32. Chaos Communication Congress

Die ASYL-DIALOGE erzählen von Begegnungen, die Menschen verändern, von gemeinsamen Kämpfen in unerwarteten Momenten – eine dieser Geschichten spielt in Osnabrück, wo seit März 2014 ein breites Bündnis solidarischer Menschen bereits 37 Abschiebungen verhindern konnte und somit für viele bundesweit zum Vorbild wurde...

The Asylum Dialogues Documentary Theatre - Actors for Human Rights Germany in German, with English, French and Arabic subtitles The ASYLUM DIALOGUES speak about encounters which change people, about joint fights in unexpected moments - one of the stories takes place in Osnabrück, where - since March2014 - a coaltion of solidary people could prevent until today 37 deportations and became a role model nationwide.

FOSS and hacker culture meeting the EU buereaucracy. What can possibly come out of that? We'll discuss what is involved for FOSS projects and other interested parties to get $$$ funding by the European Union. Hackers deal with rule systems and their execution. And the European Union issues a lot of rules which are executed by the "commission" and its employees. Within the Horizon2020 framework programme 80.000.000.000 Euros will be distributed towards research projects across Europe between 2014-2020. Shouldn't some of that money go to purposes deemed useful by 32c3 attendants?

No surprise, the formal rules a project has to live by just for an application proposal is somewhat amazing. FOSS hackers, on the other hand, are used to communicate and adapt to a multitude of programs and systems. Looking from the right angle, it can be interesting to understand how an EU funded project is supposed to work. Even if you don't usually find arbitrary rule systems and their execution interesting you may learn some interesting bits and pieces about how (not) to interact with the EU - should you decide that your project is ready or desperate enough to go that way. Some of these "bits and pieces" can take weeks to research and be summarized in 3 minutes. We'll specifically look and discuss how it played out for the NEXTLEAP project which aims to research decentralized crypto protocols and communities. Discussed in the hallways of 31c3 well after midnight it managed to receive 2 Million Euro in funding.

What does the fact that Tor users can’t edit wikipedia mean for the quality of the ``encyclopedia that anyone can edit?’’ How do captchas and blocking of anonymity services affect the experiences of Tor users when they are trying to contribute content? This talk will discuss the increasing limitations of active participation in the anonymous Internet and the findings of our interview study of Tor users and wikipedia editors concerning these issues. We believe that by understanding the contributions Tor users make—and that people denied access to anonymity tools don't make—we can help make the case for the value of anonymity online.

The belief that a free and open Internet enables people to accomplish great things together is at the core of projects like Wikipedia, open source software, and online political activism. The term “peer production” has been used for years to describe a new kind of collaborative project-—one that is facilitated by the Internet and in which people self-organize to create things they value, whether that’s software, encyclopedias, news, maps, or just about anything else. But research about these projects and how they work generally doesn't take into account the value of anonymous participation. Moderating user-generated or peer-produced content has challenges and many services (Yelp, Google, Wikipedia, Cloudflare, etc) have turned to third party blacklists, real-name policies, and banning users of anonymity networks like Tor to handle real and perceived abuse issues. The result of such decisions in aggregate means that the Internet offers uneven opportunities for participation and engagement. It’s easy to imagine anonymous participants as only jerks and trolls, but much harder to quantify the contributions that don’t happen when anonymity is banned or made more difficult. We interviewed Tor users about their participation in peer production projects and Wikipedia editors about their privacy concerns. In this talk, we will share stories about the contributions of anonymous participants and the chilling effects of limiting anonymity ---topics not edited and people silenced.

Eine zweite Büste der ägyptischen Königin sei gefunden worden, meldete Ägyptens größte Zeitung. Der Fund war jedoch Teil einer Kunstaktion, die Museen und Kunstmarkt für deren Umgang mit Antiken kritisiert.

Nelles und Al-Badri haben mit einem portablen Scanner die Daten der Nofretete aus dem Neuen Museum in Berlin geraubt und den daraufhin angefertigten 3D Druck in Kairo ausgestellt. Mit ihrer multimedialen Intervention „The Other Nefertiti“ stellen sie Fragen nach Original und Kopie, nach dem Monopol auf Digitalisate und fordern die neokolonialen Strukturen von Museen heraus. Auf dem Kongress werden sie über notwendige Lügen sprechen und Kunst als oppositionelle Strategie, alternative Erzählungen und wie Deutsche den Terror von Daesh finanzieren.

The REXUS/BEXUS programme allows students from universities and higher education colleges across Europe to carry out scientific and technological experiments on research rockets and balloons. Each year, two rockets and two balloons are launched, carrying up to 20 experiments designed and built by student teams. By reference of two experiments we were involved in, we will explain the way from the experiment idea to the launch and test of it.

Bringing an experiment into space aboard a sounding rocket or into the higher atmosphere aboard a balloon is not as hard as one might think. Students from Europe can simply write a proposal and apply for the REXUS/BEXUS programme, which is realised by an agreement between the German and Swedish space agencies, DLR (German: Deutsches Zentrum für Luft- und Raumfahrt) and SNSB (Swedish National Space Board, Swedish: Rymdstyrelsen). The Swedish share is furthermore accessible to teams from other European countries through ESA. For REXUS, two sounding rockets are launched from northern Sweden every year, each one capable of carrying up to 5 experiments (max. experiment payload mass approx. 40kg) to an altitude of 80-90km. The experiments have to be engineered to withstand at least 20g of acceleration during ascent and descent, and experience milli-gravity when close to the apogee. In addition, the space specific thermal and vacuum environment need to be considered. Since the altitude is too low for reaching an orbit, the rocket motor and payload falls back to ground and is recovered by helicopters. The experiments are then returned to the student teams and the data from the 10min flight can be analysed, for instance, atmospheric measurements or technology demonstrators. Similarly for BEXUS, two balloons per year are launched from the same location in Sweden and allow for carrying up to 12 experiments (max. 100kg). The balloon lifts the gondola with inside experiments to an altitude between 25-30km. After some hours of floating, the balloon is separated and the gondola descents on a parachute. The payload is then recovered by a helicopter and returned to the launch site by truck. During the talk we will present two experiments which we were involved in: - Fiber Optical Vibration Sensing Experiment launched on RX15 in May 2014, and - Advanced Receiver Concepts for ADS-B Experiment launched on BX18 in October 2014 Beside this, we will explain, how other interested students can participate in the next REXUS/BEXUS cycle.

In recent years, NGOs have been struggling to defend civil rights in Brussels. As human rights defenders, it is part of our job to detect failures in the EU’s digital policy-making. But we rarely have the opportunity to explore the underlying reasons and to debug Europe’s kernel package.

In this talk, we want to analyse the EU’s biggest fails and explore the following questions: Where and why is the European Union failing? Can the EU learn from its failures? Where and what is the European digital rights movement? How do we make our advocacy more successful? In recent months, these fails have received a great deal of attention in the press – Oettinger’s Taliban attacks, Schroedinger’s net neutrality, the cybercybercyber war and the repeated repackaging of ACTA. It is reasonable to say that in a complex system like the European Union, system failure is a perpetual risk. However, for the defence of human rights and, indeed, many other policy issues, limiting those risks is absolutely essential. This is why we want to explore how we can gain insights and use valuable information from recent fails to fix the EU’s vulnerabilities. Most importantly, if we wish to prevent the more serious failures in the future, we need to examine how and where our advocacy fails. Access and European Digital Rights fight for digital rights at the EU level. Although we’re detecting and fighting a large number of failures that the European Union produces with regard to digital policy-making, we’re still very far from preventing the big fails. For instance, instead of proposing real solutions to the migration crisis, the EU’s shortsighted vision focuses on border surveillance. Instead of an urgently needed reform of Europe’s privacy rules, its governments water down the protections for their citizens. Instead of safeguarding the open and neutral internet, the EU paves the way for discrimination by the big telcos. Instead of proposing evidence-based policies, the EU is trying to justify its proposals with evidence-making surveys. Certainly, Brussels is obscure, opaque, complicated and far away – but the decisions made there affect us all. Unfortunately, among the many reasons for a failing defense of human rights at EU-level is the political indifference and resignation in our community™, a lack of understanding of the Brussels maze, a lack of awareness of the extent to which our national governments are directly involved in the policy-making process and a lack of communication about what happens in Brussels. During our talk, we therefore want to explore the following questions: Where and why is the European Union failing? Can the EU learn from its failures? Where and what is the European digital rights movement? How do we make our advocacy more successful?

Im März 2014 wurde der NSA-Untersuchungsausschuss im Bundestag eingesetzt, der die Verwicklungen um die deutschen Geheimdienste aufklären soll. Ein Rück- und Ausblick: Was wissen wir heute, was erwartet uns noch?

Immer wieder stößt der Ausschuss, der die (Zusammen-)Arbeit der deutschen Geheimdienste und der Five Eyes untersuchen soll, auf Schwierigkeiten. Die Abgeordneten und ihre Mitarbeiter müssen unter widrigen Bedingungen mit Unmengen an eingestuften Papierakten arbeiten und bekommen wichtige Informationen vorenthalten. Die Gedächtnislücken vieler Zeugen sind bemerkenswert, ebenso wie die eigenartigen Rechtsauffassungen der Spione, die zu Tage treten. Die Theorie, dass Grundrechte nicht im Weltraum gelten, ist nur ein Beispiel von vielen. Die Szenerie gleicht nicht selten absurdem Theater und doch wissen wir mittlerweile mehr als am Anfang. Der Vortrag wird einen Überblick über das geben, was wir seit Beginn des Ausschusses erfahren haben und einen Ausblick auf das bieten, was uns noch erwartet. Nicht zuletzt soll überlegt werden, welche Schlussfolgerungen wir aus den Erkenntnissen ziehen und was sie uns über die Unmöglichkeit der Geheimdienstkontrolle offenbart haben.

Can we build trustworthy client systems on x86 hardware? What are the main challenges? What can we do about them, realistically? Is there anything we can?

In the first part we will take a look at the security problems we encounter on modern Intel-based x86 systems, specifically on laptops. In the second part we will discuss how most (all?) of these problems could be addressed, with just minimal hardware modifications realizable by laptop OEMs.

Analysis of the emission scandal shaking the German automotive industry from a procedural, organizational and technical level. Includes insight into cheating for advanced managers and code extraction from ECUs from Ebay. And from Volkswagen. Initially.

The exhaust emission scandal has visibly shaken the confidence auto buyers put into the German automotive industry. The details are – half a year after Volkswagen managers confessed to fraud – scarce, very scare. Both around the procedural and the technical details of the betrayal. Daniel will show how engineering a Electronic Control Unit (ECU) works, and how many people are involved. And he will take a look at the revealing communication from the affected parties. That try to share nothing with many words but still reveal a few interesting details. Felix takes the other approach and looks at body of evidence that 8+ million people have access to but too few took a closer look. He will share the tricks to extract the firmware from the affected engine control units and share the findings he made along the way and when he looked at the plain and honest truth in code.

Unser Vortrag demonstriert einen PLC-only Wurm. Der PLC-Wurm kann selbstständig ein Netzwerk nach Siemens Simatic S7-1200 Geräten in den Versionen 1 bis 3 durchsuchen und diese befallen. Hierzu ist keine Unterstützung durch PCs oder Server erforderlich. Der Wurm „lebt“ ausschließlich in den PLCs.

PLCs der Baureihe Siemens Simatic werden über einen proprietäres Protokoll verwaltet. Mit diesem Protokoll kann ein PLC gestartet und gestoppt werden. Es können Diagnoseinformationen gelesen und der Upload/Download von Benutzerprogrammen durchgeführt werden. Für die S7-300/400 existieren bereits OpenSource-Lösungen die das Siemens Protokoll unterstützen. Mit der Einführung der neuen Produktreihe S7-1200 wurde das alte Protokoll von Siemens abgelöst und durch ein neues Protokoll ersetzt. Zu diesem neuen Protokoll steht weder eine offizielle Dokumentation zur Verfügung noch existieren veröffentlichte Untersuchungen. Wir haben dieses Protokoll basierend auf der S7-1200v3 analysiert und können beliebig Benutzerprogramme mit diesem Protokoll auf einer PLC installieren bzw. auslesen. Hierauf aufbauend haben wir einen PLC-Wurm entwickelt, der selbstständig ein beliebiges Netzwerk nach S7-1200v3 Geräten durchsucht und diese befällt wenn die Schutzmechanismen ausgeschaltet sind. Der Wurm ist ausschließlich in der Programmiersprache SCL programmiert und benötigt keine weitere externe Unterstützung. Für die Fernsteuerung der infizierten PLCs haben wir einen Command&Control Server implementiert. Infizierte Geräte können sich automatisch mit diesem Server verbinden. Über diese Schnittstelle können wir aus der Ferne beliebige Steuerausgänge verändern. Eine Proxy-Funktionalität erlaubt es uns über einen Tunnel auf weitere Systeme in dem Netzwerk zuzugreifen. Schließlich kann über den Steuerungsserver auch der Defect-Modus ausgelöst werden. Hierdurch stellt die PLC ihre Arbeit ein. In diesem Modus ist ein Kaltstart der PLC erforderlich. Dies werden wir im Rahmen des Vortrags vorführen. Diese Arbeit zeigt, wie wichtig es ist, dass Inbetriebnehmer die vorhandenen PLC Sicherungsmechanismen verwenden. Außerdem sollten die neusten PLC Softwareversionen und Funktionalitäten genutzt werden.

News about the rad1o half a year later – cool stuff that happened, and why you need an SDR.

The rad1o was the badge for the Camp 2015. This talk will be a bit about what went into a project of this size, what went well and what not so much. The main part is about what we (and lots of other volunteers) have done with it – both standalone and with a computer, and why y’all need to play more with SDR.

In Internet Landscapes, Evan Roth with discuss his work as it relates to visualizing, archiving and understanding the Internet and its effects on culture with a focus on the misuse of communication technologies. Roth will trace his personal and creative history within an Internet landscape that has changed significantly in the last 16 years. The presentation will include a range of work culminating in his more recent pilgrimages to the beaches of the UK, New Zealand and Sweden, where submarine Internet fiber optic cables reach the land. Armed with an array of paranormal technologies, Roth will recount his personal quest to visualize and reconnect with a changing Internet landscape.

Dr. Peter Laackmann und Marcus Janke zeigen mit einem tiefen Einblick in die Welt der Hardware-Trojaner, auf welchem Wege „Institutionen“ versuchen können, sich versteckten Zugang zu Sicherheits-Hardware zu verschaffen.

Wer bzw. was kann Hersteller dazu bringen, den Einsatz von „Backdoors“ zu akzeptieren, zu billigen, zu unterstützen oder sogar selbst zu initiieren? Wann ist es Mutwilligkeit, wann Ignoranz, wann Dummheit? Versteckte Zugänge zu Sicherheitschips, auch als „Backdoors“ bekannt, stellen eine erhebliche Bedrohung für die Sicherheit persönlicher Daten in vielen heutigen Anwendungen dar. Die Referenten zeigen detailliert, auf welchem Wege „Institutionen“ versuchen können, sich versteckten Zugang zu Sicherheits-Hardware zu verschaffen. Die Beispiele reichen von der einfachen Firmware-Änderung über Schaltungsmodifikationen in Herstellungsmasken, bis hin zu Sondertechnologien, deren Nutzung als „Backdoors“ auch in der Zertifizierung nahezu undetektierbar ist. Gleichzeitig wird gezeigt, auf welchen Wegen jeder Beteiligte in Entwicklung, Produktion und Anwendung helfen kann, „Backdoors“ schon im Ansatz zu verhindern. Besonderes Augenmerk liegt auf der Erkennung bestimmter als vermeintliche „Sicherheitsfeatures“ angepriesener Technologien, die jedoch ihren Einsatz als Hardware-Trojaner stark begünstigen und somit geradezu herausfordern. Auch der moralisch-ethische Aspekt soll beleuchtet werden: Wer bzw. was kann Hersteller dazu bringen, den Einsatz von „Backdoors“ zu akzeptieren, zu billigen, zu unterstützen oder sogar selbst zu initiieren? Wann ist es Mutwilligkeit, wann Ignoranz, wann Dummheit? Der Vortrag zeigt, was man gegen diese Bedrohung schon präventiv auf jeder Ebene unternehmen kann und wie sich die Abwesenheit von „Backdoors“ wirksam kontrollieren läßt. Die Autoren blicken auf über 25 Jahre private und fast 20 Jahre berufliche Erfahrung im Bereich Chipkarten-Angriffsmethoden zurück. Nach ihren allerersten Chipkarten-Vorträgen und -Workshops 1991-93 auf den CCC-Kongressen im Eidelstädter Bürgerhaus knüpfen die Referenten nun an ihren Überblick „25 Jahre Chipkartenangriffe“ auf dem 30C3 an.

Angae means "Fog" in Korean. The term is widely used in parts of custom code used by the Red Star OS. We will lift the fog on the internals of North Korea's operating system. Our talk will provide information about how privacy is invaded for all users of Red Star OS and how an operating system designed by a totalitarian dictatorship works.

In 2014 the version 3 of North Korea's Red Star operating system was leaked. It is based on Linux and has the look and feel of a Mac. There is also a server version available. We will start the presentation by giving a general overview and presenting findings that already hit the net during the last year, like research on Red Star’s custom browser and its configuration. The focus of the presentation is to explain in depth how the architecture of the components is made up and to give a detailed overview of the privacy invading custom code implemented into the OS. The system is designed to defend and protect itself from changes made from user space. We will analyze the interaction of the components and the protection mechanisms and provide information on how to deactivate some of the malicious functionality of Red Star OS. North Korea abuses the principals of free software to provide an operating system that suppresses free speech. Therefore we think it is necessary to disclose this information to the public and present the audience on how to get around the limitations introduced by North Korea. Investigating functionality that can be used to invade the privacy of users was our primary goal. We found that the features implemented in Red Star OS are the wet dream of a surveillance state dictator. It provides a set of surveillance features like the capabilities to watermark different types of files that can be used to track the distribution of documents and multi-media files. We will have an in depth look on how some of these features built the foundation for a suppressive state in a modern world.

Yosys (Yosys Open Synthesis Suite) is an Open Source Verilog synthesis and verification tool. Project IceStorm aims at reverse engineering and documenting the bit-stream format of Lattice iCE40 FPGAs and providing simple tools for analyzing and creating bit-stream files, including a tool that converts iCE40 bit-stream files into behavioral Verilog. Currently the bitstream format for iCE40 HX1K and HX8K is fully documented and supported by the tools. Arachne-PNR is an Open Source place&route tool for iCE40 FPGAs based on the databases provided by Project IceStorm. It converts BLIF files into an ASCII file format that can be turned into a bit-stream by IceStorm tools. This three projects together implement a complete open source tool-chain for iCE40 FPGAs. It is available now and it is feature complete (with the exception of timing analysis, which is work in progress).

2015 und 2016 sind wichtige Jahre für die Netzpolitik in der Schweiz, denn die Parlamente entscheiden sowohl die Revision des BÜPF (Bundesgesetz betreffend die Überwachung des Post- und Fernmeldeverkehrs) als auch das NDG (Nachrichtendienstgesetz).

Die beiden Gesetze würden den entsprechenden Bundesbehörden deutlich mehr Handlungsfreiheiten einräumen, wenn es um das Sammeln von Daten auf Vorrat und das Überwachen der Telekommunikation geht. Im Vortrag geben wir eine Übersicht über die beiden Gesetze und sprechen darüber, welche Auswirkungen sie unserer Meinung nach haben werden und was wir dagegen unternehmen und bereits unternommen haben. Einige der am stärksten kritisierten Punkte der Gesetze sind:

• Dem Nachrichtendienst wird der Einsatz von Staatstrojanern gestattet,
• Dem Nachrichtendienst wird exzessiver Zugriff auf den Internetverkehr in der Schweiz gestattet (Kabelaufklärung),
• Die Vorratsdatenspeicherung in der Schweiz wird weiter ausgebaut.

This presentation covers windows kernel driver security issues. It'll discuss some background, and then give an overview of the most common issues seen in drivers, covering both finding and fixing issues.

In this presentation I intent to cover a rapid fire set of issues that commonly occur in windows drivers. From the trivial (ioctl, probing) to the obscure and subtle. The presentation will discuss these issues, illustrate them with examples, and offer developer guidance on how to avoid and mitigate these issues. Whether you're a security researcher, a developer looking for some security guidance when writing these drivers, or just generally curious about driver internals, there's something here for all.

Key-Loggers are cool, really cool. It seems, however, that every conceivable aspect of key-logging has already been covered: from physical devices to hooking techniques. What possible innovation could be left in this field?

Well, that’s what we used to think too. That is until we noticed that little grey box sitting there underneath a monitor, next to yesterday’s dirty coffee cup. The little grey box that is most commonly known as ‚KVM‘. The talk will tell the tale of our long journey to transform an innocent KVM into a raging key-logging monster. We will safely guide you through the embedded wastelands, past unknown IC’s, to explore uncharted serial protocols and unravel monstrous obfuscation techniques. Walking along the misty firmware woods of 8051 assembly we will challenge ambiguous functions, and confront undebuggable environments. Finally, we will present a live demo of our POC code and show you that air-gapped networks might not be as segregated as you imagined. You will witness that malware code could actually reside outside your computer, persisting through reboots, wipes, formats, and even hardware replacements. You might laugh, you might cry, but one thing is certain – you will never look at your KVM the same as before Our presentation will guide the audience trough an entire research project process: from the choice of a research subject, the learning stage, trough the many failures along the way, and until a complete success is finally achieved. Our research process provides useful insights for both entry-level and experienced researchers in the hardware hacking area. This research sheds light on a brand new field that has yet to be uncovered by the security community. We believe that CCC, as one of the world’s largest security convention, will provide the most suitable stage to share our research story and its implications. And finally, this talk is the product of a long research project which was both fulfilling and exciting, we are confident the audience will relive our experiences throughout the presentation.

Public Library is the synergy of two efforts. First, it makes the case for the institution of public library and its principle of universal access to knowledge. Second, it is an exploration and development of distributed internet infrastructure for amateur librarians. If Public Library is a proposal/RFC Memory of the World is its proof of concept and reference implementation.

In the catalog of History the institution of public library is listed in the category of phenomena of which we humans are most proud. Along with free public education, public healthcare, the scientific method, Universal Declaration of Human Rights, Wikipedia, free software… It’s one of those almost invisible infrastructures that we start to notice only once they go extinct. A place where all people can get access to all knowledge that can be collected seemed for a long time a dream beyond reach – until the egalitarian impetus of social revolutions, the Enlightment idea of universality of knowledge, and the expcetional suspension of the comercial barriers of copyright made it possible. The Internet has, as in many other situations, completely changed our expectations and imagination about what is possible. The dream of a catalogue of the world – a universal access to all available knowledge for every member of society – became realizable. A question merely of the meeting of curves on a graph: the point at which the line of global distribution of personal computers meets that of the critical mass of people with access to the Internet. Today nobody lacks the imagination necessary to see public libraries as part of a global infrastructure of universal access to knowledge for literally every member of society. However, the emergence and development of the Internet is taking place precisely at the point at which an institutional crisis — one with traumatic and inconceivable consequences — has also begun. The reactionary forces of the »old regime« are staging a »Thermidor« to suppress the public libraries from pursuing their mission. Today public libraries cannot acquire, cannot even buy digital books from the world’s largest publishers. The small amount of e-books that they were able to acquire they must destroy after only twenty-six lendings. Libraries and the principle of universal access to all existing knowledge that they embody are losing, in every possible way, the battle with a market dominated by new players such as Amazon.com, Google, and Apple. In 2012, Canada’s Conservative Party–led government cut financial support for Libraries and Archives Canada (LAC) by Can$9.6 million, which resulted in the loss of 400 archivist and librarian jobs, the shutting down of some of LAC’s Internet pages, and the cancellation of the further purchase of new books. In only three years, from 2010 to 2012, some 10 percent of public libraries were closed in Great Britain. The phenomena of which we people are most proud are being undercut and can easily go extinct.

Several years ago, the Great Firewall of China was silently upgraded to find and block circumvention servers that employ encryption to defeat deep packet inspection. The system is now used to block protocols such as Tor, SoftEther, and SSH. In this talk, we will give an overview of how this system works, and how it can be circumvented.

The GFW's reactive probing system scans egress network traffic for circumvention protocol signatures, and then launches short-lived probes to verify if the suspected server is, in fact, speaking the circumvention protocol. If that is the case, the GFW adds the IP address and port of the server to a country-wide blacklist, preventing people in China from connecting to it. We recently finished a multi-month research project in which we looked at the system from different angles to answer several open questions. In particular, we will talk about:

• How the reactive probing system makes use of thousands of unique IP addresses to launch its probes.
• We discuss our hypotheses on the physical design of the reactive probing system. Our evidence shows that all these IP addresses are either hijacked, or that the GFW operates a large, geographically distributed network of proxies.
• We show patterns in the IP, TCP, and TLS headers that suggest that the thousands of reactive probing IP addresses we harvested are controlled by few centralized systems.
• How the system seems to flush its blacklist regularly, providing a short window for circumvention.
• The effectiveness of the system, i.e., how good is it at blocking servers and how well does it scale?
• How the GFW seems to treat science and education networks different from consumer networks.
• Ways to troll the Great Firewall of China.

In the past years there has been a lot of discussion on the topic of state sponsored surveillance. But hardly any material can be accessed to support the general debate due to vaguely declared security concerns. So we are debating Big Brother with little knowledge about what he actually sees, while he is watching. Over the course of three years, I was able to research the archives left by East Germany's Stasi to look for visual memories of this notorious surveillance system and more recently I was invited to spend some weeks looking at the archive by the Czechoslovak StB. Illustrating with images I have found during my research, I would like to address the question why this material is still relevant – even 25 years after the fall of the Iron Curtain.

The Amiga was one of the most powerful and wide srpead computers in the late 80's. This talk explains its hardware design and programming.

The Amiga 1000 appeared in 1985 and was followed by the Amiga 500 a few years later, which had the same design concept but was a little bit more powerful. The hardware design was highly sophisticated and powerful and was years ahead to other computers at the time then. Equipped with the Motorola 68000 Microprocessor as the CPU which was internally a full 32 bit processor and several additional co-processors for various complex DMA tasks it was perfect for graphics-intensive software. This talk explains the hardware in detail, how all those processors interacted and how it was programmed.

For years SCADA StrangeLove team speaks about vulnerabilities in Industrial Control Systems. Now we want to show by example of railway the link between information security and industrial safety and demonstrate how a root access gained in a few minutes can bring to naught all the years of efforts that were devoted to the improvement of fail-safety and reliability of the ICS system. Railroads is a complex systems and process automation is used in different areas: to control power, switches, signals and locomotives. At this talk we will analyze threats and vulnerabilities of fundamental rail-road automation systems such as computer based interlocking, automatic train control and automatic train protection. No vendor names and vulnerabilities details will be released, for obvious reasons. By the way, all research based on hands-on security exercises and most of issues are confirmed and processed by vendors.

Did you ever want to have access to a few hundred thousand network end points? Or a few hundred thousand phone numbers? A short look behind the curtains of how not to do network security.

Have you ever wondered why cable modem providers don’t allow you to swap out your modems with your own? Once you look at the network your modem (and thus you once you gain access to it) has access to, a whole new world of security mess-up lies ahead. Join me in exploring how DOCSIS (the standard behind cable modems) works, how it’s used today in a real life example setup, how you could potentially make it secure and what implications this has to you as an end user. I will also show you what happens if you don't look out for security on the DOCSIS network and how that can lead to compromising other people's modems, private networks and telephone access.

Datahavens have long been discussed as a solution to user security and privacy needs. Instinctively, the idea of physical locations where servers for communications, financial privacy, and other services can work is easily understood and seems appealing. As a founder of the HavenCo datahaven on Sealand in 2000, I saw firsthand the potential and the pitfalls of this approach.

Datahavens have long been discussed as a solution to user security and privacy needs. Instinctively, the idea of physical locations where servers for communications, financial privacy, and other services can work is easily understood and seems appealing. As a founder of the HavenCo datahaven on Sealand in 2000, I saw firsthand the potential and the pitfalls of this approach. We will discuss the concept behind datahavens, some specific examples, the legal and technical challenges they face, and how specifically HavenCo failed. While projects to date have largely failed, there is hope for the future, both in the physical datahaven approach and in technical measures, so there is good reason to be optimistic.

CubeSat are small standardized satellites typically flown as secondary and containerized payloads piggybacking on the launches of larger satellites. Their low entrance cost have been a revolution in opening access to space for a broad range of institutions. In this talk the basics of CubeSat standards, technology and development are going to be presented. The goal is to proliferate the knowledge of what it takes to successfully build, launch and operate a CubeSat within and beyond the hacker community.

It has been 12 years since the first CubeSat was launched. Invented as a standard for university student satellite projects, the advantages of the CubeSat standard made it outgrow the educational field. The (relatively) low entrance hurdle in terms of cost and regulations has inspired many to pursue their own satellite project. But why do about 50% of all first-time CubeSats fail early? This talk is aiming at spreading the knowledge of how to tackle the task of conducting a CubeSat mission. What are the special requirements for CubeSats? How is the space environment different from what we came to expect for earth-based projects? What kind of components are available? What (FOSS) tools are available for the design and verification process?

Last year at 31c3 we disclosed Thunderstrike, the first firmware attacks against Macbooks.

This year we’ve ported old UEFI vulnerabilities to the Mac and will demo Thunderstrike 2, an extension to the attack that no longer requires physical access and can replicate via shared Thunderbolt devices.

Seven years after presenting „running your own GSM network“, we are back presenting about how to do the same for 3G (UMTS/HSPA) networks.

Seven years ago, the now famous „running your own GSM network“ talk was held at 25C3, paving the way for a first step into the then-new field of applied research (aka hacking) into mobile communications research. The result of that talk is what is known as OpenBSC. Together with its sister-projects OsmoBTS, OsmoPCU, OsmoNITB, OsmoSGSN and OpenGGSN are commonly used to run GSM/GPRS networks as a means to perform security research, offensive as well as defensive. Now, the team behind those projects has finally started work on supporting 3G base station hardware, extending the scope from 2G/2.5G/2.75G technologies towards UMTS, HSDPA and HSUPA. The talk will cover * what was/is required to implement in terms of the protocol stacks, * the current status of this work, * how it integrates into the Osmo* world, * how it is envisioned to be usd in mobile security research. Like at 25C3, there will also be a demo, of course..

Light of astronomical objects gets distorted as it passes earth’s atmosphere. Adaptive optics can correct this distortion and create images that are as sharp as those taken in space. The correction needs a bright reference star. If there is no such star nearby, an artificial Laser Guide Star can be created in the upper atmosphere.

A lot of clever real time software, hardware and feedback loops steer a deformable mirror to straighten the distorted wavefront. The talk looks at the technologies of this fascinating technique and will also cover the question how to become a laser-rocket-scientist. Also, there will be star-wars like laser pew pew pictures & videos. In the first part I will talk about the background of adaptive optics and how it enables ground-based observations which people though to be impossible only two decades ago. We will look at the building blocks of such a system and how they are combined to work together nicely. The second part will look at a real Laser-AO system, the project I have worked with, ARGOS at the LARGE Binocular Telescope in Arizona. I will present the system in detail and talk about the little things in all the black boxes. Mechanics, electronics, Optics and Software. We will have images and videos of the system at work and look at first test results showing the potential of this system. ARGOS feeds one of three near-infrared multi-object spectrometers that exists on this planet (Instruments name: LUCI). LUCI is used to record light from the universe 11 billion years ago to to answer the question where galaxies came from and how they developed. In the last (somewhat shorter) part I want to briefly talk about what it takes to get into this kind of work, how to become a „laser rocket scientist“. I get this question a lot in Q&A sessions and therefore want to address it right away. There are misconceptions about his type of work and quite a number of people leave the field again – mainly because school and especially university puts up a distorted picture and sometimes questionable promises about careers in science.

Payment systems are old and have – unlike card protocols – seen little scrutiny so far. This talk enumerates design and implementation flaws in payment processing systems, which can defraud consumers and merchants.

Like most embedded devices, payment system elements are potentially vulnerable to a range of attacks. This has not changed in years. What did change, though, is the exposure of these vulnerabilities: Serial interfaces are now exposed via ethernet; proprietary backend protocols are reachable over the Internet TCP, and flaws in real time operating systems are widely known. This talk provides an overview of design issues and implementation vulnerabilities in current payment processing systems, including un-authenticated protocols and insecure hardware implementations, which enable fraud vectors against merchants who operate payment terminals and consumers who use them. Some of them remote and pre-auth ...

Software design and testing is hard, but what happens when each bug fix can cost months of delay and millions of dollars? In this talk we’ll take a behind-the-scenes look at the challenges in the design of a very complex, yet critical piece of hardware: the modern x86 CPU.

All hardware design and testing is complex, but x86 CPUs are designs that must work correctly basically 100% of the time. They are critical not only for running your applications, but for enforcing the security of the entire system. In this talk, we’ll explore what modern x86 CPU hardware looks like, describe some of the methodology around CPU testing, and discuss real-world hardware design. So does that all make flawless hardware? Of course not! CPU bugs do happen, and when dealing with hardware bugs, it’s rarely as simple as “download this patch”. This talk will additionally look at some of the various capabilities used with modern chips to address late-breaking issues, from special configuration bits to microcode to even focused ion beams. The goal of this talk is to not only provide the listener with a glimpse into the world of complex hardware design, but to hopefully inspire software engineers with new ideas on how to test equally critical software that must “just work”.

Memory corruption is an ongoing problem and in past years we have both developed a set of defense mechanisms and novel attacks against those defense mechanisms. Novel defense mechanisms like Control-Flow Integrity (CFI) and Code-Pointer Integrity (CPI) promise to stop control-flow hijack attacks. We show that, while they make attacks harder, attacks often remain possible. Introducing novel attack mechanisms, like Control-Flow Bending (CFB), we discuss limitations of the current approaches. CFB is a generalization of data-only attacks that allows an attacker to execute code even if a defense mechanism significantly constrains execution.

Memory corruption plagues systems not just since Aleph1's article on stack smashing but since the dawn of computing. With the rise of defense techniques like stack cookies, ASLR, and DEP, attacks have grown more sophisticated but control-flow hijack attacks are still prevalent. Attackers can still launch code reuse attacks, often using some form of information disclosure. Stronger defense mechanisms have been proposed but none have seen wide deployment so far due to the time it takes to deploy a security mechanism, incompatibility with specific features, and most severely due to performance overhead. Control-Flow Integrity (CFI) and Code-Pointer Integrity (CPI) are two of the hottest upcoming defense mechanisms. After quickly introducing them, we will discuss differences and advantages/disadvantages of both approaches, especially the security benefits they give under novel memory corruption attacks. CFI guarantees that the dynamic control flow follows the statically determined control-flow of the compiled program but an attacker may reuse any of the statically valid transitions at any control flow transfer. CPI on the other hand is a dynamic property that enforces memory safety guarantees like bounds checks for code pointers by separating code pointers from regular data. Data-only attacks are possible both for CFI and CPI. Counterfeit Object-Oriented Programming (COOP) and Control-Flow Bending (CFB) are two novel attack mechanisms. COOP reuses complete functions as gadgets, mitigating several defense mechanisms and CFB bends the control flow along valid but unintended paths in the control flow graph of a program. We will discuss COOP and CFB attacks, focusing on mitigating strong novel defense mechanisms.

Last year your friend Karen joined the alternative music scene and sent you a sound track. The government is recording everything, and this year announced that alternative music is a gateway drug to terrorism (see http://www.theguardian.com/australia-news/2015/sep/25/radicalisation-kit-links-activism-and-alternative-music-scene-to-extremism). Fortunately, Karen encrypted the email.

Fast forward to 2035. Stasi 2.0 has risen to power and has decided that, to protect society, anyone who has ever been exposed to alternative music will be sent to a „better place“. They still have a copy of Karen’s ciphertext. And here’s the really bad news: They’ve just finished building a billion-qubit quantum computer.

Back in 2015, large general-purpose quantum computers haven’t been built yet, but the consensus is that they will be built, and that they will allow well-funded attackers to retroactively break practically all of today's deployed public-key cryptography. RSA will be dead. ECC will be dead. DSA will be dead. „Perfect forward secrecy“, despite its name, won’t help.

Fortunately, there are replacement public-key cryptosystems that have held up very well against analysis of possible attacks, including future quantum attacks. This talk will take a hands-on look at the two examples with the longest track records: namely, hash-based signatures (Merkle trees) and code-based encryption (McEliece).

The talk will be given as a joint presentation by Daniel J. Bernstein and Tanja Lange.

In this talk Matthew Borgatti, Lead Scientist at Super-Releaser, will take you through the process of turning a puddle of goo into a working soft robot. He will take you through the different mechanisms that can be created, simple processes for fabricating soft robots, and methods for joining elements together into sophisticated assemblies.

Soft robots are slowly trickling out of universities and labs into everyday life. Amazon is experimenting with installing soft grippers on robotic arms to pick any product off a warehouse shelf. DARPA just funded an extensive program to build soft exoskeletons for soldiers to enhance how much they can lift and how long they can march. My lab, Super-Releaser, is developing robotic spacesuit components for NASA as a subcontractor on a SBIR grant. On paper they might seem too complex to whip up at home, but if you’re the kind of person who loved Creepy Crawlers and have access to a 3d printer you can make your very own soft robots. Let’s take a step back to explain what a soft robot is and what they're good for. Most robots out there are made from hard parts like steel gears and plastic housings with the occasional rubber wheel or timing belt thrown in. When they respond to their environment it’s usually by reading sensors and using a processor to change their behavior accordingly. This responsiveness is called compliance. There’s another way to get compliance out of an engineered object, though: make the object soft. Everything from goat hooves to octopus tentacles, starfish suckers to human muscles, use softness and springiness to their advantage. When your robot responds to the environment by bending, say around the thing you’re trying to grip, getting a specific output, like putting that thing in a box to get packed up and shipped off, becomes a lot simpler on the computation side of things. Adding compliant mechanisms to your engineering toolbox can add huge problem solving power to any robotics problem you're trying to tackle. In this talk I’m going to describe how I go about fabricating soft robots. There are lots of methods out there – from heat sealing, to stitching, to direct printing – but the method I prefer is casting. I like casting my robots from 3d printed molds because I can test multiple designs in parallel (just print out the different molds with, say, different wall thicknesses or numbers of ribs inside the actuators, all at the same time). It also allows me to experiment with designs in a context that matches the material I’d be using if production were scaled up for mass manufacture. Finally, if I decide I really like the robot I’ve created, making a dozen of them is just a matter of casting that same mold a dozen times. I’m going to go over the materials I use and where to find them online, how to go about designing your own soft robot, and some interesting problems in soft robotics that are just waiting for solutions. I’m going to be taking the audience from building the simplest actuators, to methods for fastening parts, to getting airtight seals even at high pressures, to putting everything together into a single-piece walking quadruped.

In 2011 the Nintendo 3DS was released. Today it is the most popular current-gen handheld console, having sold more than 50 million units worldwide. The 3DS features a completely redesigned architecture from its predecessors the DS and the DSi. This talk will focus on the security features of the 3DS, and how we got around them.

We start by presenting a summary of the security system of the 3DS from the ground up. After the introduction, we proceed to elaborately exploit each layer of the 3DS operating system, starting with userspace, kernelspace, and finally gain code-execution in the security processor. We also present how we figured out a hardware secret built into the console, and an early break in the chain of trust. Basic knowledge of embedded systems and CPU architectures is recommended, although we aim to also make it enjoyable for non-technical audiences.

With the advancement of defensive security and the constant release of research papers into their toolsets, advanced threat actors have had to adapt with new operational security practices, as well as with new technology.

With the advancement of defensive security and the constant release of research papers into their toolsets, advanced threat actors have has to adapt with new operational security practices, as well as with new technology. Examples of this are how long it takes for a threat actor to take its operation offline once a public report of it's tools is getting released, or the technology it may be using to cope when its expensive code base that has taken years of development suddenly becomes public property. Two quick examples are the geographical distribution of attacks, which are often (mis)used in attribution, and the use of cryptography for reuse of now public code bases.

Wir helfen euch, die Fnords zu sehen, wenn nach einem klaren Fall von Selbstmord der Zensor pinkeln war und die Stahlbälle den maximalen Realitätsabstand eingenommen haben.

Ein munterer Rückblick auf das Jahr mit Würdigung der groteskesten Geschehnisse zwecks Neukalibrierung des Bizarrometers.

Nicolas Wöhrl und Reinhard Remfort sprechen über interessante aktuelle Forschung, Experimente und ihren wissenschaftlichen Alltag an einer deutschen Hochschule. Fachübergreifend, abwechslungsreich, unstrukturiert, hoffnungslos subjektiv und immer garantiert methodisch inkorrekt.

Eigentlich ein Podcast der alle 14 Tage erscheint. Nach dem großen Erfolg auf dem Kongress im letzten Jahr wird diesmal eine noch größere Show abgezogen: Experimente die mal interessant, mal fragwürdig sind. Wissenschaftler die mal belehrend und mal unzurechnungsfähig sind. Wissenschaftliche Studien die mal nobelpreisverdächtig und mal zweifelhaft sind. Wissenschaft auf der Showbühne. It works, bitches!

Wir werden einen Überblick über die Themen geben, die den Chaos Computer Club 2015 beschäftigt haben. Neben der Zusammenfassung und der Rückschau auf das vergangene Jahr wollen wir aber auch über zukünftige Projekte reden.

There are two lines of research in the world about decreasing poverty in low-income communities: (1) to create solutions and share them with people living in low-income areas or (2) build the capacity of people from low-income areas to create their own solutions. Maker Spaces to BoP have showed great results to the strategy two. The lecture has the goal to expose all the experience we have learnt in the last three years to project, implement and manage a Maker Space in a favela in São Paulo - Brazil called Innovation Center Vila Nova Esperança (ICVNE).

The terms “social innovation” and “social innovators” have become commonplace expressions in technology and development fields. More people have created new kinds of businesses and solutions to create positive impact in the society instead of just bringing interests to the partners of the company. However, in the last two decades, most resources available to build solutions for international development challenges were provided to institutions in richer countries. Most of the solutions, therefore, were coming from outside the local context or community. There are very few examples that show low-income people as responsible designers for good solutions. Several reasons try to explain why this has happened, but one essential reasoning is the belief that well educated people have more capacity to reach a good solution for any context, even if these people do not belong to the local culture or context. However, the main results of this methodology are anything but understanding and positive. The four main results are: dependence, lack of user needs understanding, (and, as such) little or no sense of ownership, and lack of maintenance. In order to address these four problems, different approaches to social innovation have started to be tested. One model that tries to explain these different approaches are called Design For, Design With, Design By. If this model is studied deeper, it is possible to recognize that it translates the passage from the donator solutions mindset to the capacity-building solutions mindset. The two main parameters to define to understand the difference between those approaches is “designer” and “user.” Design For expresses the fact the designer has very limited interaction with the user (typically only in the information gathering stage at the beginning and user testing at the end). This is typically what appropriate technology development looks like. Design With, also called co-creation and participatory development, brings together the user and the designer to understand the problem together, create solutions together and make decisions together in order to keep the project going forward. Design By defines the approach where the designer is also the user (and vice versa) or belongs to the same environment as the user. To test the Design By model, our Donor IDIN (www.idin.org) opted to support a local Innovation Center in a favela in Latin America, more specifically in São Paulo that the local organization Caos Focado has been responsible.

In my talk I am 1) discussing philosophical concepts of privacy, especially Hannah Arendt's philosophy. I am 2) explaining why in a liberal-democratic system we need to protect our privacy and 3) what we can morally do to prevent catastrophes such as a totalitarian system from happening again. With Hannah Arendt's arguments and her analysis of totalitarian systems in mind, I am referring to three examples from today's privacy discussions: cybermobbing, Behavioral Advertising and secret services.

That our privacy is at stake is not just a problem since the 2013 revelations of Edward Snowden. The 20th century philosopher Hannah Arendt is an important source to understand what `privacy' means and why we need to protect it. In my talk I am going to explain what Arendt understood as `private' throughout her work, and how her reasons to claim the protection of the private realm were connected with her analysis of the totalitarian systems in the 20th Century. In my contribution I am first discussing philosophical concepts of privacy, with a focus on Hannah Arendt's philosophy. Second, I am arguing why in a liberal-democratic system we need to protect our privacy. The third step will be to reason what we can morally do to prevent catastrophes such as a totalitarian system from happening again. Being a philosopher, I am going to make the philosophical — and in part legal — claims and preconditions understandable for a larger public. To prevent "what never ought have happened" from happening again we should, following Arendt, never refuse to judge about what is happening around us. I apply Arendt's framework of moral judging by examples to three cases from today's privacy discussions, Cybermobbing, Behavioral Advertising and secret services.

The techniques to control access to the Internet, and the ability to bring transparency to those processes are both continuing to evolve. We’ll give an update on the landscape of online information controls, and our ability to measure them.

The talk will give an update on current country-level practices, the techniques in use to measure them, and an overview of major tools in use. Over the past couple years, restrictions on Internet access have grown even more ubiquitous. Many take the form of URL or Domain blacklists implemented by western countries, along with increased levels of self censorship on social platforms with user generated content. The measurement community continues to play a catch-up game. Through a mixture of watching legislature, an increased understanding of what we need to build to keep track of internet controls, and discoveries of side channels that let us externally measure connectivity, we’re making progress!

CloudABI is an alternative runtime environment for UNIX-like operating systems that is purely based on the principle of capability-based security. This makes it possible to create applications that are strongly sandboxed, easier to test and easier to maintain.

UNIX-like operating systems don't seem to make it easy to sandbox programs to harden them against exploits. They also don't allow you to run untrusted executables directly without compromising security, which is the reason why we require technology like virtual machines and containers to secure our systems. I am going to talk about a system I am developing called CloudABI. CloudABI is a simplified POSIX-like runtime environment that is inspired by FreeBSD's Capsicum. It allows you to create exectables that can solely interact with the environment through file descriptors (capabilities). This not only makes CloudABI more secure than the traditional POSIX runtime, it also makes it easier to test programs through dependency injection. This makes CloudABI a perfect environment for developing microservices. In my presentation I am going to focus on how CloudABI works, how you can develop software for it and how it works in practice.

Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick!

To get involved and learn more about what is happening please visit the Lightning Talks Wikipage.

After two years the fight for net neutrality in Europe about the Telecom Single Market Regulation has come to a close. In this talk we will analyse the new net neutrality law and it's consequences and we give you the lessons learned from two years of EU campaigning.

On 30c3 we launched the SaveTheInternet.eu campaign. Since then activists from all around Europe fought for net neutrality and the freedom of the open internet. At 32c3 the the legislative process in Europe will have come to a close and the campaign will be mostly over. In this talk we will look back and try to learn from past mistakes and successes. What has worked and what didn't? What will the new net neutrality law in Europe actually mean in practice? We assess the repercussions for the European internet and also for the global fight for net neutrality, particularly in the global south.

Buffering sucks! Why we see regular buffering when watching online video. What internet service providers could do to reduce buffering and why big players refuse to act. An attempt of calculating the economic cost of buffering.

It’s all about Net Neutrality. Buffering is the visible effect which makes millions of broadband customers suffer.

Transposition of the Wassenaar Arrangement, which now also covers export controls on exploits and surveillance technology, into European law is upon us. This panel discusses this, both on process and substance.

The big issue is that this may stifle security research while at the same time we want to stop the Hacking Teams of this world. This is a panel discussing the various good or least bad ways to deal with this. Participants come from civil society and security research.

Ten years after the rejection of the European software patent directive by the European Parliament, the software patent problem still is not over. Political action is required.

For further information, please refer to the attached document. It contains a one page summary of highlights, and five pages of a more detailed narrative. Finally, it includes the bio's of the three speakers.

Auch in 2015 entstanden wieder zahlreiche Projekte bei Jugend hackt, die mit Code die Welt verbessern. Im Talk möchten die jugendlichen HackerInnen Einblick in ihre Ideen und Projekte geben, und ihre Perspektive auf die Welt vermitteln.

This talk is a brief recap into EEG / BCI for hackers, makers, researchers, and artists. It will give an overview of current consumer devices and their flaws, and subquently present fully open-source, high-quality hardware and software. Finally implications for the future of modern society are outlined, especially how commercial EEG consumer devices or services may be exploited by corporations to cloudsource market research, or spy on health conditions, brain states or even leak private information. Strategies to circumvent these risks and secure brain wave experience are being discussed.

In the recent years, affordable Brain-Computer Interfaces are becoming more accessible for consumers. Applications range from controlling computers / machines, biofeedback and Quantified Self. At first sight, the current generation of commercial devices seem to be decent in their functionality, and various use cases are suggested. However, neurophysiological signal quality, as well as limitations of software and hardware hackability are among the greatest issues and hurdles towards advancement in user experience. This talk is a brief recap into EEG / BCI for hackers, makers, researchers, and artists. It will give an overview of current consumer devices and their flaws, and subquently present fully open-source, high-quality hardware and software. Finally implications for the future of modern society are outlined, especially how commercial EEG consumer devices or services may be exploited by corporations to cloudsource market research, or spy on health conditions, brain states or even leak private information. Strategies to circumvent these risks and secure brain wave experience are being discussed. This talk can be seen as a sequel to last year's talk by MeTaMiNd EvoLuTioN and will also deal with further proceedings in open-source neurotech.

This talk will focus on the potential ability of data disaggregated by race and ethnicity to reduce discriminatory policing in Germany. In the UK, data has been collected during police procedures, allowing for a monitoring and evaluation of discriminatory policing practices. Unfortunately, such an empirically driven policy approach is not currently possible in Germany. This talk will argue that, as a first step, a policy based off the UK approach towards data collection be implemented in Germany to incorporate, rather than ignore, Germany’s diverse identities, and to allow for empirically driven and more effective policing.

As social exclusion and racial discrimination are highly tied to policing practices, it is essential that a reduction of discriminatory policing be part of the larger discussion on addressing social inequalities in developed nations. In Germany, the lack of data disaggregated by race and ethnicity means that there are no figures on the extent of racially or ethnically based discrimination. Germany presents a unique case for examining the collection of disaggregated data due largely to the term race, or Rasse, having negative connotations due to the misuse of such data during the Nazi era. This talk will focus on the potential ability of data disaggregated by race and ethnicity to reduce discriminatory policing in Germany, with a particular focus on ‘stop and search.’ Stop and search is a crime-prevention practice existing in both Germany and the UK which allows police officers to stop individuals they suspect of committing a crime, carrying a weapon, possessing stolen property, or carrying drugs. In Germany, federal police have the added power to stop a person suspected of committing an immigration violation. In the UK – due to pressure from civil society organisations, academics, and government officials – data has been collected during police procedures, allowing for a monitoring and evaluation of discriminatory policing practices. Unfortunately, such an empirically driven policy approach is not currently possible in Germany. This talk will argue that, as a first step, a policy based off the UK approach towards data collection be implemented in Germany to incorporate, rather than ignore, Germany’s diverse identities, and to allow for empirically driven and more effective policing.

Im Sommer kam heraus, dass der Generalbundesanwalt Ermittlungen gegen zwei Journalisten von netzpolitik.org in Gang gesetzt hatte. Das geschah, weil sich das Bundesamt für Verfassungsschutz dadurch auf den Schlips getreten fühlte, dass Auszüge aus ihren Haushaltsplänen der allgemeinen Bevölkerung bei netzpolitik.org zugänglich gemacht wurden.

Zehn Tage lang gab es in der Sommerpause einen medialen Aufschrei, die Ermittlungen wurden gestoppt. Aber noch immer sind viele Fragen ungeklärt. Warum kam es überhaupt dazu, wer hat politischen Druck ausgelöst und sind die Regeln für die Pressefreiheit im Zeitalter des Internets noch zeitgemäß oder sollten sie dringend an digitale Realitäten angepasst werden? Der Vortrag will einerseits zurückblicken, aber auch die Learnings vorstellen, inklusive einer dringend notwendigen Debatte, wie wir ein Update der Pressefreiheit in Deutschland hinbekommen könnten.

Der Hitag S Transponder wird in verschiedensten Applikationen eingesetzt. Während Angriffe für den Hitag 2 bereits bekannt sind, gilt der Hitag S in der Literatur noch nicht als gebrochen. Wir haben die beschriebenen Angriffe auf den Hitag S übertragen. Wir sind in der Lage den Schlüssel zu brechen und Informationen wie das Kennwort zu ermitteln, obwohl diese zusätzlich vor Lesezugriff geschützt sind. In Abhängigkeit des gewählten Angriffs benötigen wir für das Brechen des Schlüssels zwischen mehreren hundert Tagen und 5 Minuten. Wir haben einen Emulator gebaut, der jeden Hitag S Transponder nachbilden kann. Wird der Transponder in einem Schließsystem eingesetzt, können wir so eine Schlüsselkopie erstellen. Basierend auf unseren Ergebnissen und den Erfahrungen mit anderen Transpondern aus dem 125kHz Bereich können wir nur vor dem Einsatz in sicherheitskritischen Bereichen warnen.

Die Hitag Transponderfamilie besteht aus mehreren unterschiedlichen Transpondern, zu denen auch der Hitag S gehört. Der Hitag S Transponder wird von dem Hersteller NXP in erster Linie für die folgenden Zwecke empfohlen: Wäscherei-Automation, Logistik, Lagerverwaltung und die Überwachung und Verwaltung von Tierherden. In der Realität werden Sie aber auch in Zutrittskontrollsystemen wie dem blueSmart-System der Firma Winkhaus eingesetzt. Der Hitag S Transponder bietet zwei Modi: Plain und Authentication. Im Authentication Mode ist der Zugriff auf den Speicher des Transponders erst nach einer erfolgreichen Authentifizierung möglich. Grundlage der Authentifizierung ist ein 48Bit Pre-Shared-Key. Für dieses Verfahren ist laut Hersteller leserseitig ein Krypto-Coprozessor erforderlich. In diesem Vortrag erläutern wir die unterschiedlichen, bei dem Hitag S, erfolgreich durchgeführten Angriffe zur Überwindung der Authentifizierung bzw. dem Brechen des verwendeten Schlüssels. Hierbei berücksichtigen wir sowohl deren chronologische Entwicklung als auch ihre steigende Komplexität. Neben einem einfachen Replay-Angriff, der uns bereits Zugang zu den auf dem Transponder gespeicherten Daten gibt, kann auch der verwendete Schlüssel gebrochen werden. Während entsprechende Angriffe für den Hitag 2 bereits bekannt sind, gilt der Hitag S in der Literatur noch nicht als gebrochen. Wir haben die beschriebenen Angriffe auf den Hitag S übertragen. Wir sind in der Lage den Schlüssel zu brechen und Informationen wie das Kennwort zu ermitteln, obwohl diese zusätzlich vor Lesezugriff geschützt sind. In Abhängigkeit des gewählten Angriffs benötigen wir für das Brechen des Schlüssels zwischen mehreren hundert Tagen und 5 Minuten. Die hierfür benötigten Daten können mit geeigneter Hardware innerhalb von wenigen Minuten durch Abhören der Funkkommunikation des Transponders mit einem Leser erhalten werden. Wir haben einen Emulator gebaut, der jeden Hitag S Transponder nachbilden kann. Wird der Transponder in einem Schließsystem eingesetzt, können wir so eine Schlüsselkopie erstellen. Basierend auf unseren Ergebnissen und den Erfahrungen mit anderen Transpondern aus dem 125kHz Bereich können wir nur vor dem Einsatz in sicherheitskritischen Bereichen warnen. Hierbei ist es unerheblich, ob es sich um ein Online- oder Offline-System handelt. Keiner der uns bekannten 125 kHz Transponder verfügt über ausreichende Kryptographieverfahren, um derartige Angriffe abzuwehren. Daher ist, selbst bei starker Verschlüsselung der Daten auf dem Transponder, es immer möglich mit einem Emulator einen exakten Klon zu erzeugen. Die Lesegeräte, online wie offline, können diesen Klon nicht erkennen. Wenn die RFID-Anwendung die auf dem Transponder gespeicherten Daten nicht ausreichend schützt, können diese auch verändert werden. Bei einer Schließanlage sind dann zum Beispiel beliebige Änderungen der Schließberechtigungen denkbar.

Initiative Freifunk, ein Projekt des Chaos Darmstadt e.V. - Wie kamen wir mit den Verwaltungen, den Verbänden und Parteien ins Gespräch, um freifunk für refugees umzusetzen?

Zeitstrahl Entwicklung von Freifunk Initiative Darmstadt 03/15 bis 12/15 Was hat sich in den 10 Monaten geändert – und warum? Welche Parteien haben das Thema Freifunk in kommunale Parlamente Südhessens getragen – und mit welcher Begründung? Wie reagierten Regierungspräsidium, Bürgermeister und Kreistage als Betreiber der Unterkünfte auf die Freifunk Initiative? Welche Apps passen zu Freifunk für Flüchtlinge – und warum? Was habe ich gelernt? Warum Bündnisse eingehen besser ist als auf nur eine Partei zu vertrauen Erkenne die Chancen auf Veränderungen, wenn die ganze Verwaltung chaotisch geworden zu sein scheint – nur woran? Telekom, Vodafone oder unitymedia sind keine Gegner: Vier Argumente für Freifunk, mit der sich trotz den ganz Großen die Rathaustüren für freifunk weit öffnen Wie Flüchtlinge das Internet nutzen – und wofür nicht. Chancen und Risiken Freifunk 2016: Was ich erkennen kann – Ernüchterung, Burnout und Professionalisierung

During this lecture presentation, Boaz Levin and Vera Tollmann, co-founders of the Research Center for Proxy Politics, will develop the proxy as a figure of thought by spinning and testing it in different contexts.

The Research Center for Proxy Politics aims to explore and reflect upon the nature of networks and their actors, that is, machines and things as well as humans. The proxy, a decoy or surrogate, is today often used to designate a computer server acting as an intermediary for requests from clients. Originating in the Latin procurator, an agent representing others in a court of law, proxies are now emblematic of a post-representational political age, one increasingly populated by bot militias, puppet states, ghostwriters, and communication relays. During the period of the project (September 2014 to August 2017) the center hosts a series of workshops at the Universität der Künste, Berlin, revolving around a wide range of relevant topics including the politics of digital networks, the political economy of crypto-currencies, the genealogy of networked thought, the mediality of physical landscapes and strategies of opacity. The center also conducts material, experimental, investigations into the conception and construction of alternative networks, or alternets.

AXIOM is the first professional, extendable, affordable and modular cinema camera platform based on Free ("libre") Software, Open Design, Open Hardware, transparent development processes and extensive documentation. The community project establishes an ecosystem that offers a sustainable basis for a broad spectrum of imaging applications and empowers enthusiasts, videographers as well as developers in the technology and creative industry sectors.

Since 2006 the apertus° community has been developing open tools to tackle demands of professionals working in contemporary video and film production. The community extends from renowned Directors of Photography in prominent Hollywood studios to emerging independent filmmakers, developers, artists and researchers all working from different locations around the world. AXIOM is a very ambitious project, using principles of FLOSS, extended on the whole design, production and software of a professional, modular cinema camera. With AXIOM, our ambition is to free film makers of the artificial limitations introduced through the “closed” products being available.

Neue App-basierte TAN-Verfahren sollen die etablierten Verfahren ablösen und Onlinebanking komfortabler machen. Die Notwendigkeit von dedizierter Hardware entfällt und Transaktionen können mit nur einem mobilen Endgerät durchgeführt werden. Was von den Kreditinstituten als Feature beworben wird, erweist sich in unserer Untersuchung als fatal. In einem Proof-of-Concept-Angriff demonstrieren wir die Manipulation von Transaktionsdaten und zeigen die konzeptionelle Schwäche von App-basierten TAN-Verfahren.

Die deutschen Kreditinstitute wenden sich zunehmend von den alten TAN-Verfahren ab. Als Motiv zur Erschließung neuer Techniken abseits der indizierten TAN-Liste, mTAN und chipTAN wird neben der Sicherheit auch der fehlende Komfort durch die Notwendigkeit dedizierter Hardware angeführt. Neue App-basierte TAN-Verfahren erlauben es dem Nutzer, eine Transaktion mit seinem mobilen Endgerät (Android oder iOS) auszulösen und auf dem selben Gerät zu bestätigen -- und das bei vermeintlich höherer Sicherheit als bei den etablierten Verfahren. Wir haben die Sicherheit solcher App-basierten TAN-Verfahren am Beispiel des pushTAN-Verfahrens der Sparkassen ausgewertet und attestieren dem Verfahren gravierende konzeptionelle Schwächen. Der bewusste Verzicht auf eigenständige Hardware zur Transaktionsauslösung und -bestätigung macht das Verfahren für Schadsoftware zu einer leichten Beute. Zur Demonstration dieser Schwächen haben wir einen Angriff entwickelt, der vom Nutzer Transaktionen abfängt und vor ihrer Bestätigung nach Belieben manipulieren kann.

We develop a tool to verify Linux netfilter/iptables firewalls rulesets. Then, we verify the verification tool itself. Warning: involves math! This talk is also an introduction to interactive theorem proving and programming in Isabelle/HOL. We strongly suggest that audience members have some familiarity with functional programming. A strong mathematical background is NOT required. TL;DR: Math is cool again, we now have the tools for "executable math". Also: iptables!

We all know that writing large firewall rulesets can be hard. One huge problem. Let's write a tool to statically verify some properties of our rulesets! Now we have three huge problems: (1) writing flawless firewall rulesets. (2) making sure that our verification tool does the right thing. (3) making sure that the internal firewall model of our tool corresponds to the real world. In this talk, we will solve these problems from front to back. We focus on problems (2) and (3). Warning: this talk involves math! First, we need to specify the behavior of the Linux netfilter/iptables firewall. In order to be convincing, this model must be small and simple. It should fit on one slide. However, firewalls can be quite complex and the model must cope with this. For example, looking at `man iptables-extensions`, we see numerous match conditions. But nobody required that our model must be executable code; we will specify the model mathematically. For example, this allows to define arbitrary match conditions. Technically speaking, we define the filtering behavior of iptables in terms of bigstep semantics. Mathematical specifications can be very powerful, in particular when we get to the point where the specification is not directly "executable". Enough math, let's write some executable code to do something with our ruleset. For example, unfolding the jumps to user-defined chains, checking that some packets will be certainly blocked, or checking that we got the spoofing protection right. Second, based on our firewall model, we can now prove that our algorithms do the right thing. In contrast to testing, a mathematical proof allows assertions for all possible values. For example: For all possible packets, rulesets, and firewall-matching-features, our unfolding algorithm does not change the filtering behavior of the firewall. Yes, we can even show that our tool will still be correct, even if the netfilter team pushes a new matching feature. Finally, we now have a verified verification tool. We can use it to verify our firewall ruleset and finally sleep well at night again. We developed an iptables verification library over the last few years in Isabelle/HOL. Isabelle can export executable definitions (i.e. our algorithms) to functional languages such as Haskell, Scala, SML, or OCcaml. Writing the input/output functions manually in Haskell, we have a fast and stand-alone tool. This talk is also an introduction to interactive theorem proving and programming in Isabelle/HOL. We strongly suggest that audience members have some familiarity with functional programming. A strong mathematical background is not required.

Earlier this year, following the tragic events of early January in Paris, the French governement pushed a bill to put a legal framework around Intelligence Services activities. Far from protecting civil liberties, this bill seem to be the translation of Snowden's revelations into law.

Despite the fact this law was in the making for many years, its content seem to be inspired by Snowden's revelations. French intelligent services, willing to become more independent from US ones were certainly waiting for this bill for a long time, giving them uncompared power on every one (IMSI Catchers, algorithmic black boxes in ISP networks, etc etc) A patch to the law has been voted, legalizing international cable wiretapping for the DGSE (French NSA), providing them legal protection for what existed since at least 2008 as a NouvelObs journalist revealed some weeks ago. In this talk, we'll also give an overview over the legal actions taken by several NGO's to defeat this laws. Following the November 2015 Paris attacks and the declaration of a state of emergency, we'll extend the initial scope of the talk to give an overview of the latest securitarian/autharitarian developments in France.

Das Nonplusultra für hauptamtliche Jugendschützer sind Filterprogramme, auch „Jugendschutzprogramme“ genannt. Doch was machen die Programme, welche Wirkungen und vor allem Nebenwirkungen haben sie? Und was macht eigentlich der Zombie JMStV?

Die Bundesländer wollen in einem neuen Anlauf den Jugendmedienschutzvertrag (JMStV) verschärfen. Ein Kernpunkt ist: Möglichst viele (oder alle) Webseiten sollen maschinenlesbare Alterskennzeichen tragen. Filterprogramme sollen diese auslesen und (vermeintlich oder tatsächlich) jugendgefährdende Webseiten blockieren. Der Traum so mancher Jugendschützer sind dabei Filter direkt beim Provider, am besten standardmäßig aktiviert und nur auf Wunsch auf die Stufe „ab 18“ änderbar.

Die „Kommission für Jugendmedienschutz“ (KJM) hat bereits mehrere Filterprogramme offiziell anerkannt, also quasi zugelassen.

Doch welche Nebenwirkungen haben diese Filter? Wie funktionieren die Programme, und was machen sie?

Der Vortrag zeigt anhand einer genauen Analyse, dass die Qualität der offiziellen „Jugendschutzprogramme“ unter aller Sau ist und sie noch einige weitere, bisher nicht bekannte Nebenwirkungen haben.

Daneben zeigt der Vortrag noch den aktuellen Stand der Diskussion über den Jugendmedienschutzstaatsvertrag und was uns in dem Bereich noch alles blüht.

"Signal level is high but throughput is low" is a common experience in WLAN networks without central management. That causes a lot of frustration, mainly because there is no easy way for users to OBSERVE the presence of interference at all. In order to improve this situation we developed a patch for OpenWRT which makes interference from other sources visible and is able to display the current utilization-ratio (channel load). No additional hardware is required and no interruption of normal operation is necessary - because recent chipsets maintain internal counters for channel load tracking.

We all love WLAN/IEEE802.11 networks. It's wonderful what we do with a few slices of free spectrum without the need for any central coordination. The Problem is: demand for these few radio resources is increasing faster than additional free spectrum gets allocated. A potential tragedy of the commons situation is approaching. Additionally, there is a heavy new user on the block: mobile operators want to start utilizing those free 5GHz bands. Protocols labelled License-Assisted-Access (LAA) or LTE-Unlicensed (LTE-U) have been put into silicon and large scale rollout can be expected to start during 2016. This talk presents a modification to OpenWRT that will help coping with increased interference load over the next years. We think this feature is necessary to avoid a tragedy-of-the-commons situation in license-exempt bands (2.4/5GHz) due to ever increasing demands and node densities. The same way as we would be frustrated when we are unable to measure the general noise level in a room prior to deciding to use it to have a verbal conversation in it. We started testing this feature (modifications to the mac80211 sublayer and to luci) at this years BattleMeshV8 in Maribor, Slovenia. Public release is planned for November 2015.

In this talk I'll show how to build an open source vector gaming system with MAME, a microcontroller and an XY monitor or oscilloscope. Relive the joys of playing vector video games from 1979 and enjoy some of the retro-styled vector games of 2015.

"Insanity: doing the same thing over and over again and expecting different results." Albert Einstein - Who did not live long enough to see Rowhammer Recent studies have found that repeated accesses to DRAM rows can cause random bit flips, resulting in the so called Rowhammer vulnerability. We present Rowhammer.js, the first remote software-induced hardware-fault attack, from JavaScript. We also extend our presentation with an overview of cache side-channel attacks, that use the same technique to evict data from the cache.

Last year, studies demonstrated Rowhammer, a fault attack that can cause random bit flips by repeatedly accessing DRAM rows. This vulnerability has already been exploited to gain root privileges and to evade a sandbox, showing the severity of faulting single bits for security. However, these exploits are written in native code and use special instructions that flush data from the cache. In this talk we present Rowhammer.js [1], a JavaScript-based implementation of the Rowhammer attack. After presenting the native attack, we underline the challenges we faced to trigger the vulnerability from JavaScript, without any special instruction. Beyond DRAM, this attack also requires a very fine understanding of CPU cache internals, that are largely undocumented. We detail our findings on these undocumented parts, and the different steps that led to the attack from JavaScript. We also give an outlook on possible exploits, including gaining root privileges from JavaScript and performing fault attacks on cryptography. In the last part, we extend our presentation with an overview of cache attacks, bridging the gap between hardware-fault attacks and side channels. In side-channel attacks, the attacker doesn't rely on a direct software compromise, but rather on passive observation of hardware characteristics when a victim process runs. In common with Rowhammer.js, these attacks use techniques to evict data from the last-level cache. [1] Daniel Gruss, Clémentine Maurice, Stefan Mangard. Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript. http://arxiv.org/abs/1507.06955

„Never ever say no, act your first thought and learn to love mistakes“ – these are the basic rules of improv theatre. I will show how this can be adopted for everyday life.

Improvisational theatre (short „improv theatre“) has a long history but still follows the same basic framework: be open minded and not afraid of yourself and others. Keith Johnstone, the godfather of this genre, once said: „Good improvisers seem telepathic; everything looks pre-arranged. This is because they accept all offers made – which is something no ‘normal’ person would do.“ They can do so by learning that any mistake can be the origin of something great. This can also be seen as a hack of the traditional arts form theatre: Create something awesome out of something awful. The mantra behind is „if you fail, fail smartly“ or as we say in Austria G’scheitern. There will also be a workshop for those who want to try out some improv theatre methods.

As Internet users increasingly connect to the Internet through smartphones, this has transformed Iran’s Internet ecology towards an increasing reliance and production in apps. In Iran, a country that practises some of the most stringent censorship and surveillance techniques in the world has seen this transformation reshape the way the government implements information controls online. While applications with popular usage on browsers such as Facebook and Twitter remain blocked through their mobile applications, platforms that predominantly exist in app form such as WhatsApp, Viber, and Instagram remain unblocked in the country. This talk will look at how the government is counteracting these policies through various means, including local imitation apps, and new programs such as ‘intelligent filtering’, and the Revolutionary Guards' “Spider” program. Additionally, a discussion of how Iranian Internet users use these platforms, especially in reference to digital security awareness and practices will be included.

The Ecuadorian government received international visibility when in 2012 it agreed to grant Wikileaks founder Julian Assange political asylum and host him in Ecuador's London embassy. Ecuador has since been widely praised for standing up to the United States to defend the freedom of the press and freedom of expression. However, the reality is not consistent with this image Ecuador seeks to project. Journalists inside the country face oppressive laws, huge fines and lawsuits for reporting on government corruption. Digital and physical surveillance of journalists and activists is in fact getting worse. We will analyze some of the existing leaks that prove such activities. We will also give a first-hand account from someone who had to literally run away from Ecuador for publishing leaked materials proving illegal espionage against journalists and citizens. Is Ecuador really interested in free speech? We don't think so and we will tell you why.

The talk will be divided as the following: 1. The lie: Wikileaks and free speech advocacy Analysis of current situation and recent past in an international scope. 2. The truth: Surveillance, oppressive laws and huge fees Analysis of recent cases of freedom of speech suppression in the country (lawsuits, fines, political pressure, surveillance). Analysis of already published leaks proving attacks on freedom of speech, expression and personal privacy. Analysis of government public discourse to legitimate such actions. 3. A new leak A new leak will be published during the talk: a secret document providing strong evidence that the government of Ecuador is not interested in free speech at all - or even freedom itself. Speakers: Bethany Horne grew up in Ecuador. She worked there for the state newspaper, El Telégrafo, and later for the Free/Libre Open Knowledge Society, a research group operating out of a state university to develop policy for the Ecuadorian government. In 2013, she published a feature article in Newsweek magazine about Ecuador's oil drilling in the Amazon and human rights violations against local indigenous groups. As a result of this publication, she became a target of state surveillance. She now lives in Berlin. Pedro Noel is co-editor at Associated Whistleblowing Press (AWP). Working on leaks since 2010, took part in more than 30 disclosures of leaked materials and performed analysis on leaked material denouncing wrongdoing and information of public interest in more than 15 countries. He is currently staff of Ecuador Transparente, a digital whistleblowing platform that in August 2015 published 31 pieces of secret information belonging to the Ecuadorian intelligence body.

In this presentation I will present the experimental language Ling. We shall get an intuitive understanding of the language through familiar concepts from imperative programming. We shall cover how Ling enables a modular and precise control on memory allocation, through a general optimization called fusion. This optimization, fusion is a cost-free abstraction mechanism which brings high level programming to system programming.

The design of Ling is the result of my researches in collaboration with Daniel Gustafsson and Nicolas Guenot at the IT-University of Copenhagen and also from the language Limestone by Jean-Philippe Bernardy and Víctor López Juan at the University of Chalmers. These two lines of research stand upon the longstanding research topics of process calculi (such as the π-calculus), term calculi (such as λ-calculus), Linear Logic, and dependent Type Theory (such as used in Coq and Agda to write proofs and programs). The research on the λ-calculus and Type Theory gave rise to a powerful family of languages including but not limited to: Haskell, OCaml, Coq, Idris, and Agda. The research on the π-calculus gave rise to a vast family of calculi for concurrency. However type systems for these languages took much longer to emerge and progress. For instance the main concurrent programming language in use today is still dynamically typed. This is changing as we understand better how to the use the formulae of Linear Logic as behavior types (or session types) for concurrent processes. Still the aim of this experimental language is to program systems precisely and modularly. The need for precision comes from the resource constraints such as memory, file handles and the need for modularity comes the desire to reduce programming mistakes by solving problems at the right abstraction level. Functional programming offers a pretty good framework for modularity. This modularity comes at a cost which is rather difficult to predict. One the one hand optimizing compilers can fuse function composition to eliminate the need for intermediate data-structures. One the other hand when such an optimization fails to trigger the resulting program might poorly perform. The system of Ling controls when fusion can happen. Therefore one knows statically when fusion occurs and when intermediate buffers are needed. Today concurrent systems are built out of shared memory. However, the shared memory model is a nightmare for programmers. Here the approach is reversed we start from a concurrent programming language and apply it also for shared memory. At first the goal is not necessarily to target a parallel architecture but to program at level of abstraction where the programmer knows precisely the resources needed and the compiler still has plenty of opportunity to re-order and parallelize safely some instructions. This talk is intended at an audience familiar with imperative programming. Using the language should not require to understand anything about Linear Logic even though it is used fundamentally. Finally this presentation is an open call for comments and contributions to the open development of the language and infrastructure.

Let's Encrypt is a new free and automated certificate authority, that entered closed beta in October and has already issued a large number of valid certificates. This talk will provide a short overview of how the Let's Encrypt client and server software work, and explore statistics gathered during our closed beta and launch period.

Let's Encrypt is a new certificate authority that is being launched by a collaboration between EFF, Mozilla, Cisco, Akamai, IdenTrust, and a team at the University of Michigan. It will issue certificates for free, using a new automated protocol called ACME for verification of domain control and issuance. This talk will describe the features of the CA and available clients at launch; discuss ongoing feature development in both the official server and client; and share statistics on the closed beta and launch periods, as well as looking at our place within the CA ecosystem post launch.

tl;dr EXPLOIT ALL THE PERL. AGAIN. After last year’s Perl crackdown, I decided I have to take the Perl abuse to the next level. This time I focused on Perl’s core, or more specifically, the referencing mechanism, and shattered the security of most Perl CGI projects in the world.

With more WATs, more broken concepts, and more wildly popular 0-days, we will finally prove the Perl language is a broken concept, one that stood tall for way too many years. Presenting „The Perl Jam: Exploiting a 20 Year-old Vulnerability“ at 31c3 opened a Pandora’s Box full of Perl debates and controversies. Many of these debates originated from the Perl community itself, with unforgiving arguments such as „vulnerabilities are the developer’s fault“, „RTFM“ and „I really hate the Camel abuse in the presentation“ that were mostly directed at me. This is why I’m proud to say that this year I finally got the message: Finding vulnerabilities in core modules is not enough. I need to prove there are problems in the most fundamental aspects of the Perl language, or the Perl community will keep ignoring the language many issues. So I did, and we are going to analyze it in a presentation filled with lolz, WATs, and 0-days, so maybe this time something will change. Join me for a journey in which we will delve into more 0-days in Bugzilla, an RCE on everyone who follows CGI.pm documentation, and precious WTF moments with basically any other CGI module in the world, including (but not limited to) Mojolicious, Catalyst and PSGI, affecting almost every Perl based CGI application in existence. I hope this talk will finally prove that developers are NOT the fault here, it’s the LANGUAGE, and its anti-intuitive, fail-prone ‚TMTOWTDI‘ syntax. btw, maybe it’s time to check your $$references ;)

It is clear that something is needed to help the security community to evaluate, audit and control the security level of hardware products. Hardsploit is a complete tool box (hardware & software), a framework which aims to: - Facilitate the audit of electronic systems for industry 'security' workers (consultants, auditors, pentesters, product designers, etc.) - Increase the level of security (and trust !) of new products designed by the industry

Hardsploit is an all-in-one hardware pentesting tool with software and electronic aspects. It's a technical and modular platform (using FPGA) to perform security tests by using electronic communication bus. The main hardware security audit functions are: - Sniffer - Interact - Dump Hardsploit's modules will let users intercept, replay and / or send data via each type of electronic bus used by the target. The level of interaction that pentesters will have depends on the targeted bus features. Hardsploit's modules also enable you to analyze electronic bus (serial and parallel types) like JTAG, SPI, I2C's, parallel addresses and more will come ! We also provide a graphical interface to manage your components and their commands. A wiring helper module is available too. It will help you connect easily your target to Hardsploit. Our ambition is to provide a tool equivalent to those offered by the company Qualys or the Metasploit Framework but in the domain of embedded systems/electronics.

I will entertain the audience with a science talk about quantum cryptography, covering both some classics (Quantum Key Distribution) and the latest developments (position-based quantum cryptography) in this fascinating research field. [No previous knowledge of quantum mechanics is required to follow the talk.]

The most well-known application of quantum cryptography is Quantum Key Distribution (QKD) which was invented in 1984 by Bennett and Brassard. QKD allows two players Alice and Bob to securely communicate over an insecure line which is overheard by an eavesdropper Eve. Security can be proven in an information-theoretic sense against an unrestricted Eve. Such a high level of security is impossible to achieve with classical communication. In the first part of the talk, I will introduce some basic concepts of quantum information theory in order to understand and appreciate the security of QKD. However, quantum cryptography offers a wide range of other applications that go beyond the task of key distribution. For instance, the goal of “position-based cryptography” is to use a player’s physical position as cryptographic credential. The combination of relativistic constraints (assuring that information cannot travel faster than the speed of light) and quantum mechanical effects (such as the impossibility to perfectly copy a quantum state) enables entirely new cryptographic applications like sending a message in such a way that it can only be read at a particular geographic position. In the second part, I will introduce you to this intriguing new branch of quantum cryptography.

Kommentierendes im Internet ist neuerdings bedroht. Der unflätige Kommentierer hat den Pedonazi als Schrecken des Netzes abgelöst, als Strohmann für mehr Kontrolle über das Netz kann er auf breitere Gefolgschaft rechnen. Es “muss etwas geschehen” gegen den “Hass im Netz”, “Putintrolle” und Wutnetzbürger. Twitter, Mark Zuckerberg, Politiker, alle sollen mehr tun - aber was denn eigentlich, mehr Zensur und Moderation, andere Ausgestaltungen von Kommentarsystemen?

“The commenters don’t read the article, the writers don’t read the comments, and no one clicks on the ads.”, @ftrain 20 April 2012 Viele klassische Zeitungen geben auf, schränken ihre Kommentarbereiche online wieder ein oder schließen sie ganz. Die Süddeutsche beschränkt Kommentare auf drei Themen/Tag, Spiegel Online und FAZ fahren Kommentarmöglichkeiten zurück. Woher kommt die Schlacke im einst so ersehnten "Rückkanal"? Fördern die Artikel selbst eine Tendenz zu Ressentiments? Selbst bei Watchbloggern klassischer Medien wie Niggemeier ist der Ton im Kommentarbereich sauer geworden. Spreeblick färbt neuerdings Unerwünschtes weiß. Kommentarverdrossene Medienschaffende, Blogger und Fernsehjournalisten richten offene Briefe und Videobotschaften an ihr Publikum. Politische Verantwortungsträger fordern unisono Schritte gegen “die Hetze” und “den Hass” im Neuland des Internets und bei Facebook, gemeint sind fast immer Online-Kommentare im eristischen Geiste. Was hat sich in den letzten Jahren verändert? Werden wir wirklich soeben vom Hass überrollt? Welche Rolle spielt die technische Realisierung von Kommentarsystemen? Warum klaffen Moderationspraxis und “Community Guidelines” auseinander? @fraufeli hat jahrelange Erfahrungen als Social Media Gärtnerin in den Kommentarspalten von Nachrichtenportalen und kennt sich mit Krauts und Unkrauts aus. Sie versteigt sich zu der These, dass es eigentlich keine Kommunikation mehr im Internet gibt, wenn sich alle nur noch niederbrüllen. “Besorgte Bürger” nennen sie (und ihre Kollegen) auch mal ein “Zahnrad aus Fleisch”, wenn sie Beiträge partout nicht durchlassen möchte. Freilich liebenswerter als die anderen Schimpfattacken, die bei Moderatorinnen wie ihr täglich aufschlagen. @agonarch wünscht weiterhin, dass im Netz sich Vielfalt und sanktionsfreies Gespräch entfalten kann. Seine Sympathien für die Nachzensurpraxis kann er jüngst kaum mehr verhehlen, und hat sich mit @fraufeli auf die Suche nach Balance gemacht. Gegen den Vorwurf des “Solutionismus” verwehrt er sich entschieden, wenn er auf technische Lösungen gegen die Misere schaut, und die schnell gestrickten Policy-Antworten aus Brüssel und den anderen Hauptstädten Europas kritisch begleitet.

When an online game no longer captivates interest, what do you do? Grind on the network protocol, of course! How does it work, is it secure - and, how can you still get away while doing this?

Online games are hardly new, but their inner workings are rarely (if ever) documented. This needs to change: if it runs on my computer and uses my network I want to know what's going on! This talk starts by analysing the network protocol of the Runes of Magic game, and continues by introducing specific tools to aid this process and the steps taken to come up with such tools. Continuing with a demonstration to whet your appetite: we will show how much fun it is to do this kind of work, and finally some advice on the legal side of things. All custom tools and methods described are not specific to a game per se, however using custom tools will greatly improve your reversing experience. They aren't even specific to games, the same techniques can be used to analyse about any network protocol.

Newly adopted VoLTE requires changes in all associated parties, such as 3GPP standard, device, operating system, and cellular core networks. Therefore, it is not too surprising that it has security problems. However, it turns out that it has way too many problems. In this talk, we introduce how you can freely send data in the cellular network, and how an attacker can perform caller spoofing and denial of service attacks on calls to disable the target’s calling. Furthermore, we explain how small implementation glitch on VoLTE may lead to break the whole cellular network down.

Voice-over-LTE (VoLTE) is a newly adopted voice technology in the LTE network, whose functionality is similar to VoIP. Even though VoLTE works similar to VoIP, implementing it on the cellular network is not an easy problem because it needs many changes at each component of LTE. If these changes are not securely considered, this may lead to several security problems. In the legacy 3G network, as data and voice are separate, the accounting policies are also different: data is charged based on byte usage, and voice, on time usage. However, in VoLTE, even though voice is delivered as a packet, it is still charged by time usage. Therefore, this strange accounting policy might open free data channels. Another point is that voice signaling for VoLTE is not handled as in the legacy 3G network. Basically, a phone has two processors: an application processor (AP) which runs mobile OSes such as Android and a communication processor (CP) which manages digital signal processing and radio access. In 3G, voice signaling is handled in CP which makes an attacker hard to manipulate it. However, in VoLTE, because voice signaling is handled in AP, an attacker can easily analyze or modify the call flow. Furthermore, this new change can cause problems to the mobile OS. To scrutinize these two points, we analyzed 5 operators, two in the U.S and three in South Korea. As a result, we found four free data channels. For free data channels, an attacker can inject data in the call signaling procedure or voice data transmission. Additionally, the attacker can freely send data to the Internet or to another phone in the cellular network through the VoLTE interface. Furthermore, we discovered five security problems which include no encryption of voice packets, no authentication of call signaling, no call session management, IMS bypassing, and permission model mismatch in Android. We responsibly disclosed all the vulnerabilities to US/KR CERTs and Google in May. We suggest mitigations for each vulnerability, and further propose possible attack vectors that researchers can study on.

Earlier this year, we discovered that Diffie-Hellman key exchange – cornerstone of modern cryptography – is less secure in practice than the security community believed. In this talk, we’ll explain how the NSA is likely exploiting this weakness to allow it to decrypt connections to at least 20% of HTTPS websites, 25% of SSH servers, and 66% of IPsec VPNs.

Unlike the NSA, most of us don’t have a billion-dollar budget, but thanks to 1990s-era U.S. crypto backdoors, even attackers with much more modest resources can break the crypto for a sizable fraction of web sites. We’ll explain these flaws and how to defend yourself, and we’ll demonstrate how you too can experiment with Diffie-Hellman cryptanalysis from the comfort of your local hacker space. Diffie-Hellman key exchange lets two parties negotiate a shared secret key in the presence of an eavesdropper who can see every message they exchange. This bit of cryptographic magic underlies the security of the Internet, from TLS to SSH, IPsec, Tor, OTR, and beyond. Diffie-Hellman is widely believed to offer „perfect forward secrecy“ – after you’re done communicating, you can „forget" your secret key and not even the NSA can later reconstruct it. In recent years, this property led to the security community (us included!) promoting Diffie-Hellman over other crypto techniques as a defense against mass surveillance. We were wrong. We’re really sorry. In this talk, we’ll explain how a confluence of number theory, lazy implementations, and aging protocols has created a world where anyone willing to spend a few hundred million dollars is likely able to passively decrypt a huge fraction of Internet traffic. We’ll then go back for a close reading of the Snowden documents that were published at 31C3 and show how such a cryptanalytic exploit lines up exactly with several of the NSA’s most powerful known decryption capabilities. For those who prefer a more hands-on approach, we’ll tell you how you too can experiment with breaking Diffie-Hellman for the „export-grade“ 512-bit key sizes that were mandated in the 1990s by U.S. crypto regulations. About 8% of popular HTTPS sites still support these weakened keys for use with legacy browsers, but we discovered a TLS protocol flaw, which we named the Logjam attack, that allowed a man-in-the-middle to trick all modern browsers into accepting them. We’re pretty sure your browser has shipped a security update to fix this by now... We’ll conclude the talk by discussing what went wrong with communication between mathematical cryptographers and security practitioners, how we can prevent this from happening again, and what flavors of cryptography you should really be using to defend yourself. (Hint: It starts with „elliptic“ and ends with „curve“.)

Unsere Welt ist nach allem was wir heute wissen im kleinsten Massstab völlig bizarr aufgebaut und im grössten also im kosmologischen Massstab besteht sie ziemlich genau aus nichts. Wie hängt das zusammen und was hat das mit dunkler Materie und dunkler Energie zu tun und was zum Geier ist eigentlich die "spukhafte Fernwirkung" von der Einstein damals sprach und warum hat bis heute keiner so recht verstanden wie das alles zusammenpasst? Hast du schon mal davon gehört, dass die Quantenphysik irgendwie schräg ist, hast dich da aber noch nicht ran getraut, obwohl du das gerne besser verstehen wollen würdest? Denkst du manchmal drüber nach, wie zum Geier das komplette Universum mit allen Sternen und Planeten ganz früher mal in einen Tischtennisball oder sogar noch was kleineres gepasst haben soll? Hast du schon mal davon gehört, dass ein Proton angeblich aus drei Quarks besteht und denkst, "jaja, ihr könnt mir viel erzählen". Und klinkt sich dein Vorstellungsvermögen aus, wenn du versuchst dir so was wie ein "schwarzes Loch" vorzustellen, das unendlich klein sein soll und dabei unendlich schwer? Dann bist du hier genau richtig. Ich will dir ohne wesentliche Vorkenntnisse vorauszusetzen im Grossen und Ganzen den Zusammenhang näher bringen, deine Faszination für das Thema wecken oder füttern und dir Mut machen, dich weiter damit zu beschäftigen. Du darfst hier Fragen stellen, dich wundern, zweifeln und irritiert sein. Wenn du an Quantenheilung, Vortex Atome und holistische Quanten-Kinesiologie glaubst, dann bist du herzlich willkommen um zu lernen, dass das mit Quantenphysik nichts, aber auch wirklich gar nichts zu tun hat, aber sei bitte nicht enttäuscht, wenn ich auf diese Themen nicht eingehe. Eine Stunde ist viel zu Kurz um zusätzlich eine Einführung in die Prinzipien der Wissenschaft zu halten. Wenn du aber schon mal die Schrödingergleichung hergeleitet hast oder gerne über die Vorteile der M-Theorie gegenüber der Super-Stringtheorie schwadronieren möchtest oder wenn du diskutieren möchtest, ob es vielleicht auch noch ein Typ 3 Weyl Fermion geben kann, dann langweilst du dich hier vermutlich, das können wir dann ja gerne ein anderes mal machen ;-)

Die Quantenphysik und Einsteins Relativitätstheorie haben eine über hundert Jahre alte Geschichte und sie passen bis heute nicht vernünftig zusammen. Und einige Aspekte der Debatte fanden schon bei den alten Philosophen ihren Anfang. Wo das Problem liegt, was an der Quantenphysik zu verrückt ist und warum das was mit der Entstehung unseres Universum zu tun hat und was so alles daraus folgt will ich versuchen möglichst für Laien verständlich zu erzählen.

Legend has it, the first iteration of the Secure Sockets Layer (SSL) protocol was broken in ten minutes by Phillip Hallam-Baker and Alan Schiffman during a presentation by Marc Andreesen at MIT in 1994. In the following two decades the protocol has been improved and the implementations have been strengthened, but not without a steady stream of implementation vulnerabilities and protocol design errors. From the ciphersuite rollback attack to LogJam, SSL/TLS has seen a diverse set of problems. In this talk we’ll discuss the pitfalls in designing and implementing a cryptographic protocol and lessons learned from TLS up to version 1.2.

Legend has it, the first iteration of the Secure Sockets Layer (SSL) protocol was broken in ten minutes by Phillip Hallam-Baker and Alan Schiffman during a presentation by Marc Andreesen at MIT in 1994. In the following two decades the protocol has been improved and the implementations have been strengthened, but not without a steady stream of implementation vulnerabilities and protocol design errors. From the ciphersuite rollback attack to LogJam, SSL/TLS has seen a diverse set of problems. From the HMAC-then-Encrypt vs Encrypt-then-HMAC debate to the preference for Cipher Block Chaining (CBC) modes, the 90s was an innocent time in secure protocol design. Daniel Bleichenbacher had not yet started his assault on RSA and the types of side-channel attacks that enabled BEAST and POODLE had not yet been discovered. Over the next two decades, not only were weaknesses revealed in the protocol, but implementation flaws were found in even the most widely deployed SSL/TLS libraries. By following the security-relevant changes in SSL/TLS over the years we can paint a picture of the hard lessons learned by the cryptographic community over the history of this protocol all and how we can prevent ourselves from repeating the mistakes of the past.

Listening to satellites and decoding is fun. We show interesting stuff we found, and how you can get into it.

The Iridium satellite system provides voice and data coverage to satellite phones, pagers and integrated transceivers over Earth's entire surface. It was built by Motorola over 15 years ago, and parts of it remain unchanged to this day. Last year we showed how to decode the unidirectional pager messages. Since then we can share our better understanding of some of the protocol but also show listening to the SMS-like bidirectional SBD communication channel.

Gradually we are all becoming more and more dependent on machines, we will be able to live longer with an increased quality of life due to machines integrated into our body. However, our dependence on technology grows faster than our ability to secure it, and a security failure of a medical device can have fatal consequences. This talk is about Marie's personal experience with being the host of a vulnerable medical implant, and how this has forced her to become a human part of the "Internet-of-Things".

Marie's life depends on the functioning of a medical device, a pacemaker that generates each and every beat of her heart. This computer inside of her may fail due to hardware and software issues, due to misconfigurations or network-connectivity. Yes, you read that correctly. The pacemaker has a wireless interface for remote monitoring forcing the patient to become a human part of the Internet-of-Things. As a security-professional Marie is worried about her heart's attack surface. How can she trust the machine inside her body, when it is running on proprietary code and there is no transparency? This is why she went shopping on eBay to acquire medical devices that can communicate with her pacemaker, and started a hacking project together with her friend Éireann. This talk will be focused on the problem that we have these life critical devices with vulnerabilities that can't easily be patched without performing surgery on patients, Marie's personal experience with being the host of such a device, and how the hacker community can proceed to work with the vendors to secure the devices.

Sanitizing and anonymizing PCAP or PCAPng files is often necessary to be able to share information about attack vectors, security problems or incidents in general. While it may seem simple to replace IP addresses or ports there are still quite a number of network packet details that are hard to replace. This technical talk will shed a light on where those troublemakers are encountered and how to get around them.

When sanitizing/anonymizing PCAPs (or the newer, better, but also much more complex PCAPng network capture file format) there are a ton of problems to run into: Replacement need to be consistent, Checksums need to be recalculated sometimes but now always, and IPv6 has dependencies to MAC addresses that need to be considered as well. Additionally, protocols may be stacked on top of each other, tunneling IPv4 over IPv4 or IPv6 over IPv4, adding complexity to the replacement process. And finally, sanitizing TCP payloads is a certifiable nightmare because you never quite know what you're looking at, and the data segments may require reassembly/unpacking before you can do anything. It's easy to break sequence numbers, unless every replacement is exactly the same size as the original value. This talk will take a closer look at some of the typical problems that come up when sanitizing/anonymizing network packet captures, and at tools that can help with getting reasonable results.

The Hacker Jeopardy is a quiz show.

The well known reversed quiz format, but of course hacker style. It once was entitled „number guessing for geeks“ by a German publisher, which of course is an unfair simplification. It’s also guessing of letters and special characters. ;) Three initial rounds will be played, the winners will compete with each other in the final. The event will be in German, we hope to have live translation again.

In den nunmehr Hunderte A4-Seiten füllenden Live-Protokollen des NSA-BND-Untersuchungsausschusses, die bei netzpolitik.org nachzulesen sind, verbergen sich interessante Antworten auf Fragen, die niemand gestellt hat, vorher unbekannte juristische „Theorien“ des BND und Perlen verlogener Rabulistik.

Das schreit förmlich danach, Teile der Live-Protokolle aufzuarbeiten und vorzulesen. Genau das werden wir tun.

How can be 3d printing a dual use technology? Print more things, produce less waste, save money!

Each day 3D printers become cheaper and the internet gets filled with 3d files to print. With every 3d printer running the need for plastics and therefore the amount of waste produced (either through failed prints or normal end of life of the print) will grow. Even if there are things you won't need to buy anymore and the additional waste is compensated here, the reality shows that failed prints can't be ignored, 3d printers are used to print a lot of nonsense things (e.g. internet memes) and the lifetime of these prints is often below commercial grade products. In this talk i'll present the difficulties in recycling plastic as well as the progresses or fails i've made. How easy is it to recycle 3d prints or other wast in order print it again? How often can this process be repeated? Does it save money? Do the new prints look good? As a special feature i'll try to collect some waste from the audience at the beginning of the talk and recycle it live on stage! About me: i'm 25 years old and use 3d printers since several years and run 9 3d printers at this time. With so many printers, the amount of waste gets at a point where it feels like i would waste a lot of money and increase the negative environmental impact if i don't recycle the fails and unused prints. I brought several printers to events like 30-31C3, GPN13-14-15 or the CCCamp15 (you may remeber me as obelix, the guy with the tent full of 3d printers).

In 2011, Joanna Rutkowska unveiled an easy-to-use tool for mitigating many attacks on system boot chains by using the TPM - the Anti Evil Maid. Unfortunately the implementation was difficult to incorporate into normal system boot in a secure manner - anybody able to observe a user could recreate the secret. This presentation describes a method to allow systems to prove their identity to the user without making it trivial for attackers to mimic a secure boot and extract secrets from the user, and why the state of modern hardware means this may still not be enough.

A correctly implemented Trusted Boot solution makes it possible for systems to prove to other systems that they have booted with the expected boot chain. The Anti Evil Maid technique took advantage of this to encrypt a secret with the TPM in such a way that a system whose firmware or bootloader had been compromised would no longer be able to decrypt that secret. Unfortunately, the use of a static secret makes it easier for an attacker to mimic a good boot - as a result, a sufficiently motivated attacker could circumvent Anti Evil Maid and convince the user that a compromised system was in a good state. This presentation describes the use of shared trust between the system and another device, making it significantly more difficult for an attacker to mimic a trusted boot. It includes a description of the implementation of Trusted Boot support in Free operating systems on modern UEFI systems, how this can be tied into sharing trust between multiple devices and the limitations that may still permit state-level actors to compromise these techniques.

In der politischen Rede sind immer wieder Floskeln zu beobachten, zum Teil gibt es Moden, wie im Zusammenhang mit dem so genannten No-Spy-Abkommen, wo Handlungen wiederholt mit „bestem Wissen und Gewissen“ gerechtfertigt wurden. Auch das „volle/vollste Vertrauen“ der Kanzlerin ist auffällig. Der Vortrag vertritt die Hypothese, dass solche Phrasen nicht zufällig sind, dass sie eine Funktion besitzen. Es wird erläutert, was mit ihnen erreicht werden soll. Es wird außerdem der Frage nachgegangen, wie Floskeln sich durch häufigen Gebrauch in ihrer Bedeutung verändern bzw. verselbständigen und gegen den Sprecher wenden können.

In diesem Vortrag werden eine Reihe von Floskeln untersucht, die in politischer Rede vorkommen und sich in jüngerer Zeit besonderer Beliebtheit erfreuen. Es wird erörtert, was die Floskeln eigentlich bedeuten, wie und zu welchem Zweck sie verwendet werden und welche besondere Dynamik bei häufigem Gebrauch entstehen kann, insbesondere wenn sich die Floskeln verselbständigen. Es werden eine Reihe von Politikerzitaten zu aktuellen Themen analysiert: selbstverständlich geht es um die Vorratsdatenspeicherung und ihre auch sprachlich zweifelhaften Begründungen, um den "Kampf gegen den Terror" und um die Landesverratsaffäre.

Embedded systems are omnipresent in our everyday life and are becoming increasingly present in many computing and networked environments. For example, they are at the core of various Common-Off-The-Shelf (COTS) devices such as printers, video surveillance systems, home routers and virtually anything we informally call electronics. The emerging phenomenon of the Internet-of-Things (IoT) will make them even more widespread and interconnected. Cisco famously predicted that there will be 50 billion connected embedded devices by 2020. Given those estimations, the heterogeneity of technology and application fields, and the current threat landscape, the security of all those devices becomes of paramount importance. In addition to this, manual security analysis does not scale. Therefore, novel, scalable and automated approaches are needed. In this talk, we present several methods that make *the large scale security analyses of embedded devices* a feasible task. We implemented those techniques in a scalable framework that we tested on real world data. First, we collected a large number of firmware images from Internet repositories and then performed simple static analysis. Second, since embedded devices often expose web interfaces for remote administration, therefore we developed techniques for large scale static and dynamic analysis of such interfaces. Finally, identifying and classifying the firmware files, as well as fingerprinting and identifying embedded devices is difficult, especially at large scale. Using these techniques, we were able to discover a large number of new vulnerabilities in dozens of firmware packages, affecting a great variety of vendors and device classes. We were also able to achieve high accuracy in fingerprinting and classification of both firmware images and live devices.

This material is both important and innovative because it addresses the more and more pressing matter of securing/hacking the IoT, hence the embedded devices themselves. Moreover, it's envisioned that the topic will go in the next few years from important to critically important. This material is definitely innovative because it will provide technical aspects of security research by combining several interesting research directions: - non-x86 emulation (and the caveats) - some aspects of static and dynamic analysis - machine learning - device fingerprinting This material is significant because it will present the results, knowledge and insights that resulted from three years of experimentation and work using systematic, methodological and academic approaches. Audience will be presented with technical knowledge, demos, insights, lessons learned and open challenges.

We'll update you on what's going on with Tor onion services, aka Tor hidden services.

In the past, onion services were mostly run by people who wanted to set up a website that somebody else wanted to shut down. Increasingly, people are recognizing that onion services are much more broadly useful: they are about providing more security to users, not hiding websites. Over the last year or so, Facebook set up an onion service to let their users reach Facebook more securely, the IETF officially designated '.onion' as a reserved domain, we've been talking to the "Let's Encrypt" folks about giving an onion address to every website, some neat new apps are coming out that use onion services (like decentralized chat), and more. We also have some actual stats on hidden services: https://blog.torproject.org/blog/some-statistics-about-onions At the same time, we've been working on next-generation onion services. We'll explain why they greatly improve both security and scalability.

The military use of Drones has profoundly changed warfare and is a central aspect of the globalized war on terror. The public debate including the respective talks at prior CCCs is dominated by questions of the ethical and juridical aspects of Drone use. This talk tries to shift the focus towards the enabling dimensions of Drone warfare.

Using source material from public documents of academia, the US-military as well as from the Snowden publications I will show that Social Graphs and graph-analysis are central for the War on Terror. In this context Drones have at least two functions: 1. they act as data-gatheres, collecting visual and SIGINT (phone) data necessary for graph-generation and -updates. 2. they are deployed to shape Social Graphs: that is destroy particular nodes with kinetic means where the kill decision are made on the basis of graph analysis. I will show that there is a rich academic literature on graph analysis of terror networks revealing an ongoing debate about algorithms able to inform such decisions. On this basis I will argue that in the War on Terror Drones and Social-Graphs need to be understood as interdependent systems and that the debate needs to be informed by a deeper understanding of the history and current state of graph-analysis. The talk will conclude with questions regarding the strategic and geopolitical role of Social Graphs.

Computational theories of the mind seem to be ideally suited to explain rationality. But how can computations be subverted by meaning, emotion and love?

Minds are computational systems that are realized by causal functionality provided by their computational substrate (such as nervous systems). Their primary purpose is the discovery and exploitation of structure in an entropic environment, but they are capable to something much more sinister, too: they give rise to meaning. Minds are the solution to a control problem: in our case, this problem amounts to navigating a social primate through a complex open environment in an attempt to stave off entropy long enough to serve evolutionary imperatives. Minds are capable of second-order control: they create representational structures that serve as a model of their environment. And minds are capable or rationality: they can learn how to build models that are entirely independent of their subjective benefit for the individual. Because we are the product of an evolutionary process, our minds are constrained by powerful safeguards against becoming fully rational in the way we construct these models: our motivational system can not only support our thinking and decision making to optimize individual rewards, but censor and distort our understanding to make us conform to social and evolutionary rewards. This opens a security hole for mind-viruses: statebuilding systems of beliefs that manage to copy themselves across populations and create causal preconditions to serve neither individuals nor societies, but primarily themselves. I will introduce a computational model of belief attractors that can help us to explain how our minds can become colonized and governed by irrational beliefs that co-evolve with social institutions. This talk is part of a series of insights on how to use the epistemology of Artificial Intelligence to understand the nature of our minds.

Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick!

To get involved and learn more about what is happening please visit the Lightning Talks Wikipage.

Major changes are underway in the Tor Project, the Tor Network, and the Tor community. We want to tell you details and introduce the growing Tor community to the larger world.

The State of the Onion covers technical, social, economic, political, and cultural issues pertaining to anonymity, the Tor Project, and the ecosystem surrounding our communities. Important topics include the following issues: - Our new mission statement and code of conduct - An introduction to our „Vegas Plan“ - Introducing a huge set of developers and users working on enabling your anonymity - An overview of the kinds of projects and groups involved with Tor - A summary and fact checking of important media coverage - A history lesson about the Tor network

The Fluxus movement came about in the early 1960ies and the talk will discuss its strenghts, dead-ends and promises for the creation of works and community in our digital environment. International, transdisciplinary, non-institutional, anti-art and playful. After several years of research and new art productions, Leo Findeisen and Markus Zimmermann will present their findings.

Historical points of interest will deal with Erik Satie, Marcel Duchamp and John Cage and their pioneering works of easy listening, the new instrumentalisation of taste and boredom as well as the enhancement of the notion of art via the application of musical scores to daily actions. These lines are followed up in classical Fluxus works and the audience will get to see pieces by Nam Jun Paik, Alison Knowles, Robert Filliou, Ay O, Something Else Press a.o. Later influences in Germany are presented in anecdotes of Wau Holland & Joseph Beuys, foebud or thing.net. The vital Fluxus scenes of the 1970ies behind the Iron Curtain are hardly known and will also be presented using recent books. Contemporary candidates include Mediengruppe Bitnik!, speed-shows of Aram Bartholl, the Balcony manifesto by Constant Dullaart a.o., the "Internet Black-Out" by LaQuadrature.net; some "Scores" (Handlungsanleitungen) will be tried out live and their function "The 12 Ideas of Fluxus" (2002) will be discussed. In applying methods of cultural anthropology and Actor-Network-Theory, we will also compare Fluxus ideas and Fluxus ideals with the tools, methods and goals of online-Communities and the OpenSource-approach in general. The poster attached (2011) has been our research manifesto, it features visuals of and explanations about the Icelandic Modern Media Initiative, XKCD, Yoko Ono, Joseph Beuys, the Google Custom Placemark, Nam Jun Paiks "TV-Chello" and who is playing it as well as George Maciunas, the "impressario" of Fluxus. "Fluxus cannot save the world."

Is your email being sent in the clear? While PGP and S/MIME provide end-to-end encrypted mail, most users have yet to adopt these practices, and for users who have, these tools leave metadata, such as the subject, sender, and recipient, visible everywhere along a message’s path. SMTP—the ubiquitous mail transport protocol—has evolved over the years to add encryption and authentication, both of which take place behind the scenes and help guard against surveillance and spam. While these features are being increasingly deployed, our research shows that they are almost always configured in vulnerable ways—the details of which are hidden from the users sending and receiving mail. Even more disturbingly, these vulnerabilities are being widely exploited in the wild: in seven countries, more than 20% of inbound Gmail messages are downgraded to cleartext by network-based attacks. In the most severe case, 96% of messages sent from Tunisia to Gmail are downgraded to cleartext. In this talk, I’ll introduce the commonly used SMTP security extensions—including STARTTLS, SPF, DKIM, and DMARC—and describe the current state of mail security on the Internet. I'll describe several commonly occurring attacks our recent research has found and discuss how mail operators can configure their servers to secure email transport. Finally, I'll discuss several weaknesses in the protocols we're using and recent proposals for helping secure email transport.

Email carries some of our most sensitive communication, including private correspondence, financial details, and password recovery confirmations. We expect that messages are private and, in many cases, unforgeable. However, SMTP—the protocol responsible for relaying messages between mail servers—did not originally authenticate senders or encrypt mail in transit. Instead, servers support these features through SMTP extensions. Adopting these features is entirely voluntary and they have only been gradually adopted. As a consequence, mail servers still tolerate unprotected communication and will send messages in clear text if any problems occur when negotiating a secure connection.

Earlier this year, I worked with colleagues at the University of Michigan and Google to measure the global adoption of email security features and try to better understand how well email is secured in practice. Our study draws from two unique data sources: connection logs for Gmail spanning 16 months, plus a snapshot of SMTP server configurations from April 2015 for the Alexa Top Million domains. From Gmail’s perspective, incoming messages protected by TLS have increased 82% over the last year, peaking at 60% of all inbound mail. However, this improvement was largely because a small number of popular web mail providers deployed TLS—many organizations still haven't deployed these features correctly. I will discuss these results and many more that reveal several major weaknesses in the global deployment of mail transport security.

This security patchwork enables network attackers to intercept and surveil email. In one kind of attack, actors corrupt the TLS handshakes at the the start of an SMTP connection to downgrade the connection to cleartext—exposing messages to potential eavesdropping. Using Internet-wide scanning, we identified more than 41,000 SMTP servers in 193 countries that are routinely forced to deliver email as cleartext. We analyzed the mail sent to Gmail from these hosts and find that in seven countries, more than 20% of all messages are prevented from being encrypted by active network attacks. In the most severe case, 96% of messages sent from Tunisia to Gmail are downgraded to cleartext, but even in Denmark, nearly 4% of messages are affected.

In a second class of attack, DNS servers provide fraudulent MX records for popular email providers. We searched for servers that provide fraudulent addresses for Gmail’s SMTP servers, and we find 14.6K publicly accessible DNS servers in 69 countries provide falsified responses. We investigate the messages that Gmail received from these hosts and find that in 193 countries more than 0.01% of messages from each country are transited through these impostor hosts. Six of the eight most-affected countries are in Europe.

In this talk, I will first introduce the security extensions for SMTP and the current state of mail security. Then, drawing on our measurements, I will discuss the weaknesses in these protocols and the attacks we see occurring in the wild. I'll discuss what mail server operators, developers, and even end users, can do to protect against these problems. Finally, I will present current proposals for securing mail transport and several weaknesses that we still need to address.

Algorithms and „big data“ penetrate many aspects of our lives today. In the future, data collection and analysis will be even more ubiquitous and permeate our lives from morning to night.

Many people (well, mostly business people) welcome this new era of data analysis and the associated vision of an „intelligent planet“. Not so many people seem to be concerned about the other side of the coin though, which is an ever-growing influence of algorithms on our personal life and the accompanying shift of decision power from humans to machines. In as little as 10 years, algorithms might decide if you get a new job – or if you get fired from your current one –, how much you will pay for your health insurance, whether you will be allowed to travel to a given country and who you will marry. So it’s time to say hi to your new boss: the algorithm. Often people talk either about the consequences of a data-driven society, or about the technological aspects of it, but rarely about the two together. With my talk I want to change that by discussing concrete technologies and algorithms that are used in data analysis today, together with their societal and political implications. I will show how algorithms can be trained to be racist, misogynic and plenty of other things, and that this actually happens in practice if no care is taken to avoid it. Finally, I will discuss various approaches to solve this dilemma, both technological and political. Outline: * Introduction to „big data“ and data analysis, * Parts of our lives that are already under algorithmic control, * Parts of our lives that soon will be under algorithmic control, * Example use case of algorithms in data science, * How machine learning can discriminate against certain groups of people, * Example algorithm: Classifying people in good and bad customers, * How the bias comes about: Algorithm-based discrimination, * How we can fix these problems. * Outlook.

This talk is about Vehicle2Vehicle (V2V) communication in Europe and in the U.S. Next to the introduction of some requirements for V2V communication, the basic approaches of V2V communication based on IEEE 802.11p are presented. This includes an introduction to communication stack, concepts of message dissemination, message contents, privacy & security issues and an outlook to further developments. (The email address has an error. It should en with "de" not with "com")

Modern vehicles have several advanced driver assistant systems (ADASs). This is the beginning of the full automation of the driving task. Vehicle manufacturers already showed first fully automated prototypes but a lot of challenges have to be addressed until such systems will be commercially available. One challenge is to provide the necessary information for the self-driving vehicle to make the right driving decisions. V2V communication is one possible technology to provide this information. The proposed talk is an introduction to the state of the art of V2V communication based on IEEE 802.11p. This talk is a technical introduction to Vehicle2Vehicle communication. It will introduce the basic concepts of V2V technology and provides references to documents of the standardization. The talk will consist of the following parts: Motivation: The talk starts by describing the scope and possible applications of V2V communication focusing on the use-case of the “Electronic Emergency Break Light”. What is more, V2V communication will be compared to traditional on-board sensors like Lidar or Radar. Basic concepts: The state of the art concepts of V2V communication based on IEEE 802.11p and its differences compared to consumer WiFi will be discussed in this section. Furthermore, the existing concepts and standards developed in both Europe and the U.S. will be compared, with a special focus on the differences between the two approaches. In summary, the following questions will be addressed: • What are the approaches for V2V communication in Europe and the U.S.? • How is communication realized for V2V? • Which standardization approaches exist and where can they be found? • What are the most important disseminated information and messages? • How are these messages formatted? (header structure) • What are the differences between the V2V communication concepts in the U.S and Europe ? • Which technical challenges have to be solved? Privacy and Security: As V2V communication will be used to broadcast the vehicle’s position and dynamic state, the privacy of the driver has to be protected. The talk will introduce the pursued concepts for privacy protection, whilst ensuring that only authorized entities are able participate in the communication. Due to the complexity of the topic, this section will focus on the concepts and the standards found in Europe. Perspective: Eventually, the talk will address future work within the field of V2V communication, such as novel ADASs and privacy concepts. Remarks: The talk is only about the state of the art of V2V technology, its standardization and its further development.

DGAs (Domain Generation Algorithms) have become a trusty fallback mechanism for malware that’s a headache to deal with, but they have one big drawback – they draw a lot of attention to themselves with their many DNS request for gibberish domains.

When basic entropy-based Machine Learning methods rose to the challenge of automatically detecting DGAs, DGAs responded by subtly changing their output to be /just/ plausible enough to fool those methods. In this talk we’ll harness the might of the English dictionary, cut corners to achieve sane running times for insane computations, and use fancy Machine Learning® methods – all in order to build a classifier with a higher standard for gibberish plausibility. In recent years, there has been a rising trend in malware’s use of Domain Generation Algorithms (DGAs) as a fallback mechanism in case the campaign is shut down at the DNS level. DGAs are a headache to deal with, but they have one big drawback – they make a lot of noise. To be more precise, they generate a very large amount of DNS requests for domains, and the domains are often complete gibberish. This situation looks ripe to be exploited with your favorite Cyber™ Machine Learning® Big Data© solution; and indeed, advances were made by basic language processing methods that could detect and stop the outright complete gibberish. These worked well, until DGAs mutated, and started producing more reasonable gibberish. A milestone in this regard was the introduction of KWYJIBO, a DGA that generates gibberish where every other letter is a vowel (e. g. „garolimoja“), which stumps the old methods completely. How do you thwart KWYJIBO and other DGAs of its sophistication? How do you look for meaninglessness in string-space? In this talk we’ll harness the might of the English dictionary; cheat mathematics to cut running times from impossible to reasonable; and demonstrate a fancy Cyber™ Machine Learning® Big Data© tool based on all the above to tell apart meaningful domain names from nonsense. Where is this arms race going, anyway? Is there such a thing as undetectable gibberish?

After defensive programming techniques and before attack method mitigations, the least privilege principle is our strongest weapon against exploitation. Much of the focus has been on how the admin can sandbox processes away.

A recent development is the idea that the process itself can „sandbox itself away“. This talk explores how that works in practice and is aimed at interested programmers. This talk will mostly focus on seccomp-filter and namespaces on Linux, but it will also talk about capsicum (FreeBSD) and tame (OpenBSD), and old-school methods like ptrace and chroot, and cover capabilities. Also maybe a bit about systrace/selinux style approaches where the admin sets the profile from the outside, and why I chose to focus on letting the app sandbox itself instead.

How we built an automatic exploitation system and qualified for the DARPA Cyber Grand Challenge.

From a rag-tag hackademic group to getting money from DARPA for auto-exploiting and auto-patching. A tale of surfing, CTF-playing, and releasing an angry binary-analysis framework as open source :)

Beside introducing Shellphish, we will explain how we qualified to the final round of the DARPA Cyber Grand Challenge. The CGC is a security competition played by programs. Yep, you read it right, your code must automatically exploit and patch binaries, without any human intervention!

In particular, we will show how our open source binary analysis framework (angr) can help you find vulnerabilities in binaries.

Shellphish is a group of security enthusiasts born in the University of California, Santa Barbara (UCSB) in 2004. Since then Shellphish played countless Capture the Flag (CTF) security competitions, winning the DEFCON CTF finals in 2005.

In 2015, Shellphish enrolled in the DARPA Cyber Grand Challenge (CGC). Differently from others security competitions, in which humans have to solve security challenges (such as exploiting binaries or web services), during the CGC participants have to build an automatic system that plays for them! In particular, teams have to build a system that is able to automatically find vulnerabilities in binaries, exploit them, and patch them, without any human intervention.

In this talk we will present the system we developed to participate in the CGC, our almost-million dollar baby :) Our system was able to score among the top 7 teams during the qualification event of the CGC, qualifying us for the final event (in August 2016 at Las Vegas), in which participants will compete against each other to win a first-place prize of 2 million dollars (and eternal bragging rights).

Part of the system we developed is based on angr, the open source binary analysis framework developed at UCSB.
During the talk we will demo angr, showing how it can be used to automatically find vulnerabilities in binaries.
In particular, we will first show how angr helped us during CGC and then how, more generally, it can be used to automatically solve binaries challenges proposed in recent CTF security competitions.

Last year I presented research showing how to de-anonymize programmers based on their coding style. This is of immediate concern to open source software developers who would like to remain anonymous. On the other hand, being able to de-anonymize programmers can help in forensic investigations, or in resolving plagiarism claims or copyright disputes. I will report on our new research findings in the past year. We were able to increase the scale and accuracy of our methods dramatically and can now handle 1,600 programmers, reaching 94% de-anonymization accuracy. In ongoing research, we are tackling the much harder problem of de-anonymizing programmers from binaries of compiled code. This can help identify the author of a suspicious executable file and can potentially aid malware forensics. We demonstrate the efficacy of our techniques using a dataset collected from GitHub.

It is possible to identify individuals by de-anonymizing different types of large datasets. Once individuals are de-anonymized, different types of personal details can be detected from data that belong to them. Furthermore, their identities across different platforms can be linked. This is possible through utilizing machine learning methods that represent human data with a numeric vector that consists of features. Then a classifier is used to learn the patterns of each individual, to classify a previously unseen feature vector. Tor users, social networks, underground cyber forums, the Netflix dataset have been de-anonymized in the past five years. Advances in machine learning and the improvements in computational power, such as cloud computing services, make these large scale de-anonymization tasks possible in a feasible amount of time. As data aggregators are collecting vast amounts of data from all possible digital media channels and as computing power is becoming cheaper, de-anonymization threatens privacy on a daily basis. Last year, we showed how we can de-anonymize programmers from their source code. This is an immediate concern for programmers who would like to remain anonymous. (Remember Saeed Malekpour, who was sentenced to death after the Iranian government identified him as the web programmer of a porn site.) We scaled our method to 1,600 programmers after last year’s talk on identifying source code authors via stylometry. We reach 94% accuracy in correctly identifying the 1,600 authors of 14,400 source code samples. These results are a breakthrough in accuracy and magnitude when compared to related work. This year we have been focusing on de-anonymizing programmers from their binaries of compiled code. Identifying stylistic fingerprints in binaries is much more difficult in comparison to source code. Source code goes through compilation to generate binaries and some stylistic fingerprints get lost in translation while some others survive. We reach 65% accuracy, again a breakthrough, in de-anonymizing binaries of 100 authors. De-anonymization is a threat to privacy but it has many security enhancing applications. Identifying authors of source code helps aid in resolving plagiarism issues, forensic investigations, and copyright-copyleft disputes. Identifying authors of binaries can help identify the author of a suspicious executable file or even be extended to malware classification. We show how source code and binary authorship attribution works on a real world datasets collected from GitHub. I hope this talk raises awareness on the dangers of de-anonymization while showing how it can be helpful in resolving conflicts in some other areas. Binary de-anonymization could potentially enhance security by identifying malicious actors such as malware writers or software thieves. I would like to conclude by mentioning two future directions. Can binary de-anonymization be used for malware family classification and be incorporated to virus detectors? Obfuscators are not the counter measure to de-anonymizing programmers. We can identify the authors of obfuscated code with high accuracy. There is an immediate need for a code anonymization framework, especially for all the open source software developers who would like to remain anonymous.

Introduction and consequences of the CJEU's "Safe Harbor" ruling, to invalidate the EU-US data sharing deal in the light of the revelations over US surveillance by Edward Snowden.

In a landmark ruling the Court of Justice of the European Union (CJEU) has declared the "Safe Harbor" data sharing system between the EU and the US invalid over NSA surveillance, disclosed by Edward Snowden. The CJEU has for the first time ruled that "mass surveillance" as in the US violated the "essence" of Art 7 and 47 of the EU Charter of Fundamental Rights. The ruling has major implications for global data flows as more than 4.000 US companies used "Safe Harbor" as their legal basis for EU-US data transfers - including large providers like Google, Apple, Microsoft, Facebook or Yahoo. In addition the ruling could also be relevant case law for similar forms of "mass surveillance" by EU member states. In addition to explaining the legal situation [and a couple of insiders], the following questions should be answered: - What are possible legal solutions for global services? - What are possible technical solutions for global services? - What are ways forward to enforce fundamental rights in the digital sphere?

CAGE exists to highlight abuses of the War on Terror. It has uncovered many secrets of governments that they would like to remain secret, and is now one of the most targeted organisations in the UK. Hear how the state attempts to suppress dissent, and yet we manage to speak out.

The War on Terror is the primary justification used to invest ever-increasing powers to the security state. It is the reason why states have been able to amass the powers to conduct mass surveillance of millions of law-abiding citizens. The surveillance state continues to expand. CAGE was formed to highlight the abuses of the War on Terror after the creation of Guantanamo Bay prison. It has uncovered the existence of secret detention sites across the globe, revealed the involvement of Western intelligence agencies in rendition and torture and has campaigned courageously on behalf of prisoners that have been tortured and held without detention and trial for years. Our work has been underpinned by an unshakable commitment to the principles of due process and the rule of law. Today, CAGE is leading the charge against one of the most draconian and intrusive Government policies that has ever been devised – PREVENT. We are representatives of the ‘suspect community’ of our times. As a result of our challenging yet rational, evidence-based and measured contributions, our organisation has become one of the most targeted in the UK. Our bank accounts have been frozen, one of our directors has been arrested, our funders have been pressured, our homes & vehicles have been bugged... We’re constantly attempting to secure our communications and environments just to continue our work. From new encryption methods to Faraday bags. The Security State is trying to marginalise each of us. But we are taking on the security state together and citizens are being empowered. There are many that agree with us and recognise what is to come...

The talk „We Lost The War“ was presented at Congress ten years ago, causing quite a stir. It was a prediction of a dark future that did not sit well with many people, but unfortunately many predictions have come true meanwhile. This talk will try to address what comes next, as well as what the hacker community can do to make things better.

It’s a broad-spectrum talk that covers analysis of past and current events and possible futures in specific fields such as surveillance and digital rights, as well as a broader analysis of where the speakers think the world might be in 5-10 more years.

Street level surveillance technology, such as surveillance cameras and iris scanners, is now a pervasive part of the daily lives of city dwellers, with disastrous consequences for freedom of expression. This talk will cover what kind of street level technology we’re seeing, how it’s spreading, and who’s making money off of it. We’ll also talk about some of the security flaws hackers have exposed on these technologies, and put out a call to action to CCC.

Surveillance was on the street before it was online, and that hasn’t changed. What has changed is that cities around the world are now bristling with street level surveillance technology, like GPS tracking devices, IMSI catchers, biometrics, drones, and cameras of all kinds. Much like the business of selling malware to repressive regimes, big multi-national corporations like General Electric and Morpho have made huge profits off the spread of this technology, and have helped it spread like wildfire. Even in places like the United States, where, in the last 20 years, crime rates have steadily and significantly declined, the use of this incredibly invasive technology is excused by “public safety" or "crime prevention needs.” Justifications range from warnings about terrorism (often thinly-veiled jabs at activists like the Black Lives Matter movement or anti-austerity activists in Greece) to conflating “national security” with disaster preparedness. Similarly, In Latin American, government authorities have used surveillance measures to discredit and stigmatize social movements involved in protests. Street level surveillance is also often part of preparation for major events. The technology left behind becomes integrated in to everyday policing. The 2012 Olympics in London was accompanied by a host of new technology, including iris scanners, biometric ID cards, automated license plate readers, and facial-recognition CCTV systems. In preparation for the 2014 World Cup Games, Brazil spent millions on CCTV, drones, facial recognition goggles, surveillance helicopters, and a mobile high-frequency radio wave scanner, as well as 14 digital command centers across the country (featuring huge ceiling-to-wall monitors to facilitate real-time monitoring of surveillance cameras.) The country also integrated their national and international databases with cooperating parties, like Interpol, and subjected Brazilians to this invasive data collection technique. Intelligence agents mapped protest routes and monitored demonstrators by tracking their social media accounts. The 2016 Brazil Olympics are sure to make use of this technology—and provide an excuse for more. This talk will cover what kind of street level technology we’re seeing, how it’s spreading, and who’s making money off of it. We’ll also talk about some of the security flaws hackers have exposed on these technologies, and put out a call to action to CCC. Speakers are: Nadia Kayyali, Activist at Electronic Frontier Foundation. They focus on street level surveillance technology such as IMSI catchers and drones, US national security policy, privacy, anonymity, and freedom of expression. Nadia has worked on EFF’s Street Level Surveillance and Surveillance Self-Defense projects, advocated for anonymity and privacy with governmental bodies and companies like Facebook, and has coordinated a variety of US campaigns to limit surveillance at the national and local level. As a Syrian-American, Nadia got especially interested in surveillance because of the experiences of Arab and Muslim Americans after 9/11. Joana Varon, Founder and Director of Coding rights and consultant and independent researcher on Internet Governance and Digital Rights. Previously, Joana was a researcher and project coordinator at the Centre for Technology and Society from Fundação Getulio Vargas in Rio de Janeiro. While there, she worked on applied research on information and communication technology for development. Joana is a lawyer and holds a bachelor’s degree in international relations and a master’s degree in law and development. She is concerned about how the lack of true Internet freedom impacts human rights, innovation and, ultimately, development

Mass quantities of data are being incorporated into predictive systems in an ever-broadening set of fields. In many cases, these algorithms operate in the dark and their use has implications both intentional and unintentional. This talk will cover some of the fairness and accountability issues involved in controlling algorithms for media, policy, and policing.

Decision making is increasingly being performed by intelligent algorithms in areas from search engine rankings to public policy. Algorithmic decision making includes applications as important as who is flagged as a potential terrorist as in the United States’ no-fly list to deciding how police officers will be allocated as in predictive policing. These systems are getting smarter as we develop better algorithms, as well as more expansive as they integrate more data. Government agencies and corporations are determining how to best convert the mass quantities of data that have been collected on their citizens and customers into meaningful inferences and decisions through data mining and predictive systems. However, many of these systems consist of algorithms whose operation is closed to the public - constituting a new form of secrecy maintained by powerful entities. The intentional or unintentional impact of some of these systems can have profound consequences. This talk will cover some of the emerging issues with the widespread use of these systems in terms of transparency and fairness. We need to have some mechanism for verifying how these systems operate. Are these algorithms discriminatory? Are they fair with respect to protected groups? What role can auditing and reverse engineering play? I'll discuss these questions, the current status of this field, and some paths forward.

3D printers are almost everywhere, but not on the moon yet. We want to change that and this talk gives you a little insight into the how and whys of 3D printing on the moon.

Having a printer in space is a great idea, it allows you to produce things in space, without having to actually launch it with a rocket. Some want to mine asteroids for that, we want to use lunar regolith. This would make it possible to build structures on the moon that are essential for build a permanent outpost there. Even further down the line one might build the first interplanetary refuelling outpost in space for rockets and go even deeper into space. We want to show you how this dream could become reality, what techniques are of interest, and how it could be implemented.

This talk will be an overview of how to reverse-engineer Unified Extensible Firmware Interface (UEFI) firmware, the replacement for BIOS. Various useful tools will be discussed, including those written by the presenter and those written by others. One of the highlights will be a tool that enables running parts of the firmware in userspace on a standard Operating System.

The Unified Extensible Firmware Interface (UEFI) is a programming environment quite different from regular Operating Systems models, and as such reverse engineering UEFI software is quite different from reversing standard software. This talk will consits of three parts. First, an overview of UEFI and what makes it different will be presented. Then, existing and new tools that aid in reversing UEFI are discussed, including a demonstration of the efiperun tool that enables running UEFI modules in userspace. The talk will conclude with the recounting of a succesful reverse engineering project to uncover the Lenovo hard drive password hashing algorithm. Jethro Beekman is a security researcher and Ph.D. student at the University of California, Berkeley. He has a broad range of interests in technology, ranging from electronics to cryptography. Recent work has focused on various topics such as side-channels, remote attestation, Heartbleed and the Rust programming language.

20 OSCILLATORS IN 20 MINUTES is an experimental music performance/technical challenge/standup comedy act where I attempt to build twenty sound generating square wave oscillators in twenty minutes. This involves fabricating small electronic circuits with wires, chips, small components and nine-volt batteries under the pressure of limited time and expectation. This is a test of my technical abilities and an experiment in working with live troubleshooting as a method of musical improvisation.

How have the media reported the Snowden revelations? Does the public care about surveillance, and how do people react? Do we need a ‚data justice‘ movement?

This talk will present results from the research project „Digital Citizenship and Surveillance Society: State-Media-Citizen Relations After the Snowden Leaks“. We will discuss why media coverage has been biased and investigate public knowledge of, as well as public reactions to, surveillance. We will show that people are concerned about surveillance but feel disempowered to resist it, and explore why many social/political/environmental activists have been reluctant to change their communication practices after Snowden. And we will suggest a ‚data justice‘ framework to form part of broader social and economic justice agenda in order to resonate with a broader public. The project „Digital Citizenship and Surveillance Society“ is hosted at Cardiff University and includes researchers from Cardiff, the Oxford Internet Institute and the Technical University of Delft. It investigates the responses to the Snowden revelations for policy, technology, civil society and the news media. In this talk, two of the investigators will present findings from research that included content analysis of the British press and broadcast news, interviews with journalists and activists, and focus groups with a wide range of the British public. They will uncover widespread worries about surveillance amongst both activists and wider population but, at the same time, a lack of knowledge and confidence to address it socially, politically and technologically. The research provides insights for digital rights campaigners, crypto developers, and everyone interested in the Snowden leaks.

QR codes have rapidly overtaken rival 2D bar code symbologies and are becoming quite ubiquitous. Most uses are rather pedestrian though, and even the more non-standard modifications to pure QR codes lack a certain technical finesse, opting to just overpaint part of the code and let error correction handle that instead. Let's see how we can do better.

The simple visual appearance of a QR code belies a very complex multi-step encoding process: Text is encoded using one or multiple character sets and encoding modes (allowing, for example, for a more efficient representation of strings of numbers), the resultant data is grouped into code words in segments with delimiters, error correction information is added, the augmented data is placed on the 2D matrix, structure obfuscation with a masking pattern is applied and version and format meta-data is added. each of these steps grants some degree of freedom to the encoder that will result in visually distinct but semantically identical codes. Previous approaches to play with QR code appearance have usually stuck to modifying either end of this pipeline: Overwriting some parts of the finished code, or adding additional encoded data so that the finished code will have certain features embedded in it. The downside of these approaches is that you either rely on error correction to remove all the disturbances you've added, limiting the amount of modification possible, or become very limited in which pixels you can control. By constructing an encoder and decoder that allows access to each step of the encoding/decoding process, I will allow you to go further and take control of the QR code as a whole. Changing all parameters of the encoding process will make the resulting code appear almost like you want it without relying on the error correcting capabilities, which then allows you to add further manipulations by abusing the error correction capabilities. All code will be released under a free software license at the same time as the talk.

Free software and hardware are essential to sovereignty among developing nations, and can be used to secure infrastructure and information against sophisticated adversaries. Underdeveloped nations are leveraging Free software for these purposes, including Gaza and the Palestinian territories. This lecture discusses the Palestinian use of Free software and hardware to claim a kind of sovereignty, focusing on the health sector as one example where speaker Dr. Tarek Loubani has experienced and participated in efforts to incorporate Free culture.

Free software and hardware are essential to ensure cultural, economic and military sovereignty among developing nations. Software such as GNU/Linux and GPG are potent weapons used by state and quasi-state actors to secure infrastructure or information against sophisticated adversaries. Several Latin American countries have effectively utilized Free software tools over the past two decades to advance their sovereignty. Today, another wave of underdeveloped nations is similarly leveraging Free software, including the Gaza Strip and Palestinian Authority. The Palestinian Territories - and particularly the Gaza Strip - exist in a state of nearly-complete technological, economic, political and military domination. This lecture discusses the Palestinian use of Free software and hardware to claim a kind of sovereignty, focusing on the health sector as one example where speaker Dr. Tarek Loubani has experienced and participated in efforts to incorporate Free culture.

Giant billboard vans, drone-operated leaflet drops over an NSA building and calls to secret service agents, Intelexit explores all routes to reach out to secret service agents and convince them to follow their conscience and quit their jobs. We will take a look at the highlights of the campaign from 2015 and what's around the corner for 2016.

When we talk about government surveillance, we most often talk about it as a dark and menacing threat. But there are humans working day in and day out at secret service offices around the world, following orders, keeping secrets. How many of them feel ethically conflicted about their role in upholding these structures? How many of them might consider leaving and pursuing another career, if nudged in the right direction? Intelexit, an initiative produced by the Peng! Collective, reaches out to these people and offers them a friendly nudge and connects them with the right kinds of support if they wish to leave. Treading the line between art and activism, between spectacle and reality, Peng set up Intelexit to draw attention to the women and men working in the shadows, and to reach out to them. Intelexit was an experiment at first but it turned out to be very popular and needed, so it will continue into 2016 and it needs your help!

The lecture outlines strategies by the "Artist against 419" online community that uses open source intelligence to gather data and file reports about fraudulent websites. The lecture presents the artistic installation "Megacorp." (created by KairUs) that tries to visualize the global phenomenon of fake business websites.

“Megacorp.” is a corporate conglomerate inspired by its equally powerful counterparts in science fiction. The artwork is based on a collection of fake websites scraped from internet by the artist duo KairUs. These companies exist only virtually and are used by cyber criminals for phishing attacks or to support scam stories. The “Megacorp.” exists therefore as an umbrella company for subsidiary companies that are 100% dummy cooperations. “Megacorp.” operates on a global scale and is constantly growing with firms represented in almost every branch of industry. The strategic objectives according to the “Megacorp.” Mission statement is to: “offer complete services from one source which can serve the entire market”. Accordingly the subsidiary companies cover domestic and international export, real estate agents, insurance companies, law firms, security companies, banks, educational institutions, hospitals, online commerce, economic communities and ministries.The functions of “Megacorp.” are presented in the form of an interim report and company visuals. The archieved websites are locally available in the gallery allowing visitors to explore the current fake website repository. By examining the fake websites the artwork reflects both the imaginary and the real world ‘megacorps’, questioning centralization of power.

Entropy, the randomness used in many critical cryptography processes including key generation, is as important as it is misunderstood. Many myths are fueled by misleading documentation. This presentation aims to provide simple and actionable information while explaining the core technical details and real world implementations.

Randomness is as simple as critical. An application wants some bytes which an attacker can't predict. The clearest example is generating a cryptographic key, but a wide array of functions depend on randomness. Any time a key is generated, any time a DSA signature is made, any time the memory layout is randomized, applications rely on being able to create strings of bytes impossible to predict. If that comes short everything fails: cryptographic keys are compromised, exploits protections are ineffective. Entropy, the unpredictable raw material, is usually collected by the Operating System and exposed to the applications that need it. Once enough bits of entropy have been collected, it becomes impossible to predict the output of the CSPRNG (cryptographically secure pseudo-random number generator), a stirrer of sorts that expands a seed into unlimited whitened random bytes, often based on stream ciphers or hashes. Real risks include trying to use a CSPRNG early on in the boot process, when not enough random events have been collected, or using a userspace CSPRNG instead of the kernel one and forgetting to seed it. Or using a non-CS PRNG. That's just about it. However, there is a lot of misunderstanding on "decreasing entropy". It's a widespread myth that using random bytes decreases the "amount" of entropy. Reality is, to an attacker who's basically trying to predict the CSPRNG output there's no decrease in difficulty no matter how much output is drawn, so developers can avoid introducing additional complexity because of this. This is all backed up by showing a simple toy CSPRNG design, and reasoning about its properties. More practically, the points above translate into "in Linux, just use /dev/urandom or the get_random syscall". That's the kernel interface for the system CSPRNG. Its inner working are presented and they will hopefully make it clear why there is no meaningful difference from the "counting" /dev/random.

Hacking receives growing attention among social scientists during the last five years. Researchers particularly in the fields of Human-Computer Interaction (HCI) and Computer-Supported Collaborative Work (CSCW) but also in the social sciences generally have begun to study hacking empirically—investigating hacking as a practice and as cultural phenomenon. The talk offers a glimpse of the spectrum of research about hacking in HCI, CSCW, and adjacent fields. Researchers in these fields portray hacking very differently. The spectrum ranges from “transgressive craft” to “innovative leisure practice,” from skilled craftsmanship to ad hoc kludging, from an individualist pursuit to a community mission, from an expression of liberalism to an exclusive practice of cultural distinction. Some researchers see hacking as an illustration of how to defy technological determinism, i.e., the conviction that the technological determines the social, a position that social scientists typically fight ferociously. Other researchers see it as the future of “end-user innovation.” This talks discusses these notions and describes the value---economic, pedagogical, cultural, conceptual---that different research perspectives perceive in hacking.

Hacking receives growing attention among social scientists during the last five years. Researchers particularly in the fields of Human-Computer Interaction (HCI) and Computer-Supported Collaborative Work (CSCW) but also in the social sciences generally have begun to study hacking empirically—investigating hacking as a practice and as cultural phenomenon. However, Fefe, an influential blogger of the German hacking community, warned against collaborating with researchers: „In letzter Zeit gibt es eine auffällige Häufung von Befragungen und wissenschaftlichen Studien zu Hackern und Piraten, wie die Szene funktioniert und so weiter, auch bei Hackerspaces und insbesondere auch bei Gruppen wie Occupy und co. Wenn so jemand bei euch anklopft, sagt ihm bitte nichts. Nur weil die freundlich und nett wirken, muss man noch nicht kooperieren. Nanu, hat der Fefe was gegen Wissenschaft? Nein. Aber was die meisten nicht auf dem Radar haben: Solche "Studien" werden von den Bösen gemacht. Dahinter stecken Public Relations Consulting-Firmen, Risk-Management-Firmen, Politikberatung, Thinktanks. Die haben Angst vor uns und wollen uns ausforschen. Und wie macht man das? Man schickt unverdächtige V-Leute. In diesem Fall nerdige Wissenschaftler, die freundlich anfragen.” (7.2.2013, blog.fefe.de/?ts=afed4222) In this talk, I will not be able to speak about undercover spying for corporate or government interest (because I don’t know any more about it than Fefe). Instead, this talk will be about the research that some of those ‘nerdy scientists’ that Fefe mentions do—researchers like my collaborator and me who thought: Hacking! Yes! That’s an interesting phenomenon, and it is important! For many social scientists, hacking is interesting because it challenges their academic thinking and their academic vision. It challenges the categories in which some research fields usually think (e.g., ‘the user’ as opposed to ‘the designer’). And it also can challenge how disciplines such as HCI (who perceive themselves as advocates for prospective users) envision themselves. The talk offers a glimpse of the spectrum of research about hacking in HCI, CSCW, and adjacent fields. Researchers in these fields portray hacking very differently. The spectrum ranges from “transgressive craft” to “innovative leisure practice,” from skilled craftsmanship to ad hoc kludging, from an individualist pursuit to a community mission, from an expression of liberalism to an exclusive practice of cultural distinction. Some researchers see hacking as an illustration of how to defy technological determinism, i.e., the conviction that the technological determines the social, a position that social scientists typically fight ferociously. Other researchers see it as the future of “end-user innovation.” Clearly, there is often vested academic interests in the ways in which social scientists portray hacking. In some cases, there is an interest in emphasizing the economic value of hacking, highlighting its creative and innovative potential. In other cases, there is an interest in emphasizing the pedagogical value of hacking, highlighting its potential as a means of teaching and learning. In still other cases, there is a conceptual interest in hacking or an interest in its cultural value. And yes, in some cases there is clearly an interest in simply preventing hacking. My personal motivation to study hacking has a lot to do with my conceptual interest in notions such as ‘use’ and ‘design.’ Is hacking using, is it designing, is it both? And I find it interesting to note that hacking practices often react to a condition where the possibilities of ‘use’ are perceived as very limited. But my personal motivation to study and write about hacking in the HCI/CSCW community also stems from discontentment with the way in which HCI/CSCW research often sidelines the political visions of hacking—most notably, the vision of ‘open,’ community-driven technology that is an ‘expression of liberalism’ (Gabriela Coleman). My motivation to give this talk is to communicate research back to those who are the subjects of research. The research discourse is, besides the mass media discourse, an important place for creating a public image of ‘the hacker.’ Moreover, I would like to discuss Fefe’s warning—“do not talk with researchers,” is that what 32C3 thinks? And what, after all, is hacking?

Two years after the invitation to build your own iSP at 30C3, I'd like to invite everyone to take part in building a better Internet with the Internet Cube project.

At the crossroads of DIY Internet Access, Open Source Hardware and Self-Hosting Free Software, "Internet Cube" is the living proof everyone can regain control on their data. Using a public and static VPN endpoint provided by a neutral and privacy-friendly ISP, the Cube enables the user to have her services accessible from everywhere simply by plugging it to the Internet. Assorted with a wireless antenna, the Cube operates as an ambulant cleaning gateway to the Internet, getting rid of whatever stupid thing a commercial ISP would be doing on the network like port blocking or service prioritization. There are many other use cases enabled by already existing Y U NO HOST applications like turning the Cube into a PirateBox or a Tor gateway. When the first prototype came to life, someone said "Well, congratulations guys, you've just built an actual working FreedomBox" and I believe that what we built is more than that.

Die Landesverrat-Affäre um netzpolitik.org hat gezeigt, wie wichtig es ist, nicht nur aus staatlichen Dokumenten zu zitieren, sondern sie im Original zu veröffentlichen. Ideales Werkzeug dafür ist das Informationsfreiheitsgesetz (IFG). Wir geben einen Überblick über die Entwicklungen dieses Jahr rund um das IFG.

Die Landesverrat-Affäre um netzpolitik.org hat gezeigt, wie wichtig es ist, nicht nur aus staatlichen Dokumenten zu zitieren, sondern sie im Original zu veröffentlichen. Ideales Werkzeug dafür ist das Informationsfreiheitsgesetz (IFG), das aber weiterhin noch viel zu selten genutzt wird - weder von Aktivistinnen noch von Journalistinnen. Wir zeigen, welche politischen Entwicklungen, Gerichtsurteile und Veröffentlichungen 2015 wichtig waren für die Informationsfreiheit in Deutschland - und auch in anderen Ländern wie England, wo der Freedom of Information Act von der Cameron-Regierung vermutlich bald eingestampft wird. FragDenStaat haben wir unterdessen weiterentwickelt zu einer Plattform, auf der Behörden auch dann angefragt werden können, wenn für sie das IFG nicht gilt. Und haben dabei erlebt, dass der bisher größte internationale Medienhype um die Plattform nicht auf seriöse Arbeit zurückzuführen ist, sondern auf einen 17-Jährigen, der über FragDenStaat seine Abiturklausuren vor dem Klausurtermin einsehen wollte.

Using follower bombing as art performances, the artists Constant Dullaart continues the research into attention and identity as a commodity on social networks, and has recently created a large sum of custom created artificial Facebook identities. Many websites offer an option to login in with Facebook credentials due to the strict controle of the service on the reliability and verification of the social medium. In a time where the open borders in Europe are under pressure, and Syrian identities are sold to people that long for a better future, virtual identity systems, and their reliability become a topical analogy.

Due to the large financial incentive through advertisement revenue, there is a large industry creating Facebook accounts that can be used for commercial purposes only, and controlled en masse by dedicated software. With a press of a button hundreds of artificial accounts can like a certain Facebook post, group, political party, celebrity, brand or artist. Influencing advertisement revenue and cost, elections, or feigning consumer interest. These profiles are not representative of actual human entities, and are only created to pass for people through Facebook’s detection algorithms. Somewhat similar to how a social registration number creates a physical legal identity. With generated names and interests, with downloaded images, these accounts have verified email addresses, and the most valuable profiles are Phone Verified Accounts, so called PVAs. PVAs generated with United States based phone numbers are most valuable since they are checked less by Facebook, than profiles verified with Pakistani, Bangladeshi or Filipino for example. The last countries playing a big part in the artificial virtual identity industry. Although this industry has been active for many years, commodifying our idea’s of what shapes an online identity, many journalists, political parties, institutions, and consumers still believe that the quantified attention of a number of likes or friends on Facebook suggests a validation of quality. By collecting a large collection of custom made PVA’s into an army, Dullaart is commenting on the use of these false validation systems. Where PVA’s are normally used for commercial gain, Dullaart will use them for performative and artistic gestures only. An argument in a political conversation is suddenly liked by thousands of people, and an aspiring artist suddenly has a lot of people speaking of her work. The newly created profiles that shape the army will be based on the identities of the 18-th century Hessian auxiliaries contracted for military service to the British during the American revolutionary war. Using all the actual names of the mercenaries, and acting in the spirit of the army as studied by Professor Doctor Holger Gräf, of the Hessian Historical Landes Ambt. The yearly income generated by renting out the Hessian Mercenaries equaled 7 times the tax revenue of the state Hessen-Kassel, and gave Frederick II the opportunity to build many public works, amongst which the Fredericianum in Kassel, and many public roads. After the presentation of the army on the 10th of November in Kunsthalle Schirn in Frankfurt, the army will be for rent to pay for the maintenance (the profiles need rented internet proxies to keep from being killed off by Facebook) , and act under the command of Constant Dullaart and an editorial board discussing which valuable contributions the army can deliver in the political, cultural, or poetic realm on Facebook. Dullaart wil show the experiences in creating and controlling the army for artistic purposes, as well as previous research into new types of digital materials for artists to use.

Journalists, while structurally and economically under threat, are bringing computer science into their newsrooms. Their tools and techniques benefit from computer science in areas such as databases, graph analysis and machine learning and allow journalists to tackle new kinds of stories.

This lecture will be about how journalists use computer science to find the story needles in their data haystacks. CS knowledge comes in handy when scraping government websites, searching giant troves of documents and analysing social graphs. Recently popularised techniques like machine learning and other techniques can be used to explore and uncover hidden truths in datasets. New research areas such as algorithmic accountability (e. g. how can you find the cheating algorithm in the VW cars) become more important and lead to stories that require a journalistic mind to discover them but need reverse engineering skills to fully understand. I will give a roundup of how stories are told with the help of computers in newsrooms around the world. As a software engineer by trade working in an investigative newsroom I’m also applying the stuff I learn to help my reporter colleagues find and tell new kinds of stories.

This talk gives an overview on state-of-the-art wireless security concepts: How can we analyze wireless protocols? How can we build mechanisms that are secure even when the attacker has unlimited computational power? Can we exploit wireless transmission for more?

Typically, wireless security is realized by implementing encryption on upper layers and replacing the wire with some wireless modulation schemes. Yet, there is more! For example, it is possible to build "NSA proof" systems or to use legacy WiFi frames as radar. First, there will be a brief introduction on how to hack things with your rad1o badge and other cheap software defined radios. This is your chance to understand how radio waves look like and how to capture and process them :) Second, the concept of wireless physical layer security is introduced. Based on this, information-theoretic secure systems for confidential communication and key exchange can be built. Third, wireless transmissions contain a lot of additional information, since they get disturbed depending on the environment. Hence, we can extract positions of humans and even loudspeaker movements through walls.

Im April 2015 hat die österreichische Bundesregierung einen Entwurf für ein "Polizeiliches Staatsschutzgesetz" vorgelegt. Damit soll ein neuer Inlandsgeheimdienst mit weitreichenden Überwachungsbefugnissen geschaffen werden. Unabhängige Kontrolle durch Gerichte und das Parlament ist nicht vorgesehen. Bereits in der Begutachtungsphase wurde das Gesetz massiv kritisiert. Der AKVorrat gab mit einer umfassenden Stellungnahme die wichtigsten Argumente vor. Der Widerstand gegen das Gesetz und die Kampagne des AKVorrat haben zwar zu mehrfacher Verschiebung der Beschlussfassung geführt, aber die Geheimdienstpläne der Regierung sind trotz mehr als 22.000 Unterzeichnerinnen und Unterzeichnern der Petition auf www.staatsschutz.at nach wie vor nicht vom Tisch. Der Talk bietet Einblicke, wie Geheimdienste in der Post-Snowden-Ära öffentlich und nicht öffentlich diskutiert werden.

Wir zeigen die Geschichte von Österreich als Drehscheibe von internationalen Geheimdienstaktivitäten. Die aktuellen Pläne der Regierung zur Schaffung eines Inlandsgeheimdienstes sind in diesem Kontext zu sehen. Der aktuelle Gesetzesvorschlag stattet Polizeibehörden mit Geheimdienstbefugnissen aus, die einer unabhängigen Kontrolle weitestgehend entzogen sind. In unserer Analyse stellen wir unsere Kritikpunkte in einen größeren Kontext, der der Idee einer Überwachungsgesamtrechnung folgt. Wir stellen unsere Kampagne vor, die auf zwei Säulen steht: Aktivismus und politisches Lobbying. Der Spagat zwischen beiden Polen ist nicht immer einfach, aber unbedingt nötig, um die Breite des Widerstandes gegen das Gesetz darzustellen. Der reicht von der Bischofskonferenz, über Amnesty International bis zu Arbeitnehmervertretungen. Die juristische Expertise des AKVorrat macht uns auch zu ernstzunehmenden Gesprächspartnern von Politikerinnen und Politikern. Thomas Lohninger und Werner Reiter vom AKVorrat Österreich zeichnen das Bild eines ereignisreichen Widerstands gegen die Einrichtung eines Inlandsgeheimdienstes inkl. Gehimdienstdosenschießen und dem Defacement der Kampagnenwebsite. Sie diskutieren Kampagneninstrumente und ihre Wirksamkeit; und vor allem, unter welchen Rahmenbedingungen polizeiliche Ermittlungen menschenrechtskonform gestaltet werden können.

Landauf landab entstehen zur Zeit tausende öffentlicher Stromtankstellen. Diese neue Infrastruktur bietet viel Potential für kreative Nutzungen und hat eine Reihe an Nutzungs-, Sicherheits- und Datenschutzproblemen, für die bislang Lösungen fehlen.

Dies ist eine erste minimale Einführung in die Technik und ein Hilferuf und soll die Türen zu neuem Spaß am Gerät öffnen. Der Vortrag wird in zwei Teilen folgende Informationen geben: Teil 1 – Selber nutzen

• Einführung: Wofür braucht man Stromtankstellen? Darstellung der üblichen elektrischen Parameter von Fahrzeugen und Batteriesystemen,
• die drei etablierten Systeme für Gleich- und Wechselstrom zur Fahrzeugladung werden vorgestellt,
• Telefonakku leer in der Stadt? Es wird gezeigt, wie man für beliebige Nutzungen Wechselstrom beziehen kann,
• zwei Open-Source-Projekte für Ladestationen im Eigenbau werden kurz angerissen.
Teil 2 – Wo besteht Bedarf an Sicherheits- und Hardware-Erforschungen? Es geht um folgende Themenbereiche:
• Steckerkonstruktion: Die Stecker sind viel zu teuer, wenn überhaupt erhältlich.
• Datenkommunikation der Gleichstromladesysteme CHAdeMO und CCS: Insbesondere bei CCS ist das Kommunikationsprotokoll nicht gut zugänglich, so dass Adapterlösungen oder die Nutzung zur Aufladung von Eigenbaufahrzeugen nicht möglich ist. Außerdem ist Gleichstrom-Ladehardware völlig überteuert und ohne Protokollkenntnis nicht zu verbessern.
• Proprietäre Mitspieler: Tesla hat einen genormten Steckertyp proprietär ergänzt, und niemand weiß, was an Tesla-Superchargern genau passiert.
• Authentifizierung und Abrechnung: Ein Wildwuchs an Abrechnungssystemen auf Basis von Apps und RFID-Karten wartet darauf, auf Sicherheitslücken überprüft zu werden. Wo bleibt die Stromtankstelle, die Bitcoins akzeptiert?
• Datenschutz: Die anonyme Nutzung von Benzintankstellen ist üblich, von Stromtankstellen aber oft unmöglich. Hier fehlen Lösungen.
• Strombezug aus der Batterie: Fahrzeuge mit Gleichstromladeanschluß bieten prinzipiell einen direkten Zugang zur Batterie, der viele interessante Nutzungen ermöglichen würde – nur niemand kennt das Datenprotokoll.
Für Tests gibt es eine öffentliche Stromtankstelle in der Moorweidenstraße, 300 Meter vom CCH.

On 17th December 2014, the Government of India's Ministry of Communications and Information Technology issued an order to all licensed Internet Service Providers (ISPs) in the country to block access to 32 websites, effective immediately. The basis of this was a claim that the targeted web services were being used for "Jihadi Propaganda" by "Anti-National groups". As a response to this, a few technologists in Berlin got together and thought it would be a good idea to do some research using free and accessible tools and to look at how censorship has been implemented, as well as the various techniques that could be used to circumvent this censorship. This talk will discuss our findings and make recommendations about how ISPs can handle such censorship requests better, while being fair and transparent to their customers.

On 17th December 2014, the Government of India's Ministry of Communications and Information Technology issued an order to all licensed Internet Service Providers (ISPs) in the country to block access to 32 websites, effective immediately. Not only did the ban affect access to popular cultural sites such as archive.org, vimeo.com, dailymotion.com, but the order also blocked access to sites like github.com, pastebin.com, which are useful for all sorts of people but are especially popular with software developers. The Ministry's order was issued following a request from the Mumbai police's Anti-Terrorism Squad on 15th November 2014. The police request argued that the targeted web services were being used for "Jihadi Propaganda" by "Anti-National groups", and were encouraging youth in the country to join organisations like the Islamic State (ISIS/ISIL). As a response to this, a few technologists in Berlin got together and thought it would be a good idea to do some research using free and accessible tools to look at how censorship has been implemented, as well as the various techniques that could be used to circumvent this censorship. The research was conducted through January, 2015 and draws on the browsing experience of several customers of different ISPs around India as well as information gained through the use of the open source censorship measurement toolkit provided by Open Observatory of Network Interference (OONI) [1] and other manual tests we conducted. Since then, we have been able to turn this into a continued effort to monitor ISPs in India and invited others to contribute to this effort to map and understand various technical implementations of censorship orders. This talk will summarise our key findings, including the different methods of blocking implemented by multiple ISPs. We will also discuss and make recommendations about the different ways ISPs can better handle such censorship orders, while continuing to respect the their customers' right to access to information, and how they can be more transparent while exercising censorship orders and requests from authorities. [1] http://ooni.torproject.org/

This lecture will give an overview on how technology can help and is helping to prevent or mitigate mass atrocity crimes. It focuses on the work and research of the Digital Mass Atrocity Prevention Lab (DMAP Lab) but will discuss other major projects as well. The goal is to inform the audience about ongoing efforts and spark their interest to help work at the intersection of technology and human rights.

The lecture will span a wide arc over current efforts made in how to use technology in peacekeeping, mass atrocity prevention and mass atrocity documentation. It also will give a brief introduction on why this work is important using current (e.g. South Sudan, Syria) and past (e.g. Rwanda) cases. The projects described in the talk can be found in the link section but will have to be fleshed out in more detail until the CCC event. In short: it will be a "tour de force" through various human rights/technology projects to give the audience a wide perspective with which they can (hopefully!) find ways for future collaboration. The talk will also touch briefly on challenges and risks using technology in mass atrocity prevention - because we all know: technology has no morality and can be used for both good and evil.

In 2010 I was asked by the second maintainer in a row to take over as new maintainer of the libusb project. The first time I had declined. The second time I accepted, and sadly failed. Eventually a hostile fork emerged, with the explicit goal to take over the original project. I will tell you my story, which mistakes I made and what I learned - about independent and corporate contributors in open source projects, about package maintainers in downstream OS distributions, about trolls on the internet, about GitHub Inc. and about myself. The hostile fork? It wasn't merged.

This talk will have a look at maritime related robots and projects. It is not all that difficult and expensive - and there are truly still dragons to find!

With this talk I want to expand the attention from air and land vehicles to maritime robotics and other maritime projects. Surface and underwater vehicles are challenging: Waterproofing is vital, communication is restricted and doesn't work the way we are used to, and weight is a factor that needs more consideration than usually (either to avoid sinking or to achieve it...). Still discovering this area myself, I'm planning to cover interesting challenges, surprising solutions, the differences in sensing and actuation, exciting projects, and the responsibility that comes with building robots for the sea.

Physical keys and locks are one of the oldest security mechanisms still employed today. In this talk, we will discuss how 3D printing keys enable attacks against many modern lock systems. We will describe projects researchers and hobbyists have done involving 3D printed keys, and present our own research on automating several of these attacks in order to demonstrate how easy they are to do. Ultimately, we hope to describe the current state of 3D printed keys, and their impact on the physical security systems we most often take for granted.

Physical keys and locks are one of the oldest security mechanisms still employed today. Despite their long-standing history, many still suffer from known attacks including bumping, impressioning, teleduplication, and rights amplification. To mitigate these attacks, many lock systems rely on restricted keyways and use blanks that are not sold to the general public, making it harder for attackers to obtain them. Often the key blank designs themselves are patented, further discouraging distribution or manufacture by even skilled machinists. In this talk, we will investigate how rapid prototyping and 3D printing tools can be used to attack modern lock systems. Even when manufactured on commodity machines, 3D printed keys are now good enough to be used in a variety of attacks. We demonstrate this by showing several example attacks against popular locks, from 3D printing the TSA master key, to our own attacks against restricted key systems. To test the strength of modern 3D printed keys, we present results from our paper of a controlled analysis on a range of printed materials from plastic to metal, and show that it is possible to cheaply make or purchase 3D printed keys that are practically as strong as real keys. We also present a tool that can automatically create a CAD model of a key blank, given only a single picture of the front of the corresponding lock. This tool makes the attacks that 3D printing enables against locks even easier and cheaper by no longer requiring skilled 3D design knowledge, and provides a warning to start looking for alternatives to secure physical goods. Lastly, we describe defenses that modern lock manufacturers can do to ensure their locks are not easily bypassed by 3D printing technology, including new lock designs, as well as putting more emphasis on existing designs that may resist 3D printing-enabled attacks for years to come. Website: https://keysforge.com/ Paper: https://keysforge.com/paper.html

News reports and political speeches are currently replete with references to hacking and hacktivism, i.e., politically motivated hacking. They often portray hackers and hacktivists negatively and put them onto the same level with, for example, terrorists. This talk is based on a PhD research project examining the perception of self-identified hackers and hacktivists on these (in)securitising developments. It investigates how hackers and hacktivists understand themselves and their activities, explores how they articulate the effects of this (in)securitisation, and outlines the ways they resist these processes.

Within the public discourse, terms such as hacking and hacktivism are controversial. They are frequently equated with malicious activities and associated with the likes of cybercrime or cyberwarfare. Besides, both the activities and the actors standing behind these concepts are increasingly becoming subject to a threat construction. This process is understood as “(in)securitisation” which builds upon the idea that security issues do not necessarily reflect the objective, material circumstances of the world. Instead, what is considered as a “security threat” depends on the design of such a menace by a multitude of actors, e.g., politics, industry, or the media. The talk uses this understanding to examine the perspective of hackers and hacktivists who have been subjected to this (in)securitisation. It is based on a sub-study which is part of a broader PhD project within the social sciences. It exhibits qualitative findings that are derived from interview data collected over the course of a Research Fellowship at the Alexander von Humboldt Institute for Internet and Society, Berlin. A sample of N = 35 (female: n = 6; male: n = 29) self-identified hackers and hacktivists were therefore interviewed in German or English. The data was analysed using the method of thematic analysis. This talk explains the theoretical background of the research project, the method used to analyse the data, and presents as well as discusses some of the research’s findings. It concentrates on the following issues: (a) how participants understand themselves and their activities, (b) how they articulate the effects of the (in)securitisation process, and (c) how they resist the (in)securitisation. Ultimately, the presentation gives an overview of what the (in)securitisation “does” to the hacker and hacktivist community, who - for the purpose of this research - have been studied conjunctively. It highlights how hackers’ and hacktivists’ self-understanding and perception stand in contrast to their current public representation, providing a relevant insight for the current debates about the possibility of re-articulating political rights online.

Ob diktatorischer Despot, der seiner Bevölkerung die Kommuninaktionsrechte einschränkt, oder ein Erdbeben, das die Kommunikationsinfrastruktur zerstört: Auch 2015 sind die Lösungsansätze noch nicht wesentlich über Zettel und Stift hinaus.

„CADUS – redefine global solidarity“ über den Ist-Zustand in Katastrophengebieten und Lösungsideen. Kommunikation und Organisation sind unverzichtbar für große Menschengruppen, egal ob Oppositionsbewegung in Diktaturen oder für Volunteers nach großen Naturkatastrophen. Im Süden der Türkei, in Nordkurdistan, sieht man grade einmal wieder, dass die erste Maßnahme von repressiven Regierungen die Beschneidung des Rechts auf Kommunikation ist. Wenige hundert Kilometer weiter, im Nordirak, erlebt man auch 2015 noch, wie das UN-OCHA (Office for the Coordination of Humanitarian Affairs) Hilfsorganisationen offline über Meetings und "„Zettel und Stift“-Kultur zu organisieren versucht. „CADUS – redefine global solidarity“ ist u. a. in der Region aktiv. In dem Vortrag wird eine kritische Beleuchtung des Ist-Zustandes von Recht (und Möglichkeit) auf Kommunikation im Nahen und Mittleren Osten gegeben. Weiterhin werden Lösungsansätze und Ideen vorgestellt, was ITK-Lösungen für sowohl Bevölkerung als auch Organisationen bieten könnte.

In the last couple of years, cloud and web services have become more and more popular. Since Snowden we know for sure that intelligence agencies have access to the data storage of an service provider, either by (forced) cooperation, or espionage. Thus, to protect our privacy we have to encrypted our data before hand it over to our service provider (data holder). But this approach contradicts the very idea of a web service where the data holder have to process our data in one way or an other. Therefore, we need new cryptographic techniques to enable the data holder to perform operation on encrypted data. One of the most important operations for cloud storage or database based web/cloud services is the search operation. In this talk we focus on the very familiar cloud storage scenario. Because in this scenario, It is obvious, that the user (data owner) do not want to perform the search by himself. This should be a service offered by the data holder. We will present different practical approaches to achieve searchable ciphertext, namely one with an index and one with cleverly encrypted words. Note that no PhD is required to attend this talk ;-)

We found that many people cannot believe that it is possible to execute operations on ciphertext. We want to rectify this by educating hackers of the magic of searchable encryption schemes.

Intro

Entering Searchable Encryption

The leading social networks are the powerful new gatekeepers of the digital age. Proprietary de facto standards of the dominant companies have lead to the emergence of virtual “information silos” that can barely communicate with one another. Has Diaspora really lost the war? Or is there still a chance to succeed?

The Internet today is a giant web, a hilarious copy machine, interlaced into more and more aspects of our lives. What started as a network of equal nodes, has since transformed the layer above the open, decentralized hypertext protocol, and begun to move it towards greater centralization and power in the hands of few large platforms. Social networks are an important benchmark for this trend. Social networks are an important tool for private, commercial and political use. Technological sovereignty can be decisive for political struggles, regardless of whether we talk about elections or revolutions. Privacy gains importance when the Internet becomes interconnected with more and more parts of our lives. The launch of Diaspora in 2010, a crowdfunded free-to-use social network based on free software, was clearly born from these debates. While the appeal of a federated system of social contacts is same in centralized and decentralized networks, they are worlds apart regarding their technical infrastructure, their power structures and their options for business models. Much scientific work has been carried out on the technical challenges that decentralized social networks face. But the underlying economic mechanisms that drive the market towards concentration, promote the dominance of few actors and build high barriers for market entry, have so far been rarely addressed in the context of social networks. The dominance of one network is deeply rooted in the code of the market structure troubled with network effects, lock-in and proprietary de facto standards. Furthermore, privacy restraints through the operator derive from the very core of the business model of multi-sided markets as a bottleneck between users and advertisers. Lock-in and switching costs, make it difficult for users to leave their social network, thereby weakening competition. Such a structure enforces asymmetric power relations between users and providers systematically. Here’s the thesis: Whoever wants to challenge the incumbent’s position needs to address these findings since this structure poses high barriers for market entry. Centralization of infrastructure on the market for social networks can not be reversed with technology alone. Decentralized social networks need foremost to consider how to breathe life into their provided infrastructure, since it is the user content and the interconnection between users that adds value and meaning to a social network. Projects that want to reintroduce technological sovereignty need good technology combined with a straightforward strategy for market entry. Some of these strategies differ substantially from standard strategies, since non-commercialized decentralized community driven projects based on the idea of free/ libre open source software differ in many aspects from companies. The fact that Diaspora built an alliance with other decentralized social networks of the Federation based on shared open standards is an important development and can be regarded as a good move towards joining forces against a paramount incumbent. It will be shown that although decentralized social networks face tough conditions entering the market for social networks, there are promising strategies that have not yet been exhausted. The controversies which arose around the centralization in the market for social networks are now more pressing than ever. This talk shall present an overview of the impact of social networks and the driving economic forces of this market. The status quo of the Diaspora network and the Federation as the most prominent representative of free and open source non-commercial decentralized alternatives will be analyzed. Next, the economic analysis of the relevant market structures will be used to derive fresh perspectives on how this “new kid on the block” could develop a strategy for a successful market entry. The findings are supported by expert interviews with authorities in relevant fields and data from Diaspora and connected networks.

Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick!

To get involved and learn more about what is happening please visit the Lightning Talks Wikipage.

Governments around the world are seeking to put a stop to secure end-to-end encryption, from the UK’s Data Retention and Investigatory Powers Act, to Australia’s Defence Trade Controls Act, to India’s draft proposal to require plain text copies of all secure messages, to the United States’ Federal Bureau of Investigation’s public pressure on global companies like Apple and Google to weaken their security and provide law enforcement access to plain text content.

Yet it is impossible to give these governments what they want without creating vulnerabilities that could be exploited by bad actors. Moreover any attempt to prevent people from writing and publishing strong encryption without backdoors conflicts with the right to freedom of expression enshrined in Article 19 of the Universal Declaration of Human Rights. This presentation will address the history of crypto wars, update the audience with the latest information on government proposals from around the world, and discuss how we can fight for a future that will allow for secure communications for everyone. The discussion will also include information about EFF’s effort to protect and promote strong encryption, including the Secure Messaging Scorecard, Encrypt the Web report and the Who Has Your Back reports. The presentation will explain how the unintended consequence of these efforts to provide law enforcement unfettered access to communications for users’ privacy and the security of the Internet far exceeds the benefits that would be gained. The proposals are often made in the name of protecting national security, but are likely to have severe economic, political and social consequences for these nations and their citizens, while doing little to protect their security. Contrary to these government proposals, encryption has a critical role to play in national security by protecting citizens against malicious threats. The harm to the public that can be presented by lax digital security has been illustrated too many times: weak or flawed cryptography led to vulnerabilities such as Logjam and FREAK that compromised the transport layer security protocols used to secure network connections worldwide. Encryption is not only essential to protecting free expression in the digital age – it’s also a critical part of national security. This presentation will address the history of crypto wars, update the audience with the latest information on government proposals from around the world, and discuss how we can fight for a future that will allow for secure communications for everyone. The discussion will also include information about EFF’s effort to protect and promote strong encryption, including the Secure Messaging Scorecard, Encrypt the Web report and the Who Has Your Back reports.

What do you want? Did you build your web/app for humans or NSA robots? Let's make it usable for human beings. I'd like to show you some basic design mistakes and how to avoid them to improve usability of your web or app. Why? Because it's worth it and I'm good in it.

"Under the candlestick is dark." Back to the roots. Everybody is talking about User Experience (UX), Human Centered Design (HCD) end-to-end flows, holistic approach but the devil is hidden in the details. I'd like to show you some of the most frequent mistakes in user interfaces and how to avoid them. From misplaced lines to microcopy worth millions. From broken flows to broken hierarchy. If you fix your UI troubles you can gain much bigger reach than ever before. The main question remains up to you: Dou you like to improve usability of your service or stay in the darkness of misunderstanding. With my tips will be your app/web for people as clear and bright as Czech crystal: No more confusions or misunderstanding. BTW: I'm the UX designer from AVG.com (the online security company) from the Czech republic.

What to do if you are neither a hardware- nor a software expert and want to contribute in effords of openess neverseless? A short overview about what I have done so far, shown on 3 exaples: The Mooltipass, a offline password save. The Pandora/Pyra, a mini handheld, full Linux PC and its successor. Senoko, the Novena battery board. From "just" crowdfunding to producing, why it's worth to go through all the ups and downs and encourage others to do the same.

My very subjective views to the following projects I got myself more or less involved The Mooltipass is a offline passwordstorage with 2 factor authentification, which is a open hardware development initiat around the hackaday community. Here I did simply crwodfunding, which is surely the easiest way to support open hardware. Untill it looks like the campagin is missing the goal and what you can do about it and what are good ways to set up perks. The Openpandor and its successor the Pyra are chamshell designe mini handhelds mainly aimed for (retro)gaming, but also have the power to run as full Linux desktop PC. Here I give a view from what the whole community and the maker learned, including surviving the near death of the whole project and how you should/should not tread the community. Endurance will earn awsomeness. The Senoko is the Novena Battery Board, which is easily producable, because it's open hardware, right? Why it is and is not somehow at the same time, why I started it alltogether and how to make it happen inspite of strange standardisation, customs and confusing notifications on your account statement. And my peronal dos and don'ts that derivate from this expierence.

For the past 3 years I have been delivering a custom-tailored DDoS attacks for organizations that wanted to test out their DDoS defense systems.

The client did give their logs after the attack so we can analyze together the impact and rewind the attack in slow-motion for us to consider a proper recommendation and not just something the vendor is expecting us to believe. Many rhetorical advice from vendors regarding defense know-how was found wrong or insufficient and many times even contributed to the EPIC FAIL of the entire defense system. During the presentation I will be bring to light 10 such cases of FAILs in hopes that future defenses will be battered and, of course, for some lolz. I have been researching DDoS attacks and mitigation techniques for the past three years and worked with industry leaders on testing their systems, providing them with cutting edge, and even never-seen-before attacks. I was amazed (actually still am) to find out that those big corporations, investing much work into their architecture of defense came to FAIL and sometimes the sole reason for a successful attack was a mitigation configuration or architecture FAIL. My research is done by utilizing smart grids of computers, mimicking vast botnets from all over the world, writing and perfecting scripted attacks and even involve social engineering attempts within those attacks (for mitigation that involve manual intervention) In the presentation there will be a showcase of 10 such FAILs, detailed technically as for a step-by-step close follow on the attack strategy and its mitigation failing, and of course – how delving into a recommended setup for a proper mitigation technique that will not inflict such a direct damage as presented.

„Social Media Break Up Coordinator“ is a performance art piece and lecture performed by Caroline Sinders. Inspired by Facebook’s memories algorithms faux pas, such as parents being reminded of their child’s death, or of events with an ex.

There’s a lot of emotion involved with social media with posts, images, and songs; all of those events have a context and that’s a context algorithms can’t understand. However, humans can. A Social Media Break Up Coordinator goes through a clients social media accounts with the client, and helps block, unfriend, untag, and help ‚mute‘ old relationships and bad memories. „Social Media Break Up Coordinator“ will be presented as lecture over my performance which is debuting at Babycastles on Nov 21st, and 22nd. I am a user researcher and UX designer at IBM Watson. I work in conversational analytics and I help design systems and software layout for chat bots. I spend a lot of time thinking about the way systems and AIs ‚think‘ about and relate to words, context of conversations, and emotions. The way our social media systems are structured, there’s a fair amount of outlining and ‚work‘ users have to do when it comes to reporting online harassment, changing privacy settings, etc. But in that same vein, there's a lot the systems do for us- from suggesting users, suggesting content, to display of content, messaging, images, and events. All of those ‚things‘ are coming from content created by users, and are treated as data. But what is the context of it all? Facebook can see if a user removes a relationship status, but there isn’t a button or an algorithm for break ups. How do you a tell a system your child died or your heart was broken? That’s where the Social Media Break Up Coordinator comes in. I will perform a series of paid events for my customers, who will also sign a legally binding. These services range from untagging the user and the ex or chosen person in specific images, moving friends of the ex/person and the ex/person onto a special list (to either mute, see less content, etc), crafting a series of emotional neutral messages to alert the other person that they are being unfriended/unfollowed/blocked for specific reasons, taking the number of the ex, deleting it from the client’s cellphone, and holding onto it for a specified amount of time decided upon between the client and myself. Effectively, the way to emotional navigate really ‚sticky‘ situations in social media is to have human intervention. Human emotions and relationships are complex and complicated, and require context, very deep context to understand. This is just something an algorithm cannot do. I’m interested in exploring emotional labor and the creation of new digital services and job to aid in this area of human relationships that have gone awry or death, as more and more users lives are lived and shared online, especially when algorithms began to fail with this kind of content. The talk/lecture at CCC would feature documentation of my performance, research that I’ve done around blocking, muting, and a wide variety of social interactions (from abusive arguments with Gamergaters to navigating spaces with exes- ex boyfriends, girlfriends, best friends, and co-workers). I will also lecture on the structure of Facebook, Twitter, and Instagram- and how the UI first fails with users when it comes to ‚de-couple‘ or ‚un-friend‘. I’ll then lecture how the algorithms fail, because all of the interactions of these are designed towards users interacting, not users completely separating from other users who may be very connected by friends and professional networks. What is the solution for this? My hypothesis is a series of newly created human roles, almost like a freelance life couch, to help the user get their digital lives in ‚order‘.

We will detect, bypass, and abuse honeypot technologies and solutions, turning them against the defender. We will also release a global map of honeypot deployments, honeypot detection vulnerabilities, and supporting code.

The concept of a honeypot is strong, but the way honeypots are implemented is inherently weak, enabling an attacker to easily detect and bypass them, as well as make use of them for his own purposes. Our methods are analyzing the network protocol completeness and operating system software implementation completeness, and vulnerable code. As a case study, we will concentrate on platforms deployed in real organizational networks, mapping them globally, and demonstrating how it is possible to both bypass and use these honeypots to the attacker's advantage.

Der steigende Anteil der Erneuerbaren Energien an der Stromerzeugung und der zunehmende Handel mit Strom erhöht die Belastung der Stromnetze. Welche Auswirkungen hat das auf die Netzstabilität? Wann kommen die Stromnetze an ihre Leistungsgrenze? Wie kann ein gezielter Angriff auf das Europäische Verbundnetz aussehen? Was müsste man tun, um einen Blackout zu verursachen? Und: Wie können wir unsere Stromnetze umbauen, damit das nicht passiert?

Gegenwärtig wird die (N-1)-Sicherheit als Kriterium für die Netzstabilitätsplanung herangezogen: Fällt ein beliebiges Betriebsmittel aus, so muss das Stromnetz weiterhin funktionsfähig bleiben. Dieses Kriterium setzt jedoch voraus, dass Betriebsmittel immer unabhängig voneinander ausfallen. Durch den Stromhandel, aber auch durch die vermehrte Einbindung regelbarer Lasten gibt es in Zukunft externe Ereignisse, welche die Ausfallwahrscheinlichkeiten mehrerer Betriebsmittel gleichzeitig beeinflussen. Dies kann vermehrt sowohl zu großflächigen (d. h. Bundesland aufwärts) als auch zu kleineren Ausfällen führen. Die Netzfrequenzmessdaten der Schnellabschaltung des Kernkraftwerks Gundremmingen liefert die Grundlage für ein Modell, mit dem das notwendige Lastungleichgewicht zur Destabilisierung des Verbundstromnetzes abgeschätzt werden kann. Der Vortrag diskutiert verschiedene Szenarien, wie eine solche Lastschwankung verursacht werden könnten: durch gezielte Smart-Meter-Manipulation? Durch Fehler in Stromleitungen oder Umspannwerken? Durch den Angriff von Großkraftwerken? Oder durch Marktmanipulationen an der Strombörse? Auch im kleinen Maßstab kann natürlich die Stromversorgung ausfallen: zum Beispiel bei einem kleinen Stadtnetzbetreiber. Eine Statistik der Bundesnetzagentur über Netzausfälle in Deutschland wird ausgewertet, um z. B. den Einfluß der Energiewende auf die Zuverlässigkeit der Stromversorgung zu bewerten. Der Realitätsgehalt der offiziellen Daten muss jedoch angezweifelt werden. Schließlich versucht der Vortrag, Wege aufzuzeigen, um die Resilienz des Stromnetzes zu erhöhen. Weniger technische Hindernisse als vielmehr das Festhalten der Energiewirtschaft an ihren Geschäftsmodellen verhindert eine Umstrukturierung der Stromversorgung, die – neben der einfacheren Integration der erneuerbaren Energien – auch die Stabilität des Gesamtsystems erhöhen würde.

In the dark days of October 2014 an unprecedented Ebola epidemic wrecked havoc across Sierra Leone, Liberia and Guinea. In Sierra Leone, the health system was only weeks away from total collapse due to an inability to manage or pay health workers across the country and the world braced for the unchecked spread of the disease throughout west Africa. In the face of apocalyptic scenario, a company made up of local hackers took on the unprecedented challenge of building, implementing and running a huge Management Information System and Mobile payments system to keep the health system from collapsing. This talk will show how this was achieved with Open Source Software, second hand laptops, hacked voter registration machines, second hand smartphones and some very smart and determined young people used to achieving great things with none of the resources we take for granted. We salute them.

Since my move to China in 2012 I have actively engaged in the local art scenes of Beijing and Shanghai, focusing on collaborating with artists interested in technology and the internet. My own personal independent research of the Chinese internet and the popular Chinese social app, WeChat 微信, has contributed to an ongoing massive archive I began in 2014 called The Chinternet Archive. To date, I have over 15,000 pieces of content (and growing) documenting localized trends, memes, vernacular photography, online personas, .gif animations, videos, selfies, propaganda, retail, family/work life, and other such digital artifacts of online Chinese culture. This archive directly influenced my artistic and curatorial practice, resulting in an online art collection called Netize.net, or its Chinese name of 网友网 [wǎngyǒuwǎng] “Internet Friend Network”, which collaborates with emerging Chinese and international artists who are exploring or deconstructing East/West dichotomies, engaging in Sino-centric Web aesthetics, or investigating the East online. The goal of this talk is to explore through my Chinternet Archive and Netize.net collections, forms of creativity found in China in relationship to it’s early internet history, interactions with technology, localized networks and restrictions.

Michelle Lee Proksell 媚潇 (b. 1985, Dhahran, Saudi Arabia) was born a Third Culture Kid (TCK) to ex-patriate American parents and experienced extreme forms of censorship and governmental monitoring in Saudi Arabia during her formative years. This influenced and shaped her interest and direction in exploring transcultural experiences online in relationship to localized access and dissemination of information, via forms of censorship or self-censorship. Her childhood exploring Asia and years working in new media and internet-related galleries and projects led to her eventual fascination with the unique history of the Chinese Internet. Since 2012 she has been working with creatives in China who engage in technology and the internet, resulting in two major projects documenting online digital artifacts and the emergence of Net Art in China: The Chinternet Archive and Netize.net 网友网 “The Internet Friend Network”. In this lecture, Michelle will briefly introduce Chinese digital media and online culture through her first hand experience and research. She will touch upon the topics of what it’s really like to deal with the Great Fire Wall on a daily basis, the influence of WeChat on contemporary Chinese digital culture, creative trends from her Chinternet Archive, and memes pertaining to recent viral media events. She will also introduce artists and their artworks from her Netize.net 网友网 project. She will reflect on how people are engaging creatively with the changes of the Chinese internet, how this influences artists and what we can learn from localized networks and the increasingly blurred lines between real life and virtual life.

Technology companies now hold an unprecedented ability to shape the world around us by limiting our ability to access certain content and by crafting proprietary algorithm that bring us our daily streams of content.

The great waves of change across the epochs have traditionally required a recalibration of society's moral compass. We see the theological and ideological underpinnings of the post-Enlightenment paradigm set out by the Protestant Reformation and the US Civil Rights Movement, we have come to see self determination as a bedrock of civilization. The reach of social media companies has created a class of corporations that are able to influence – if not curate – the world outlook of over a billion people on certain days. This unprecedented capacity gives Facebook power to shape discourse approaching the degree of religious institutions and the state – two of the traditional institutions that we have long relied on for shaping our society-wide morality and values. By compelling users to comply with the arbitrary content standards laid out in their ToS, Facebook is essentially laying out a new global standard for what people can and can not see. This standard, however, is not derived from the same moralistic traditions of previous moral paradigms, but is a calculated business decision crafted in the boardrooms of Silicon Valley. Risk averse, Facebook has created a global content standard that is in place not to contextualize the world for their users, but to meet perceived expectations of acceptable speech in a diverse range of nations. Our project, OnlineCensorship.org, seeks to capture instances of censorship across social media platforms. We will present OnlineCensorship.org and demonstrate how you can help us push companies toward a more open practice.

Nachdem viele Jahre vor den Angriffen auf die Wahlfreiheit von Windows-Nutzern gewarnt wurde, schalte Microsoft mit Windows 10 das Botnetz scharf.

Botnetze sind gemäß einer gängigen Definition Computernetze, bei denen ein Angreifer von außen beliebigen Code ausführen kann. Und genau dies kann man aus den aktuellen Microsoft-Lizenzen unschwer herauslesen. Noch gruseliger gestaltet sich die digitale Selbstaufgabe bei der Lektüre der Beta-Test-Bedingungen. Aber vielleicht ist die ganze Sache auch gar nicht so schlimm, sondern viel schlimmer. Auch Intel hat sich weiter unten mit ME einen verschlüsselten Zugang gesichert, für das Betriebssystem und dort laufenden Virenscanner unsichtbar. Aber das gilt ja beunruhigenderweise auch für die bereits gesichteten Angriffsprogramme im UEFI-Bereich. In einem derartigen Sicherheitsumfeld unter dem Stichwort „Industrie 4.0“ Dienste, die für das friedliche gesellschaftliche Zusammenleben relevant sind, Angriffen aus dem Netz auszusetzen, kann nicht als akzeptable Herangehensweise charakterisiert werden.

Yearly, the world is inundated with news about government data collection programs. In addition to these programs, governments collect data from third party sources to gather information about individuals. This data in conjunction with machine learning aids governments in determining where crime will be committed and who has committed a crime. Could this data serve as a method by which governments predict whether or not the individual will commit a crime? This talk will examine the use of big data in the context of predictive policing. Specifically, how does the data collected inform suspicion about a particular individual? In the context of U.S. law, can big data alone establish reasonable suspicion or should it just factor into the totality of the circumstances? How do we mitigate the biases that might exist in large data sets?

This talk will examine the current big data programs utilized by governments and police departments around the world and discuss how they factor into individualized suspicion of persons. Can big data sets with the proper algorithm effectively predict who will commit a crime? What are the appropriate margins of error (if any at all)? I will discuss the use of algorithms on big data sets to predict both where crime will occur and who might commit it. Additionally, I will discuss the types of data that exists in these databases and compare several different ways in which computer algorithms are used on big data sets to predict something about a particular individual. Should predictive policing algorithms more closely resemble those used to predict disease from DNA samples or those used in the clearance process? Should they be used at all?

Wie lassen sich Konstantenfaltung und ein Registerallokator für einen Forth-Compiler implementieren, der in einem Mikrocontroller läuft ?

Wer gern mit Elektronik und Mikrocontrollern bastelt, kennt sicherlich die aufwändige Fehlersuche mit vielen kleinen Testprogrammen. Doch es ist auch möglich, einen Forth-Compiler direkt im Microcontroller zu installieren, mit dem über ein Terminal kommuniziert werden kann und welcher es erlaubt, "von innen heraus" auf die Hardware zuzugreifen sowie jede neu geschriebene Routine sofort von Hand auszuprobieren. Forth ist ein alter Hut - wer jetzt jedoch an langsam denkt, mag überrascht sein: Ein optimierender Forth-Compiler mit Konstantenfaltung und Registerallokator passt mit 20 kb Größe sogar in den LPC1114FN28 ! Wie die Optimierungen "an Bord" funktionieren, soll in diesem Vortrag erläutert werden. Assemblerkenntnisse für MSP430 und ARM Cortex M sind von Vorteil. Wer Forth genauer kennenlernen möchte, kann gern auch zur Assembly der Forth-Gesellschaft kommen.

The traditional review event with presentations from various teams at congress. Learn how the 32C3 got Internet, video streaming, power and maybe more!

Was hat sich im letzten Jahr im Bereich IT-Sicherheit getan? Welche neuen Entwicklungen haben sich ergeben? Welche neuen Buzzwords und Trends waren zu sehen?

Wie immer wagen wir den IT-Security-Alptraum-Ausblick auf das Jahr 2016 und darüber hinaus. Denn was wir wirklich wissen wollen, ist ja schließlich: Was kriecht, krabbelt und fliegt in Zukunft auf uns zu und in unseren digitalen Implants herum? Im Zuge von noch mehr Transparenz, Kritik & Selbstkritik und kontinuierlicher nachhaltiger Optimierung aller Prozesse werden wir außerdem frühere Voraussagen hinsichtlich des Eintreffens unserer Weissagungen prüfen.

Governments post reports and data about their operations. Journalists publish documents from whistleblowers. But there is a third type of open data that is often overlooked- the information people and companies post about themselves. People need jobs. Companies need to hire people. Secret prisons do not build themselves. By making it feasible for anyone to collect public data online in bulk and exploring ways to effectively use this data for concrete objectives, we can build an independent, distributed system of accountability.

Intelligence analysts regularly use Open Source Intelligence (OSINT) in their work. With ICWatch, we showed that it's possible to use open data online to watch the intelligence community too. Now, Transparency Toolkit has built free software anyone can use to collect OSINT without coding. This talk discusses techniques for collecting OSINT on surveillance and human rights issues. It also explores pathways for using this data in journalism, litigation, and policy change.

A review/rant about the progress that free software wireless drivers (especially on Linux) have made over the recent years, as well as the current challenges that driver developers (and users) are facing.

Many users of free software have realized that 802.11 wireless chipsets can be used in more ways than simply making their laptop connect to their home AP or hotspot. Many people are replacing their router firmware with OpenWrt to have a better AP with free software drivers. Mesh network communities like Freifunk are building decentralized network infrastructure, which is also used to provide internet access to refugees in Germany. There are countless other examples of useful and innovative projects that are enabled by having free software wireless drivers. However, the sad reality is that the hardware choices for these kinds of innovative projects are very limited, not because of limitations in the actual hardware, but because of the lack of datasheets, information, reference source code, developer time, etc. In this talk, I will show how we got the state of Linux wireless support to the point where it is now, and I will rant viciously about what's holding us back. I have been working on wireless drivers for a few years now, and as a contractor for chipset manufacturers, I was given a glimpse into the maze of insanities that is holding back progress significantly. But no matter how much bureaucracy, lame excuses, NDA crap and other weird things vendors (and now also the FCC) throw at us, there is still hope for a better future...