something to port scan! Design small traps from an attackers perspective to detect someone snooping around. Modern companies have various detection systems and immense amounts of logging. Not every alarm can be followed up, there needs to be a proper justification before starting a full-scale investigation. Indications of an initial breach (exploit-kit/phishing/malspam) do not justify a full-scale investigation. However, indications of post exploitation directs you towards a more focussed investigation. Assuming you don’t have many indications of post exploitation ;).<b> #NetworkSecurity about this event: https://c3voc.de

The MissingMaps project started almost three years ago. Since then, all over the world people have contributed to OpenStreetMap in those areas where maps are really needed and mostly missing: right where the Red Cross and Medicin Sans Frontieres have their fieldworkers to help in disaster areas, and areas with disasters waiting to happen. During SHA there will be an ongoing Mapathon at the Maptime Village. In this talk and introduction to this international maphacking grassroot initiative will be given, along with some of the results from the project. And of course it will be presented in such a way that attendees will really love to help map the world, starting at SHA! #Community #Sharing about this event: https://c3voc.de

Join this talk on DECODE, a project that provides tools that put individuals in control of whether they keep their personal data private or share it for the public good. #Privacy #Software about this event: https://c3voc.de

An in-depth demonstration of the process of creating video game music on an authentic retro computer - namely, the ZX Spectrum. Over the course of an hour I will attempt to create, from scratch, a chiptune cover version of a pop song chosen by the audience. Along the way, I'll explain the hardware limitations that give rise to the well-known blip-blop sound of chiptunes, and the tricks that musicians have used to overcome those limitations. #Making #Gaming about this event: https://c3voc.de

Tor offers great anonymity and privacy for millions of people. However, there are some Tor de-anonymization techniques that work. This presentation demonstrates de-anonymization of Tor hidden services and users. #NetworkSecurity about this event: https://c3voc.de

The IoT is emerging as the third wave in the development of the Internet. We have a great danger with IoT because of the surveillance by an individual hacker or a state actor to exploit the very private information of individuals or companies. We can secure our “Smart Homes” by using TOR. #IoT #NetworkSecurity about this event: https://c3voc.de

Slowly ignorance over dataleaks are vanishing. We start to accept that there are vulnerabilities that affect us on a daily basis. Yet we are terribly slow in learning from these incidents. What would you learn if you were to dig deeper into dataleaks as if it were a disaster? During this presentation we explore some lessons learnt. #Privacy #Society about this event: https://c3voc.de

HRF North Korea Program team will prepare a presentation to educate SHA 2017 participants about how information is currently brought into the tightly controlled closed regime—whether via leaflets dropped by helium-nitrogen balloons, on USB drives and DVDs, or by shortwave radio. The session will explore how individuals and organizations can improve current techniques to hack the regime’s information monopoly and accelerate the influx of outside information. #Privacy #Politics #Sharing about this event: https://c3voc.de

Even though the Snowden revelations for the first time clearly show that mass surveillance of communications is carried out on a global level, little knowledge seems to be available to the general public as well as the hacker community how these so-called COMINT operations actually work. The talk focuses on mass surveillance based on methods known from research of the interdiscplinary field of Computationanal Linguistics (or Natural Language Processing) and demonstrates how generation of selectors for mass surveilling text messages can occur. about this event: https://c3voc.de

A technical walk-through of a highly concurrent third-party implementation of Tor in the Erlang programming language. #Software #NetworkSecurity about this event: https://c3voc.de

Legislation is said to be slow to follow technological developments. This not only has an impact on the capacity of the police and intelligence services, but also has negative impact on the freedoms of citizens. In this talk I'll discuss some of the recurring issues and possibly solutions. #Politics #Privacy about this event: https://c3voc.de

All consumer electronics have integrated digital radios. Many with standardized specifications like WiFi, 3G/4G modems, but closed source radio base-bands with a mix of dedicated, power-efficient hardware-and software. Proprietary extensions can be implemented, patented and used to prevent others from gaining market share. Some examples will be presented. #Sharing #NetworkSecurity about this event: https://c3voc.de

Copyright is failing young people and their usage of the internet everyday, but a positive change will not come on its own. We present the outcomes of our copyright campaign so far, discuss how to move forward and engage with young participants of SHA2017. #Copyright about this event: https://c3voc.de

Side channel attacks (SCA) gained attention in the past years. New low cost tools like Chip-Whisperer proved that these attacks are not any more a theoretical, academic risk but a real threat to the security of the embedded systems. Many cryptographic products are now being developed having this attacks in mind and countermeasures are being implemented. This is the case of the omnipresent OpenSSL, which implement protections against side channel attacks to prevent the extraction of the secret key. In our presentation, we will briefly introduce SCA to the audience and discuss later the countermeasures implemented in the OpenSSL RSA and our attack that allows us to bypass them. #NetworkSecurity about this event: https://c3voc.de

Much of today's technology is said to be disruptive. In most cases, this means that technology can turn around the winners and losers of an entire branch. But recent digital attacks have shown that technology can also disrupt our entire society rather easily. There are many reason for that, one of them being issues surrounding the deployment of patches. Installing the patches that eliminates vulnerabilities seems to be something that has the lowest priority. That has to change. We need to update the way we deal with updates. In this talk I’ll address some of updates we need to apply to the process of updating. #DeviceSecurity #NetworkSecurity #IoT about this event: https://c3voc.de

The Trusted Boot Module is an open hardware module that enables all kind of devices (routers, embedded boards, laptops, desktops) to boot to a trusted state by loading only trusted code - while keeping the owner of the hardware in control. #PhysicalSecurity #DeviceSecurity about this event: https://c3voc.de

Welcome to SHA2017! So much camp, everywhere! #Community about this event: https://c3voc.de

We will take you behind the scenes of a call center that placed over 5 million calls to Dutch phone numbers and employed around 60 people. We will show how these call centers operate and how they convince their victims to pay for their ‘services’. You will see the social engineering techniques that are used by the scammers. We will also show that we could easily obtain the list of 5 million potential victims from the call center and how we eventually were able to track down the owner of the call center. #Society #ContentWarning about this event: https://c3voc.de

The goal of Quantum Internet project at TU Delft is to build an optically-connected network of many (small) quantum computers. Such a network enables the exchange of quantum bits between any of the connected quantum processors in order to solve problems that are intractable classically. #science #networksecurity about this event: https://c3voc.de

In July 2005, after several failed attempts to legalise software patents in Europe, the patent establishment changed its strategy. Instead of explicitly seeking to sanction the patentability of software, they are now seeking to create a central European patent court, which would establish and enforce patentability rules in their favor, without any possibility of correction by competing courts or democratically elected legislators. #Copyright #Patents about this event: https://c3voc.de

Bill Binney will talk about his experiences as Technical Director at the NSA where he had a 34 yr career. #Society #Privacy #SurveillanceState about this event: https://c3voc.de

We all are aware of the malware attacks and bot-net's behind this massive illegal industry which drains out pockets and even take our lives. This criminal organisations have own rules and own secrets that they don't want us to reveal. They like to infect hack and control the victims without get caught by law enforcements. We all know that end-point security is not enough for the zero day malware attacks so my research was always focused on their command and control centres. We will never win the malware war if we don't reveal their dirty job from inside, having this aim i managed to revel more than 10 unique C&C server dirty secrets in past years. This research articles are published in various cybersecurity magazines in Europe and Asia. #NetworkSecurity about this event: https://c3voc.de

Kirk Wiebe will talk about his experiences during his 32 year NSA career, specifically about effective intelligence gathering, the failure of mass-surveillance and how to fix it. #Society #SurveillanceState #Politics about this event: https://c3voc.de

In this presentation, I'll try to convince the audience how the CTF challenges can be extremely fun and very enlightening. A powerful weapon against the discouragement in the area. #NetworkSecurity #Gaming about this event: https://c3voc.de