33. Chaos Communication Congress

Der NSA-Untersuchungsausschuss im Bundestag soll aufklären, was die NSA in Deutschland tut und wie deutsche Geheimdienste in diese Aktivitäten verwickelt sind. Fast wie in einer Gerichtsverhandlung – doch es gibt eine Besonderheit: Der Zeuge ist der BND, ein Geheimdienst. Und der tut alles dafür, nichts zu verraten.

Die Inszenierung enthält originale Szenen und Zitate aus dem Ausschuss, die zeigen, wie mühsam es ist, einen Geheimdienst zu vernehmen, wie schwer er es dem Parlament macht, ihn zu kontrollieren. Doch sie belegen auch, dass demokratische Aufklärung nicht umsonst ist, auch wenn sie manchmal nur aus Versehen passiert. Oder wenn den Aufklärern statt einer verschiedene Wahrheiten zu einem Thema präsentiert werden.

Hardware is often considered as an abstract layer that behaves correctly, just executing instructions and outputting a result. However, the internal state of the hardware leaks information about the programs that are executing. In this talk, we focus on how to extract information from the execution of simple x86 instructions that do not require any privileges. Beyond classical cache-based side-channel attacks, we demonstrate how to perform cache attacks without a single memory access, as well as how to bypass kernel ASLR. This talk does not require any knowledge about assembly. We promise.

When hunting for bugs, the focus is mostly on the software layer. On the other hand, hardware is often considered as an abstract layer that behaves correctly, just executing instructions and outputing a result. However, the internal state of the hardware leaks information about the programs that are running. Unlike software bugs, these bugs are not easy to patch on current hardware, and manufacturers are also reluctant to fix them in future generations, as they are tightly tied with performance optimizations. In this talk, we focus on how to extract information from the execution of simple x86 instructions that do not require any privileges. The most studied microarchitectural attacks are beyond doubt cache attacks. Indeed, the timing of a memory access depends heavily on the state of the CPU cache. But beyond memory accesses that are the base of classical cache-based side-channel attacks, other x86 instructions leak information about the internal state of the hardware, and thus about running programs. First, we present side channels caused by the "clflush" instruction, that flushes all content of the cache. We will explain how it can be used to perform side-channel attacks that are faster and stealthier than their classical counterpart, without performing so much as a single memory access [1]. Second, we present side channels caused by the prefetch instructions. We will explain how these instructions can be used to translate virtual addresses to physical addresses - without the use of the proc interface that is restricted today -, and to bypass kernel ASLR [2]. This talk does not require any knowledge about assembly. We promise. The talk will be given as a joint presentation by Clémentine Maurice and Moritz Lipp. [1] Daniel Gruss, Clémentine Maurice, Klaus Wagner and Stefan Mangard, "Flush+Flush: A Fast and Stealthy Cache Attack", DIMVA 2016 [2] Daniel Gruss, Clémentine Maurice, Anders Fogh, Moritz Lipp, Stefan Mangard, "Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR", CCS 2016

Outernet is a company whose goal is to ease worldwide access to internet contents by broadcasting files through geostationary satellites. Most of the software used for Outernet is open source, but the key parts of their receiver are closed source and the protocols and specifications of the signal used are secret. I have been able to reverse engineer most of the protocols, and a functional open source receiver is now available.

Outernet is a company whose goal is to ease worldwide access to internet contents by broadcasting files through geostationary satellites. Currently, they broadcast an L-band signal from 3 Inmarsat satellites, giving them almost worldwide coverage. The bitrate of the signal is 2kbps (or 20MB of content per day), and they use the signal to broadcast Wikipedia pages, weather information and other information of public interest. Most of the software used for Outernet is open source, but the key parts of their receiver are closed source and the protocols and specifications of the signal used are secret. I think this is contrary to the goal of providing free worldwide access to internet contents. Therefore, I have worked to reverse engineer the protocols and build an open source receiver. I have been able to reverse engineer most of the protocols, and a functional open source receiver is now available. In this talk, I'll explain which modulation, coding and framing is used for the Outernet L-band signal, what are the ad-hoc network and transport layer used, how the file broadcasting system works, and some of the tools and techniques I have used to do reverse engineering.

Certificate transparency - what is it, and what can be done with it?

Certificate Transparency is the new kid on the block of TLS. Specified as RFC6962 it is designed to prevent fraudulently issued TLS certificates, and detect wrongdoing from Certificate Authorities. This talk will present Certificate Transparency in full details. Beginning from the attacks it prevents, key players and threat models, we will dive into the public data that is readily available and present ideas how to enhance its ecosystem as a whole.

As they say in the Air Force, ‚No comms no bombs‘, – A technician’s insight into the invisible networks governing military drones and the quest for accountability

Cian has spent a great deal of time thinking about the issues of responsibility in, and how communications technology has been used to distance people from the act of killing. Rising superpowers around the world are working day and night to build the next stealth drone that can penetrate air defense systems. The automation of target selection processes, navigation and control are incentivized by the vulnerability posed by the signals drones rely upon to operate. A drone is merely a networked platform that moves across a grid, much like a mouse. It’s „mind“ is distributed among dozens of individuals located around the globe, controlling separate parts of the the overall mission using data derived from surveillance, and processed using algorithms that may or may not reflect the reality on the ground. Cian challenges the common notion that drones are the most effective tool for combatting terrorism and seeks to explain why this is so, as well as how mistakes happen. The automation of these processes will further take the responsibility out of the hands of individuals and disperse them further. This calls for a new level of ethical considerations and accountability mechanisms to be developed.

Software Defined Radios (SDRs) became a mainstream tool for wireless engineers and security researches and there are plenty of them available on the market. Most if not all SDRs in the affordable price range are using USB2/USB3 as a transport, because of implementation simplicity. While being so popular, USB has limited bandwidth, high latency and is not really suitable for embedded applications. PCIe/miniPCIe is the only widespread bus which is embedded friendly, low latency and high bandwidth at the same time. But implementing PCIe/miniPCIe is not for the faint of heart - you have to write your own FPGA code, write your own Linux kernel driver and ensure compatibility with different chipsets, each with its own quirks. In this talk we will look at the requirements for a high performance SDR like XTRX, how this leads to certain design decisions and share pitfalls and gotchas we encountered (and solved).

We've been working with SDRs since 2008 and building own SDRs since 2011, focusing on embedded systems and mobile base stations. We created ClockTamer configurable clock source and UmTRX SDR and built a complete base station (UmSITE) to run OpenBTS and later Osmocom GSM stacks. This year we've started working on a new tiny high-performance SDR called XTRX which fits into the miniPCIe form-factor and using PCIe for the I/Q samples transfer. We will talk about when to use PCIe and when not to use PCIe and why did we choose it for XTRX; FPGA implementation of PCIe with optimization for low latency and high throughput; Linux kernel driver for this PCIe device; integration with various SDR platforms; all the various issues we encountered and how you can avoid them.

Follow the steps taken to crack a conditional access and scrambling system used in millions of TV set-top-boxes across North America. From circuit board to chemical decapsulation, optical ROM extraction, glitching, and reverse engineering custom hardware cryptographic features. This talk describes the techniques used to breach the security of satellite and cable TV systems that have remained secure after 15+ years in use.

Analysis of, and low-cost attack techniques against, a conditional access and scrambling system used in tens of millions of TV set-top-boxes in North America. A case study of the low-cost techniques used by an individual hacker to successfully crack a major pay TV system.

Topics include:

• chemical decapsulation and delayering of ICs in acids,
• microphotography and optical bit extraction of ROM,
• binary analysis using IDA and homebrew CPU simulators,
• datalogging and injection of SPI and serial TS data,
• designing and using a voltage glitcher,
• extracting secret keys from RAM of a battery-backed IC,
• analyzing hardware-based crypto customizations,
• studying undocumented hardware peripherals,
• MPEG transport streams and non-DVB-standards,
• QPSK demodulation, interleaving, randomization, FEC of OOB (out-of-band) cable data.

Both strong end-to-end communications encryption and device encryption are legal in most jurisdictions today, and remain widely available. Yet software programmers and hardware producers are increasingly under pressure from law enforcement and policy makers around the world to include so-called backdoors in encryption products.

In this lecture, I will provide the state of the law as we moving into 2017, detailing what happened in the fight between Apple and the FBI in San Bernardino and the current proposals to weaken or ban encryption, covering proposed and recently enacted laws. I will also discuss the extra-legal pressures placed upon companies, and the rise of government hacking and state-sponsored malware as an alternative or addition to weakening software. Finally, the presentation will discuss possible realistic outcomes, and give my predictions on what the state of the law will be as we head into 2017, and discuss how we can fight for a future that will allow for secure communications for everyone. The discussion will include: - The law and policy issues in the FBI v. Apple iPhone case, - The FBI’s purchase of 0day access to the iPhone 5c, and Apple’s technical response, - The rise in use of government malware to access encrypted device - Proposed and enacted crypto laws in the United States, Australia, India, Russia, and the UK, - Legal pressures on companies, like Brazil’s arrest of Facebook executives to pressure WhatsApp, - Q&A with the audience.

PHP-7 is a new version of the most prevalent server-side language in use today. Like previous version, this version is also vulnerable to memory corruptions. However, the language has gone through extensive changes and none of previous exploitation techniques are relevant. In this talk, we explore the new memory internals of the language from exploiters and vulnerability researchers point of view. We will explain newly found vulnerabilities in the 'unserialize' mechanism of the language and present re-usable primitives for remote exploitation of these vulnerabilities.

PHP is the most prominent web server-side language used today. Although secure coding practices are used when developing in PHP, they can’t mitigate vulnerabilities in the language itself. Since PHP is written in C, it is exposed to vulnerabilities found in projects written in a low-level language, such as memory-corruption vulnerabilities, which are common when manipulating data formats. PHP-7 is a new implementation of the language, and while memory corruption bugs exist in this version as well, none of the exploitation primitives from the previous version are working (e.g. @i0n1c presentation from BH2010). In this talk, I will discuss the memory internals of PHP7 from exploiter and vulnerability researcher's perspective, explain newly found vulnerabilities in the unserialize mechanism and demonstrate how to exploit this class of bugs in PHP-7 presenting re-usable primitives. The internals of the language implementation changed quite dramatically, and now it’s harder to find and exploit memory corruption bugs. The new zval system prefers embedding over pointing to members and the allocation mechanism has gone through a complete re-write, removing metadata. The overall result is less primitives and less control over crafted data. unserialize is a data manipulation and object instantiation mechanism in PHP which is prone to memory corruption vulnerabilities. For the first time, we have managed to implement a remote exploit of a real world bug in PHP-7unserialize mechanism.

Heads is an open source custom firmware and OS configuration for laptops and servers that aims to provide slightly better physical security and protection for data on the system. Unlike Tails, which aims to be a stateless OS that leaves no trace on the computer of its presence, Heads is intended for the case where you need to store data and state on the computer. It targets specific models of commodity hardware and takes advantage of lessons learned from several years of vulnerability research. This talk provides a high level overview of Heads, a demo of installing it on a Thinkpad and a tour of some of the attacks that it protects against.

Heads builds on several years of firmware security research focused on firmware vulnerabilities ("Thunderstrike: EFI bootkits for Apple Macbooks" and "Thunderstrike 2") as well as many other CCC talks ("Hardening hardware and choosing a #goodBIOS", "Beyond anti evil maid", "Towards (reasonably) trustworthy x86 laptops", etc.) and combines these ideas into a single system. It is not just another Linux distribution - it combines physical hardening and flash security features with custom Coreboot firmware and a Linux boot loader in ROM. This moves the root of trust into the write-protected ROM and prevents further modifications to the bootup code. Controlling the first instruction the CPU executes allows Heads to measure every step of the boot process into the TPM, which makes it possible to attest to the user or a remote system that the firmware has not been tampered with. While modern Intel CPUs require binary blobs to boot, these non-Free components are included in the measurements and are at least guaranteed to be unchanging. Once the system is in a known good state, the TPM is used as a hardware key storage to decrypt the drive. Additionally, the hypervisor, kernel and initrd images are signed by keys controlled by the user, and the OS uses a signed, immutable root filesystem so that any software exploits that attempt to gain persistence will be detected. While all of these firmware and software changes don't secure the system against every possible attack vector, they address several classes of attacks against the boot process and physical hardware that have been neglected in traditional installations, hopefully raising the difficulty beyond what most attackers are willing to spend.

Die Lebenswelt von Kindern und Jugendlichen sowie die der Schulen könnte in Bezug auf die Digitalisierung kaum gegensätzlicher sein: Schülerinnen und Schüler leben und entfalten sich begeistert in der digitalen Welt, aber die Schule ist kaum in der Lage, Schülern ihre drängenden Fragen rund um die komplexe digitale Welt zu beantworten. In unserem Talk möchten wir anhand unserer Erfahrungen aus dem Projekt "Chaos macht Schule" u.a. diskutieren, wie man die heranwachsende Generation u. a. für Themen wie Datenschutz und Überwachung sensibilisieren und gleichzeitig Technikbegeisterung bei jungen Menschen fördern kann.

Die Lebenswelt von Kindern und Jugendlichen sowie die der Schulen könnte in Bezug auf die Digitalisierung kaum gegensätzlicher sein. Schülerinnen und Schüler leben und entfalten sich begeistert in der digitalen Welt, während am Großteil der Schulen weder die Technik vorhanden ist noch die Lehrkräften dafür ausgebildet wurden bzw. die Lehrpläne genügend Raum lassen, Schülern ihre drängenden Fragen rund um die komplexe digitale Welt zu beantworten. Als Bundesbildungsministerin Johanna Wanka im Oktober ihren Plan äußerte, 2017 fünf Milliarden Euro für die digitale Ausstattung an Schulen bereitstellen zu wollen, folgte direkt laute Kritik vom Präsidenten des Lehrerverbandes Josef Kraus. Vor diesem Hintergrund verwundert es kaum, wenn Frank Rieger und Rop Gonggrijp vor elf Jahren in ihrem vielbeachteten Talk "We lost the war“ beklagten, dass es uns nicht gelungen sei, unsere Themen in der Gesellschaft zu verankern. Auch heute noch gibt es nur vereinzelte Ansätze, Jugendliche an Themen der Medienkompetenz, Technikgestaltung und gesellschaftlichen Relevanz heranzuführen. Im Rahmen des Projektes "Chaos macht Schule" besuchen Mitglieder des CCCs seit mittlerweile ca. 10 Jahren Bildungseinrichtungen für Workshops zu technischen Themen (z.B. Programmierung, Löten etc.) als auch zu gesellschaftlichen (z.B. Datenschutz, Überwachung) mit dem Ziel, Medienkompetenz und Technikverständnis zu fördern. Mit "Chaos macht Schule“ möchten wir diese Themen, die über reine Programmierkenntnisse hinausgehe, weiter in die Gesellschaft tragen. In unserem Talk möchten wir anhand unserer Erfahrungen betrachten, wie man die heranwachsende Generation u. a. für Themen wie Datenschutz und Überwachung sensibilisieren und gleichzeitig die Technikbegeisterung der jungen Menschen fördern kann. Wir erörtern, warum wir es auch für eine Bereicherung für die Hacker-Community halten, in die Schulen zu gehen. Außerdem möchten wir Tipps geben, was man selbst tun kann, die Hacker-Ethik über die junge Generation in die Gesellschaft zu tragen.

We analyze the generation and management of WPA2 group keys. These keys protect broadcast and multicast Wi-Fi traffic. We discovered several issues and illustrate their importance by decrypting all group (and unicast) traffic of a typical Wi-Fi network.

First we show that the 802.11 random number generator is flawed by design, and provides an insufficient amount of entropy. This is confirmed by predicting randomly generated group keys on several platforms. We then examine whether group keys are securely transmitted to clients. Here we discover a downgrade attack that forces usage of RC4 to encrypt the group key when transmitted in the 4-way handshake. The per-message RC4 key is the concatenation of a public 16-byte initialization vector with a secret 16-byte key, and the first 256 keystream bytes are dropped. We study this peculiar usage of RC4, and find that capturing 2 billion handshakes can be sufficient to recover (i.e., decrypt) a 128-bit group key. We also examine whether group traffic is properly isolated from unicast traffic. We find that this is not the case, and show that the group key can be used to inject and decrypt unicast traffic. Finally, we propose and study a new random number generator tailored for 802.11 platforms.

We present DROWN, a novel cross-protocol attack on TLS that uses a server supporting SSLv2 as an oracle to decrypt modern TLS connections. Using Internet-wide scans, we find that 33% of all HTTPS servers are vulnerable to this protocol-level attack.

We present DROWN, a novel cross-protocol attack on TLS that uses a server supporting SSLv2 as an oracle to decrypt modern TLS connections. We introduce two versions of the attack. The more general form exploits multiple unnoticed protocol flaws in SSLv2 to develop a new and stronger variant of the Bleichenbacher RSA padding-oracle attack. The victim client never initiates SSLv2 connections. We implemented the attack and can decrypt a TLS 1.2 handshake using 2048-bit RSA in under 8 hours, at a cost of $440 on Amazon EC2. Using Internet-wide scans, we find that 33% of all HTTPS servers and 22% of those with browser-trusted certificates are vulnerable to this protocol-level attack due to widespread key and certificate reuse. For an even cheaper attack, we apply our new techniques together with a newly discovered vulnerability in OpenSSL that was present in releases from 1998 to early 2015. Given an unpatched SSLv2 server to use as an oracle, we can decrypt a TLS ciphertext in one minute on a single CPU—fast enough to enable man-in-the-middle attacks against modern browsers. We find that 26% of HTTPS servers are vulnerable to this attack. This talk gives an overview on the DROWN vulnerability for the hacker community with some background information that didn’t make it to the paper.

The NibbleTronic is a MIDI wind controller that features a novel user interface resulting in a unique tonal range. The standard configuration allows to precisely play a bit more than four full octaves including semitones with only one hand.

In my talk I want to describe the individual stages of development from a barely usable electronic recorder to a useful and unique instrument that could come as a kit. The interface that puts four octaves at the fingertips of a single hand will be the second core topic.

Polizeibehörden und Geheimdienste sammeln Daten der Bürger – mehr als je zuvor. Der Bestand an unterschiedlichen Datenbanken ist enorm gewachsen und geradezu unübersichtlich geworden. Aufgrund datenschutzrechtlicher Regelungen gibt es für etliche dieser Datenbanken einen gesetzlichen Auskunftsanspruch des Bürgers.

Gesetzlich geregelt sind auch die Fristen für die Löschung dieser Daten. Die Praxis zeigt aber, dass die Daten häufig erst gelöscht werden, wenn der betroffene Bürger eine Datenauskunft beantragt – Grund genug also, um dies massenhaft zu tun. Der Tonfall bei der Verkehrskontrolle ist zunächst freundlich. Nachdem aber die Personalien über das Polizeisystem überprüft wurden, sind die vorher freundlichen Beamten plötzlich ganz schön ruppig, der Kofferraum wird durchsucht, die Kontrolle dauert ohne erkennbaren Grund noch eine ganze Weile länger. Da muss es wohl noch eine alte Eintragung im Polizeicomputer geben, Widerstand gegen Vollstreckungsbeamte, Drogendelikte oder einfach den Personenbezogenen Hinweis (PHW) Straftäter linksmotiviert? Wer würde da nicht gerne wissen, was die Polizei und andere Behörden über ihn gespeichert haben? Das kann man wissen – mit einem Antrag auf Auskunft über die im POLIKS, POLAS, INPOL, Schengener Informationsystem (SIS) oder Mehrländer-Staatsanwaltschafts-Automation (MESTA) – um nur einige Datenbanken zu nennen – gespeicherten Daten. Hierzu braucht man jedoch einen Überblick, welche Behörde welche Daten erhebt, wo und wie die Anfrage gestellt werden muss und welche Besonderheiten es dabei jeweils zu beachten gilt. Da die Behörden genug personelle Kapazitäten einsetzen, um zu speichern, nicht aber, um nach Ablauf der Speicherfrist die gesetzlichen Löschungsvorschriften einzuhalten, wird häufig eine Löschung erst vorgenommen, wenn ein Antrag auf Datenauskunft gestellt wird. Der mündige Bürger sollte daher die über ihn gespeicherten Daten in den unterschiedlichen polizeilichen Datenbanken überprüfen. Der Vortrag wird zeigen, wo und wie das gemacht wird.

What are the politics and aesthetics of mapping? An introduction how cartography shapes cities and landscapes, creates borders and determines the perception of our environment. How an evolving mix of high-resolution satellite imagery, algorithm-based mappings and the huge amount of data of digitized cities will enhance these effects? And in contrast, how can maps be designed, that question the “objectivity” and “correctness” of conventional cartography?

While digital communication gets ubiquitous, maps play an important role in the formation and mediation of physical space. A view back to earlier stages of development from the Da Vinci maps in the 15th century, the world-exploring and world-conquering by cartographic techniques in the area of colonialism in the late 19th, the emergence of photorealistic mapping (aerial and satellite photography) in the 20th century will provide some ideas of the power of maps and its impacts on society. With the Aspen Movie Map and its widespread successor Google Street View there is a decisive change of perspective going on (from bird‘s eye view to street level) that will lead to new, more intense forms of immersion by the use of maps. Maps shapeshift into navigational screens, we are using digital maps while our devices map our movements in the same time. With a view ahead, I‘ll try to find out which mapping algorithms are developed, which kind of images latest satellites with high-resolution 3D capabilities will create and what maps the researchers of Silicon Valley and the automotive industry want to fabricate – and thus new aesthetics and politics of mappings. In contrast to this I will follow the question how other views can be created by antagonistic maps, that question the brutal “objectivity” and shiny “correctness” of computer-generated maps and that tell different stories from the perspective of the inhabitants living in those mapped cities and landscapes.

In early 2015, the Federal Bureau of Investigation hacked computers in Austria, Denmark, Chile, Colombia, Greece, and likely the United Kingdom and Turkey too. In all, the agency used a Tor Browser exploit to target over 4000 computers spread across the world based on a single, arguably illegal warrant.

But this is only one case in the growing trend of law enforcement agencies reaching outside of their own country and hacking criminals suspects abroad, bringing up urgent questions of legality, jurisdiction, and proportionately in the digital age. For the past year, I have investigated law enforcement’s international use of hacking tools. As well as finding which countries the FBI remotely searched computers in, I uncovered another operation led by a local Australian police department, which targeted individuals in the United States – clearly outside of the agency’s jurisdiction. Because many criminals suspects have moved onto the so-called dark web, law enforcement have no idea where the computers they are hacking are actually located. This worrying shoot-malware-ask-questions later approach has seen only minimal attention from policy makers and legal experts, and is likely to become more widespread.

I would like to present my project called Anthropology for kids and a specific book, that I am working on in the larger framework of this project. This book will look like an ordinary school notebook in which a teacher checks a student if the lesson had been learnt. But it is actually not! I gathered this collection of historical and anthropological notes, so that together with school kids we can think about how the very idea of privacy was developed in different countries and in different historical epochs. In ancient Babylon wealthy women were allowed to cover their faces and their bodies, but the poor ones were not. In the Soviet Union during Stalin times it was dangerous to tell a political joke even in the group of close friends. One of them may report a joke to the authorities. Punishment for a political joke could be a prison sentence. Today more or less all our online communication is watched or recorded by authorities. How does our present relate to other times in history, how is the western notion of privacy related to the ideas in other cultures.

About the speaker: Her practice evolved from visual arts, journalism, internet culture and publishing. After an artistic career in Israel in the early Nineties, Dubrovsky was among the pioneers in Russia's new media start-up scene and specialized in social media and open source culture. Moving to New York in 2001 she became a significant voice in Russian blogging. Her critical position on educational regimes led to the development and publishing of doodle books for children. Her current project Anthropology For Kids aims at creating a publication series with a participatory approach. Reframing crucial aspects of human life – family, money, health, beauty, and alike – Anthropology For Kids seeks to deconstruct conditioned notions of how we (should) live, demonstrating the diversity of perspectives and possibilities that exist in different cultures.

Im Spannungsfeld zwischen der Vorderfront der Computertechnik und einem Spezialbereich des Urheberrechts hat sich eine Industrie eine Nische geschaffen, in der sie durch Hochspezialisierung und Automatisierung ein einträgliches Geschäft aufgezogen haben. Dabei nehmen sie als Kollateralschaden in Kauf, dass Unschuldige durch die Drohkulisse zum Zahlen bewegt und zum Schließen ihres offenen Netzwerks gebracht werden. Wir beschreiben, was man dagegen tun kann und was wir dagegen schon getan haben.

Probleme: • Die Abmahnungen sind fein austariert, um das Kostenrisiko für eigene Auslagen für fast jeden Schritt beim Abgemahnten zu belassen. • Die Anschreiben sind technisch und juristisch komplex und der einzig “überschaubare” Pfad ist der Überweisungsträger, zudem ist die Frist auf Einschüchterung angelegt. • Die Abmahner können beliebig bis kurz vor Verjährung warten, um den Fall am Leben zu halten, es gibt bis zur Feststellung keine Sicherheit. • Die Abmahner können sich auf bewährte Textbausteine, fachlich überforderte Richter und (bis zuletzt) den fliegenden Gerichtsstand mit dem Anliegen wohl gesonnenen Richtern stützen. • Dazu kommt verunsichernde Rechtssprechung beim BGH, was Störerhaftung betrifft. • Die Abmahner können sich darauf verlassen, dass eine Solidarität unter den Abgemahnten faktisch nicht besteht und Fälle mit Aussicht auf ungünstige Präzedenzen noch außergerichtlich beilegen. Quasi kein normaler Abgemahnter hat Lust, das Verfahren durch eine negative Feststellungsklage abschließend zu klären. • Aber erst durch das Risiko, die Auslagen für eine große Zahl von Fällen selber tragen zu müssen, in denen sich die Abgemahnten mit potentiell kostspieligen Strategien wehren, kann dem industriell betriebenen Abmahnen Grenzen aufzeigen. • Problem ist dabei, dass bei einer Abmahnung grundsätzlich “jeder trägt seins” gilt, was für den normal nicht Rechtsschutzversicherten mit Blick auf das RVG eine ganz eigene gefährliche Mathematik eröffnet • UrhG sagt, dass der Abmahner die Spesen des Abgemahnten nur selber tragen muss, wenn er die Unrechtmäßigkeit der Abmahnung hätte erkennen müssen. Bis dahin ist es für den Abmahner leichtes und risikoloses Spiel, erstmal groß abzumahnen und im Zweifel zurückzuziehen • Hier versucht der Abmahnbeantworter, Hilfe zu schaffen, indem er eine Erstverteidigung ermöglicht, ohne Kosten zu verursachen.

FinTechs increasingly cut the ground from under long-established banks’ feet. With a "Mobile First" strategy, many set their sights on bringing all financial tasks—checking the account balance, making transactions, arranging investments, and ordering an overdraft—on your smartphone. In a business area that was once entirely committed to security, Fintechs make a hip design and outstanding user experience their one and only priority. Even though this strategy is rewarded by rapidly increasing customer numbers, it also reveals a flawed understanding of security. With the example of the pan-European banking startup N26 (formerly Number26), we succeeded independently from the used device to leak customer data, manipulate transactions, and to entirely take over accounts to ultimately issue arbitrary transactions—even without credit.

Over the last few years, smartphones have become an omnipresent device that almost everybody owns and carries around all the time. Although financial institutions usually react conservatively to new technologies and trends, most established banks today offer their customers banking apps and app-based second-factor authentication methods. Fintechs, technology startups in the financial sector, pressure the tried and trusted structure of established banks, as they highlight the customer’s smartphone as the hub of their financial life. This business model is especially appealing to younger customers. FinTechs, however, also play an important role in the advancing downfall of important conceptual security measures. While the latter can be understood as the next step in the decay process of second-factor authentication, which was started with the introduction of app-based legitimization methods, FinTechs also reveal limited insights into conceptual and technical security. We have encountered severe vulnerabilities at the Berlin-based FinTech N26, which offers their smartphone-only bank account to many countries throughout Europe. Entirely independent of the used device, we were not only able to reveal N26 customers and to manipulate transactions in real-time but also to completely take over a victim’s bank account.

Artificial intelligence and machine learning are in a period of astounding growth. However, there are concerns that these technologies may be used, either with or without intention, to perpetuate the prejudice and unfairness that unfortunately characterizes many human institutions. We show for the first time that human-like semantic biases result from the application of standard machine learning to ordinary language—the same sort of language humans are exposed to every day. We replicate a spectrum of standard human biases as exposed by the Implicit Association Test and other well-known psychological studies. We replicate these using a widely used, purely statistical machine-learning model—namely, the GloVe word embedding—trained on a corpus of text from the Web. Our results indicate that language itself contains recoverable and accurate imprints of our historic biases, whether these are morally neutral as towards insects or flowers, problematic as towards race or gender, or even simply veridical, reflecting the status quo for the distribution of gender with respect to careers or first names. These regularities are captured by machine learning along with the rest of semantics. In addition to our empirical findings concerning language, we also contribute new methods for evaluating bias in text, the Word Embedding Association Test (WEAT) and the Word Embedding Factual Association Test (WEFAT). Our results have implications not only for AI and machine learning, but also for the fields of psychology, sociology, and human ethics, since they raise the possibility that mere exposure to everyday language can account for the biases we replicate here.

There is no Alice and Bob in this talk. This talk is intended for an audience that genuinely cares for humanity and believes in equality while supporting fairness and acts against discrimination. This talk might not be interesting for folks who promote exclusion while discouraging diversity. Many of us have felt excluded in certain situations because of our gender, race, nationality, sexual orientation, disabilities, or physical appearance. This talk aims to communicate how big data driven machine learning is pushing the society towards discrimination, unfairness, and prejudices that harm billions of people every single day. This year, I will not talk about de-anonymizing programmers, re-identifying underground forum members, or anonymous writing. I will be talking about a human right, namely equality, and the issue of unfairness which happens to be embedded in machines that make decisions about our future, what we see and read, or whether we go to prison or not. Machine learning models are widely used for various applications that end up affecting billions of people and Internet users every day. Random forest classifiers guide the U.S. drone program to predict couriers that can lead to terrorists in Pakistan. Employers use algorithms, which might be racist, to aid in employment decisions. Insurance companies determine health care or car insurance rates based on machine learning outcomes. Internet search results are personalized according to machine learning models, which are known to discriminate against women by showing advertisements with lower salaries, while showing higher paying job advertisements for men. On the other hand, natural language processing models are being used for generating text and speech, machine translation, sentiment analysis, and sentence completion, which collectively influence search engine results, page ranks, and the information presented to all Internet users within filter bubbles. Given the enormous and unavoidable effect of machine learning algorithms on individuals and society, we attempt to uncover implicit bias embedded in machine learning models, focusing particularly on word embeddings. We show empirically that natural language necessarily contains human biases, and the paradigm of training machine learning on language corpora means that AI will inevitably imbibe these biases as well. We look at “word embeddings”, a state-of-the-art language representation used in machine learning. Each word is mapped to a point in a 300-dimensional vector space so that semantically similar words map to nearby points. We show that a wide variety of results from psychology on human bias can be replicated using nothing but these word embeddings. We primarily look at the Implicit Association Test (IAT), a widely used and accepted test of implicit bias. The IAT asks subjects to pair concepts together (e.g., white/black-sounding names with pleasant or unpleasant words) and measures reaction times as an indicator of bias. In place of reaction times, we use the semantic closeness between pairs of words. In short, we were able to replicate every single implicit bias result that we tested, with high effect sizes and low p-values. These include innocuous, universal associations (flowers are associated with pleasantness and insects with unpleasantness), racial prejudice (European-American names are associated with pleasantness and African-American names with unpleasantness), and a variety of gender stereotypes (for example, career words are associated with male names and family words with female names). We look at nationalism, mental health stigma, and prejudice towards the elderly. We also look at word embeddings generated from German text to investigate prejudice based on German data. We do not cherry pick any of these IATs, they have been extensively performed by millions of people from various countries and they are also available for German speakers (https://implicit.harvard.edu/implicit/germany/). We go further. We show that information about the real world is recoverable from word embeddings to a striking degree. We can accurately predict the percentage of U.S. workers in an occupation who are women using nothing but the semantic closeness of the occupation word to feminine words! These results simultaneously show that the biases in question are embedded in human language, and that word embeddings are picking up the biases. Our finding of pervasive, human-like bias in AI may be surprising, but we consider it inevitable. We mean “bias” in a morally neutral sense. Some biases are prejudices, which society deems unacceptable. Others are facts about the real world (such as gender gaps in occupations), even if they reflect historical injustices that we wish to mitigate. Yet others are perfectly innocuous. Algorithms don’t have a good way of telling these apart. If AI learns language sufficiently well, it will also learn cultural associations that are offensive, objectionable, or harmful. At a high level, bias is meaning. “Debiasing” these machine models, while intriguing and technically interesting, necessarily harms meaning. Instead, we suggest that mitigating prejudice should be a separate component of an AI system. Rather than altering AI’s representation of language, we should alter how or whether it acts on that knowledge, just as humans are able to learn not to act on our implicit biases. This requires a long-term research program that includes ethicists and domain experts, rather than formulating ethics as just another technical constraint in a learning system. Finally, our results have implications for human prejudice. Given how deeply bias is embedded in language, to what extent does the influence of language explain prejudiced behavior? And could transmission of language explain transmission of prejudices? These explanations are simplistic, but that is precisely our point: in the future, we should treat these as “null hypotheses’’ to be eliminated before we turn to more complex accounts of bias in humans.

Nach drei Jahren wurde endlich die nutzerunfreundliche Praxis des Routerzwangs („Compulsory Routers“) gesetzlich für unzulässig erklärt, und aktuell treibt uns die EU-Funkabschottung („Radio Lockdown Directive“) um. Um was geht es dabei? Und was können wir daraus für andere Fälle lernen?

Im Vortrag wird klar werden, warum politischer Aktivismus so wichtig ist und dass er eigentlich gar nicht so schwer ist, wenn man ein paar Dinge beachtet. Es hat drei Jahre gebraucht, um die nutzerunfreundliche Praxis des Routerzwangs endlich gesetzlich für ungültig zu erklären. Diese ermöglicht es Internetanbietern, ihren Kunden ein Endgerät aufzuzwingen, auf das sie nur geringen Einfluss nehmen können. Schlimmer noch: Will man einen eigenen Router anschließen, etwa weil man bestimmte technische Dienste benötigt, Geräte auf Basis Freier Software bevorzugt oder ein stromsparenderes Modell einsetzen möchte, ist dies bei vielen Anbietern entweder gar nicht möglich oder man wird bei Support-Anfragen diskriminiert. Dieses Verhalten von Providern ist in vielerlei Hinsicht höchst problematisch, da es hohe Sicherheitsrisiken für Nutzer birgt, fairen Wettbewerb verzerrt und den technologischen Fortschritt hemmt. Und seit einigen Monaten steht die EU-Richtlinie für Funkabschottung auf unserer Agenda, die möglicherweise schon bald die Nutzung und Entwicklung von Freier Software auf allen Geräten, die in irgendeiner Art Funkwellen verwenden, enorm einschränkt. Die Free Software Foundation Europe, für die der Referent Max Mehl arbeitet, hat schon seit den ersten Debatten vor über drei Jahren gegen den Routerzwang angekämpft und dabei viele Erfahrungen gesammelt. In Zusammenarbeit mit Freie-Software-Entwicklern, Organisationen wie dem Chaos Computer Club oder Digitalcourage sowie mit Endgeräteherstellern, Verbänden und Politik ist es gelungen, den Routerzwang gesetzlich offiziell ab Sommer 2016 zu beenden. Ein wesentlicher Grund für den Erfolg der Initiative war die Einigkeit innerhalb der Allianz gegen den Routerzwang, dass dieses Problem nur politisch gelöst werden kann. Technisch gäbe es für einige der aufgelisteten Kritikpunkte sicherlich kurzfristig Lösungen, doch aus Erfahrung wissen wir, dass das ein Kampf gegen Windmühlen wäre und sich das Grundproblem nur weiter verfestigen würde. Dasselbe Ziel verfolgen wir auch für die Funkabschottung. Der Referent will daher dazu ermutigen, dass sich mehr Menschen für politische Lösungen von ähnlichen Missständen einsetzen. Dazu wird er zum einen den Verlauf des Routerzwangs kurz zusammenfassen und dann anhand dessen skizzieren, wie ähnliche Probleme – im großen wie im kleinen Maßstab – angegangen werden können: unter anderem durch ausführliche Informationsbeschaffung, den Aufbau von Kontakten, gute Kommunikation und das Aufbauen von Allianzen. Währenddessen wird klar werden, dass man für erfolgreichen politischen Aktivismus kein Hauptzeitlobbyist sein muss, sondern Vielfältigkeit sogar von Vorteil ist. Bildcredit: Konrad Twardowski, CC BY-SA 2.0

This talk will take an in-depth look at the technical capabilities and vulnerabilities used by Pegasus. We will focus on Pegasus’s features and the exploit chain Pegasus used called Trident. Attendees will learn about Pegasus’s use of 0-days, obfuscation, encryption, function hooking, and its ability to go unnoticed. We will present our detailed technical analysis that covers each payload stage of Pegasus including its exploit chain and the various 0-day vulnerabilities that the toolkit was using to jailbreak a device. After this talk attendees will have learned all of the technical details about Pegasus and Trident and how the vulnerabilities we found were patched.

Presentation Outline: 1. Introduction Introduction to the talk and the background of the speaker 2. Technical Analysis In the technical analysis section we will cover in-depth the three stages of this attack including the exploits and the payloads used at each stage. We will detail the obfuscation and encryption techniques the developers used to hide the payloads. We will also examine the 0-day vulnerabilities, called Trident, that we found, which allow for a remote jailbreak on the latest versions of iOS (up to 9.3.4) via Safari. * 0-days (responsibly disclosed to Apple) * Malware techniques * Obfuscation and encryption techniques The technical analysis will continue and detail the software that gets installed including what it was designed to collect, which includes texts, emails, chats, calendars, and voice calls from apps including Viber, WhatsApp, Skype, SMS, iMessage, Facebook, WeChat, Viber, WhatsApp, Telegram, Vkontakte, Odnoklassniki, Line, Mail.Ru Agent, Tango, Pegasus, Kakao Talk, and more. * Application Hooking * Use of SIP for exfiltration * Historical Analysis of jailbreaks We will detail how the jailbreak techniques used by this software have changed and adapted to the changing security mechanisms added to iOS over the years. 4. Summary and conclusions

This talk presents the results of the technical analysis for the German Parliamentary Committee investigating the NSA spying scandal on geolocation methods in mobile networks.

Which data are required to localize a mobile device? Which methods can be applied to accurately assess the geolocation? How can a single drone with a flight altitude of a few kilometers determine the position of a mobile device? Which role have mobile network operators in geolocation? In my talk I will provide solid answers to these and related questions.

It is a sad fact of reality that we can no longer trust our CPUs to only run the things we want and to not have exploitable flaws. I will provide an proposal for a system to restore (some) trust in communication secrecy and system security even in this day and age without compromising too much the benefits in usability and speed modern systems provide.

CPUs have not only massively grown in complexity in the last years, they have unfortunately also spawned a slew of proprietary vendor subsystems that execute unauditable code beyond our control (TrustZone, Intel ME etc.). There are some projects attempting to mitigate this issue somewhat by running less unauditable code (Coreboot, Novena etc.), but in the long run even using those we are still at the whims of some very large corporations which can decide whether or not we still have control over the systems we own. In this talk, I propose an alternative approach to regain privacy and security on our systems. Instead of trying to fix our CPUs by reverse-engineering large amounts of proprietary blobbiness, I propose we move as much sensitive data as possible out of these compromised systems. In practice, the architecture I propose places a trusted interposer into the compromised system's display bus (LVDS, (e)DP or HDMI) that receives in-band control data containing intact ciphertext (read: PGP/OTR encoded into specially formatted RGB pixel data) and that transparently decrypts, verifies and renders the decrypted data into the pixel data stream. The resulting system looks almost identical from a user-interface perspective, but guarantees plaintext message data is never handled on the compromised host CPU while all the juicy computational power and fancy visual effects that one provides remain intact. I will outline the implementation problem areas of this approach and some possible solutions for them. I will also provide an analysis of this system from a privacy and security perspective.

After three years the EU has for the first time new Net Neutrality rules. What do they mean in practice? Which commercial practices by ISPs are allowed and which have to be punished by the telecom regulator. We give an overview about three years of campaign and where we go from here.

As part of the Savetheinternet.eu coalition, we fought hard over three years in all stages of the legislative and regulatory process to make the new Net Neutrality protections as strong as possible. We explain our tactics and goals for this campaign of 32 NGOs from 14 countries that managed to submit half a million comments to the European Regulators, BEREC. This talk focusess on the pracitcal implications of the new rules and which types of potential network discrimination are prohibited, disputed or allowed. We explain how enforcement is working in different countries and what you can do to put these new rules into practice and extinguish Net Neutrality violations by your ISP. A core component in this fight is the platform RespectMyNet.eu. Users can submit Net Neutrality violations on this website and thereby give them visibility and allow others to confirm, discuss and act upon them. As BEREC guidelines will be regurlaly reviewed this tool is of utmost importance to track the implementation of Net Neutrality rules as well as commercial practices by ISPs and mobile operators. RespectMyNet lived different lives, one of our current tasks is to make the tool and the submissions fit the new BEREC Guidelines in order to provide an easy to use and efficient tool for net neutrality activists in Europe. Let's protect the Internet as an open, free and neutral platform with the new rules the EU has given us.

tl;dr: Mother Teresa said "If I look at the mass I will never act. If I look at the one, I will." I'll present ways that make us act when looking at the mass.

Remember when we thought that data would solve all our problems? Ah, the good old days. We thought we finally found all the important problems. And all the right answers. We just forgot one important thing: The audience of data is very often....people. Irrational people. People who didn't care if Trump lied or not in the Election Year of 2016. People who know that "millions of people starve in Africa", but who want to donate for that one hungry child in Norway they saw in a TV documentary. People who read about a portfolio company and then think the whole night about becoming a farmer in Chile, like the main character of their favourite book. Stories stick, but data doesn't. Stories stick because they make us feel something; and we remember situations in which we felt intense feelings. Stories make us act; they change our beliefs. Stories make us feel warm and empathic and alive. Data doesn't make us feel anything on it’s own. Data is cold. And still, I love data, and I love to work with it. Can we create feelings with data? Away from the beaten paths of company dashboards, scientific plots and newspaper graphics? I believe it's possible. In my talk, I will showcase some ways to present data so that it sticks and makes you feel things. We'll talk about the status quo of data presentation and where we still need to go. If you like data and want to look at more of it, you should come by.

Legend has it that most airline pilots will at one time have uttered the sentence "What's it Doing now?", whenever the autopilot or one of its related systems did something unexpected. I will be exploring some high-profile accidents in which wrong expectations of automation behaviour contributed to the outcome.

"Pilot Error" is often publicly reported as "the cause" of an accident whenever a member of the flight crew did something which had consequences for the chain of events. We maintain that there is never a single cause, and every mistake a pilot may make has causes, and other factors contributing to it. We use the notion of a "necessary causal factor" to investigate the causes of accidents, and almost invariable there is a combination of both technical and human causal factors. I will look in some detail at accidents in which a combination of a technical problem, misleading or missing indications, and inappropriate (but often understandable) crew actions contributed to an accident, and also some in which unprecedented actions of the human crew turned a problem with potentially fatal consequences into a survivable accident. Automation in modern airliners has become so reliable and useful that it may be argued that it leads to a deterioration of hand-flying skills and, perhaps more importantly, of decision-making skills. Sample accident cases will include Asiana Flight 214, Spanair Flight 5022, Turkish Flight 1951, TAM Flight 3054 and others. I will also briefly touch on technical and ethical problems with self-driving vehicles highlighted by the recent Tesla crash as well as increasing automation in General Aviation and its consequences. In conclusion I will look at ways to improve safety and maintain the very high standard currently achieved in commercial aviation.

Keys Of Fury is a brutalist storytelling about technology and keystrokes where text is used unadorned and roughcast, like concrete. I define my practice as KYBDslöjd (drawing by Type In) who uses the Commodore 64 computer, Teletext technologies and Typewriter. Brutalism has an unfortunate reputation of evoking a raw dystopia and KYBDslöjd evokes an “object of nostalgia”. But nostalgic‬, ‪retro‬, obsolete or ‪limited‬ are rhetoric qualities earn by constant repetition. We live in a time where hardware and software become obsolete before most of the users have learned how to use them or disappear into pure functionality. The obedience to standards who made us passive observers and consumers.

Keys Of Fury is a brutalist storytelling about technology and keystrokes where text is used unadorned and roughcast, like concrete. I define my practice as KYBDslöjd (drawing by Type In) who uses the Commodore 64 computer, Teletext technologies and Typewriter. Brutalism has an unfortunate reputation of evoking a raw dystopia and KYBDslöjd evokes an “object of nostalgia”. But nostalgic‬, ‪retro‬, obsolete or ‪limited‬ are rhetoric qualities earn by constant repetition. We live in a time where hardware and software become obsolete before most of the users have learned how to use them or disappear into pure functionality. The obedience to standards who made us passive observers and consumers. KYBDslöjd is heavy, flat, brutal, and there is no CTRL-Z. You cannot make corrections, so any unintended strikes force you to start all over again. The screen is the canvas, use as rectilinear grid on which one keystroke at a time build a character by character animation. The remote control triggers the ghost on the television screen hiding in the vertical blanking interval (VBI) lines like REM (rapid eye movement) sleep intervals. A door to unlock the Imagination. The joy of Text-mode. KYBDslöjd is not “dead media” of the past being reanimated for individual’s self-identity and pursuits. It doesn't provide immediate satisfaction, only challenge you. It is meant to be use and not parasite. It is a dialogue of possibilities rather than an ego-trip monologue with technology.

At 32C3 we gave an overview on the organizational and technical aspects of Dieselgate that had just broken public three months before. In the last year we have learned a lot and spoken to hundreds of people. Daniel gives an update on what is known and what is still to be revealed.

As predicted at 32C3 the last year showed basically every car manufacturer has been cheating with NOx emissions. The whole regulatory scene is a chaotic and over-complex mess of copy-and-paste legislation.The legal battle reveals more of the methods and organizations involved. The political scene tries to look busy and drive clientele agendas. Daniel reports from the EU parliament, why Mayo fries VW layers in Ireland and how the Michigan Attorney General does the Braunschweig AGO’s job.

Auf der Hoaxmap werden seit vergangenem Februar Gerüchte über Geflüchtete und deren Widerlegungen gesammelt, sortiert und in Kartenform präsentiert. Die Themen sind dabei so vielfältig wie die Erzählformen.

Nach einem knappen Jahr Arbeit an der Karte wollen wir ein Zwischenfazit ziehen und einen Blick auf die Gerüchte, ihre Verbreiter*innen und deren Vorgehen werfen. Seit im Sommer des letzten Jahres die Zahl der Geflüchteten in der Bundesrepublik anstieg, sind vermehrt Gerüchte und auch Falschmeldungen über Asylbewerber*innen und Migrant*innen im Umlauf. Die Hoaxmap hat sich des Phänomens angenommen und stellt gesammelte Gerüchte und ihre Widerlegungen auf einer Karte dar. Und deren Spannbreite ist groß. Die Themen umfassen angebliche Kriminalität ebenso wie vermeintliche Sozialleistungen. Und auch ihre Form beschränkt sich nicht auf Facebook-Posts und klassische Stammtischgespräche, wie ein Blick auf die gesammelten Daten zeigt. Im Talk wollen wir außerdem der Frage nachgehen, wer die Akteure sind, die Gerüchte verbreiten oder gar erst in die Welt setzen. An Beispielen werden wir betrachten, welche politische Wirkung Gerüchte entfalten können und womöglich auch sollen. Wir möchten aber auch zeigen, wie einfach es zumindest auf technischer Ebene ist, mit Werkzeugen, die das Netz zur Verfügung stellt, gegen rassistische Zerrbilder vorzugehen.

A technical talk on how to reverse-engineer electronic control units in order to document what was left apparently intentionally undocumented by the vendor – including how Volkswagen tweaked their cycle detection code while already being investigated by the EPA, how different the Volkswagen approach is really to the rest of the industry, and of course some trivia on how the „acoustic function“ got its name.

A year ago, I showed how I pinpointed the cycle detection technique in the ECU software of a Volkswagen car. This talk will focus on the technical part of what has happened since then – how to reverse engineer an ECU, what other vendors do, what their reaction was, and putting the „isolated findings of a hacker“ into perspective. I’ll talk about data collection over CAN, understanding EGR/SCR control strategies (and how to characterize them), and how to find the needle in a 17000-element haystack (and how to understand whether it’s indeed a needle and or just a thin, cylindrical object with a sharp point at the end which legally does not represent a needle).

Mit steigendem Datenaufkommen und einer immer größer werdenden Zahl von Geräten muss auch das WLAN wachsen. Nach "ur WiFi sucks!!1!" ist dieser Talk eine kleine Einführung in die Neuerungen, welche mit dem 802.11ac-Standard gekommen sind und gibt eine Erklärung, wie sie funktionieren.

Seit 2013 der 802.11ac-Standard veröffentlicht wurde, haben die Hersteller schon viele Geräte hergestellt, welche das neue "Gigabit"-WLAN unterstützen. Aber was ist das eigentlich? Warum ist es so viel schneller? Was ist eigentlich dieses "MultiUser-MIMO" und wie funktioniert eigentlich dieses Beamforming? In diesem Talk werden alle Fragen behandelt und ein Grundverständnis über die Funktionalität und den Aufbau des Standards vermittelt. Zusätzlich schauen wir auf die praktischen Vorteile, die sich für eine WLAN-Installation bieten und was man als Hersteller bei der Entwicklung der AccessPoints falsch machen kann.

Ein Überblick zur netzpolitischen Situation in der Schweiz. Wir geben einen umfassenden Rückblick auf das ereignissreiche Jahr 2016, in dem die Schweizer Bevölkerung über gleich zwei Massenüberwachungsgesetze entschieden hat. Die netzpolitischen Gruppierungen haben mit viel Einsatz gegen die Gesetze gekämpft . Wir berichten darüber, wie wir das angengangen sind, wie es ausgegangen ist und was wir dabei gelernt haben. Zudem machen wir einen Ausblick auf kommende netzpolitische Herausforderungen.

In Sachen Netzpolitik hat sich im Jahr 2016, seit unserem letzten Vortrag zu dem Thema, viel getan. Gleich zu Beginn 2016 kam die Nachricht, dass das Referendum zum NDG erfolgreich war. Damit hat das Schweizer Stimmvolk die Chance erhalten, über das Geheimdienstgesetz (NDG) abzustimmen. Mit dem Zustandekommen des Referendums war aber erst die halbe Arbeit getan. Es galt nun der in Gang gesetzten staatlichen Propagandamaschinerie sowie einigen, insbesondere bürgerlichen, Parteien entgegenzuwirken. Die netzpolitischen Gruppierungen waren also gefragt, sich aktiv, parteipolitisch unabhängig und mit technischen Fakten in den Abstimmungskampf einzubringen. Am 25. September 2016 hat dann das Schweizer Stimmvolk über das neue Nachrichtendienstgesetz entschieden: 65% der Bevölkerung hat das gesetz angenommen, nur gerade 35 % teilten unsere Meinung. Im Frühling hat das Parlament gleich das nächste fragwürdige Gesetz verabschiedet - das revidierte Bundesgesetz betreffend die Überwachung des Post- und Fernmeldeverkehrs (BÜPF). Auch gegen dieses Gesetz hat die Schweizer Netzgemeinde, unterstützt von einer ganzen Reihe Jungparteien, umgehend das Referendum ergriffen. Das Sammeln der Unterschriften wurde diesmal aus den Räumen des CCC Zürich (CCCZH) koordiniert, da es sich abgesehen von der stark netzpolitisch verankerten Pirtatenpartei, nicht um eine parteipolitische Initiative handelte. Auch wenn das Referendum gegen das BÜPF leider nicht erfolgreich war, so haben wir bei der Zusammenarbeit mit einem gross gestreuten Kommittee, beim Sammeln auf der Strasse und dem Auszählen und bescheinigen der Unterschriften viel gelernt und somit nicht Gold, aber immerhin Silber und Bronze abgeräumt. Auch wenn mit 2016 ein - mit Bezug auf die Schweizer Netzpolitik - besonders düsters Jahr zu Ende geht, so ist für die Zukunft noch einiges ausstehend. Zum Schluss wollen wir einen kurzen Überblick geben über das was kommt. Detaillierte Erklärungen zum politischen System in der Schweiz und der (damals) aktuellen Lage haben wir im Vortrag am 32c3 gegeben: https://media.ccc.de/v/32c3-7205-netzpolitik_in_der_schweiz Im Anschluss an den Talk gibt es eine ausgedehnte Diskussions- und Fragesession zu den behandelten Themen im Raum A.1: Siehe hier: https://events.ccc.de/congress/2016/wiki/Session:Netzpolitik_in_der_Schweiz_2017

This talk will give a unique insight of what happens when consoles have been hacked already, but not all secrets are busted yet. This time we will not only focus on the Nintendo 3DS but also on the Wii U, talking about our experiences wrapping up the end of an era. We will show how we managed to exploit them in novel ways and discuss why we think that Nintendo has lost the game.

As Nintendo's latest game consoles, the 3DS and Wii U were built with security in mind. While both have since been the targets of many successful attacks, certain aspects have so far remained uncompromised, including critical hardware secrets. During this talk, we will present our latest research, which includes exploits for achieving persistent code execution capabilities and the extraction of secrets from both Wii U and 3DS. Basic knowledge of embedded systems, CPU architectures and cryptography is recommended, though we will do our best to make this talk accessible and enjoyable to all. We also recommend watching the recording of last year's C3 talk called "Console Hacking - Breaking the 3DS".

Die Netzpolitik der österreichischen Bundesregierung hat sich im Jahr 2016 nicht besser dargestellt als die Jahre davor: Neue Überwachungsgesetze, (bislang erfolgreich verhinderte) Versuche eine staatliche Spionagesoftware (Bundestrojaner) einzuführen, der ewige Kampf um ein Transparenzgesetz, eine scheinheilige Simulation demokratischer Partizipation und das totglaubte E-Voting sind brennende Themen und bedürfen einer breiten gesellschaftlichen Diskussion. Der AKVorrat zeigt in einem netzpolitischen Jahresrückblick, was wir dagegen tun können und zeigt, dass Zivilgesellschaft wirkt.

Polizeiliches Staatsschutzgesetz beschlossen, Gesetzesvorlage für die Legalisierung einer Überwachungssoftware (Bundestrojaner) eingebracht, weitreichende Überwachungsmaßnahmen neuerdings schon bei Verwaltungsübertretungen möglich etc. – die Liste der datenschutzrechtlichen und netzpolitischen Problemfälle in Österreich ist lang. Das Arbeitspensum für Aktivistinnen und Aktivisten in Österreich steigt. Auch für zivilgesellschaftliche Initiativen gilt, dass Politik das Bohren harter Bretter bedeutet. Mit einer wohldosierten Mischung aus juristischer und technischer Expertise sowie Aktionismus konnten 2016 ein paar sehr tiefe Löcher in die offizielle unausgewogene Netzpolitik Österreichs gebohrt werden. Herzstück der Aktivitäten des abgelaufenen Jahres war HEAT, das Handbuch zur Evaluation der Anti-Terror-Gesetze in Österreich. Das Ausmaß der staatlichen Eingriffe in unsere Privatsphäre und in die informationelle Selbstbestimmung lässt sich nur durch die Betrachtung der Summe aller Eingriffe richtig erfassen. Diese wichtige Erkenntnis der Notwendigkeit einer „Überwachungs-Gesamtrechnung“ wurde erstmals vom deutschen Bundesverfassungsgericht im Urteil zur Aufhebung der deutschen Vorratsdatenspeicherung im März 2010 formuliert. HEAT listet alle Überwachungsgesetze Österreichs auf, kombiniert dies mit einer Aufarbeitung der relevanten Judikatur, einer Erhebung der für Sicherheitsbehörden verfügbaren sowie der tatsächlich eingesetzten Technologien und schließlich einer ersten groben Technikfolgenabschätzung. In den Schlussfolgerungen wird daraus ein Kriterienkatalog für eine Evaluation aller Anti-Terror-Gesetze abgeleitet. Dieses „Pflichtenheft“ soll staatlichen und zivilen Organisationen helfen, überschießende und damit potentiell verfassungswidrige Überwachungsbefugnisse zu identifizieren. Mit HEAT liegt erstmals eine Anleitung vor, wie bestehende und zukünftige Gesetze mit allgemein anerkannten Grundrechten in Einklang gebracht werden können. Diese ist allgemein anwendbar und nicht nur für Österreich. HEAT ist auch die Grundlage für eine sogenannte Drittelbeschwerde, die von einem Drittel der Abgeordneten zum österreichischen Nationalrat gegen das Polizeiliche Staatsschutzgesetz beim Österreichischen Verfassungsgerichtshof eingebracht wurde.

"Smart" devices using BTLE, a mobile phone and the Internet are becoming more and more popular. We will be using mechanical and electronic hardware attacks, TLS MitM, BTLE sniffing and App decompilation to show why those devices and their manufacturers aren't always that smart after all. And that even AES128 on top of the BTLE layer doesn't have to mean "unbreakable". Our main target will be electronic locks, but the methods shown apply to many other smart devices as well...

This talk will hand you all the tools you need to go deeply into hacking smart devices. And you should! The only reason a huge bunch of these products doesn't even implement the most basic security mechanisms, might be that we don't hack them enough! We start by looking at the hardware layer, dissecting PCBs and showing which chips are usually used for building those devices. Even if the firmware is read protected they still can be used as nice devboards with unusual pheripherals - if you can't flash it, you don't own it! But you don't always have to get out your JTAG interfaces. The most simple part is intercepting an Apps communication with its servers. We show an easy Man-in-the-middle setup, which on the fly breaks the TLS encryption and lets you read and manipulate the data flowing through. This was enough to completely defeat the restrictions on a locks "share to a friend" feature and of course helps you recover your password... Understanding the API also is the best way to actually OWN your device - giving you the option to replace the vendors cloud service with an own backend. We show how this can be for example used to continue using your bike lock when the kickstarter you got it from goes bankrupt after a presentation about it's bad crypto. Just kidding, they are already notified and working on a patch. Also going for the wireless interface and sniffing BTLE isn't as difficult as it might sound. Turning a cheap 10 EUR devboard into a sniffer we show how to use Wireshark to dissect the packets going from and to the device and analyze the payload. In some cases this is all what's needed to get the secret key from a single interaction... Finally we will turn into reverse engineers, showing how to decompile an android app and analyze it's inner working or even modify it to your needs. Using this we show, that a quite popular electronic padlock indeed correctly claims to use AES128, but due to a silly key exchange mechanism we can break it by listening to a single opening command. All details of this 0-day attack will be released during the talk - the vendor has been notified in May. Last but not least we will go back for the hardware layer, showing that sometimes even simple things like magnets or shims can be used to defeat $80+ electronic locks in seconds...

Travel booking systems are among the oldest global IT infrastructures, and have changed surprisingly little since the 80s. The personal information contained in these systems is hence not well secured by today's standards. This talk shows real-world hacking risks from tracking travelers to stealing flights.

Airline reservation systems grew from mainframes with green-screen terminals to modern-looking XML/SOAP APIs to access those same mainframes. The systems lack central concepts of IT security, in particular good authentication and proper access control. We show how these weaknesses translate into disclosure of traveler's personal information and would allow several forms of fraud and theft, if left unfixed.

Transport Layer Security (TLS) 1.3 is almost here. The protocol that protects most of the Internet secure connections is getting the biggest ever revamp, and is losing a round-trip. We will explore differences between TLS 1.3 and previous versions in detail, focusing on the security improvements of the new protocol as well as some of the challenges we face around securely implementing new features such as 0-RTT resumption. At Cloudflare we will be the first to deploy TLS 1.3 on a wide scale, and we’ll be able to discuss the insights we gained while implementing and deploying this protocol.

Version 1.3 is the latest Transport Layer Security (TLS) protocol, which allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery. TLS is the S in HTTPS. A lot has changed between 1.2 (2008) and 1.3. At the a high level, 1.3 saves a round-trip, making most connections much faster to establish. We'll see how the 1.2 handshake worked, and what had to change to enable 1-RTT handshakes. But even more importantly, the 1.3 design shifted towards putting robustness first. Anything that is not strictly necessary to the main function of TLS was removed (compression, renegotiation); choices of suboptimal security aren't offered at all (static RSA, CBC, RC4, SHA1, MD5); secure, easy to implement designs are introduced or privileged (RSA-PSS, AEAD implicit nonces, full handshake signatures, Curve25519, resumption forward secrecy). We will go into the why and how of all of these. But two major trade-offs had to be made: first, 1-RTT handshakes inherently prevent the introduction of encrypted domain names (SNI). We'll see why and what can replace them to provide similar privacy. Most interestingly, 1.3 comes with 0-RTT resumption. The catch there is that the protocol itself provides no complete protection against replay attacks. We'll unpack the problem, see what mitigations are available, what the risks and attacks are and how that requires careful API design and deployment. Finally, deployment hasn't been entirely smooth. Many servers out there turned out to be intolerant to 1.3 clients. We'll see what this causes, how it was worked around, and how downgrade protection provides defense in depth. TLS 1.3 is not in the distant future. The draft is almost finalized, and at Cloudflare we developed an open source stack in Go and support the protocol in beta for all websites. Chrome Canary and Firefox Nightly implement 1.3 clients.

Sednit, a.k.a Fancy Bear/APT28/Sofacy, is a group of attackers operating since at least 2004 and whose main objective is to steal confidential information from specific targets. Over the past two years, this group's activity increased significantly, in particular with numerous attacks against foreign affairs ministries and embassies all over the world. They are supposedly behind the DNC hack, and the WADA hack, which happened earlier this year. This talk presents the results of a two-year hunt after Sednit, during which we dug up and analyzed many of their software.

Technically speaking, Sednit is probably one of the best espionage group out there. Not only have they created a complex software ecosystem -- composed of tens of different components --, but they also regularly come out with 0-day exploits. Also remarkable is their ability to very quickly integrate newly published techniques in their toolkit. In particular, we will explain how they tend to operate and we will dive into technical details of their most impressive components: - DOWNDELPH, a mysterious downloader deployed in very rare cases and with advanced persistence methods. In particular, we found a Windows bootkit dropping this component, and also a Windows rootkit, both never documented. - XTUNNEL, a network proxy tool able to transform an infected machine into a pivot to contact computers normally unreachable from the Internet. Heavily obfuscated, and based on a custom encrypted protocol, XTUNNEL is a major asset in Sednit post-infection toolkit. - XAGENT, the flagship Sednit backdoor, for which Windows, Linux and iOS versions have been developed. Built as a modular framework around a so-called "kernel", it allows to build flexible backdoors with, for example, the ability to switch between various network protocols. - SEDKIT, a full-fledged exploit-kit, which depending on the target's configuration may drop 0-day exploits or revamped exploits. And also, during our tracking, we also gained a great visibility on Sednit post-infection modus operandi, a world full of Mimikatz and various custom hacking tools.

Last year, we demonstrated Linux running on the PS4 in a lightning talk - presented on the PS4 itself. But how did we do it? In a departure from previous Console Hacking talks focusing on security, this year we're going to focus on the PS4 hardware, what makes it different from a PC, and how we reverse engineered it enough to get a full-blown Linux distro running on it, complete with 3D acceleration.

So you have an exploit. You have code execution. Great! But what do you do now? In the past, console homebrew usually focused on bringing up a development environment similar to the one used for commercial games. However, with the increasing complexity of console hardware, it's becoming impractical for a small team of hackers to create a full blown development SDK. Using leaked official SDKs is illegal. What can we do? Well, there's Linux. The PS4 is particularly great for Linux, because it is based on a modified x86 platform and a modified Radeon GPU. That means that once the basic OS port is complete, it can run existing games - even Steam games and other commercial software. But just how similar is the PS4 to a PC? Can you just throw GRUB on it and boot an Ubuntu kernel? Not quite. In this talk we'll cover the PS4 hardware and part of its software environment, and how we reverse engineered enough of it to write Linux drivers and kernel patches. We'll go over how we went from basic code execution to building a 'kexec' function that can boot into Linux from the PS4's FreeBSD-based kernel. We'll reverse engineer the PS4's special hardware, from special PCI interrupt management to the HDMI encoder. We'll dive deep into the Radeon-based GPU architecture, and we'll share some previously unreleased research and tools of interest to AMD Radeon driver developers and hackers. If you're interested in the strange world of x86 hardware that isn't quite a PC, then this talk is for you.

In this talk we will explore and present various IPv6 scanning techniques that allow attackers to peek into IPv6 networks. With the already known difference between IPv4 and IPv6 firewalling (the latter is worse... ) we then demonstrate how these techniques can be combined and used to obtain a large-scale view on the state of IPv6 in infrastructures and data centers. To give the whole issue a somewhat more fun dimension, we will also look at some (security) sensitive applications of this technique. Complimentary code-snippets will be provided.

Scanning networks is a basic tool for security researchers. Software misconfiguration like with unprotected key-value stores and software bugs like heartbleed are analyzed and investigated in the wild using scanning of networks. At least since the rise of zMap, scanning the I---Pv4---nternet has become a rather simple endeavour. When one happens to be at a conference that tends to supply 1gE or 10gE ports on the access layer, scanning the Internet can be done in 60-10 Minutes. Scanning the 2^32 possible addresses (with certain limitations) of IPv4 has become cheap. However, the small searchspace of IPv4 that makes it so scannable is also what renders it increasingly obsolete. To overcome this issue, IPv6 was designed. Along with IPv6 we receive a theoretical maximum of 2^128 different addresses. Scanning this larger space is a challenge that---so far---has been mostly approached by researchers. Specifically, not security but network measurement researchers. Their works usually focus on having access to large datasets of IPv6 addresses, the most famous ones using the access logs of a large CDN. With the average nerd lacking a small enterprise scale CDN in the basement, we set out to utilize other techniques for enumerating IPv6 that only utilizes public data sources. Following RFC7707, we found various interesting candidate techniques. Especially probing the PTR sets of IPv6 networks sounded promising. However, when implementing the techniques, we had to realize that these were not yet ready to be used on a global scale. During the last couple of months we discovered pitfalls, adjusted the tools and ran enumerations. In this talk we will present the approaches we used to enumerate IPv6. From this presentation, the average person in the audience should be able to easily implement these tools for them self---with subsequent "spasz am geraet". Furthermore, we will present anecdotes, case-studies and investigations on the data we gathered so far. This includes peeks into transit networks of large ISPs, datacenters of global cloud providers and a suprisingly high amount of things one would not expect (or hope to be) on the Internet.

Last year we have been talking about DPRK’s operating system Red Star OS and its surveillance features. We have identified a watermarking mechanism and gave an insight on the internals of the operating system itself. This year we will be talking about one of DPRK’s Tablet PCs, called Woolim.

The tablet PC contains a similar watermarking mechanism that can be used to track and prevent the distribution of unwanted media files in a more advanced and effective way. In addition, Woolim contains a remarkable hardening and jails the user to protect the integrity of the system. The tablet itself and the Apps that are preinstalled provide a rare insight into DPRK’s development in the IT sector. We will lift the fog on the internals of Woolim and provide a deep dive into the internals of the tablet PC. Over the past years DPRK released several different tablet PCs. This talk will focus on what seems to be the latest device called Woolim (울림), which is the Korean word for „echo“. It was build in late 2015 and the device is an outstanding piece of technology designed to jail users to predefined functionality and track the user's behavior. We will start by giving an introduction to the hardware specifications of the tablet. The device is equipped with a wide variety of applications. Users are able to read and create documents, watch movies, visit websites and play games. There are also a bunch of dictionaries on the device. We will give an introduction to the most interesting applications and features of the tablet. The applications that come with Woolim give a rare insight into how technology is used and distributed in DPRK. All of the applications on Woolim have been touched by DPRK, even games like Angry Birds have been modified. The features implemented to jail the user and protect the integrity of the system will also be in focus for this talk. We have published a detailed analysis of a watermarking mechanism in DPRK’s Red Star OS last year, speculating that the code in Red Star OS already contains some preparations for a far more sophisticated watermarking mechanism. We have identified such advanced mechanisms in Woolim and will give a technical insight on how they prevent distribution of unwanted media more effectively. DPRK continues to develop surveillance technology that is hidden inside consumer hardware. It’s goal seems to be to enable total control of it’s users in terms of tracking the distribution of media files and preventing unwanted information in the DPRK ecosystem. Implementing such features into smartphones or tablet PCs like Woolim allows even more effective surveillance of DPRK citizens. Therefore, we will try to shed some light on the privacy invading features of Woolim.

Der Vortrag gibt einen Abriss über die Geschichte der Parlamentsschlägerei, ordnet diese politisch und geografisch ein - um dann die verschiedenen Typen und Formen anhand von Videomaterial zu zeigen und gemeinsam zu analysieren. Die beiden Vortragenden betreiben seit 2010 gemeinsam das weltweit einzige Fachblog für Parlamentsschlägereien.

Du findest Parlamentsdebatten todlangweilig? Bei Phoenix TV schläfst du ein? Politischer Kampf klingt für dich nur nach Geschichtsbuch? Unsympathische Abgeordnete in Parlamenten wecken bei Dir Gewaltphantasien? Wir haben die Lösung für all diese Probleme: Internationale Parlaments-Schlägereien! Die beiden Vortragenden betreiben mit großer Freude ein Fachblog für diese Form der handfesten parlamentarischen Auseinandersetzung. In sieben Jahren haben sie über 100 Videos gesammelt, wie Abgeordnete raufen, schlagen, treten - und so manches Inventar zur Waffe umfunktionieren. Im kurzweiligen Abend-Vortrag geben sie einen kleinen Abriss über die Geschichte der Parlamentsschlägerei, zeigen verschiedene Typen und Formen, vergeben Preise für außergewöhnliche Leistungen - und stellen sogar die neuesten wissenschaftlichen Erkentnisse zum Thema vor. Aber keine Angst: Es bleibt unterhaltsam.

Wenn mal wieder der Zensor pinkeln war, wenn DAMIT ja wohl NIEMAND rechnen konnte, wenn es um demokratisch legitimiertes Baumanagement oder um Stahlbälle geht, dann ist es wieder an der Zeit für eine lockere Abendshow mit den High- und Lowlights des Jahres.

Lehnen Sie sich zurück, bringen Sie die Poppfolie in Stellung, tragen Sie die Schwielencreme gegen Facepalm-Blutergüsse auf der Stirn auf, brechen Sie das Popcorn an und genießen Sie die lockere Abendrevue zum Jahr 2016!

The proper relationship of technology and politics have been the subject of an evergreen debate on the floor of the Chaos Communication Congress. Rather than taking a position in this debate, we are asking how the two have been co-articulated in practice so far by CCC participants?

The proper relationship of technology and politics and thereby the percentage each covers in the Congress schedule have been the subject of an evergreen debate at the floor and in the corridors of the Chaos Communication Congress. Rather than taking a position in this debate, we are asking how the two have been co-articulated in talks so far by CCC participants? In order to answer this question, we are analysing the available titles and abstracts of Congress talks from 1984 until now. This ongoing research seeks to identify changing trends, significant outliers, apparent patterns and common threads throughout the years. We also wonder if it is possible to identify turning points in the narrative. The empirical data is contextualised by reflections on the shifting ground of technology, politics and society in the world during the long history of the CCC, as well as by qualitative reflections of attendants. We are inviting the audience to help us with the latter by joining in a follow-up discussion after the presentation.

The Common Reporting Standard is a multinational agreement signed by more than 80 nations, including all EU member states. The signatories promised to exchange bank account information on foreigners.

Paypal, a Luxembourg company, is expected to report millions of accounts to German, French, Spanish etc. tax auditors. This lecture will give an overview of the technical and legal aspects of the exchange. The Common Reporting Standard (CRS) and FATCA obligate banks to collect information from their customers and forward this information to the national tax authorities. The national tax authorities in turn forward this information to whatever country it is designated for. It is estimated that Paypal Luxembourg will report 60 million accounts in Europe. These reports will land on the desk of tax auditors which then will start asking questions to taxpayers. This talk will give an overview who is affected, what type of information will be exchanged, and what you can do about it.

Jeder weiß ungefähr was ein Mikroskop ist und vielleicht hat man auch mal davon gehört das da immernoch dran geforscht wird – Stichwort Hochauflösungsmikroskopie (Nobelpreis 2014 in Chemie). Es gibt deutlich mehr Mikroskope in der professionellen Forschung als es Teleskope gibt, deutlich mehr – und da könnte man sich jetzt fragen: "Warum sehe ich so viele Bilder von Sterne, aber kaum Mikroskopiebilder von öffentlichen Einrichtungen und Stellen?". Um diese Frage zu beantworten will ich kurz in die Welt der Hochauflösungsmikroskopie einführen und die Techniken erklären. Ein bisschen über die Community erzählen und versuchen klar zu machen, warum es hier mit der Offenheit noch etwas hapert. UND: Es soll auch mikroskopiert werden.

Ich habe die letzten 6 Jahre ein Mikroskop gebaut. Eins, dass mit Licht Dinge sehen kann unterhalb der Beugungsgrenze von Licht, in mehreren Farben, in 3D. Das Ding ist fertig – so fertig wie etwas sein kann, das man als Doktorarbeitsprojekt bezeichnet. Ich will das niemandem verkaufen, die Forschung ist Veröffentlicht, unsere Software dazu ist open source. Für mich war die Arbeit daran Eintrittskarte in eine andere Welt. Ich will erzählen was Hochauflösungsmikroskopie ist, die drei verschiedenen Ansätze dazu (PALM/STORM, STED, SIM), wie sie sich ergänzen und wie die technologische Entwicklung des 21. Jahrhunderts das erst möglich gemacht hat. Wie Techniken basierend auf Laserphysik (STED), stochastischem Blinken von Molekülen (PALM/STORM) oder schneller Fouriertransformation (SIM) uns ermöglichen tiefer in Zellen hinein zu schauen – und man sich plötzlich Gedanken darüber machen muss wie man etwas in einem Bild darstellt, dass eigentlich gar kein richtiges Bild ist, sondern ein vielschichtiges Messergebnis. Aber auch die Community in diesem Feld ist interessant. Langsam aber sicher verbreitet sich der open science Gedanke, immer mehr Software ist Quelloffen, es gibt sogar einen Jährlichen Wettbewerb für die beste Bildrekonstruktionssoftware, immer mehr Anleitungen zum Eigenbau machen die Runde, wie zum Beispiel Arduino Lösungen für Kameratimings, Laser aus Discobeleuchtungen und hier und da finden sich auch offene Daten. Trotzdem werden Mikroskope wohl nie dem Teleskop den Rang ablaufen, denn das was man als interessierter Bastler, oder auch als Profi auf diesem Gebiet, zu Hause anstellen kann ist begrenzt. Was geht will ich auf der Bühne zeigen mit kostengünstigen USB-Mikroskopen und evtl. mit einem kleinen Eigenbau.

Most of us use mobile messaging every day. We use certain apps that we chose for a number of factors, like our friends using it, good press, privacy promises, or simply their feature sets. This talk aims to enable more of us to reason about the privacy and security of messaging apps. We will try to present simple analogies translating abstract security and privacy expectations into concrete feature sets. We will illustrate these features using the the popular messaging app Threema. Our analysis of its protocol is based on our own reverse-engineering efforts and a re-implementation of the Threema protocol that we will release during the talk.

Despite its ubiquitous application and widespread acceptance, mobile instant messaging remains a complex matter and is often not understood by its users. Easy-to-use apps and security assurances by their developers suggest users a safe and private environment for conversation. At the same time, more and more apps flood the market and it is becoming increasingly difficult, even for technically-educated users, to keep track of both technological development and their own security and privacy requirements. We want to present a talk that sheds some light into technical aspects of mobile instant messaging and presents an overview of techniques and design decisions by different mobile instant messaging app developers. We aim at both technically-educated and casual users alike, trying to present simple analogies and break down complex details into understandable components. After an introduction to the mobile instant messaging world, we will dissect one of the most popular mobile instant messaging apps in Germany: Threema. It is closed-source and only superficially documented, yet widely used. We picked it for a particular design decision in its protocol, the lack of which we consider the most important flaw in competitor protocols like Signal: the use of discardable IDs in favor of phone numbers. Another interesting aspect about Threema’s protocol is its use of the NaCl library for end-to-end encryption. We have fully reverse-engineered the Threema app and can therefore analyze and present its protocol and our analysis of it in detail.

Journalists and human rights groups need to find and use verified visual evidence in order to accurately report about what’s happening in conflict zones. In the case of Syria, there are more hours of online footage online than there have been hours of conflict.

There is currently no tool that supports finding, collecting, preserving and collaboratively verifying and curating visual evidence from social media platforms: The Syrian Archive is the first to do so. In this talk, members of the Syrian Archive team will give an overview of the Syrian Archive project, explore the technical components and verification procedures, and review investigations completed using open source methodologies. Journalists and human rights groups need to find and use verified visual evidence in order to accurately report about what’s happening in conflict zones. We have currently developed an open source tool in alpha stage in collaboration with developers from Tactical Tech which collects and preserves video evidence from Youtube. We have additionally developed a unique workflow in order to verify video documentation and to conduct our investigations. By aggregating, preserving, cataloging and securing digital documentation relating to human rights violations in Syria, the Syrian Archive project helps Syrian civil society, human rights activists, media offices, journalists and lawyers increase their capacity to respond to human rights violations thorough using documentation and investigations that adhere to international standards, and using better tools to demand accountability against perpetrators of those violations. Findings from investigations have been used by Human Rights Watch, the United Nations Security Council and the Organisation for the Prevention of Chemical Weapons in their work investigating the Syrian conflict. Further, research has been cross-published by Bellingcat, an award-winning open source investigation platform and partner to the project.

Physicists are not computer scientists. But at CERN and worldwide, they need to analyze petabytes of data, efficiently. Since more than 20 years now, ROOT helps them with interactive development of analysis algorithms (in the context of the experiments' multi-gigabyte software libraries), serialization of virtually any C++ object, fast statistical and general math tools, and high quality graphics for publications. I.e. ROOT helps physicists transform data into knowledge. The presentation will introduce the life of data, the role of computing for physicists and how physicists analyze data with ROOT. It will sketch out how some of us foresee the development of data analysis given that the rest of the world all of a sudden also has big data tools: where they fit, where they don't, and what's missing.

This talk discusses the representation of Arab males in video games and the adverse effect it has on the collective political imagination. Anonymous military-aged Arab men become increasingly the exception to the laws of human rights, and become default targets for conventional and unmanned drone attacks. This devolution is seen through the lens of the changing nature of conflict through digitalization, the collapse of the nation state in Iraq and Syria, and the future of war.

In the popular video game series "Call of Duty: Modern Warfare", Arab men are consistently depicted as the mindless throngs of the indestinguishable enemy. The First Person Shooter (FPS) genre lends itself to killing enemies, usually many in the same round, but the evolution of the target went from Nazi's in Wolfenstein 3D in 1992, to targets that become increasingly comparable to Arabs and Muslims in the following years. So besides historically oriented games that focus on the combatants of World War II, most games since the 1990's begin to shift their focus to another kind of enemy--one that suspiciously looks Arab or Islamic. Even Sci-Fi epics like the Halo series, which take place may hundreds of years in the future, the enemies start taking on an exotified look and feel, and follow an obviously religious ideology that is inimical to universal peace. The smallest insignificant alien becomes a strategic risk as they become "suicide bombers" blowing themselves up before they die, expressing a sigh of cowardice before they die. In "Modern Warfare 2", something suprising happens. The Arab characters are given a little more depth and backstory, and the Arabic dialogue is the most realistic of any of the other games. It also becomes the version of the game that is most modified by users (in so-called "mods"). Hacked and converted to other versions, there is significantly a version used by Al-Qaeda for recruitment purposes. The production company responsible, Infinity Ward, later had its two chief developers and founders fired under mysterious circumstances. As a researcher on radical Islamic thought, over the years I have collected some materials about video games and their uses for recruitment and ideological training on the Jihadist side. What I would like to do for 33C3 is show versions of the modded games parrallel to the originals in a face-off setting, and give a lecture about the background to these games. I will explore stories of recruitment from American soldiers, and how these games factored into their decision to join the U.S. military. Through the digital realm, I will propose a new framework for understanding the so-called Huntingtonian "Clash of Civilizations"--where very recent cultural artifacts become automatic motivations. As a drone operator sees the pixelation of a real Arab male on the screen, it is an image he's shot at in the virtual domain over and over again since he was a child. The Arab male has devolved from being a human being (in the way that women or children, or caucasian males are) to being mere fodder, a natural target where you simply just shoot.

Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick!

To get involved and learn more about what is happening please visit the Lightning Talks Wikipage.

The Anthropocene is widely understood to mean the current "period of Earth's history during which humans have a decisive influence on the state, dynamics and future" of this planet. For several years, scientists in the Working Group on the 'Anthropocene' (AWG) have worked (and voted!) on defining the beginning of the Anthropocene in geochemical terms. The mid-20^th century provides an obvious geochemical 'timestamp': fallout from nuclear weapons detonations. Which other chemicals and timestamps are being considered for marking the Anthropocene's start? How is 'define-by-committee' even working out for geological epochs? This talk boils the scientific background of the Anthropocene debate down for non-stratigraphers.

Stratigraphers are geologists, who focus on sediment, rock or ice layers, etc. These 'strata' form by deposition of organic or inorganic material (such as microorganisms or volcanic ash) and provide a records of the history of our planet's surface. Because gas bubbles, isotopes, etc. are captured in the strata, scientists can analyse the geochemistry of the past, date certain events, and more. That kind of data ultimately underlies xkcd's recent 'Earth Temperature Timeline'. Direct measurements of geochemical signals such as atmospheric CO₂ concentration and ocean pH started only in the mid-20^th century.

Besides the Intergovernmental Panel on Climate Change, the AWG is possibly the most diverse scientific committee with most public attention currently. Therefore, defining the Anthropocene is a multi-disciplinary, collaborative scientific effort, as well as an inherently political statement. This talk will explain why.

In this lecture I wish to reflect on the maturation of the security and hacking communities and their role in larger societal and political participation. We'll reflect on the predominant role that technology has been growing into our lives, and the responsibilities we have in nurturing it. After having spent the last years in researching, exposing, and preventing the electronic targeting of dissidents and journalists, I hope to synthesize my experience and suggest how to reconsider our tactics, the successes, and the failures, and hopefully draw some inspiration for a brighter future.

Computer systems were destined for a global cultural and economic revolution that the hacker community anticipated. We saw the potential, we saw it coming. And while we enjoyed the little time of reckless banditism, playing cowboys of the early interconnected age, we also soon welcomed the public realization that we were right all along, that information technology was going to change everything, and that information security was critical. Now, the Internet governs our lives. Success always comes with strings attached. The Internet morphed with us. Once an unexplored space we were wandering in solitude, now it has become a marketplace for goods, *the* vehicle for communication, as well as an instrument for control, and a field for battle. We learned the many ways it was abused and broken. We learned the stories of those who were victims of the shortcomings of computer and network systems, and we realized how often and brutally they were turned into means of persecution against those who struggle for free speech and democracy around the world. In this lecture I wish to reflect on the maturation of the security and hacking communities and their role in larger societal and political participation. We'll reflect on the predominant role that technology has been growing into our lives, and the responsibilities we have in nurturing it. After having spent the last years in researching, exposing, and preventing the electronic targeting of dissidents and journalists, I hope to synthesize my experience and suggest how to reconsider our tactics, the successes, and the failures, and hopefully draw some inspiration for a brighter future.

Engaging universally available deep debug functionality of modern Intel cores, with zero software or hardware modifications required on the target side.

Our research team at Positive Technologies has discovered a way to engage the advanced debug machinery on modern Intel cores. This advanced machinery can be employed to exercise deep control of the running system across all execution modes using merely a USB port connection, with zero software or hardware modifications required on the target side. It goes without saying that such functionality carries profound security implications.

Applied IT security is largely a science-free field. The IT-Security industry is selling a range of products with often very questionable and sometimes outright ridiculous claims. Yet it's widely accepted practice among users and companies that protection with security appliances, antivirus products and firewalls is a necessity. There are no rigorous scientific studies that try to evaluate the effectiveness of most security products or strategies. Evidence-based IT security could provide a way out of the security nihilism that's often dominating the debate – however it doesn't exist yet.

From Next-Generation APT-Defense to Machine Learning and Artificial Intelligence: The promises of IT security product vendors are often bold. Some marketing promises are simply impossible, because they violate a fundamental theorem of computer science, the halting problem. Many IT security professionals are skeptical of security appliances, antivirus software and other IT security products and call them snake oil. Furthermore security products often have security vulnerabilities themselves, which has lately been shown by the impressive work done by Tavis Ormandy from Google's Project Zero. When there's disagreement about the effectiveness of an approach then rational people should ask for scientific evidence. However, surprisingly this evidence largely doesn't exist. While there obviously is a lot of scientific research in IT security it rarely tries to answer practical questions most relevant to users. Decisions are made in an ad-hoc way and are usually based on opinions rather than rigorous scientific evidence. It is quite ironic that given the medical analogies this field likes to use (viruses, infections etc.), nobody is looking how medicine solves these problems. The gold standard of scientific evidence in medicine (and many other fields) is to do randomized controlled trials (RCTs) and meta-analyses of those trials. An RCT divides patients in groups and a treatment – for example a new drug – is compared against a placebo treatment or against the current best practice. Single trials are usually not considered sufficient, therefore meta-analyses pool together the results of all trials done on a particular question. There's no reason RCTs couldn't be applied to the question whether a particular security product works. Evidence-based medicine is undoubtedly the right approach, but these methods aren't without problems. Publication Bias skews results, many studies cannot be replicated and the scientific publishing and career system is often supporting poor scientific practices. But this doesn't question the scientific approach itself, it just means that more rigorous scientific practices need to be implemented. Unfortunately, in the few cases where controlled studies are done in the Infosec world they often suffer from the most basic methodological problems like being underpowered (too few participants), never being independently replicated or not measuring relevant outcomes. (There are a few studies on password security and similar questions.) Applying rigorous science to IT security could provide a way out of the security nihilism that dominates the debate so often these days - “Everything is broken, everyone's going to get hacked eventually”. And by learning from other fields Evidence-Based IT Security could skip the flaws that rife other fields of science.

More and more businesses are moving away from monolithic servers and turning to event-driven microservices powered by cloud function providers like AWS Lambda. So, how do we hack in to a server that only exists for 60 milliseconds?

This talk will show novel attack vectors using cloud event sources, exploitabilities in common server-less patterns and frameworks, abuse of undocumented features in AWS Lambda for persistent malware injection, identifying valuable targets for pilfering, and, of course, how to exfiltrate juicy data out of a secure Virtual Private Cloud.

This talk will be the first public anatomy of an attack on a server-less application deployed to AWS Lambda and AWS API Gateway. It'll be useful for any application developer looking to build a server-less application, and for any hacker who's come up against this interesting new class of application.

First, we'll take a look at the current state of server-less architectures and show some common deployment patterns and how they're used in production, comparing the advantages and trade offs against traditional monolithic servers.

Next, we'll explore the attack surface of a server-less application, showing that where Satan closes a door, he opens a window. Using exploitables in common server-less patterns, we'll use cloud event sources as a vector for delivering our obfuscated payload.

Then, we'll use some undocumented features in AWS Lambda to persist our malware, explore the Lambda environment looking for secret keys and other buried treasures, and pillage a remote database.

Finally, we'll use a few more tricks to sneak out of the VPC with our precious data in tow! And, of course, we'll tidy up after ourselves leaving the DevOps team none-the-wiser.

Secure random number generators play a crucial role in the wider security ecosystem. In the absence of a dedicated hardware True Random Number Generator (TRNG), computer systems have to resort to a software (cryptographically secure) Pseudo-Random Number Generator (CSPRNG). Since the (secure) design of a CSPRNG is an involved and complicated effort and since randomness is such a security-critical resource, many operating systems provide a CSPRNG as a core system service and many popular security software products assume their presence. The constraints imposed by the embedded world, however, pose a variety of unique challenges to proper OS (CS)PRNG design and implementation which have historically resulted in security failures. In this talk we will discuss these challenges, how they affect the quality of (CS)PRNGs in embedded operating systems and illustrate our arguments by means of the first public analysis of the OS random number generators of several popular embedded operating systems.

Randomness is a fundamental, security-critical resource in the wider security ecosystem utilized by everything from cryptographic software (eg. key and nonce generation) to exploit mitigations (eg. ASLR and stack canary generation). Ideally secure random number generation is done using a dedicated hardware True Random Number Generator (TRNG) collecting entropy from physical processes such as radioactive decay or shot noise. TRNGs, however, are both relatively slow in their provision of random data and often too expensive to integrate in a system which means computer systems have to resort to a software (cryptographically secure) Pseudo-Random Number Generator (CSPRNG). Such a CSPRNG is seeded (both initially and continuously) from a variety of sources of 'true' entropy which are effectively stretched into additional pseudo-random data using cryptographic methods. Since the design and implementation of such CSPRNGs is a complicated and involved effort, many operating systems provide one as a system service (eg. /dev/(u)random on UNIX-like systems) and as a result many security software suites assume their existence. The embedded world, however, poses a variety of unique challenges (resulting from constraints and deployment scenarios, which differ significantly from the general-purpose world) when designing and implementing (CS)PRNGs. Resulting inadequacies in embedded OS random number generators have led to various security failures in the past (from weak cryptographic keys in network devices to broken exploit mitigations in smartphones) emphasizing the need for public scrutiny of their security, especially considering the nature of embedded system deployments (in everything from vehicles and critical infrastructure to networking equipment) and the sheer variety of ebmedded operating systems compared to the general-purpose world. In this talk we will discuss various challenges posed by the embedded world to (CS)PRNG design and implementation and illustrate our arguments by means of the first public analysis of the OS random number generators of several popular embedded operating systems and a discussion of how their flaws related to these previously identified challenges.

Der neue Straftatbestand der Datenhehlerei gem. § 202d StGB kriminalisiert Whistleblower und droht mit Haftstrafe bis zu drei Jahren oder Geldstrafe. Das schwächt die Zivilgesellschaft und verhindert wichtige demokratische Aufklärungsprozesse.

Im Dezember 2015 hat der Bundestag mit dem Gesetz zur Vorratsdatenspeicherung auch von der Öffentlichkeit zunächst unbemerkt die „Datenhehlerei“ unter Strafe gestellt und den § 202d StGB erlassen. Der Straftatbestand soll nach Ansicht des Gesetzgebers eine Lücke im Bereich der Cyber-Kriminalität schließen und den Verkauf von rechtswidrig erlangen Daten erfassen, mit denen typischerweise von den Käufern Straftaten begangen werden. Hier geht es z. B. um den illegalen Handel mit Kreditkartendaten, Bankverbindungen und Log-In-Daten für Onlineshops. Das ist zunächst mal durchaus akzeptabel. Die Strafbarkeit beschränkt sich jedoch nicht auf diese Fälle. Denn auch Whistleblower sind von der neuen Regelung betroffen. Strafbar macht sich nämlich durchaus auch, wer rechtswidrig erlangte Daten weitergibt, an deren Veröffentlichung die Allgemeinheit ein überaus großes Interesse hat. Das aber schadet dem demokratischen Gemeinwesen und verhindert die Aufklärung von gesellschaftlichen Missständen.

Aus ihrem Buch „Von Kaffeeriechern, Abtrittanbietern und Fischbeinreißern – Berufe aus vergangenen Zeiten“: es geht darin um Berufe, die einfach verschwunden sind, deren Bezeichnung bereits in Bedeutungslosigkeit versunken sind. Aber was machte z.B. ein Kaffeeriecher? Er war kein Hipster-Barista, sondern ein Auswuchs der Politik von Friedrich II.: durch den Schmuggel von Kaffeebohnen sah sich Friedrich II genötigt, ausgediente Kriegsveteranen durch Berlin zu schicken. Sie durften in die Häuser der Bürger eindringen, um unversteuerten Kaffee aufzufinden. Sie verletzten dabei die Privatsphäre und schnüffelten buchstäblich nach einem Vergehen. Anders als die Überwachung im Netz heute waren sie laut und derb und nicht unsichtbar. Den Bürgern waren sie so verhasst, dass sie sich gegen sie aufbäumten. Nach nur acht Jahre war der Spuk vorbei, die Kaffeeriecher wurden durch Protest des Volkes ausrangiert. Wäre es heute nur so einfach. Akribisch nach Fakten, Formen und Verbindungen suchend, entstand auch die Auftragsarbeit „Altes Handwerk“ , für die Stiftung Preußischer Kulturbesitz: ein Jahr lang wühlte Michaela Vieser in den Archiven des BPK: zum Teil lagen die Bilder in einer alten Kegelbahn in einem Offizierskasino in Charlottenburg. Die Fotografien stammen aus einer Zeit, als der Fotograf selbst noch Handwerker war. Anhand der Bilder lassen sich Ästhetik und Funktionalität des neuen Berufes klar erkennen. Das Buch wurde gemeinsam in einem Interview mit dem Bundesarbeitsminister im Radio vorgestellt, es war über zwei Jahre lang das wichtigste Buch des Verlags Braun editions. Im Folgewerk „Das Zeitalter der Maschinen – Von der Industrialisierung des Lebens“ geht es um den Übergang in die Industrielle Revolution: „Die Zeit“ schreibt: „Seit der Industrialisierung bestimmen Maschinen unseren Alltag – damals waren sie aus Eisen und Stahl, und manche überlebensgroß. Heute denken wir über die winzigen Chips schon gar nicht mehr nach, die Smartphones oder Autos steuern. Doch damals revolutionierten die Maschinen nicht nur die Wirtschaft, sondern das ganze Leben. Ein neuer Bildband vermittelt einen Eindruck davon, wie sehr.“ Michaela Vieser zieht im Vorwort die Parallele zur Digitalen Revolution.

The 2016 U.S. presidential election was preceded by unprecedented cyberattacks and produced a result that surprised many people in the U.S. and abroad. Was it hacked? To find out, we teamed up with scientists and lawyers from around the country—and a presidential candidate—to initiate the first presidential election recounts motivated primarily by e-voting security concerns. In this talk, we will explain how the recounts took place, what we learned about the integrity of the election, and what needs to change to ensure that future U.S. elections are secure.

Inspired by a long history of bold reality hacks this talk considers the kinds of potentials opening up through emerging Virtual Reality (VR) and Mixed Reality technologies. In this current moment of climate crisis and structural metamorphosis how can we work with powerful immersive technologies to understand our own perceptual systems, to radically communicate and to innovate new ways of being together?

Our physical body and the spaces we inhabit seem very real, but what is this sense of reality – of presence in the world – and is it simply a story told to us by our brain, a neural fiction? Just over a decade ago, neuroscientists at Princeton discovered the ‘rubber hand illusion’, a way of persuading the brain to incorporate a fake hand into its internal body image, so that the fake hand became a felt part of the body. Since then, scientists and virtual reality experts have developed ‘full body’ illusions showing how our attachment to our whole body is somehow provisional and flexible. The talk will consider these strange findings and what potentials are emerging through creative VR projects. I will discuss my own work with Virtual Reality, which investigates how immersive audio, visual, touch and haptic environments enable us to "slip our moorings" and experience transformed relationships to our environment, to other people and to our own bodies. I’ll describe the interdisciplinary experimentation undertaken in the Sackler Centre's Labs and the development of visual technologies and multi-sensory techniques that invite audiences to investigate the architecture of their own subjective experience for themselves. Our understanding of what it is to be human is undergoing a dramatic seachange: a biological, embodied, emotional and fundamentally social understanding of human subjectivity is emerging across disciplines. These powerful immersive technologies and techniques for hacking the human sensory system have uses beyond entertainment. This session will end by outlining some ways ahead for creatively working with this tech to bring us into deeper relationship with the systems we live in and distant ecosystems, other people and the vital feelings of our own bodies.

Mit dem Erstarken der Rechtspopulisten (nicht nur in Deutschland) werden populistische Positionen immer häufiger hingenommen, obwohl es sich dabei um vermeintliche "Gewissenheiten" handelt, die bei näherer Betrachtung inakzeptabel sind. Solche Positionen beruhen nicht auf einer nachvollziehbaren Argumentation, sondern auf sprachlich-rhetorischen Tricks, die im Grunde leicht zu durchschauen sind, denen jedoch immer mehr Menschen auf den Leim gehen. Dieser Vortrag soll zeigen, welche Tricks das sind und wie Populisten demaskiert werden können. Dabei wird deutlich werden, dass nicht nur eine Partei für populistische Parolen anfällig ist.

Populismus besteht darin, einfache politische "Gewissheiten" zu vertreten, die leicht Anhänger finden (also populär sind). Statt diese Positionen argumentativ zu untermauern, was oft gar nicht möglich oder zumindest wenig überzeugend ist, wird oft mit Stereotypisierungen und Scheinargumenten gearbeitet. Oft verweisen Populisten auf das "Recht des Stärkeren" (der Mehrheit) und stellen das als "demokratisch" dar, obwohl der Minderheitenschutz ein wesentliches Merkmal demokratischer Systeme ist. Gleichzeitig wird eine Minderheit zum Sündenbock gemacht. Eine populistische Forderung wird sprachlich oft auf eine einfache Formel gebracht ("Obergrenze", "Kinder statt Inder", "Flüchtlingswelle", "Leistung muss sich wieder lohnen" usw.), wobei oft mit bestimmten Tricks gearbeitet wird, z.B. mit Unterstellungen (genauer: Präsuppositionen bzw. Implikaturen) und framing (Einordnung in einen größeren, möglicherweise unpassenden Zusammenhang). Sich auf populistische Scheinargumentationen einzulassen, ist gefährlich, weil damit oft unbewusst unhaltbare Positionen, auf denen die Argumentation beruht (z.B. ein bestimmtes framing), hingenommen und nicht mehr hinterfragt werden.

EU copyright reform plans threaten freedom of expression: Commissioner Günther Oettinger wants to make sharing even the tiniest snippets of news content subject to costly licensing, and obligate internet platforms to monitor all user uploads. We can still stop these proposals – if you join the fight now.

Two years ago, I laid out the urgent need for EU copyright reform at 31c3. Now the reform proposal is finally on the table – but Commissioner Oettinger has let big business interests hijack it. Instead of updating copyright law to better fit the digital age, he wants to try to use it to make the internet fit the established business models of analogue industry giants: • The link is under attack: Extra copyright for news sites would make most ways of sharing even 20-year-old news articles illegal without a license. Website owners, news aggregators, social networks, curation/bookmarking apps, „read later“ services, etc. would need to pay news sites for linking to with even the shortest of teaser snippets. • Internet platforms would be obligated to scan all user uploads for copyright infringements – a huge burden on community projects like Wikipedia as well as EU startups. Because robots are bad at evaluating when copyright exceptions apply, lots of legal works would be taken down. • The new copyright exception for text and data mining would restrict the freedom to do so to public institutions. Hackers and amateur scientists would be left out in the cold. • The proposals leave discriminatory geoblocking and restrictions on the freedom of panorama here to stay. We must stop these proposals from harming the internet. I’ll lay out how you can help.

How to get USB running on an ARM microcontroller that has no built in USB hardware. We'll cover electrical requirements, pin assignments, and microcontroller considerations, then move all the way up the stack to creating a bidirectional USB HID communications layer entirely in software.

USB is amazing. It's hot-pluggable, auto-negotiating, and reasonably fast. It's robust, capable of supplying power, and works cross-platform. It lives up to the “Universal” claim: your PC definitely has USB, but it may not have TTL Serial, I2C, or SPI available. Hardware USB support is available in all manner of embedded microcontrollers. However it's not available on all microcontrollers, and integrating a hardware USB PHY can double the cost of a low-end microcontroller. This problem is particularly acute in the sub-$1 microcontrollers: a companion USB PHY chip would typically cost more than the microcontroller (example: the MAX3420E USB-to-SPI adapter costs around $5), so your only option for USB is to get your hands dirty and bit bang the missing protocol. This talk describes the implementation of a new bitbanged USB stack, starting with a primer on the USB PHY layer and continuing up the stack, concluding with "Palawan", a feature-complete open-source bitbanged USB Low Speed stack available for use on microcontrollers priced for under a dollar. We'll go over requirements for getting USB to work, as well as talking about USB timing, packet order, and how to integrate everything together. Unlike other bitbang USB implementations such as V-USB and LemcUSB, Palawan makes fewer assumptions about GPIO layout. With Palawan, USB's D+ and D- signals can be on different GPIO banks, and need not be consecutive. By doing so, more pins are available to the user, making it easier to use with devices that have special restrictions on what pins can do what. The only requirements are that both GPIO pins can be both inputs and push-pull outputs, and that at least one pin can be used as an interrupt. Palawan also includes a USB HID firmware update mechanism to allow for updates to be installed even on platforms that normally require USB drivers. As a protocol, USB comes in multiple speeds. The base speeds are called Full Speed and Low Speed -- FS and LS respectively. FS runs at 12 Mbps, and LS runs at 1.5 Mbps. LS is more restricted in scope than FS. It limits packet data payload size to 8 bytes (down from 64), and only allows Control or Interrupt endpoints (so no Bulk or Isochronous endpoints). While it's true that this limits the total possible features we can implement, it means that the job of implementing them in software becomes simpler. Limiting communications to 8-bytes of payload data also significantly lowers memory requirements. The core USB PHY layer consists of two functions: USBPhyRead() and USBPhyWrite(). These functions transparently take care of bit stuffing and unstuffing, where long runs of data have a transition period inserted. They also take care of synchronizing reception to the incoming signal, as well as interpreting SE0 end sequences, recognizing USB keepalive packets, and adding the USB SE0 footer. This particular implementation takes care to ensure incoming packets are presented in the correct endianness, as USB packets are transmitted with the most significant byte first. Since the PHY code is written using cycle-counting, it must be run from memory that is cycle-accurate. The Kinetis parts we used for testing have variable-cycle flash, so we must first copy the data into RAM and execute from there. Fortunately, gcc makes it easy to put executable code in the .data section, and automatically generates calls to RAM. The core of the USB PHY layer is written in Thumb2 assembly for an ARM Cortex M0+ using ARMv6m. This is an extremely limited subset of ARM code that removes lots of fun stuff like conditional execution, different source and destination registers in opcodes, as well as DSP instructions. As a tradeoff, most instructions complete in one cycle, with the notable exceptions of branches (which are two cycles if taken) and loads/stores (which are two cycles unless it involves single-cycle IO). USB is 1.5 Mbit/s, and at 48 MHz that gives us 32 cycles to write the data out two ports, calculate bit [un]stuffing, check for end-of-packet, and load the next chunk of data for writing. The the USB PHY layer makes the following assumptions: + The controller is a 48 MHz Cortex M0+ with associated two-stage pipeline + GPIO is single-cycle access (sometimes referred to as Fast GPIO or FGPIO) + GPIO has separate "Set Value" and "Clear Value" banks. + GPIO pin direction register is 1 for output, 0 for input + Code is executing from single-cycle access memory, meaning it may need to execute from RAM Despite these limitations, this code has been ported to two different Freescale/NXP Kinetis parts under a variety of operating systems. These assumptions aren't terribly restrictive, meaning this core could easily be ported to other M0+ implementations. Other bit-banged USB implementations make assumptions that were not useful for our implementation. V-USB impressively works on an AVR microcontroller across a range of frequencies, but it is the wrong architecture and uses special timer modes unavailable on ARM. LemcUSB is conceptually similar to Palawan and is available for other M0+ chips, and in fact can run at a lower clock speed of 24 MHz. However, LemcUSB requires that D+ and D- be on a GPIO bank's pins 0 and 1 respectively, which is not available on all chips, or may conflict with the SWD pins. Additionally, the M0+ ISA has no instruction for reversing word order, so LemcUSB's low-level PHY functions return data reversed. Palawan takes care to load bits in the correct order, saving a step when examining the packet. Our sample implementation is accompanied by a bootloader that provides a USB HID communication. This allows for driver-free firmware updates even on Windows, which normally requires a signed driver installation. This USB HID code can act as a keyboard, but is also bidirectional, and is capable of allowing for firmware upload to the device. While there are bootloader HID implementations from companies such as NXP and Microchip, we are unaware of any general-purpose open-source USB HID bootloader created with the intention of providing firmware updates.

Blockchain ist die Technologie welche moderne Kryptowährungen ermöglicht. In dem Vortrag wird die Funktionsweise von Blockchains ganz allgemein erklärt. Anhand der Bitcoin Blockchain wird ausserdem gezeigt, wie diese Funktionen in einem echten System umgesetzt werden können.

Blockchain ist die Technologie hinter Bitcoin. Sie macht Kryptowährungen überhaupt erst möglich und die meisten Vorgänge moderner Kryptowährungen können anhand der jeweiligen Blockchain aufgezeigt und erklärt werden. Der Vortrag gibt eine Einführung zu Blockchains. Es wird gezeigt, was Blockchains bezwecken sollen und wie sie das erreichen. Die Grundlegenden Eigenschaften werden anhand eines abstrakten Modells erklärt:

• Wie wird ein Konsens etabliert
• Wie schützen Blockchains vor doublespending
• Wie schützen Blockchains vor Angriffen auf einzelne Teilnehmer des P2P Netzwerkes
• Was ist ein Proof of work und welche Rolle spielt er für die Sicherheit
• Wie kann der Zustand effizient an alle Teilnehmer verteilt werden

Germany has a good reputation for strong data protection. It also features the only parliamentary inquiry committee investigating the Snowden revelations. But what are actual results of parliamentary, journalistic and public engagement?

What did we learn from 3 years of debate on secret service surveillance? What did the the inquiry committee find out? What are political consequences? Is Germany really a desirable role model in the anti-surveillance movement? Or at least efficiently controlling its own secret services? We’ll provide answers. They might change your perception of how Germany deals with the fundamental right to privacy. The speakers work for netzpolitik.org, the leading news outlet on digital rights in Germany. They have published many classified documents on surveillance, dodged treason-charges, and live-transcribe every hearing of the parliamentary inquiry committee on mass surveillance, totaling over 3.000 pages of text.

Refugees are dying in the Mediterranean Sea. Thousands of them. We are building fixed wing drones, autonomously searching for refugee-vessels in a radius of 50km around a base-ship. The association "Seawatch e.V." has bought two well equipped Ships to help and rescue those people. But to help them we first have to find them.

CCC-Berlin and "Sea Watch e.V." are working together to use high tech for humanitarian projects. In this talk we will explain the situation in the Mediterranean Sea and show possibilities to help refugees in mortal danger with high tech. We will present a smartphone app for organising the multidimensional chaos in the Mediterranean Sea and we explain in depth, how the development of the drones is proceeding, what already works and which challenges are still waiting. After some deliberation, we reluctantly decided to give this talk in German since we have a lot to show and talk about within a constrained time window. However, live translation services should be available via streaming (or DECT) so our international guests can participate. Of course, questions asked in English are welcome as well.

Yosys is a free and open source Verilog synthesis tool and more. It gained prominence last year because of its role as synthesis tool in the Project IceStorm FOSS Verilog-to-bitstream flow for iCE40 FPGAs. This presentation however dives into the Yosys-SMTBMC formal verification flow that can be used for verifying formal properties using bounded model checks and/or temporal induction.

Yosys is a free and open source Verilog synthesis tool and more. It gained prominence last year because of its role as synthesis tool in the Project IceStorm FOSS Verilog-to-bitstream flow for iCE40 FPGAs. This presentation however dives into the Yosys-SMTBMC formal verification flow that can be used for verifying formal properties using bounded model checks and/or temporal induction. Unlike FPGA synthesis, there are no free-to-use formal verification tools available and licenses for commercial tools cost far more than most hobbyists or even small design companies can afford. While IceStorm was the first complete free-as-in-free-speech synthesis tool-chain, Yosys-SMTBMC is the first free Verilog verification flow for any definition of the word "free". Because of the prohibiting pricing of commercial tools it can be expected that most audience members never had a chance to work with formal verification tools. Therefore a large portion of the presentation is dedicated to introducing basic concepts related to formal verification of digital designs and discussing small code examples.

We didn’t win the second crypto wars. Governments merely made a strategic retreat and they’ll be back. Although they will likely give up on trying to regulate or prohibit encryption, we should expect that malware and law enforcement hacking will play a starring role in the next battle in the crypto wars.

In a world where encryption is increasingly the norm, the cops aren’t going to give up and go home. No, they’ll target our scarily insecure mobile devices and computers. How did we get here, what's going on, and what can we do to stop it? Come to this talk to find out. For more than fifteen years, the FBI has had a dedicated hacking team. Until recently, this team’s hacking operations were shrouded in near-complete secrecy. That is slowly starting to change. And while we still don’t know a lot, what we have learned is alarming. For example, in order to deliver malware, the FBI has impersonated journalists and engaged in bulk-hacking operations that targeted users of legitimate communications services (TorMail). As the next crypto wars unfold in Washington, London and Brussels, we should expect to see law enforcement hacking play a central role in the debate. With the mass, default adoption of full disk encryption storage and end-to-end encryption for communications, law enforcement agencies will no doubt struggle to acquire data that has traditionally been easy for them to get. This will likely result in two significant policy shifts – first, it will force law enforcement hacking out of the shadows, and second, it will cause hacking tools to trickle down from elite, well-resourced federal law enforcement units to regional and local cops, who are most impacted by encryption, the least technically sophisticated and the most likely to abuse hacking tools. If a world in which the FBI hacks is scary, just wait until local police departments are doing it too. We must stop the spread of hacking as a law enforcement tool, before it is too late.

On June 9, 2013, Edward Snowden revealed massive civil rights abuses by the NSA. On June 10, Snowden didn’t know where to hide.

Snowden’s revelations had started the greatest intelligence man hunt in history. The entire US secret service apparatus was looking for the American Whistleblower. Every policeman in Hong Kong was on the lookout. And hundreds of journalists were flooding the city to find the man who shocked the world. No one could find him. On June 23, Snowden boarded a plane to Moscow. In the two weeks before that, he had simply been invisible. For three years, these two weeks have been unexplained. Then, investigative journalist Sönke Iwersen from the German newspaper Handelsblatt filled in the gaps. Today, Sönke will present the people who kept Snowden alive: rights lawyer Robert Tibbo, who is coming from Hong Kong to Hamburg to join us on stage. Ajith, a former soldier from Sri Lanka. Vanessa, a domestic helper from the Philippines. And Nadeeka and Supun, a refugee couple in Hong Kong. Without any preparations, these five men and women were given an almost impossible task: Hide the most wanted man alive. This hour at 33c3 will tell how they succeeded. You will learn about Snowden’s days in hiding, the human rights situation for refugees in Hong Kong, and how you can help both Snowden and the refugees who saved his life. Also, you will hear the latest news on Edward Snowden himself. Lena Rohrbach from Amnesty International will tell you about the Pardon Snowden Campaign and how you can participate. Time is running out!

Many web sites allow users to log in with their Facebook or Google account. This so-called Web single sign-on (SSO) often uses the standard protocols OAuth and OpenID Connect. How secure are these protocols? What can go wrong?

OAuth and OpenID Connect do not protect your privacy at all, i.e., your identity provider (e.g., Facebook or Google) can always track, where you log in. Mozilla tried to create an authentication protocol that aimed to prevent tracking: BrowserID (a.k.a. Persona). Did their proposition really solve the privacy issue? What are the lessons learned and can we do better?

Most ordinary web users have accounts at (at least) one of the big players in the web: Facebook, Google, Microsoft (Hotmail, Live), or even Yahoo. Also, many of these users are always logged in at some web sites of these companies. For web sites by other parties, it seems convenient to just re-use this already established authentication: They do not need to annoy the user with registration and login, and these web sites also do not need to maintain and protect an authentication database on their own. This is where SSO protocols come into play -- most times OAuth 2.0 or OpenID Connect. Both protocols have in common that they even require that the identity providers track where users log in. The only attempt so far, that tried to do better to protect the user's privacy, is Mozilla's BrowserID (a.k.a. Persona).

We have analyzed these SSO protocols and discovered various critical attacks that break the security of all three protocols and also break the privacy promise of BrowserID. In our research, however, we aim to get positive security proofs for such SSO systems: We will discuss fixes and redesigns and whether it is possible to create a secure and privacy-respecting SSO.

Contents of the talk:

• How do OAuth, OpenID Connect, and BrowserID protocols work?
• Attacks on these protocols!
• Can we make SSO great again?

Instant money transfer, globally without borders and 24/7. That’s one of the promises of Bitcoin. But how does national and international money transfer work in the world of banks?

I moved from the world of Bitcoin and blockchain to the world of domestic and international payments at banks. I had a lot of questions and managed to get my job moving in the place where I can learn how those things work and to get answers. In this presentation, I’m going to share what I’ve learned and I’ll help you understand something about the current payment systems that exist in the world.

The topics I’ll bring are going to present some answers to the following questions:

• How do banks communicate?
• Why does a payment between two banks take longer than a payment within a single bank?
• Where is the money when it’s debited from my account, but not yet in the beneficiary account?
• Why are international payment so expensive?
• We can do instant payments with credit cards, how come normal bank transfer aren’t instant?

2016 has been marked by major shifts in political policy towards the Internet in Turkey and Thailand, a renegotiation of the responsibilities of content platforms in the west, and a continued struggle for control over the Internet around the world. Turbulent times, indeed. In this session, we'll survey what's changed in Internet surveillance and censorship in the last year, and provide context for the major changes affecting the net today.

The good news is the community ability to monitor and act as a watchdog on policy changes is continuing to develop. The Open Observatory effort has set its sights on monitoring country policy, the US Department of State has called for proposals in the area infusing additional money, and groups like Access Now and Great Fire are working on regular measurement of services and access technologies. As we move from an Internet regulated by DPI and technical controls to one dominated by mobile applications and legal regulations on companies, our ability to argue for policy change from an accurate factual basis is critical for advocacy and our continued right to expression. This session will arm you with an updated set of facts for your discussions in the coming year.

When thinking about surveillance, everyone worries about government agencies like the NSA and big corporations like Google and Facebook. But actually there are hundreds of companies that have also discovered data collection as a revenue source. We decided to do an experiment: Using simple social engineering techniques, we tried to get the most personal you may have in your procession.

When thinking about surveillance, everyone worries about government agencies like the NSA and big corporations like Google and Facebook. But actually there are hundreds of companies that have also discovered data collection as a revenue source. Companies which are quite big, with thousands of employees but names you maybe never heard of. They all try to get their hands on your personal data, often with illegal methods. Most of them keep their data to themselves, some exchange it, but a few sell it to anyone who's willing to pay. We decided to do an experiment: Using simple social engineering techniques, we tried to get the most personal you may have in your procession. Your “click-stream data”, every URL you have been visiting while browsing the web. After a couple of weeks and some phone calls we were able to acquire the personal data of millions of German Internet users - from banking, over communication with insurance companies to porn. Including several public figures from politics, media and society. In the talk, we'll explain how we got our hands on this data, what can be found inside and what this could mean for your own privacy and safety now and in the future. * Introduction & background * Who collects data and for which purposes * How we got our hands on a large data sample * What's in it? Detailed analysis of the data set * How does it work? Analysis of the collection methods * Outlook: Can we still save our privacy?

Der Kampf der Hinterbliebenen um die Wahrheit --- Geride kalanların gerçekler için savaşı

Fünf Jahre nach Bekanntwerden des "Nationalsozialistischen Untergrunds" erzählen die NSU-Monologe von den jahrelangen Kämpfen dreier Familien der Opfer des NSU - von Elif Kubaşık, Adile Şimşek und İsmail Yozgat: von ihrem Mut, in der 1. Reihe eines Trauermarschs zu stehen, von der Willensstärke, die Umbenennung einer Straße einzufordern und vom Versuch, die eigene Erinnerung an den geliebten Menschen gegen die vermeintliche Wahrheit der Behörden zu verteidigen. --- “Nasyonal sosyalist yeraltı” oluşumundan tam beş yıl sonra NSU-monologları NSU kurbanları olan üç ailenin savaşını anlatıyor - Elif Kubaşık, Adile Şimşek ve İsmail Yozgat: onların cesaretini, cenaze töreninde ilk sırada durmayı, irade gücünü, bir sokağın tekrar isim değiştirme talebini ve son olmayacak şekile, sevdiği kişinin hatıralarını sözde doğruları konuşan araştırmacı karşısında savunma yapmalarını anlatıyor. --- Veranstaltung auf Deutsch mit Türkischen und Englischen Übertiteln --- Publikumsgespräch im Anschluss mit: Nissar Gardi, Referentin des Projekts "Empower. Beratungsstelle für Betroffene rechter, antisemitischer und rassistischer Gewalt" & Andreas Kienzle, Nebenklageanwalt der Familie Yozgat

This talk is about the iOS secure boot chain and how it changed throughout different iOS versions, while focusing on downgrading despite countermesures. It will explain basics like what SHSH blobs and APTickets are and how IMG3 and IMG4 file format works. Also a new technique called "prometheus" will be introduced which allows for the first time downgrading 64bit devices.

This talk shows how Apple's secure boot chain works and what changes where made with new software and hardware updates. It explains how the boot/restore process works, what SHSH blobs and APTickets are and how they are structured. Each time a new feature is introduced to improve the secure boot chain, a technique is shown how it can be bypassed in order to downgrade. This talk recaps how it was possible to downgrade with TinyUmbrella and limera1n back in the old days and presents a new approach by showing how a technique called odysseus is able to downgrade newer 32bit devices. It is pointed out why Basebands are such a pain when trying to downgrade, as well as why odysseusOTA is able to downgrade Basebands anyways. Components new to 64bit devices like IMG4 file format and SEPOS are introduced and embedded into the context of downgrading. At the end a new technique called "prometheus" is presented, which is the first one to be able to downgrade 64bit device and also the first method since the introduction of APTickets which *can* work without a Jailbreak or Bootrom/iBoot exploits.

Since too long we use VHDL and Verilog to describe hardware. SpinalHDL is an alternative language which does its best to prove that it is time to do a paradigm shift in hardware description.

SpinalHDL is a Scala library which allow to describe RTL by using object oriented programming and functional programming. This talk will present basics of SpinalHDL and then show by which way this alternative approach offers a huge benefit in code clarity, genericity and reusability.

Seit Mitte 2014 hat David fast 100.000 Artikel von Spiegel-Online systematisch gespeichert. Diese Datenmasse wird er in einem bunten Vortrag vorstellen und erforschen.

Der Vortrag gibt tiefe und überraschende Einblicke in das Verhalten des vielleicht größten Meinungsmachers Deutschlands. Ihr werdet Spiegel-Online danach mit anderen Augen lesen. Dazu gibt er einen allgemeinverständlichen Überblick, was mit der heutigen Daten-Auswerterei alles geht. Ihr werdet also vielleicht auch mehr aufpassen, was für Daten von euch ihr ins Internet lasst. Der Vortrag hat drei rote Fäden: 1) Wir reverse engineeren Spiegel-Online. Wir nehmen den Datensatz so richtig auseinander und betrachten Spiegel-Online aus vielen völlig neuen Blickwinkeln. Das Ganze wird bunt, unterhaltsam und anschaulich passieren, so dass es für Techies und Nicht-Techies eingängig ist. Warum sind manche Artikel lang, manche kurz? Kann man Artikeln ansehen, ob die Redakteure wirklich dahinter stehen oder nicht? Welche Redakteure sind enger miteinander verbandelt als andere? Welche Inhalte hält der Spiegel selbst für politisch inkorrekt? Kann man sowas wirklich einfach so von außen messen? Glaubt’s mal – man kann. Bei einigen der Auswertungen wird vielleicht „nur“ das rauskommen, was ihr euch schon vorher denken konntet. Bei anderen werden wir überraschende Ergebnisse erhalten. Und manchmal entdeckt man auch Systematiken da, wo man überhaupt keine erwartet hat. Kurz: Wir werden kreativ sein. Wir werden etwas lernen und Spiegel-Online auch. 2) Ein Überblick über „Data Science“. Wir betrachten nicht nur die Vorgehensweise, sondern auch die Möglichkeiten und gesellschaftlichen Gefahren der Datensammelwut und Auswerterei. Über den Vortrag hinweg wird David – locker und unmathematisch – verschiedene Methoden des Datenauswertens anhand des Spiegel-Online-Datensatzes anschaulich machen. Nicht mit Formeln, sondern mit bunten Grafiken. Nach dem Vortrag werdet ihr eine Vorstellung davon haben, was sich hinter dem „Big Data“-Buzzword verbirgt, und warum dieser Hype – bei allem Nutzen, den er haben mag – gesellschaftlich auch sehr gefährlich ist. Ihr könnt nämlich überhaupt nicht wissen was ihr über euch preisgebt, wenn ihr irgendwelche Daten veröffentlicht. Egal, wie uninteressant eure Daten für euch aussehen mögen – was man daraus lesen kann, entscheidet der Gegner und nicht ihr. 3) Und für die Aktivisten unter euch liefert der Vortrag eine grobe Anleitung, wie man es sinnvoll anstellt, wenn man ein Massenmedium (oder auch beliebige andere Sachen im Internet) mal beobachten und so richtig durchleuchten will. Wie sammeln wir die Daten? Wie geht man kreativ mit Daten um? Wie findet man Zusammenhänge? Wie gießt man die Daten in sinnvolle und ästhetische Bilder, mit denen jeder etwas anfangen kann? Es gibt ja nur eine Breitband-Verbindung ins Gehirn: die Augen.

To break into a building, several methods have already been discussed, such as trying to find the code paths of a digicode, clone RFID cards, use some social engineering attacks, or the use of archaic methods like lockpicking a door lock or breaking a window.

New methods are now possible with recent intercoms. Indeed, these intercoms are used to call the tenants to access the building. But little study has been performed on how these boxes communicate to request and grant access to the building.

In the past, they were connected with wires directly to apartments. Now, these are more practical and allow residents to open doors not only from their classic door phone, but to forward calls to their home or mobile phone. Private houses are now equipped with these new devices and its common to find these “connected” intercoms on recent and renovated buildings.

In this short paper we introduce the Intercoms and focus on one particular device that is commonly installed in buildings today. Then we present our analysis on an interesting attack vector, which already has its own history. After this analysis, we present our environment to test the intercoms, and show some practical attacks that could be performed on these devices. During this talks, the evolution of our mobile lab and some advances on the 3G intercoms, and M2M intercoms attacks will be also presented.

How to stop the ATMs fraud? How to protect ATMs from attacks such as black box jackpotting? How to prevent network hijacking such as rogue processing center or MiTM? Some of these issues can be fixed by configuration means, some fixed by compensation measures, but many only by vendor. We will tell you about what bank can do now and what we as a community of security specialists should force to vendors.

Guys with malicious intentions never sleep, but make their bad deal all days, all nights. When you have your five-o-clock beer, they open service zone of ATM and connect "magic box" that make ATM empty. Alternatively, sometimes banks security guys may watch video surveillance footage with man-in-the-hoody, who make something in the nearby corner of ATM. Surely, ATM is empty again! On the other hand, banks may not have any video monitoring so they cannot imagine how ATM became empty without any forensics evidence. We have collected huge number of cases on how ATMs could be hacked during our researches, incidents responses and security assessments. A lot of malware infects ATM through the network or locally. There are black boxes, which connect to communications port of devices directly. There are also network attacks, such as rogue processing center or MiTM. Before we spoke about vulnerabilities and fraud methods used by criminals. Now we would like to combine our expertise to help financial and security society with more direct advices how to implement security measures or approaches to make ATMs more secure.

This talk will explore the hard- and software of the Amazon Dash button.

While the old hardware-revision of the button has already been analyzed and can be repurposed easily, the new hardware-revision is locked more tightly to prevent tinkering. In this talk a detailed teardown of the dash button hardware will be given. The talk will also have a closer look at the software running on the device and how communication with the server works. Although the new hardware-revision of the button makes use of the controller lockbits to prevent the user from reprogramming the device, a method for running custom code on the device and extracting stored secret keys will be presented.

Seit einigen Jahren formieren sich am rechten Rand der Gesellschaft explosionsartig neue rassistische, völkisch-nationalistische und offen nazistische Strömungen, Gruppen und Parteien. Einen erschreckenden Verstärker findet das neue braune Getöse in den sozialen Medien und sein Resonanzraum reicht inzwischen bis weit in die Mitte der Gesellschaft. Teil des Problems sind institutioneller Rassismus in den Behörden und unkontrollierbare Geheimdienste, die den Mob gewähren lassen: Dafür bietet der NSU-Komplex ein erschütterndes Beispiel. Vor dem neuen, sehr lauten, in der Tendenz aber auch gewalttätigen und terroristischen Phänomen rechter Formierung stehen Linke und bürgerliche Mitte ziemlich verdattert und hilflos. Jetzt kommt es darauf an, diese Hilflosigkeit zu überwinden, das Geschehen zu analysieren und sich Gegenstrategien einfallen zu lassen. Das ist „unser“ Job.

Wann hat es begonnen? Wann hat sich der rechte Erdrutsch in Bewegung gesetzt? War es Ende der Nuller Jahre mit Eva Hermann? War es Thilo Sarrazins Bestseller „Deutschland schafft sich ab“? Seither ging es Schlag auf Schlag und spätestens seit der Ankunft Hundertausender Geflüchteter aus globalen Krisengebieten gibt es eine Dauerpräsenz rassistischer Proteste wie Pegida auf den Straßen und eine alarmierende Welle offener Gewalt gegen Geflüchtete, Migrant_innen und Linke. Laut Bundesinnenministerium haben sich seit 2014 bis Mitte 2016 rund 2500 Angriffe und Anschläge auf zum Teil bewohnte Geflüchtetenunterkünfte ereignet; im Frühjahr 2016 hat selbst das Bundeskriminalamt vor der Entstehung neuer rechter Terrorgruppen á la NSU gewarnt, die sich von rassistischen Protesten zum Handeln ermuntert fühlen.
Als hätten Zehntausende nur auf das Stichwort gewartet, entlädt sich derzeit in sozialen Netzwerken blanker Hass gegen das Establishment, gegen „links-versiffte Gutmenschen“, gegen „Nicht-Deutsche“ und Geflüchtete, progressive politische Aktivist_innen und Frauenrechtler_innen und Muslim_innen. Im Netz schießt der Rassismus mit heillos hypertrophierenden, in sich hermetischen Verschwörungswelten zusammen und konstituiert in Vollendung, was mit „postfaktische Zeiten“ gemeint ist.
Eine seit Jahrzehnten ohne großen Einfluss vor sich hin dümpelnde „Neue Rechte“ erlebt eine enorme Konjunktur, ihren einstigen Rufern in der Wüste wie Götz Kubischek vom neurechten Institut für Staatspolitik oder Hardcore-Trollen wie dem Compact-Chefredakteur Jürgen Elsässer hören auf einmal Tausende zu und freuen sich, dass „so kluge Leute“ ihnen aus der Seele sprechen.
Durch die Decke gehen die Wahlergebnisse der „Alternative für Deutschland“ seit einigen Jahren, befeuert durch die beschriebenen Umstände: Noch bei jeder Wahl erzielte die einstige Anti-Euro-Partei der Wirtschaftsprofessoren und Unternehmer – nach einigen politischen Häutungen zur neo-nationalistischen, völkischen Anti-Establishment-Partei gewandelt – aus dem Stand zweistellige Ergebnisse, sitzt heute in 10 Landesparlamenten und bereitet sich auf den anscheinend unaufhaltsamen Einzug in den Bundestag vor.
Andere apokryphe völkisch-nationalistische Gruppen und Initiativen wie die „Identitären“, die „Reichsbürger“, „Einprozent“, allenthalben gegen die „Umvolkung“ entstehende Bürgerwehren, Burschenschaften, „Bürgerforen“, neue Neonazi-Parteien wie „Der Dritte Weg“ oder die „Rechte“ und knallharte Nazi-Kameradschaften versuchen an diese sich neu formierende nationalistische Bewegung anzudocken und aufzusatteln. Militante Vigilanten organisieren den völkischen „Selbstschutz“ gegen Zuwanderung und staatliche Stellen sehen allzuoft augenzwinkernd zu. Erst als ein „Reichsbürger“ Mitte Oktober einen Polizisten erschießt, beginnt der Apparat – auch gegen die „Reichsbürger“ in den eigenen Reihen – zu ermitteln. Gewaltbereitschaft, Bewaffnung, Selbstermächtigung und terroristisches Vorgehen gegen „Unerwünschte“ oder Andersdenkende sind der neue Trend.
Personelle und ideologische Querverbindungen zwischen den bedrohlichen neuen Formationen, der AfD, den rechten Rändern der etablierten Parteien und weiteren reaktionäre Erscheinungen wie der christlich-fundamentalistischen, antifeministischen Bewegung, aber auch – personifiziert etwa in dem Thüringer AfD-MdL Björn Höcke – zu „echten“ Nazis lassen sich zahlreich nachweisen. Die Verharmlosung des Nationalsozialismus oder gar die Leugnung seiner Verbrechen gehört dabei zusehends zum Sagbaren und mutig gegen „Sprechverbote“ Herausposaunten.
Es entsteht mit den neuen rechten Netzwerken ein Panorama des Grauens, das für alle links und emanzipativ, sozial und menschenrechtlich Orientierten eine gigantische Herausforderung darstellt. Die Schockstarre und Handlungsunfähigkeit einer kritischen, progressiven Masse zu überwinden und eine unverbrüchliche humane Orientierung in postfaktischen Zeiten der Krise stark zu machen, ist das Gebot der Stunde.
Und während das alles geschieht laufen seit 3 ½ Jahren der NSU-Prozess in München und unterdessen 12 Parlamentarische Untersuchungsausschüsse (PUA) zum NSU-Komplex: Neben den rassistischen Verbrechen des „Nationalsozialistischen Untergrunds“ und seines mutmaßlich etliche hundert Helfer_innen umfassenden Netzwerkes, dem institutionellen Rassismus in den Ermittlungsbehörden, die jahrelang gegen die Opfer des NSU ermittelt haben, wird vor Gericht und in den PUAs vor allem auch die Verstrickung des Staates und seiner Inlandsgeheimdienste in den rechten Terror deutlich: Auch dieser Befund trägt etwas zur Stimmung im Lande bei und muss für den Protest dagegen ins Kalkül gezogen werden.

The talk is about the paging system, an old technology in the 90's, used in healthcare, ICS and government, a systematic review of security impacts that it brought to us in the age of SDR, covering the United States, Canada, England and Japan. By sniffing known pager frequencies in the general vicinity of hospitals, factories and public facilities with a $20 DVB-T, we discovered that not only is pager technology alive and kicking, but much of the traffic is not encrypted, resulting in violation of privacy laws and more importantly, leaks of sensitive information. The talk is not about the protocol nor the hardware device.

Pager was once very popular in the 90's. It did not disappear from the world as cellular technology phased in, but found a niche market in hospitals, industry control systems, public services and defense industries where low transmitting power or uni-directional transmission are mandatory. Just like other old technologies, systematic risk can emerge as new technology, for example SDR, becomes affordable.

It is well known that one can decode POCSAG and FLEX messages with SDR as early as in 2013. After four months of observation, prudent metadata collection and data analysis, however, the researchers believe that the extensive use of email-to-pager and SMS-to-pager gateways, along with the unencrypted nature of paging system, makes it a huge security impact to the users and companies. Workflow software integrated with pagers can cause a huge leak of personal information. We can fix it only after people are fully aware of the status quo.

The talk is a summary of data analysis and a demonstration of how far passive intelligence using pagers can go, scenarios including,

• Workflow systems in hospitals
• Patient tracking
• Pharmacy and prescription
• Nuclear plants
• Power stations
• ICS and HVAC in chemical and semiconductor companies
• Automation and intelligence in defense sector
• SNMP and system monitoring
• Interpersonal relationship

Wer hat diese Jungs wieder reingelassen?! Nicolas Wöhrl und Reinhard Remfort sind eine Gefahr für Leib und Leben. Unter dem Deckmantel der Wissenschaftskommunikation machen sie auf der Bühne alles das, was sie an der Uni nie gewagt hätten.

Dazu sprechen sie über aktuelle wissenschaftliche Themen. Laaaangweilig! Wer will denn sowas sehen? Unstrukturiert, abschweifend, hoffnungslos subjektiv und immer garantiert methodisch inkorrekt. Eigentlich ein Podcast der alle 14 Tage erscheint. Nach dem großen Erfolg auf dem Congress im letzten Jahr wird diesmal eine noch größere Show abgezogen: Experimente, die mal interessant, mal fragwürdig sind. Wissenschaftler, die mal belehrend und mal unzurechnungsfähig sind. Wissenschaftliche Studien, die mal nobelpreisverdächtig und mal zweifelhaft sind. Wissenschaft auf der Showbühne. It works, bitches!

Today virtually everything we do is monitored in some way. The collection, analysis and utilization of digital information about our clicks, swipes, likes, purchases, movements, behaviors and interests have become part of everyday life. While individuals become increasingly transparent, companies take control of the recorded data.

In his talk, Wolfie Christl will outline how today’s online platforms, data brokers, credit reporting agencies, insurers, mobile app developers and tech companies are collecting, analyzing, sharing and making use of vast amounts of data about our everyday lives – across platforms, devices and life contexts. In October 2016, his book „Networks of Control“ was published, a comprehensive report about privacy in times of corporate surveillance, digital tracking and big data. The report was co-authored by Sarah Spiekermann, a renowned privacy scholar, and not only exposes the full degree and scale of today’s personal data industry, but also shows how algorithmic decisions on people lead to discrimination, exclusion and other harms. Based on many examples, Wolfie Christl will give an overview of his research: Who are the players in today's surveillance economy? How do networks of online platforms, tech companies and data brokers really collect, analyze, trade and make use of personal data? What can be inferred from our purchases, web searches and likes? How is analytics based on personal information already used in fields such as insurance, finance, healthcare and employment to treat people differently? And, what are the societal implications and risks of ubiquitous corporate surveillance?

Pseudo-random number generators (PRNGs) are critical pieces of security infrastructure. Yet, PRNGs are surprisingly difficult to design, implement, and debug. The PRNG vulnerability that we recently found in GnuPG/Libgcrypt (CVE-2016-6313) survived 18 years of service and several expert audits. In this presentation, we not only describe the details of the flaw but, based on our research, explain why the current state of PRNG implementation and quality assurance downright provokes incidents. We also present a PRNG analysis method that we developed and give specific recommendations to implementors of software producing or consuming pseudo-random numbers to ensure correctness.

Bugs in PRNGs often go unnoticed for years, as witnessed previously by the Debian OpenSSL disaster (2006-2008; see presentation at 25C3) or the Android PRNG vulnerability (2005-2013), which was responsible for a series of bitcoin thefts. This longevity has good reasons, as currently almost no effective technical safeguards against the PRNG flaws are in place. In public forums, questions about quality assurance for PRNGs are typically met with fatalistic shrugging, links to web comics, or links to statistical test suites. None of these approaches is effective in solving the problem.

In the past two years, we carried out research into correctness of cryptographic PRNGs, studying the effectiveness of various measures, and developing new ones. We analyzed numerous PRNGs that are currently in deployment. With this presentation we aim to convey insights into:

• the current state of PRNG implementations
• why quality assurance of PRNGs is difficult and
• why hardly any technical safeguards against flaws in PRNGs are currently in place
• the details of the GnuPG flaw that we uncovered
• the hidden technical similarities behind many PRNG flaws (such as the three mentioned above)
• which safeguards are effective and which are not
• how to improve the situation

radare is a libre framework and a set of tools to ease several tasks related to reverse engineering, exploiting, forensics, binary patching, .. this year, the project gets 10 year old. In the process, the design evolved and several new functionalities has appeared, defining better development rules, improving code reviews and introducing RDD and fuzzing as part of the development process. Constant refactoring, writing usage examples and documentation and giving talks, to enlarge the community has been key elements to reach the great user base and health the project lives nowadays. This year, in order to celebrate the 10th anniversary, the author organized the first r2con, a congress around the tool that aims to be an excuse for sharing knowledge, tools, scripts about what different parties and people is doing with it. The congress was pretty successful and allowed to meet developers, users and other interested parties for learning more about the future of the tool and understanding its capabilities.

This talk will show the evolution and structure of the project, its roots, some of the most notorious capabilities, showing several usage examples to let the attendees the power in functionalities and extensibility the tool provides. The target for this talk is everyone, from beginners to experts, from curious to skeptics.

In August 2016, Apple issued updates to iOS and macOS that patched three zero-day vulnerabilities that were being exploited in the wild to remotely install persistent malcode on a target’s device if they tapped on a specially crafted link. We linked the vulnerabilities and malcode to US-owned, Israel-based NSO Group, a government-exclusive surveillance vendor described by one of its founders as “a complete ghost”.

Apple’s updates were the latest chapter in a yearlong investigation by Citizen Lab into a UAE-based threat actor targeting critics of the UAE at home and around the world. In this talk, we will explain how Citizen Lab discovered and tracked this threat actor, and uncovered the first publicly-reported iOS remote jailbreak used in the wild for mobile espionage. Using the NSO case, we will detail some of the tools and techniques we use to track these groups, and how they try to avoid detection and scrutiny. This investigation is Citizen Lab’s latest expose into the abuse of commercial “lawful intercept” malcode. We will begin the presentation with our discovery and investigation of a UAE-based threat actor we call Stealth Falcon, and explain how a small error in the operators’ operational security led us to a mobile attack infrastructure consisting of hundreds of servers, which we determined was associated with NSO’s Pegasus product. We will detail the Internet scanning we undertook to enumerate this infrastructure, and some techniques we used to try and find “live” exploit links. It was through these techniques that we identified suspicious links sent via SMS to UAE human rights defender Ahmed Mansoor. We will describe how we caused the exploit server to “fire”, and how we determined that it served us a one-click zero-day iPhone remote jailbreak to deliver NSO’s Pegasus, a powerful and sophisticated piece of government-exclusive malcode. We will outline the functionality of the exploit used against Mansoor, and the Pegasus surveillance malcode, and outline the collaborative research and responsible disclosure process to Apple that led to the out-of-band updates to iOS and macOS. The proliferation of commercial tools for targeted digital surveillance presents a documented risk to activists and civil society. However, there is a silver lining for researchers in this proliferation: by reselling the same commercial “lawful intercept” tool and network infrastructure to multiple countries, and training operators in the same attack techniques, companies are creating patterns that we can use to identify surveillance across a wide range of different actors. Using the Mansoor attack as a case study, we will provide a window into how researchers at Citizen Lab leverage and fingerprint these patterns to track nation-state level attacks against human rights defenders and journalists. Drawing on cases from the UAE and beyond, we will discuss how we work with targets and victims, conduct Internet scanning, and fingerprint C&C servers. We will conclude with a discussion of some trends that we have observed in commercial malcode sold to nation state actors.

Smart City is an abstract concept everyone talks about but no one knows what it actually means. No one, except Energy utilities. In this talk we will explore the vast world of Smart Energy, and see how energy providers used the "Smart City" concept to get better control over our energy consumption, all while almost completely ignoring security aspects along the way. Join me and see how Smart Energy is making our lives a little bit better, but also dangerously insecure.

While "Smart Cities" are starting to pop all over the world, no city has ever standardized what that term actually means. Smart Energy, on the other hand, has been standardized both by governments and by large private utilities. This positive regulation made the Smart Energy market one of the largest IoT industries today, with over 100,000,000 smart devices currently implemented at consumer premises by utilities all over the world. In this talk We will dive into the Smart Grid, exploring security issues both in the utility infrastructure and the Smart Meters present at consumers. We will explore the magical world called ZigBee, the confusing world of incomplete RFCs, and the hazardous world of insecure wireless devices that control your electricity grid. You will leave this talk with a much better understanding at what's going on in your city, your energy provider, and, surprisingly, your home; And trust me, it won't make you feel any better.

We are 4 security researchers who have collectively worked on 3 different attack techniques that all (ab)use memory deduplication in one way or another. There is a cross-vm data leak attack, a cross-vm data write attack, and an in-sandbox (MS Edge) Javascript data leak + full memory read/write attack based in MS Edge. In this talk we detail how memory deduplication works and the many different ways it is exploited in our attacks.

Memory deduplication is a widely applied technique to reduce memory consumption in servers, VM hosts, desktop systems and even mobile devices. Deduplication maps multiple identical copies of a physical page onto a single shared copy with copy-on-write semantics. As a result, a write to such a shared page triggers a page fault and is thus measurably slower than a write to a unshared page. Prior work has shown that an attacker able to craft pages on the target system can use this timing difference as a simple single-bit side channel to discover that certain pages exist in the system. In this talk, we show that the security implications of using memory deduplication are much more severe than initially assumed. We show that by maliciously programming memory deduplication, an attacker can build primitives to read arbitrary data from memory and even write to memory in a limited but powerful way. We exemplify these primitives using three attacks that we have recently developed. The first attack, CAIN, uses memory deduplication to brute-force ASLR’s entropy bits from a co-hosted victim VM. The second attack, Dedup Est Machina, extends CAIN in order to leak arbitrary data such as ASLR heap/code pointers and password hashes in a victim’s browser from JavaScript. Using the leaked pointers, Dedup Est Machina uses a Rowhammer exploit to own Microsoft Edge without relying on a single software vulnerability. The third attack, Flip Feng Shui, uses memory deduplication to control the placement of a co-hosted victim VM’s sensitive information on physical memory for building a sophisticated Rowhammer attack on RSA public keys. Flip Feng Shui makes cross-VM Rowhammer attacks precise, fast and reliable. As an example, Flip Feng Shui compromises the OpenSSH server of a victim VM in less than 10 minutes in 84% of the cases. We conclude memory deduplication is fatal for security in more ways than one. Speaker BIOs: Kaveh Kaveh Razavi is a security researcher at the Vrije Universiteit Amsterdam in the Netherlands. He is currently mostly interested in reliable exploitation and mitigation of hardware vulnerabilities and side-channel attacks on OS/hardware interfaces. He has previously been part of a CERT team specializing on operating system security, has worked on authentication systems of a Swiss bank, and has spent two summers in Microsoft Research building large-scale system prototypes. He holds a BSc from Sharif University of Technology, Tehran, an MSc from ETH Zurich and a PhD from Vrije Universiteit Amsterdam. Ben Ben Gras has been part of the systems security research group at the Vrije Universiteit Amsterdam since 2015. Previously, he was a scientific programmer working on the Minix operating system under Andy Tanenbaum for 10 years. Erik Erik Bosman is a PhD student in the Systems and Network Security group at the Vrije Universiteit Amsterdam in the Netherlands. He is currently working on novel side-channel attacks for leaking sensitive information from the OS and applications. He has previously developed Signal Return-Oriented Programming, a highly portable exploitation technique that abuses signal frames for creating a weird machine that the attackers can program. His minemu system is the world’s fastest dynamic taint-tracker that can be used to protect binaries against memory corruption attacks. Antonio Antonio Barresi is Co-founder and CEO of xorlab, a Swiss IT security company. Before founding xorlab, he worked at the Laboratory for Software Technology (LST) at ETH Zurich on software security related topics. His research interests are software and systems security. Before joining LST, he worked in industry as a Software Engineer, Security Consultant, and IT Risk Officer. He holds a BSc and MSc degree in Computer Science from ETH Zurich.

Wir werden einen Überblick über die Themen geben, die den Chaos Computer Club 2016 beschäftigt haben. Neben der Zusammenfassung und der Rückschau auf das vergangene Jahr wollen wir einen Blick in die Zukunft wagen.

Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick!

To get involved and learn more about what is happening please visit the Lightning Talks Wikipage.

Let's have a detailed look at some modern 3G/4G cellular modems and see what we can find out about their internals using undocumented debug interfaces and software or hardware based hacking techniques.

Cellular modems are not only present in smartphones, tablets and laptops, but these days also in many M2M and internet-of-toilets (IoT) applications. Long gone are the days where those modules were GSM/GPRS/EDGE only with ancient ARM7TMDI or ARM926EJS cores and a relatively small-sized firmware in the range of kilobytes to very few megabytes, like on the famous OsmocomBB supported phones. Modern cellular modems re-use the cellular chipsets of smartphones one or two generations ago, like the MDM9615 used in the iPhone 5. As those chipsets contain plenty of processors and are quite sophisticated SoCs on their own, one can even find (undocumented) Linux or Android in some modems, which of course makes them a very attractive target for further exploration or running your own code inside the modem. We will give a short overview about the current market of cellular modems, the major chipset suppliers and chipset families and then pick one or two examples and show the methods used for reverse engineering them to a point where they can be used for much more than the AT command or QMI interface officially documented/supported by the manufacturer. This includes the execution of custom code inside modems, as well as protocol tracing of the air-interface. We'll also look at the FOTA (Firmware Update Over The Air) features, and perform a security analysis of our findings. This talk understands itself following the tradition of various baseband processor related talks at many CCC events of the past decade, including 25C3: Anatomy of smartphone hardware and 28C3: Reverse-engineering a Qualcomm baseband. Both speakers (Harald Welte and Holger Freyther) have been working on Free Software related to cellular telephony for more than a decade, including projects like Openmoko, OpenBSC, OsmocomBB and many other Osmocom projects.

France is under a state of emergency since November 2015. Several laws and a more intrusive surveillance framework, infringing rights and freedoms, have been adopted these recent years in the name of the fight against terrorism.

Privacy, freedom of expression… these words could soon disappear from French vocabulary as the number of measures increases as the same time than their intensity. We will show how it happened and what are our actions to try to defend the rights of all to privacy and freedom of speech. The next French presidential elections will take place in spring 2017 under the state of emergency while all laws recently adopted are making our national motto „liberté, égalité, fraternité“ out of date. Furthermore, the increasing surveillance drifts are undermining Privacy whereas this is a fundamental right and a sine qua non condition for freedom. We are looking back on the three years span of law adopted on surveillance in France as well as the more than one-year old state of emegency. What does that mean for our rights ? What is at stake ? In which society model are we heading? What can we learn form the French experience? Let’s find out.

Input/Output is the mechanisms through which embedded systems interact and control the outside world. Particularly when employed in mission critical systems, the I/O of embedded systems has to be both reliable and secure. Embedded system’s I/O is controlled by a pin based approach. In this work, we investigate the security implications of embedded system’s pin control. In particular, we show how an attacker can tamper with the integrity and availability of an embedded system’s I/O by exploiting cerain pin control operations and the lack of hardware interrupts associated to them.

Embedded systems are widely used today in a variety of applications, such as consumer, industrial, automotive, medical, commercial and military. As such, they are often employed in mission critical systems that have to be both reliable and secure. In particular, it is important that their I/O (Input/Output) be stable and secure, as this is the way they interact with the outside world. Digging into their architecture, we know that the I/O interfaces of embedded systems (e.g., GPIO, SCI, USB, etc.), are usually controlled by a so-called System on a Chip (SoC), an integrated circuit that combines multiple I/O interfaces. In turn, the pins in a SoC are managed by a pin controller, a subsystem of SoC, through which one can configure pin multiplexing or the input or output mode of pins. One of the most peculiar aspects of a pin controller is that its behavior is determined by a set of registers: by altering these registers one can change the behavior of the chip in a dramatic way. This feature is exploitable by attackers, who can tamper with the integrity or the availability of legitimate I/O operations, factually changing how an embedded system interacts with the outside world. Based on these observations, in this research, we introduce a novel attack technique against embedded systems, which we call pin control attack. As we will demonstrate in the work, the salient features of this new class of attacks are: First, it is intrinsically stealth. The alteration of the pin configuration does not generate any interrupt, preventing the OS to react to it. Secondly, it is entirely different in execution from traditional techniques such as manipulation of kernel data structures or system call hooking, which are typically monitored by anti-rootkit protection systems. Finally, it is viable. It is possible to build concrete attack using it. To demonstrate these points, we first present and demonstrate the attack capabilities offered by Pin Control attack, together with the minimal requirements for carrying out the attack. We argue that the attack capabilities include blocking the communication with a peripheral, causing physical damage to the peripheral, and manipulating values read or written by legitimate processes. We show how pin control can be exploited both with and without the attacker having kernel-level or root access. To demonstrate the feasibility of our attack technique, we describe the practical implementation of an attack against a Programmable Logic Controller (PLC) environment by exploiting the runtime configuration of the I/O pins used by the PLC to control a physical process. The attack allows one to reliably take control of the physical process normally managed by the PLC, while remaining stealth to both the PLC runtime and operators monitoring the process through a Human Machine Interface, a goal much more challenging than simply disabling the process control capabilities of the PLC, which would anyway lead to potentially catastrophic consequences. The attack does not require modification of the PLC logic or traditional kernel tampering or hooking techniques, which are normally monitored by anti-rootkit tools. We present two variations of the attack implementation. The first implementation allows an extremely reliable manipulation of the process at the cost of requiring root access. The second implementation slightly relaxes the requirement of reliable manipulation while allowing the manipulation to be achieved without root access. Finally, we discuss potential mechanisms to detect/prevent Pin Configuration exploitation. However, because the pin configuration does happen legitimately at runtime and the lack of proper interrupt notifications from the SoC, it seems non-trivial to devise monitoring techniques that are both reliable and sufficiently light way to be employed in embedded systems.

How to build a pinball machine? We introduce you to all basics and explain the different options for hardware and software. As an example, we show images of our own custom pinball machine.

This talk gives an overview over all the components in a pinball machine which includes software and a lot of hardware. Afterwards, we go over all the steps when designing and building a pinball machine. We start with basic design rules, physical limits and best practices. Then, we focus on the mechanical and electronic components. After that, we talk about software and display (DMD vs LCD) options. At the end, we explain how to build or manufacture certain parts for your machine. For the hardware, we talk about: - EM, WPC and modern machines - Coils and Switches - Sources for mechanical elements - Gi/Lamps - RGB LEDs - Display option (DMDs, LED-DMDs, LCDs) and how to control them Electronics: - Open Pinball Project (Open Hardware) - Multimorphic P-Roc and P3-Roc - FAST Pinball Boards - Full custom options - Fadecandy/Openpixel - I2C and ServoControllers Software options: - Mission Pinball Framework (Disclaimer: I'm one of the authors) - pypinprocgame/pypinprocgameHD Building/Manufacturing Parts: - Playfields (including printing) - Cabinet - Metal ramps - Wire ramps - Plastic ramps - Plastics/Decals - Inserts - Mechanics

Artificial Intelligence provides a conceptual framework to understand mind and universe in new ways, clearing the obstacles that hindered the progress of philosophy and psychology. Let us see how AI can help us to understand how our minds create the experience of a universe.

Unlike the machine learning systems of the past, minds are not just classifiers or policy optimizers. Minds are not accumulators of knowledge about the world. Minds are generative systems: they actively produce the world that we subjectively experience. Ordinary day-time experiences are in fact dreams constrained by sensory data. This simple insight of contemporary cognitive science turns realist notions of embodiment on their head. The idea of the brain as a dreaming machine opens a way to understand the nature of our experiences. This is the proposed fourth installment of a series of presentations about using AI perspectives to understand minds and their relationship to the universe. "How to build a mind" (30c3) suggested specifications for an architecture of cognition; "From computation to consciousness" (31c3) explored the mind's computational foundations; "Computational metapsychology" (32c3) discussed the individual and social construction of meaning. "Machine dreams" sketches how the computational machinery of our brains leads to our experience a subjective world. We will look at the conductor theory of consciousness, some of the mental structures contributing to our models of self and world, and the unreasonable effectiveness of neural processes in modeling physics.

The participation of women in computer education is low; undergraduate classrooms in Germany were only 10% female in 2000[1]. The picture at the primary school level is fuzzier, as students do not declare majors at that level, but evidence indicates the trend starts from a young age. Can we make computer education more gender-inclusive? Presenting technology in familiar, non-threatening contexts can lead to more balanced gender participation. For example, Chibitronics uses the context of papercraft to present electronics to beginners; the familiarity of papercraft improves the participation of women of all ages in the creation of electronics. Based on these learnings, we have devised the “Love to Code” platform, an open source hardware-to-cloud stack which combines the familiarity of paper craft with a web-based, driver-free embedded firmware development environment based on FSK audio provisioning via a headphone jack. In this talk, we will dive into the novel open source technical contributions of this platform, which includes the audio-based provisioning protocol and the unique rigid-flex design of the circuitry enabling papercraft integration, as well as the multi-threaded client OS and cloud infrastructure required to complete the picture. This combination of new technology with familiar interfaces aims to lower the barrier to computer education, thus making coding a more accessible and inclusive activity.

Computer technology tends to be a male-dominated field. One study from 2002 placed female participation in undergraduate computer education classrooms around 10% for Germany, and 26% for the US[1]. The picture is fuzzier at the primary school level, because students do not declare majors at such a young age, but evidence indicates that this strong gender bias has roots extending to primary school. Can we make computer education more inclusive? There is evidence that presenting technology in familiar, non-threatening contexts can lead to more inclusive participation. As an example, Chibitronics uses the context of paper craft to present electronics to beginners. Paper craft – the art of manipulating and coating paper as exemplified by origami or painting – has universal accessibility among almost all ages, genders, and ethnic groups. In our approach, novices start with the familiarity of paper, and combine it with copper tape and electronic stickers to build circuits. Demographic analysis of the Chibitronics user base indicates this approach is succeeding at gender inclusivity: over 70% of individual buyers are female. Follow-up interviews indicate that Chibitronics acts as a gateway to more advance projects and skills. After bootstrapping into basic electronics, users pick up skills such as soldering to build larger and more permanent projects. We would like to continue this trend beyond circuit crafting and into the realm of embedded firmware coding. Creating parallel and series combinations of LEDs and switches can only go so far; users rapidly outgrow the basic techniques and want to add patterns and interactivity to their projects through coding. Coding for the web is as simple as learning a text editor and pointing a browser at a URL, but coding for an embedded hardware target, such as an Arduino, inevitably requires platform-specific drivers, which can require installation and debugging. The problem is further exacerbated by the fact that primary school educators rarely possess the skillset to install, debug, and maintain a classroom of computers for embedded development. Furthermore, the waning popularity of laptops and desktops means the most inclusive platforms are now mobile devices such as smartphones and tablets, even though their touchscreen keyboards are not ideal for extensive programming. In order to tackle the problem of inclusivity, we make embedded firmware development nearly universal by coupling a cloud-based editing and compilation infrastructure with an audio-based firmware upload protocol suitable for implementation on low-cost microcontrollers. Cloud-based editing and compilation eliminates the barrier of downloading and running a C compiler on the client, while the audio-based firmware upload protocol allows virtually any computer, smartphone, or tablet to communicate with target hardware implementing our demodulator. We demonstrate this end-to-end solution via the Chibitronics “Love To Code” (LtC) open source hardware platform. Users code for their LtC boards using Arduino-flavored C++ as a baseline language by visiting our demo site (either https://chibitronics.com/ltc (CodeMirror editor) or https://chibitronics.com/cb (Codebender/ACE editor)). Users enter their code on the client-side editor, which is then uploaded as plain text to a cloud-based C++ compiler and returned as an object code binary. The binary is then packetized, coded and modulated using browser-side Javascript into an FSK audio stream with a baud rate of 8000 bps. The frequency plan was chosen to minimize interaction with audio “enhancement” filters found in devices such as iPhones, and to enable the raw audio stream to be recorded as a 128kbps CBR MP3 with minimal distortion. This allows pre-compiled binaries to be stored as songs; one could even entertain the thought of cutting these songs into vinyl records and provisioning microcontrollers using nothing more than an analog turntable. The FSK audio stream is coupled from the headphone jack into the microcontroller PCB via a modified microUSB cable. The USB interface is used only for power; the data pins are inert during the provisioning process. Audio arrives at the LtC hardware via the “fifth pin” in the microUSB plug that is normally reserved for identifying A or B type devices. This hack allows users to power programmed LtC devices using any regular microUSB cable. Within the LtC device, the audio signal is DC coupled and level-shifted using a passive RC network into a single ADC pin on an NXP CPU, the MKL02Z32VFK4. This 48 MHz Cortex M0+ features 32k of FLASH and 4k of RAM and costs under $1 in modest volumes, less than one third the cost of the AVR used in the Arduino Leonardo. The microcontroller uses noncoherent demodulation to recover the bitstream. The received data is hash-checked for integrity and, if it passes, is committed to FLASH memory. Since our code is open source, one can add FSK audio provisioning to a wide range of microcontrollers with built-in ADCs for the price of a couple resistors and a capacitor. Because microphone jack pin assignments are non-standard between different device ecosystems, we designed the protocol to operate with only forward error correction through trivially redundant transmission of packets. In other words, we cannot rely on a feedback path being available for the device to request a retransmission of a corrupt packet, due to a lack of standardization among microphone interfaces. Fortunately, in our application, the signal to noise ratio is typically quite good and most errors are due to burst noise, e.g. a notification tone generated by another application during device programming. In this scenario, simple hamming codes (such as SECDED) do little to improve robustness of the protocol, and more advanced error correction mechanisms such as BCH codes requires more computational power and storage space than available in our inexpensive target device. As a result, we handle error correction through trivial replication of data by playing the song three times over. In addition to the audio firmware downloader code, the target CPU also runs an implementation of the open source, multi-threaded RTOS ChibiOS (no relationship to Chibitronics despite the Japanese-derived “chibi” prefix). We expose the threading API so that advanced users can create multi-threaded applications on LtC. This is an advantage over the popular Arduino platform, which has no native support for multi-threading. In order to reduce code upload times over an 8000bps link to within the “impatience limit” of an 8-year old, we pre-load the LtC device with common shared library routines, including floating point, string manipulation, a WS2812 RGB LED driver, and primitives for a low speed USB stack. Because of the library pre-load, we are able to reduce the upload time of most simple programs to under two seconds. The built-in libraries, audio demodulation framework, and multi-threaded OS consumes 22k of memory, leaving 10k for user application code. Learning from our prior experiences with paper electronics, the physical design of the LtC hardware borrows from familiar and non-threatening interaction paradigms. The LtC circuit board uses a rigi-flex construction: the rigid portion allows for mechanically robust connectors and compatibility with fine-pitch QFN packages, while the flex portion enables seamless integration with paper-based circuit techniques. As a result, users can integrate the LtC hardware into their projects using a variety of techniques, from sticker-like methods to an electronic clipboard paradigm. The electronic clipboard method is well-suited to classroom environments, as it combines unlimited re-use of the LtC hardware with low-cost, quickly customized and paper-craftable circuitry. This combination enables meaningful learning engagements within an hour of two of classroom time, at a price point accessible by non-elite, publicly funded institutions. Finally, the entire framework is licensed under an open source license. Our hope is that once a novice is hooked on coding, they can go as deep as they want, perhaps even remixing our hardware and firmware frameworks into new and creative applications we never had never dreamed of. The Chibitronics Love to Code platform is familiar: users with little or no prior technical background find themselves immediately in familiar territory thanks to the papercraft interaction design. It is easy to use: cloud compilation coupled with audio firmware upload ensures compatibility with a broad range of devices from laptops to smartphones. It is accessible: the combination of cost-optimized core technology with paper as a consumable substrate reduces the barrier of access for schools on tight budgets. The net result is an embedded coding framework for inclusive computer education. [1] V. Galpin, SIGSCE Bulletin, Vol 34 No 2, 2002 June. “Women in Computing Around the World”

James Bridle is a British writer and artist living in Greece. His work explores the impact of technology on society, law, geography, politics, and culture. His Drone Shadow installations have appeared on city streets worldwide, he has mapped deportation centres with CGI, designed new kinds of citizenship based on online behaviour. and used neural networks and satellite images to predict election results. A New Dark Age is an exploration of what we can no longer know about the world, and what we can do about it.

The history of computation and the history of the weather are deeply intertwined. The possibilities of mathematical prediction have driven a belief in our ability to model and control the world. Today, the pervasive metaphor of "the Cloud" shapes how we think about the world - but not always in useful or democratic ways. James Bridle's Cloud Index explored this history and sets out a new model for thinking about the world with the cloud at its heart: a nebulous, ever-changing set of possibilities, founded on unknowing. The Cloud Index (http://cloudindx.com, 2016) is an online artwork using neural networks to generate new weather patterns corresponding to differing electoral outcomes. The work challenges our ability to predict and thus control the future, and questions our intentions and ethics when it comes to the things we build. Using the Cloud Index as a starting point, Bridle's lecture explores the military and political histories of computation, networking, and weather control. As the processes of computational thinking - the belief that the gathering of ever-increasing volumes of data and the application of vast engines of computing power - fail to produce coherence or agency in the world, Bridle suggests that we should take the Cloud at its word. Cloud thinking is the acknowledgement that we cannot know or predict everything, and our technology is trying to teach us a different way of seeing and understanding the world.

Ever wondered what is actually happening when a speaker can't get their laptop to project? While developing the FPGA-based HDMI2USB.tv open hardware for recording conferences, we discovered just how convoluted the HDMI protocol can be. Come hear all the horrible details!

The TimVideos.us group aims to make it easy for anyone to create high quality recordings of conferences and user groups. To achieve this goal we have developed the HDMI2USB.tv project, an FPGA based, fully open (hardware and firmware) solution for capturing HDMI video signals. The solution has been in use since late 2015 and used at numerous conferences such as Linux.conf.au, DebConf and many PyCon conferences around the world.

To be truly FOSS has however meant developing code for doing HDMI receiving and sending. Come hear about all the issues we have run into and the nitty gritty details about how it works (or doesn't!). By the end of the talk you will know more than you ever wanted to about the HDMI protocol!

This talk will cover:

• The HDMI video standard, including
  • An overview of the many protocols and standards required.
  • A high level description of the low speed protocols needed such as DCD (EDID) and CEC.
  • A indepth dive into the high speed TMDS protocol and encoding.
• How to build a HDMI receiver and transmission to run on an FPGA.
• War stories from trying to use the HDMI2USB capture device for recording FOSS conference, including;
  • Why your HDMI cable can actually matter.
  • Some of the reasons why plugging in a screen doesn't always "just work".
  • Doing error correction on a protocol which doesn't have any.

All code and materials and hardware covered in this talk are released under OSI approved licenses.

''Technologien für und wider Digitale Souveränität'' Die weltweite Vernetzung ist die tiefgreifendste Veränderung seit der industriellen Revolution. In einer Zeit der maßlose Massenüberwachung scheint die Digitale Souveränität den Einsatz privatsphärenfreundlicher Technologien als ein unverzichtbarer Bestandteil von gesellschaftlichen Lösungsversuchen zwingend zu erfordern. In unserem Beitrag möchten wir hackerrelvante Teilaspekte und Verfahren aus einer Studie für das Bundesministerium für Justiz und Verbraucherschutz vorstellen. Unter anderem sind hier kryptographische Protokolle (z. B. Blinde Signaturen, Zero-Knowlege Protokolle) und Methoden zur statistischen Auswertung von vertraulichen Daten (z.B. K-Anonymität, Differentielle Vertraulichkeit) zu nennen.

In the last two years, the marketing industry started to show a fast increasing interest in technologies for user cross-device tracking, proximity tracking, and their derivative monetization schemes. To meet these demands, a new ultrasound-based technology has recently emerged and is already utilized in a number of different real-world applications. Ultrasound tracking comes with a number of desirable features (e.g., easy to deploy, inaudible to humans), but alarmingly until now no comprehensive security analysis of the technology has been conducted. In this talk, we will publish the results of our security analysis of the ultrasound tracking ecosystem, and demonstrate the practical security and privacy risks that arise with its adoption. Subsequently, we will introduce some immediately deployable defense mechanisms for practitioners, researchers, and everyday users. Finally, we will initiate the discussion for the standardization of ultrasound beacons, and outline our proposed OS-level API that enables both secure and effortless deployment for ultrasound-enabled applications.

This talk will present the outcomes of the first comprehensive security study on the ultrasound tracking ecosystem. This ecosystem remained almost unknown to the general public until recently, when a newly-founded company faced the nemesis of the security community and the regulators (e.g., the Federal Trade Commission) for its controversial tracking techniques. However, there are many more “traditional players” using ultrasound tracking techniques for various purposes, raising a number of levels of security and privacy issues with different security and privacy models. In general, the main advantage of the ultrasound technology compared to already existing solutions is that it does not require any specialized equipment (unlike wifi and bluetooth), while it remains inaudible to humans. For this reason, the technology is already utilized in a number of different real-world applications, such as device pairing, proximity detection, and cross-device tracking. From a technical perspective, ultrasound tracking is based an ecosystem featuring multiple participating entities (e.g., the users, the advertisers, the content providers, the tracking provider). In this talk, we will present the first comprehensive and in-depth security analysis of ultrasound tracking technology and the surrounding ecosystem. More specifically, we will provide visibility within the ecosystem’s walled garden, examine the different facets of the ultrasound technology, explain how it is currently used in the real world, and subsequently evaluate the privacy and security of the technology itself and the existing deployments. Based on our findings, we will then introduce a new class of attacks against ultrasound tracking mechanisms, along with analysis of real-world Android apps featuring ultrasound frameworks. In particular, we will show how an ultrasound cross-device tracking framework can be abused to perform stealthy de-anonymization attacks (e.g., to unmask users who browse the Internet through anonymity networks such as Tor), to inject fake or spoofed audio beacons, and to leak users’ private information. In the mitigation part of our talk, we will outline immediately deployable defenses that empower practitioners, researchers, and everyday users to protect their privacy. In particular, we will release a browser extension and an Android permission module that enable users to selectively suppress frequencies falling within the ultrasonic spectrum. In the last part of our talk, we would like to engage in discussion with the audience regarding the standardization of ultrasound beacons, and share our design of a flexible OS-level API that addresses both the effortless deployment of ultrasound-enabled applications and the existing privacy and security problems.

LoRa is an emerging Low Power Wide Area Network, a new class of wireless technology designed to connect everything from streetlights to intelligent mousetraps. I will discuss the design and security implications of LPWANs, dive deep into the LoRa PHY, and demonstrate sniffing and injection with an open source LoRa transceiver built on commodity Software Defined Radio tools.

This talk will demonstrate techniques for decoding the LoRa PHY layer and will introduce gr-lora, an open source implementation of the protocol. LoRa is a Low Power Wide Area Network (LPWAN), an emerging class of wireless technology optimized for embedded and Internet of Things focused applications. LoRa is unique because it uses a chirp spread spectrum modulation that encodes data into RF features more commonly encountered in RADAR systems. LoRa is also designed to operate in unlicensed ISM frequency bands, both avoiding costly spectrum licensing requirements and democratizing long-range network infrastructure to consumers and new commercial operators alike. After briefly introducing the audience to LPWANs, I will walk through the SDR and DSP techniques required to demodulate and decode LoRa packets. In addition I will discuss gr-lora, an open-source implementation of the PHY that can be leveraged to design LoRa security test tools and drive future research.

Lauri Love has never set foot in the United States, yet he is facing a potential century in jail if extradited for his alleged involvement in #OpLastResort, an Anonymous-related protest action that occurred in response to the death of Aaron Swartz.

The case against Love, a Finnish and UK citizen, has profound implications for United States claims of global jurisdiction over the internet, for the treatment of neurodivergent individuals under the law, and for privacy rights in the UK and beyond. Lauri has been involved in two important legal cases this year. In May, Lauri scored a rare victory for digital rights in the UK, ensuring the National Crime Agency did not establish a dangerous new precedent to compel the decryption of stored data. Then this summer, during his extradition hearings, a significant portion of defense testimony related to Love’s diagnosis with Aspergers syndrome, his depression and long-term health symptoms for which he is under medical observation. Expert testimony reinforced the inadequacy, violence and injustice of the U.S. prison system for dealing with these concerns. This September, a judge agreed that Lauri was at serious risk of self-harm, yet she approved his extradition nonetheless, reopening a debate in the UK over how to protect vulnerable individuals that was ostensibly resolved after Gary McKinnon’s extradition was blocked by Theresa May in 2012. Ex-Lulzsec member Jake Davis – who was indicted in the United States but prosecuted in the UK, will give his take on Lauri’s case and its broader ramifications. Lauri himself will also participate via video link. How does the possibility of Lauri’s extradition change the threat landscape for digital activists? Is there any way to prevent extradition being used as a tool of US global jurisdiction over the internet? Where has the law on both sides of the Atlantic failed Lauri, and what are the changes we should be fighting for?

Why is it so hard to go to the Moon? The curse of Newtonian Mechanics and Tsiolkovsky's Rocket Equation force us to build huge rockets to achieve any meaningful activity on the Moon. There are two strategies to hack the laws of celestial mechanics: making fuel on the Moon and using cables to climb out of the gravity well. Here we focus on the latter, which is the Moon version of the famous space elevator. The difference to an Earth elevator is - anelevator to the Moon's surface is realistic with today's materials. In the talk an introduction to the general problem is given and a starting point for a discussion is given that can easily lead to a sustainable access to the Moon if there is demand to do so.

Die Verfügbarkeit preiswerter Maschinentechnik und Open Source CAD-Software hat den Aufwand des Herstellens eigener mechanischer Schlüssel signifikant abgesenkt, die wir noch vor zehn Jahren als „sicher“ bezeichnet haben. Klassische Zylinderschlösser sind in der Vergangenheit bereits ausführlich analysiert worden, doch wie sieht die Situation bei anspruchsvolleren mechanischen Schließsystemen aus? Wir zeigen, wie man den Generalschlüssel einer hoch präzisen, hochpreisigen Schließanlage ermittelt. Weiterhin präsentieren wir unseren Workflow der Software und Mechanik, mit dem man Rohlinge und Schlüssel eines Hochsicherheitssystem mit einer „Low Cost“ CNC-Fräse herstellen kann. Im Gegensatz zum 3D-Drucken bietet uns dies eine deutlich höhere Präzision und mechanische Stabilität - und das für unter 2 Euro pro Schlüssel.

Die Verfügbarkeit preiswerter Maschinentechnik und Open Source CAD-Software hat den Aufwand des Herstellens eigener mechanischer Schlüssel signifikant abgesenkt, die wir noch vor zehn Jahren als „sicher“ bezeichnet haben. Beispielsweise sind CAD-Daten von TSA-Schlüsseln veröffentlicht und mit 3D-Druckern nachgedruckt worden; auf dem 32C3 wurden Tools zur automatisierten Erstellung von Schlüsselrohlingen gezeigt. Klassische Zylinderschlösser sind in der Vergangenheit bereits ausführlich analysiert worden, ebenso die Decodierung einer Schließanlage bis zum 3D-Drucken von geschützten Schlüsselrohlingen anhand eines einfachen Fotos. Doch wie kann dieses Wissen adaptiert und erweitert werden, um es auch bei anspruchsvolleren Systemen anwenden zu können? Wir zeigen, wie man den Generalschlüssel einer komplexen Schließanlage bestimmt. Als Beispiele dienen EVVA 3KS und KESO. Wir erklären, wie man Schlüssel und Schlösser als Informationsquelle nutzt. Weiterhin präsentieren wir unseren Workflow der Software und Mechanik, mit dem man Rohlinge und Schlüssel eines Hochsicherheitssystem mit einer „Low Cost“ CNC-Fräse herstellen kann. Im Gegensatz zum 3D-Drucken bietet uns dies eine deutlich höhere Präzision und mechanische Stabilität - und das für unter 2 Euro pro Schlüssel. Als Beispiel zeigen wir, wie man diese Technik an einer mitgebrachten Schließanlage einsetzt.

Wie würdigen verschiedene Tech-Communities das ehrenamtliche Engagement ihrer Mitglieder? Wie lassen sich gewünschte Lernprozesse verstärken? Was sind unsere Erfahrungen bei Jugend hackt? Und was haben Badges damit zu tun?

Wir wollen verschiedene Möglichkeiten von Anerkennung ehrenamtlicher Arbeit beleuchten und unsere eigenen Erfahrungen mit Jugend hackt, einer vier Jahre jungen Tech-Community von Jugendlichen und deren MentorInnen, teilen. Das Ziel des Talks ist, euch dabei zu helfen, Lernprozesse um Motivationsfaktoren in euren eigenen Tech-/FOSS-Communities besser zu unterstützen, verschiedenste Erfahrungen zusammenzutragen und existierende Ideen weiterzuentwickeln. Communities, insbesondere im FOSS-Bereich, können ohne ehrenamtliches Engagement kaum überleben. Doch die Anerkennung und Wertschätzung dieses Engagements kommt häufig zu kurz. Gleichzeitig kommen immer wieder Open-Source-Projekte, auf denen unsere technische und zivilgesellschaftliche Infrastruktur aufbaut, zum Erliegen. Doch was ist, wenn sich das Problem nicht mit Geld lösen lässt? Wir gehen in unserem Talk der These nach, dass Anerkennungskultur nicht nur durch vorrangig technische Lösungen (wie z. B. Geld oder auch meritokratische Herangehensweisen), sondern auch durch soziale Lösungen entsteht. Bei Jugend hackt haben wir seit vier Jahren die Möglichkeiten, verschiedenste Formen von Anerkennungskultur und Wertschätzung zu erproben. Wir möchten diese Erfahrungen mit euch teilen und mit Anerkennungsformen anderer Communities vergleichen und dabei Erfolgsfaktoren und Hinderungsgründe sichtbar machen. Außerdem werden wir folgende Fragen beantworten: Wie weit reicht intrinsische Motivation? Welche Würdigungen gibt es außer Geld? Wie funktioniert Lernen und gegenseitige Motivation in solchen Communities? Und was haben (Open) Badges damit zu tun?

Used in cell phone technology, bluetooth devices, and WiFi, Frequency Hopping Spread Spectrum (FHSS) is often said to have been invented in the early 1940s by none other than Hollywood actress and sex symbol Hedy Lamarr. This talk will present the undeniably entertaining history of a well-known actress moonlighting as a military inventor as well as give an overview of the 100-year-old history of frequency hopping and its past and present uses.

Imagine no WiFi, no cell phones, no bluetooth. (Everything’s better with bluetooth!) It is often said that we owe the convenience of all these modern technologies to Hollywood actress Hedy Lamarr and her invention of Frequency Hopping Spread Spectrum (FHSS) in the early 1940s. Do we? Born Hedwig Eva Maria Kiesler on November 9, 1914, the daughter of an affluent Viennese family became famous at age 18 for starring naked and faking the first onscreen orgasm in history in the Czech-Austrian film “Ekstase” – fame which led to a successful Hollywood career after Hedwig Kiesler emigrated to the USA and renamed herself Hedy Lamarr. “The most beautiful woman in the world”, as director Max Reinhardt called her, starred in more than two dozen Hollywood movies over the course of twenty years, all the while being bored by the intellectual limitations her job offered. On the subject of what it takes to be a Hollywood sex symbol, she is quoted to have said “Any girl can look glamorous. All you have to do is stand still and look stupid.” Lamarr had always been interested in science and technology and wanted to help the United States' war effort during World War II by doing more than just using her fame and physical beauty to sell war bonds and entertaining the troops at the Hollywood Canteen. In her spare time, she thought about torpedoes: powerful, yet hard to control weapons which might hit their targets more precisely when guided by radio signals. Lamarr knew that the problem with radio signals was that they could easily be jammed by the enemy – and with her co-inventor, pianist and composer George Antheil, she developed a “Secret Communication System” based on the idea of having radio signals hop around frequencies in a seemingly random pattern, making it thereby hard to impossible to interfere with them. A patent was granted to Lamarr and Antheil, but the United States Navy dismissed the technology, in part due to the fact that it had been proposed by an actress and a composer. Lamarr's idea of frequency hopping remained untouched until the 1960s, when the Navy first used it in a buoy signaling submarine locations to airplanes during the Cuban Missile Crisis. In the following decades, the military and private companies developed numerous technologies around the idea of frequency hopping, which is found in most digital devices communicating wirelessly today, be it via bluetooth, WiFi, or in cell phones. Hedy Lamarr's legacy, though, remained that of a beautiful Hollywood actress and sex symbol until recently. Only in 2014 were she and Antheil inducted into the National Inventors Hall of Fame. Admittedly, Lamarr was not the first person to think of frequency hopping as a method for making radio signals harder to intercept and jam: none other than Nikola Tesla was granted a U.S. patent in 1903 which does not use the words “frequency hopping”, but describes changing wireless frequencies to avoid interception of radio communication. During World War I, the German army used a primitive way of frequency hopping to stop the British listening in to their radio communication. It may be an overstatement, therefore, to say that without Hedy Lamarr there would be no bluetooth, no WiFi, no cell phones today. But she did invent a unique way of doing frequency hopping, and many recent patents in frequency hopping spread spectrum technology refer to the Lamarr-Antheil patent as the basis of the field. When it comes to Hedy Lamarr, although she resented not being credited for her scientific inventions for most of her life and instead being reduced to a beautiful face and body, she was after all a woman of her (sexist) time: during her later years, she desperately tried to save her looks through multiple plastic surgery, comically distorting her face to the point where she hardly left the house any more and could only be reached by phone. When, in 1997, her work was finally credited for the first time with the Electronic Frontier Foundation’s Pioneer Award, 82-year-old Hedy sent a recorded message: “In acknowledgement of your honoring me, I hope you feel good as well as I feel good about it, and it was not done in vain. Thank you.” Sources: Barton, Ruth. Hedy Lamarr: The most beautiful woman in film. Lexington, Ky.: University Press of Kentucky, 2010. Förster, Jochen, and Anthony Loder. Hedy Darling: das filmreife Leben der Hedy Lamarr. Hollenstedt: Ankerherz Verlag, 2012. Lamarr, Hedy. Ecstasy and me: my life as a woman. New York: Bartholomew House, 1967. Miessner, Benjamin Franklin. Radiodynamics: The wireless control of torpedoes and other mechanisms. London: Crosby, Lockwood & Son, 1917. Rhodes, Richard. Hedy's Folly: The Life and Breakthrough Inventions of Hedy Lamarr, the Most Beautiful Woman in the World. New York: Doubleday, 2011. Robbins, Trina. Hedy Lamarr and a secret communication system. Mankato, Minn.: Capstone Press, 2007. [graphic novel aimed at middle school students] Shearer, Stephen Michael. Beautiful: The life of Hedy Lamarr. New York: Thomas Dunne Books/St. Martin's Press, 2010. Simons, Marvin K., et. al. Spread Spectrum Communications Handbook. New York: McGraw-Hill, 2002.

Wer all unsere Daten der Gegenwart mit selbstlernenden Algorithmen auswertet, wird die nahe Zukunft grob vorhersagen können. Die Instrumente dafür sind so weit, viele seriöse Forscher arbeiten an Teilbruchstücken. Die Folgen für die Gesellschaft scheinen fatal zu sein. Orwell naht gewaltig.

Vorhersagen hatten lange einen zweifelhaften Ruf: von den antiken Orakeln mit ihrer eigenen Agenda bis zu den Meinungsumfragen der Gegenwart. Die Gesellschaft galt seriösen Forschern seit jeher als zu komplex, um die Zukunft seriös vorausberechnen zu können. Aber das ändert sich heute: Selbstlernende Algorithmen finden in den exponentiell wachsende Datenbergen immer mehr über uns alle heraus. Kollektives Verhalten vieler Menschen wird, im kleinen zeitlichen Rahmen, vorhersehbar. Die Facebook- und Twitterdaten vom arabischen Frühling waren ein ausgezeichneter Lerndatensatz. Dieser Vortrag beginnt mit den Zutaten, die für einen echten Weltsimulator nötig sind. Und er endet mit der Frage, was demokratische und weniger demokratische Machthaber damit anfangen könnten. Wenn sie derartige Instrumente nicht längst nutzen.

Since the early successes of moon missions in the Sixtie, mankind has moved on to the earth orbit and other deep space missions. But interest in the moon as a target has intensified recently as the strategies for future missions are evolving.

Early digital computers were the size of rooms. While the devices have gotten smaller, because of the increasingly networked nature of technology the room has gotten bigger--it's ceased having walls and started to cover the ocean floor and ascend into low earth orbit. While Neal Stephenson may have cornered this living-inside-a-computer narrative in 1996 with "Mother Earth, Mother Board", in the past twenty years the seams of the network have become even more opaque, subsumed into The Cloud and other problematic abstractions. This talk will mostly be about different approaches to documenting, comprehending, and thinking about network infrastructure and the ways that the visual vernacular of technologies shape their history and politics.

Dieses Jahr feiert das Informationsfreiheitsgesetz (IFG) seinen zehnten Geburtstag – und niemand feiert mit. Zeit für eine Abrechnung. FOIA frei!

Zehn Jahre ist es her, seit das Informationsfreiheitsgesetz (IFG) in Kraft getreten ist und das erste Mal beim Congress vorgestellt wurde. In den USA wird der Freedom of Information Act (FOIA) dieses Jahr 50, in Schweden sogar 250 Jahre alt. Trotzdem ist das Gesetz auf Bundesebene in den letzten Jahren nicht besser geworden, sondern nur schlechter. Zeit für uns, die Verbesserung selbst in die Hand zu nehmen: Mit unserer Kampagne „FragDenBundestag“ haben wir dieses Jahr den Wissenschaftlichen Dienst des Bundestags gezwungen, tausende Gutachten herauszugeben. Auf wen richten wir das dazugehörige Kampagnen-Tool als nächstes? Außerdem haben wir neben einigen Klagen auch eine Verfassungsbeschwerde eingereicht. Wir zeigen, wie wir die Klage massentauglich machen wollen. FOIA frei!

Describing the science behind new high tech vegan foods which will replace animal agriculture. I will also discuss the potential impact to lessen the severity of climate change and give an update on the Real Vegan Cheese biohacker project.

Climate change is the most pressing issues ever faced by humans. While many people are aware of the need for renewable energy, electric vehicles and more efficient homes and manufacturing, fewer people are aware that animal agriculture is a major issue which must be addressed. In fact animal agriculture is one of the highest impact human activities, producing greenhouse gas emissions and environmental damage on par with worldwide transportation and industrial manufacturing. Rather than convincing people to give up animal products, some groups (academic, industrial and biohackers) are using science to produce near-identical, or in some cases identical, replacements for these products. Replacing animal products will greatly reduce the environmental impact of our diets, without making people give up the food they desire. I will discuss various approaches including plant protein databases used for engineering realistic animal product replacement, production of proteins in genetically modified microorganisms, and culturing of animal cells without the growing of a whole animal. The science behind these approaches, potential impact, and progress by various players in these fields will be presented. Finally I give a progress update on the Real Vegan Cheese project, which is run out of biohacker spaces in the SF bay area and aims to produce real cheese from engineered yeast.

The long term survival of the human species requires that we become an interplanetary species. But we must answer two big questions: where are we going, and how do we get there? We explore what scientists know (and don’t know) about humanity’s potential future homes both inside and outside the solar system, and then we’ll dive into the technological challenges of (and potential solutions for) getting humans to and colonizing a new planet.

Long the realm of science fiction, interplanetary colonization is now taken more and more seriously by scientists and space agencies alike as technologies come within reach. We will evaluate obstacles and solutions by looking at two topics: Where to go? and How to get there? Part 1 explores the options that humans have in expanding to new planets. There are now 3,439 exoplanets in 2,569 planetary systems confirmed. We’ll discuss how astronomers find planets, and how they learn about the conditions there. How do we pick a colonization target based on the data we can gather when there is no way of sending probes there and getting information back in reasonable time like we do in our solar system? Part 2 gives an overview of technologies currently available to get humans to other planets, and what that means in terms of humanity’s expansion. We'll also talk about the technology advancements necessary for truly interstellar colonization.

At 32C3 we shot lasers into space... now it's lasers in space! We look at space- and airborne laser platforms and what practical uses people have come up with (hint: mostly more or less secret communication and military use). We'll also recap the basic physics and boundaries and check if 'pew pew pew' is really gonna cut it (hint: mostly no). To close, we'll have a look at laser based propulsion for space travel and other speculative applications off the beaten path.

Today lasers are routinely flown on space and airborne platforms for scientific, military and telecommunication applications. While they make nice special effects in action and sci-fi movies, there are physical boundaries that guide the use of lasers in space and in surface to air/space scenarios. 'SDI' might not be straight forward, but intercepting airborne vehicles or laser based communication to submerged submarines is no longer science fiction. But can we use it for space travel? Lets see.

Talk presents findings from sociological investigation on hacking collectives. I will try to answer the question whether hacking collectives are laboratories, as seen by sociology of science. I will also show some peculiar traits of hacking collective, beneficial both for sciences and societies. Perhaps academia needs hackers more than it’s willing to admit?

Someone said: “Give me the laboratory and I will raise the world!” and sociologists of science are still easier found in laboratories than in libraries. Laboratories discover or co-create almost every part of modern lives: starting from material issues, through health, energy and computers. First part of the talk will review some findings from studies of laboratories conducted by sociologists. We will see how certain elements of hacking ethos could be reprised in CERN or energy lab. I will also show some findings about well recognized effects in science, which are also valid in the open-source communities. Perhaps actual details of science resembles hacking more than hackers suspect? Second part will focus on comparisons between knowledge about laboratories and results from my study of hacking communities. I will try to compare hacking and scientific roles of fact, error and humour. We will see how sociology uses term “black box” and how social history of sexual diseases might help us to untangle some discussions in IT security. Third part wil briefly focus on the possible futures of formal laboratories, hacking collectives and other social institutions. I will discuss how ethical stances on hacking knowledge might rescue academic knowledge from itself.I will show how hacking collectives fit into some frameworks shaping near future of science. How hackers are necessary in coming data revolution? Why do we need instabilities?

Joan Heemskerk and Dirk Paesmans, collectively known as JODI, are rightfully venerated for their countless contributions to art and technology, working as an artistic duo since the mid-90’s.

Generally referred to as pioneers of “net.art,” that oft-misunderstood “movement” combining the efforts of artists using the internet as a medium circa 1994, JODI is revered not only for their artistic meditations on the increasing presence of new technology in our daily lives, but also for their fuck-if-I-care attitude toward both the establishments of the technology and art worlds. JODI’s famous five-word “acceptance” speech—if you could call it that—for their 1999 Webby Award in art, simply read, “Ugly commercial sons of bitches.”

For the past three years we studied the world’s largest 3D printing community “Thingiverse”. We explored the remix-relationships—accessible due the community’s use of open licenses—of more than 200.000 individual designs, tracked an entire week’s new designs for half a year, interviewed more than 80 creators and surveyed over 200 more. This allowed us to develop a deep understanding of the creative processes that take place on the platform. In this talk we would like to present our findings. This is of interest to people who care about 3D printing as we can give sort of a behind the scenes view on how ideas come to life here. But it is also interesting to people that care about creativity in general. As what we have found has merit outside of 3D printing, too. In this talk we would like to cover the following: (1) Introduce our research setting and explain why it is useful to study this, (2) provide a consolidated overview on our most interesting findings, and (3) give real life examples for how these findings are transferable to other settings. We have presented primary results of the studies at various academic conferences and have a comprehensive paper on the project currently under revision at the Journal of Information Technology (see attached file). We are a group of three university professors and a Ph.D. student. We work on the intersection of information systems, innovation management, product development, and creativity. We believe that many of the people we studied either attend 33C3 or watch talks online and we therefore think that our results would be of interest to this community. Further, we feel that a well structured talk is better and more entertaining than mailing around our academic journal publications to those who are interested. And lastly, we are eager to receive feedback from a more hands-on audience (than what we deal with at academic conferences). It would be especially useful for us to hear of new developments, discuss ideas for follow-up research projects, and get access to creators that would like to work with us in the future.

When we think about creativity we imagine some lone genius that has an incredible insight. Oftentimes, this understanding goes hand in hand with some form of divine intervention: someone is “blessed”, or literally “touched by the Gods”. When we look at academic research that deals with creativity we see a fundamentally different picture. Creative insights are no divine interventions, they are almost always recombinations of known building blocks, they are what is now often called “remixes”. For a long time scholars have tried to make these remixes visible. However, this turned out to be pretty complicated. Creatives either do not want to name their sources of inspiration (for instance due to copyright infringements) or they do not exactly recall what inspired them. For the last three years we looked at creators from the realm of 3D printing. On the world’s largest platform for 3D printable designs (Thingiverse) creators are allowed to remix existing designs but in turn have to indicate which designs they used. This open licensing allowed us to study remix relationships across the entire platform. We explored the remix-relationships—accessible due to their use of open licenses—of more than 200.000 individual designs, tracked an entire week’s new designs for half a year, interviewed more than 80 creators and surveyed over 200 more. On the foundation of these empirical observations, we studied the creative processes in regards to four dimensions: (i) the role of remixes in creative communities, (ii) the different patterns of remixing processes, (iii) the surrounding features that facilitate remixes, and (iv) the characteristics of the remixing users. What we found has merit outside of 3D printing as the creative behaviors that we were able to study are transferable to other settings. In this talk we would like to provide an entertaining overview on our finding, provide examples from 3D printing and contrast them to other creative behaviors. We have attached a working paper that is currently under revision at the Journal of Information Technology. This paper will provide more detail on what we did methodologically. It also entails a couple of figures that illustrate both research setting and findings well. Our research is exploratory in nature. That means we did not start with a clear set of hypotheses like many research projects do. Such a form of research is typical if you want to understand more about an under-researched phenomenon. In our case we wanted to find out how remixing in a digital setting works, and how important it is for creative communities. After studying the setting we conclude our research with five propositions. These are basically guidelines that sum up our findings. These five are: (P1) Remixes pose a major source of innovation in open online communities besides the emergence of isolated designs. (P2) Remixes occur in the form of several different, clearly distinguishable evolutionary paths including convergent and divergent patterns. (P3) The co-existence of different design categories allows for cross-category remixes, which are asymmetric with categories tending to either donate or absorb ideas. (P4) The effectiveness of remixing in online platforms and their attractiveness to different user groups is influenced by a variety of platform features for browsing and processing its contents. (P5) To foster innovation in online communities, platforms need to address the needs and interests of different user groups, each characterized by distinct preferences regarding platform features. Overall we were struck by how important remixing is for the creative process we see in the 3D printing community. And we hope that our research will on the one hand provide more creatives with and understanding how others come to solutions and on the other hand ignite a discussion on the importance of remixing for creative processes in general. More research on this is needed and also platforms need to address this aspect of creativity better.

As a soft roboticist I am constantly searching for inspiration for novel soft actuators, and as a home cook and artist I consider eating an object to be a high-level form of interactivity. Having noted the similarities between cast silicone and gummi candies it was natural to combine these interests. I will share my experiments in assessing different candies for their engineering potential, and show my work-in-progress for sweet soft robots.

As a soft roboticist I am constantly searching for inspiration for novel soft actuators, and as a home cook and artist I consider eating an object to be a high-level form of interactivity. Having noted the similarities between cast silicone and gummi candies it was natural to combine these interests. Part of this analysis is developing testing metrics for candy recipes for performance characteristics, and looking to an ever-increasing set of candy-making techniques to potentially use to design and iterate/innovate. I will share my experiments in assessing different candies for their engineering potential, and show my work-in-progress for sweet soft robots. I will also share a few ideas for future design plans.

A physically unclonable function, or PUF, is some physical structure with properties that are easy to verify, hard to predict, and practically impossible to clone. Ideally, this means it's a device-unique unchanging identifier, which can be used for improving security. However, it can be at odds with privacy and anonymity. This talk will give you an overview of the thirty years of history behind PUFs, and will include the most recent advances in research. The functions, structure, and design will be discussed, as well as devices and materials that have properties to base PUFs on.

What do CPU registers, sticks of RAM, shared memory in GPUs, and paper have in common? They all have unique properties that are impossible[1] to reproduce, even when using the same manufacturing process. These properties can be turned into physically unclonable functions, or PUFs for short, yielding an object-bound unique identifier. This makes you trackable, but since you're being tracked anyway, you might as well put some of this to good use. The idea of PUFs is not new, and can be traced back several decades to anti-counterfeiting measures in currency. Since then, several formalizations have been proposed, new types of PUFs have been invented, implemented, attacked, and scrutinized. PUFs can be used to identify and authenticate devices. They can be used to secure your boot process. Some PUF constructions can be used to enhance your random number generation. You might be using devices right now that have properties that can be turned into PUFs, provided you have the tools and want to do some programming. This talk will take you on a brief tour of the history of PUFs. Along the way, it will show you how a PUF is constructed, what its properties should be, what it can be used for, what materials and devices are known to be suitable for building one, and how you might go about searching for them in your own devices. [1] For certain definitions of impossible.

Imagine, there is this huge data center but your user privileges allow you to access only 5% of the data. That is the exact same situation physicists face when trying to study the cosmos. 95% of our universe is made out of something that cannot be seen or touched. We generally call this unknown substance "dark matter" / "dark energy". The recent discovery of gravitational waves gives us a handle on the dark cosmos. We can now listen to invisible events in our universe. But there may also be other methods to shed light on the dark side.

There is (much) more than meets the eye: 95% of everything there is in the universe does not interact with normal matter. It is completely transparent. Does not emit light. Reflects no light waves. Can be neither seen nor touched. The only reason we know it exists is the fact that this unknown substance curves spacetime: it interacts gravitationally. Hence gravitational wave astronomy can target the entire universe while conventional telescopes are fundamentally limited to only 5% of the cosmos. After the initial direct detection of gravitational waves by the Laser Interferometer Gravitational-Wave Observatory (LIGO) last year, many more observatories on ground and in space are under construction that will create a wideband gravitational wave detector network. We will be able to listen to stars falling into black holes, colliding galaxies, maybe even artificial sources of gravitational waves, and will find as yet completely unknown objects in the universe. But gravitational waves are not the only handle we have on the dark side of the cosmos. Many other research teams aim to directly detect dark matter. The Any Light Particle Search (ALPS) even tries to artificially generate dark matter particles in a controlled laboratory environment. It is under construction at the German Electron Synchrotron (DESY) in Hamburg, Germany. First results are expected as early as 2019. This lecture will give you a brief and fun introduction to cosmology and Einstein's general relativity. We will explore different known sources of gravitational waves and their associated frequency range. You will understand how LIGO detected the first gravitational wave signature. Join us to learn about upcoming earthbound observatories and space missions like the Laser Interferometer Space Antenna (LISA). Finally we will turn to detectors that could detect dark matter directly and explore the need for dark matter generators.

In *The 12 Networking Truths* Swedish artist Jonas Lund will discuss how he has attempted to subvert the contemporary art world system by using different types of exploits to gain an upper hand against the competition. From designing an algorithm for art production to data mining art world personalities, the artist will describe how he has incorporated a classic programming mindset in an otherwise logic-free environment. The 12 Networking Truths refers to RFC 1925 - The Twelve Networking Truths, a memo posted on the 1st of April 1996, positioned as revealing the fundamental truths underlying all network protocol designs. The truths include statements such as ‘It Has To Work.’ and ‘Good, Fast, Cheap: Pick any two (you can’t have all three).’. This memo will be the underlying story line throughout the talk, as each truths has a corresponding position within the artist’s artistic practice.

ome of the works that will be addressed and talked about in this talk: The Fear Of Missing Out http://jonaslund.biz/works/the-fear-of-missing-out/ Showroom MAMA presents The Fear Of Missing Out, the latest exhibition by Swedish artist Jonas Lund (SE, 1984). The title derives from a social network induced anxiety condition. One brought on by trying to keep up with a rapidly moving world. A fear of constantly being one-step behind, in the wrong place, and missing out on the most exciting events. The Fear Of Missing Out proposes that it is possible to be one step ahead of the art world by using well-crafted algorithms and computational logic. The works in the show are the result of a computer algorithm written by Lund. By analysing and categorizing a wide range of artworks, by the most successful contemporary artists, a set of instructions were generated explaining, step by step, how to make the most successful works of art. The artist then simply made the work following the instructions. In The Fear of Missing Out, important categories from the art world such as authenticity, artistry, talent, and creativity are questioned. The title also refers to the urge to be a part of a transparent information society made up of an overarching digital network. Flip City http://jonaslund.biz/works/flip-city/ Steve Turner Contemporary is pleased to present Flip City, a solo exhibition by Amsterdam-based artist Jonas Lund, who will present a group of paintings that are inspired by the current appetite for process-based abstraction; the related trend of collectors/investors buying such works to flip them quickly for a profit; and the central role that Los Angeles has played in both realms. For Flip City, Lund will create forty digital paintings, of which a selection will be on view during the run of the exhibition and the others will be presented at art fairs in Europe, Latin America and the United States during the next twelve months. Each work has elements sampled from paintings by other emerging artists, yet Lund’s works are so thoroughly remixed that only a very astute observer might see familiar passages. Lund will install a GPS tracking device on the stretcher bar of each painting so that he can track its movements and approximate whereabouts. He will also maintain a website with this information in the years to come. STRINGS ATTACHED http://jonaslund.biz/works/strings-attached/ Steve Turner is pleased to present Strings Attached, a solo exhibition by Amsterdam-based artist Jonas Lund which will feature 24 text-based paintings that relate to the current “bubble moment” in contemporary art. Each work uses text that restricts the transfer of ownership in some way, such as “This painting may never be sold at auction” or “This painting must be resold by March 21, 2017.” Lund uses fabric wallpaper as backgrounds for the works, and their messages have been painted by a sign painter according to Lund’s directions. As a group, the 24 paintings encompass contradictory efforts made by gallerists who both want to fuel market momentum for their artists while trying to shield them from the damaging effects of quick-profit speculation.

This talk presents the idea that ethics as logic that can be programmed into machines doesn’t seem to work; perhaps, ethics is something else. This talk is about what that something else may be – power. (This talk is not about the Trolley Problem! But it will mention why it shouldn’t apply to the driverless car.)

No one is quite sure what ethics in big data really means, so it’s important that we have conversations about what is it and is not. Ethics is thought of as something that can be programmed into machines because our notions of ethics are often based on logical reasoning. (What if ethics were about natural language processing?) Based on ongoing research about the development of artifical intelligence in the driverless car, this talk describes how „ethics“ is being deployed to shape the idea of accountability in the context of the law and insurance; it is presented as a problem to be solved by software; it is an imagined space of „cybernetic success“; and it is a proxy vocabulary for the relationship between humans and machines working together. This talk is about how the emergence of this new technology is reshaping what ethics means in a data society.

Astronomers struggle to accurately measure distances in the vastness of the known universe. Get an insight into the sophisticated techniques and dirty tricks of today's astrophysics and cosmology. No physics background required, featuring lots of pretty space pictures.

On Earth, distances are commonly given in meters and kilometers, and can be measured comfortably with measuring sticks, odometers or optical instruments. But how does that work in space, where machines take years to arrive at other bodies, and distant stars are utterly out of reach? From precise calculations to daring guesstimates, many different techniques and approaches are combined to form what's called the "cosmic distance ladder", giving more or less reasonable estimates of the distances between planets, stars and galaxies. Climb the distance ladder and get to know our place in Space from kilometers to Astronomical Units and light years, all the way to gigaparsecs and the reaches of the known universe.

Join with your derpy bot to fight your nemesis! Push it off the table or knock the enemy over. No weapons. No advanced controllers. No tears. Don't take it serious.

Hebocon is a robot sumo-wrestling competition for those who are not technically gifted. It is a competition where crappy robots that can just barely move gather and somehow manage to engage in odd, awkward battles. This kind of robot battles was invented to enable people to participate without much knowledge and financial resources. Robots should be built to be able to move (sometimes they don't), must be lighter than 1kg and smaller than 50x50 cm. The battlefield will be 100x50 cm. Don't use weapons, advanced self build controls or autonomous mechanisms. Winners will be determined by knockout, points and audience.

Zcash is the third iteration of an extension to the Bitcoin protocol that provides true untraceability, i.e. fully anonymous transactions. It is arguably the first serious attempt to establish this extension, in the form of its own blockchain, beyond the form of an academic proposal. The talk provides an introduction to the magic that makes it work.

Despite everything, the Bitcoin cryptocurrency has not imploded or destroyed itself; it might be here to stay after all. That would presently include, however, its biggest flaw: The utter lack of anonymity. In fact, the famed Bitcoin blockchain is the world's most robust, transparent, and public financial accounting system ever. The above means that Bitcoin's potential widespread adoption is nothing short of a privacy horror scenario straight out of Orwell. Every toilet paper purchase publicly recorded, verified, stamped, and approved. This should not be news to anyone. In 2013, a few reputable cryptographers came up with some mathematical magic that would, if integrated into Bitcoin, enable anonymous transactions. This proposal has been described in an academic paper under the name Zerocoin and a year later improved in another paper under the name Zerocash. The plan had then shifted to establishing the system as an anonymous altcoin rather than to push for integration into Bitcoin itself. Zcash is the name of a company formed by the authors of Zerocash to develop and launch this altcoin; launch occured as planned on 28 October 2016. This talk will introduce the audience to the mathematical and technical background of Zcash, and report on the state of the currency two months after its launch. A degree in mathematics is not required. Note: The presenter is not affiliated with the Zcash company.

Mitch Altman (born December 22, 1956) is a San Francisco-based hacker and inventor, best known for inventing TV-B-Gone, as featured speaker at hacker conferences, as international expert on the hackerspace movement, and for teaching introductory electronics workshops. He is also Chief Scientist and CEO of Cornfield Electronics.

Internet censorship today is widespread, both by governments and by private entities. Much of the discussion so far has focused on political and social effects of this censorship. However, censorship also has a clear effect on the economic structure of society that has not been explored.

When censorship increases the cost of information, it also increases the cost of doing business as a whole. At the same time, however, censorship can also serve as protectionism. How large and pervasive the impact on an economic system is, is difficult to gauge. Even more so, getting reliable information about censorship and its economic effects is a real challenge. This talk seeking to establish a link between censorship and economic performance and is based on my PhD project in Economics at the University of Duisburg-Essen. Censorship is “the control of the information and ideas circulated within a society”. Governments have tried to control information for as long as they have existed, but new technologies have changed censorship significantly. Internet censorship today is widespread. Governments and companies differ in both the extent of their censorship and the technical implementation. I conceptualize censorship as falling on a continuum between the theoretical ideal state of “no censorship”, most closely approximated by Iceland (Freedom on the Net 2014) and pervasive censorship and isolation, like in North Korea. In the series of papers I am currently writing as part of my PhD in Economics, I focus on both theoretical arguments on the possible costs (and benefits?) of censorship for economies, and try to construct a reliable estimate. Having a background in China was a main motivation for this project, as censorship is so wide-spread there. The US has recently dubbed “The Great Firewall” protectionism, but did not further elucidate what is meant by this. The economic effects of internet censorship have not been studied comprehensively yet. However, with our move towards an information society, and the rise of an “internet industry”, censorship is clearly becoming more important. We see censorship shaping entire industries in countries like China, where the government outsourced some of its censorship activities to select firms. Even beyond extreme examples of censorship like China, the impact on economic activities in a society seems self-evident. In this talk, I touch on the theoreotical model I am developing, and try to estimate the economic effects of censorship. In doing so, I also try to understand which forms of censorship are most costly for an economy. I believe that societies currently loose a lot of economic welfare through censorship, in addition to the social and political costs that have been focused on previously. In addition, I focus on the difficulties in obtaining data for such a politically-sensitive topic.

With recent development in capture technology, preserving one's’ daily experiences and one's’ knowledge becomes richer and more comprehensive. Furthermore, new recording technologies beyond simple audio/video recordings become available: 360° videos, tactile recorders and even odor recorders are becoming available. . The new recording technology and the massive amounts of data require new means for selecting, displaying and sharing experiences.

Sharing experiences and knowledge have always been essential for human development. They enable skill transfers and empathy. Over history, mankind developed from oral traditions to cultures of writing. With the ongoing digital revolution, the hurdles to share knowledge and experiences vanish. Already today it is, for example, technically feasible to take and store 24/7 video recordings of one's’ life. While this example creates massive collections of data, it makes it even more challenging to share experiences and knowledge with others in meaningful ways. A recurring theme in science fiction literature is the download of the abilities of another human to one's mind. Although current cognitive science and neuroscience strongly suggest that this is impossible, as our minds are embodied; we believe that skill transfer and effective learning will accelerate tremendously given recent technological trends; just to name a few of the enabling technologies, human augmentation using virtual/augmented reality, new sensing modalities (e.g. affective computing) and actuation (e.g. haptics), advances in immersive storytelling (increasing empathy, immersion, communication) etc. The talk starts with sensing and actuation technology, giving an overview about them and discussing how they can be used. I’m discussing several novel upcoming sensing modalities for VR and AR, first of all eye movement analysis for interaction and activity recognition, introducing the pupil eye tracker (open source eye tracker from pupil labs), affective wear (one of our research to track facial expressions on affordable smart glasses) to J!NS MEME (EOG glasses that can detect how much you are reading and how attentive you are). In the next part of the talk I go into details about actuation.Here I especially discuss haptics. From the TECHTILE Toolkit (a rapid prototyping haptic toolkit from two of my colleagues Kouta Minamizawa and Masashi Nakatani) to the REZ Infinite Haptic Suit. In the end, I give an outlook on projects that push the limits for experience sharing and skill transfer: the Swiss Cybathlon and the Japanese Super Human Sports Society. I’m a researcher in the wearable computing, AR and VR field organizing a Dagstuhl Seminar on a similar topic, I’m also a founding member of the Japanese Super Human Sports Society.

The High Priests of the Digital Age Are Working Behind Your Back to Make You Confess, and Repent.

Just as 18th century priests enforced total surveillance measures on masturbators, the new priests of the digital age are listening to your confessions and forcing you into puritanical repentance. Who doesn’t have a relative, a friend, a colleague, who broke up because of an iMessage showing up on the wrong device, fooled by the iCloud, by a suspicious Facebook like, or a Pokemon caught in the wrong neighborhood? I want to make the claim that a new system of surveillance, organized by the new priests of our digital age, are slyly acting behind our back to make us conform to a new form of puritan morality. At the beginning of the 18th century, masturbation suddenly became a topic of intense reflection. In the Enlightenment Encyclopedia it is described as the new disease of a wounded conscience and a heinous sin. Surprisingly, the Christian Church was not responsible. It had, until then, never regarded masturbation as anything other than a marginal problem for adult men (and especially monks). The people responsible for making masturbation a sin were economists, who worried about the consequences of masturbation for productivity in an economy that depended on the endless desire for more. The condemnation of masturbation spread, and in no time, doctors were making scientific claims to prove the dangers of masturbation, while priests made it their new obsession. In the confessional, the sinners had to avow everything, not only their reprehensible actions, but their reprehensible dreams, the languorous images that crossed their consciousness, the birth of desire in their troubled mind. The priests demanded to know it all, the most inner thoughts of the masturbators. The sinner was meant to keep his own mind under surveillance. Today, we believe that we have overcome this obscure period. Masturbation is widely accepted as a healthy sexual practice. But most importantly, our liberal democracies strongly posit that public ethics should remain neutral regarding sexuality, and that each one of us is free to have the sexuality that we prefer, enjoy, and that no institution is authorized to morally judge us for our sexual activities. Yet, I want to make the claim that a new system of surveillance, organized by the new priests of our digital age, are slyly acting behind our back to make us conform to a new form of puritan morality. Just as the 18th century priests did in their Churches, the high priests of the digital age listen to our confessions, record them, and eventually make us repent. Who doesn’t have a relative, a friend, a colleague, who broke up because of an iMessage showing up on the wrong device, fooled by the iCloud, by a suspicious Facebook like, or a Pokemon caught in the wrong neighborhood? The economic interests of having us behave morally are numerous: the best customer is predictable, and who is more predictable than an obedient child, or a pious wife or husband? From the pithy history of masturbation to real life break-ups, I will demonstrate the dark connections between digital surveillance, neoliberal economics and morality. I am a researcher at Columbia University and Sciences Po Paris in political philosophy. I am an expert of the Snowden case and digital surveillance. This will be my first talk on masturbation.

Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick!

To get involved and learn more about what is happening please visit the Lightning Talks Wikipage.

The genome – the final frontier – or just a complex mess of letters? Somewhere in there, our eye or skin color is hidden. But also, diseases can be diagnosed or predicted by analyzing the genome. More and more research is committed to finding clues for diseases in our genes. The opportunity is clear: If I know about a disease I might get ahead of time, I could possibly intervene before it starts. Yet: How accurate are these predictions and how meaningful are they? And more importantly: What happens to my genetic data once it has been decoded?

Genetic data is quite valuable, but not just for researchers, but also for health insurances, other insurers, law enforcement and employers. However, that genomic data can always be re-identified, since it is a unique pattern. Therefore, genomic data needs to be secured. In my talk, I would like to point out the possibilities which have arisen by whole genome sequencing, that is the complete decoding and analysis of one person’s genome. This milestone of biological research is important for medical advances such as personalized medicine. But it is also subject to commercialization. For ever more decreasing prices, one person can easily sequence their own genome and get access to information on heritage and possible risks of genetic diseases. This means that private companies are accumulating massive amounts of whole genome data. Additionally, third parties could send in probes of other people, which they can get quite easily. But how do we interpret the data? Even though people tend to believe that the genome holds many answers to diseases and risks, this has been a misconception. For most diseases, the environment, lifestyle and maybe even just bad luck play a much more important role. Still, many researchers are trying to analyze more and more genomes, especially in cancer research. Genetic predispositions for cancer are usually quite small probabilities, so a large sample size is needed to get reliable results. The limitless demand for more data is problematic on its own; however, getting informed consent from donors is also a problem. Once sequenced, one whole genome sequence can be about 150GB in size, which causes problems for transmitting and analyzing it. Today, genomes are shared via cloud or, interestingly, on hard drives via post. But international exchange of data also means that different legal and data security standards are mixed. Whole Genome Sequencing provides us with opportunities for medical and biological science, but with challenges in ethics and privacy.

From geo-magnetic tracking for smartphones to facial recognition for email marketing, from physical shopping cart fingerprinting to computer vision algorithms that use your clothing as metadata, this talk will explore the emerging landscape of hyper-competitive retail surveillance. Instead of dramatizing these technologies which can lead to calcification and normalization, the aim of this talk is to energize discourse around building creative solutions to counter, adapt to, or rethink emerging surveillance technologies.

Retail surveillance technologies are often overshadowed by more threatening government surveillance technologies, but retail surveillance presents a different kind of threat. It forms the foundation for bottom-up surveillance of personal data that would otherwise be too difficult for a government surveillance program to collect. Data including your most personal photos, messages, and movements are routinely collected and sold by commercial services. Retail surveillance also poses risks for data breaches and leaks and enables new forms of psychological and behavioral monitoring that aim to influence and control the behaviors of "consumers".

The biggest concern today, said Phil Zimmerman (2015), is not software backdoors, but the petabytes of information being hoarded by the likes of Google and Facebook. Silent Circle co-founder Mike Janke has also voiced concern over this type of surveillance and data collection warning that "the data companies of the world have more data on you than GCHQ does, absolutely."

This talk will survey current and emerging trends and technologies used in retail surveillance with the goal of enabling others to create a more informed retail-surveillance threat model, countersurveillance workarounds, and knowledge for protest/democratic participation.

Ziel des Vortrages ist es, einen Überblick über die neuen aus der Datenschutzgrundverordnung entstehenden Rechte von Betroffenen (also Du mein*e junge*r Jedi) zu geben und dabei aufzuzeigen, an welchen Stellen Musik für uns drin sein kann.

Die Ausgangslage ist: Im Mai 2018 wird die Datenschutzgrundverordnung in Kraft treten und bis zu diesem Zeitpunkt sind entsprechende Umsetzungen in Institutionen und Firmen zu implementieren. Die DSGVO bringt für uns alle einige neue bzw. erweiterte Rechte gegenüber Institutionen/Organisationen mit, welche es aktiv zu nutzen gilt. Unter der These, daß es durch die signifikante Erhöhung von Straf-/Bußgeldsanktionen bei Datenschutzverstößen zu einer Erhöhung der „Datenschutz-Compliance-Bereitschaft“ in Firmen kommen wird, ergeben sich spannende Möglichkeiten für Aktivisten auf dem Spielfeld, mit dem Schwert der Transparenz positiv auf das Bruttosozial-Datenschutzniveau einzuwirken, indem Druck durch Erhöhung des Penalty-Risikos aufgebaut wird. Die DSGVO soll die in die Jahre gekommene Datenschutzrichtlinie 95/46/EG nicht nur ersetzen, sondern endlich für die lange angestrebte Vollharmonisierung sorgen. Hierzu setzt sie unmittelbar für alle Mitgliedsstaaten anwendbares Recht. Am 14. April 2016 ist die von Kommission, Rat und Parlament erarbeitete Kompromissfassung der bisherigen Entwurfstexte verabschiedet worden. Zu den wesentlichen Neuerungen gehören demnach umfassende Transparenzpflichten, das Recht auf Vergessenwerden, das Recht auf Datenportabilität, eine Niederlegung der Grundsätze von Datenschutz „by design“ und „by default“ sowie ein ausgesprochen drastisches Sanktionsregime. Betroffenenrechte sind Ansprüche und Gestaltungsmöglichkeiten, die den Berechtigten aufgrund ihrer Betroffeneneigenschaft zukommen und einen hinreichend konkreten, idealerweise vollstreckungsfähigen Inhalt besitzen. Die beabsichtigte Stärkung der Betroffenenrechte erschöpft sich nicht allein in der Formulierung neu erdachter Einzelansprüche, sondern verleiht ihnen auch insgesamt mehr Gewicht. Die anhand des Bundesdatenschutzgesetzes entwickelte und in der Lehre bewährte Systematisierung nach fünf Zielrichtungen gilt unterdessen fort: Permissionsrechte gestatten Datenverarbeitungen, die an sich ausgeschlossen wären; Interventionsrechte vermögen bestimmte Datenverarbeitungen zu verhindern; Informationsrechte vermitteln ein Bild darüber, was mit den Daten geschieht; Petitionsrechte verbriefen Beschwerdemöglichkeiten und Kompensationsrechte gewähren Schadensersatz bzw. Entschädigung. Die neuen Vorschriften haben unmittelbaren Einfluss auf die Datenschutzorganisation. Nach ErwGr Nr. 59 und dem darauf aufbauenden Art. 12 DSGVO gilt es, Modalitäten festzulegen, die es einer betroffenen Person ermöglichen, die ihr zustehenden Rechte wahrzunehmen, darunter insbesondere auch Mechanismen, die dafür sorgen, dass sie unentgeltlich den Zugang zu Daten, deren Berichtigung bzw. Löschung beantragen oder von ihrem Widerspruchsrecht Gebrauch machen kann. Anträge sollen spätestens innerhalb eines Monats beantwortet werden, Ablehnungen sind zu begründen. Diese Pflichten sind unsere Chancen. ;) Im Vortrag wird auf die unten im angehangenen PNG aufgeführten 5 Zielrichtungen und die enthaltenen Unterelemente erläutert und Ideen für ähnliche Systeme wie FragDenStaat oder Selbstauskunft.net dargestellt. Das strategische Ziel ist es, das Sanktionspotential für Firmen und Institutionen zu erhöhen und durch gesteigertes Risikobewusstsein Bewegung für Budgets freizusetzen und damit das Brutto-Datenschutzniveau gesamteuropäisch zu verbessern. Aufbau des Vortrags: a) Intro: Datenschutz, warum machen wir das? b) Erfahrungswerte aus/mit größeren Firmen c) Mainpart: Was ändert sich für Betroffene in der EU DSGVO? d) Call to Action: Angebote für niederschwellig nutzbare Rechte, Ausübungssystem für Betroffene (FragDenStaat-ähnlich)

Cities are emerging as a space for local action and local change but also as dangerous spaces where social engineering, exclusion by design and privatised policing take place rapidly, without adequate frames to catch up and assure fundamental rights. Is the city the answer to a new digital ecosystem, with effective mechanisms to enforce it, in the local government powers?

Sophisticated surveillance systems are approved by, funded by and deployed by local authorities, Cities are emerging as the spaces where everything is controlled by invisible technology, almost imperceptible in daily life. Those surveillance cameras now visible on street corners are replaced by systems of constant monitoring integrated in the landscape. Cities of sensors collecting our data all day long, where each movement is registered and stored, where decisions are automated and dehumanised. Monetised to optimise consumption, predict behaviour. Control people and the local and micro local level. But cities are also the spaces where a different form of politics is emerging, from Rome to Barcelona, from Madrid to Paris, citizens are taking back the domestic infrastructure. Is there the answer for digital sovereignty? Today, cities of sensors collecting our data all day long, where each movement is registered and stored, where decisions are automated and dehumanised. Monetised to optimise consumption, predict behaviour. Control people. The benefits of not knowing who decides and why, stand to be gained by the same conglomerate who bets on this vision. A few companies developing software, hardware and capacities in countries that can be counted on one hand. A market of US$8 billion, which is expected to grow tenfold by the year 2020. Although discourses keep feeding the imaginary, descriptions of cameras detecting pickpockets, this is something radically different. Matrices that combine lots of data in real-time. This vision for the city of the future, promoted by a small group of technology conglomerates, is one where quality of life is directly proportional to the predictability and homogeneity of its inhabitants, clashing with the struggle for diversity and diverse behaviors. To achieve this vision, much more is sacrificed than privacy. We pawn off our security to those in the sealed-off control room. It is to sacrifice the purest form of democracy we have, our right to protest freely and anonymously in the town square. The talk will explore how local surveillance systems are rapidly expanding across Latin America and Asia. Much earlier and faster than the regulatory frameworks for adequate protection of privacy and personal data. Without democratic mechanisms, community or neighbourhood consultations to determine their necessity or appropriateness. The talk will also look into the public policy and budgetary implications of the surveillance city, when contracts that are signed tie the hands of more than one public institution, borrowing from future municipal budgets, with a coordinated marketing and data machinery that does not offer solid evidence to prove effectiveness. Public authorities assure us that cameras, scenario modelling and mass surveillance will eliminate the problem of insecurity, advancing these over other public policies meant to attack extreme poverty and inequality of access to basic services, as well as the recovery of public space. The studies that vouch for the effectiveness of surveillance as a crime reduction measure are incomplete; they do not take local internal and external factors into account, and cannot be applied to different contexts. The talk will also look into current efforts to reverse the smart city model into a humane city and how the local power could be the formula to challenge the surveillance space and take back our fundamental rights.

How does a pluralist society – a society built to accommodate our irreconcilable differences – make a choice about the technological future of mankind? How can a liberal state dedicated to upholding individual liberty interfere in technological progress, and why should it?

Do we really want to leave our technological futures in the hands of the major AI researchers – Google, Facebook, and the US Defense Department? I argue that our political system is designed not to deal with the questions raised by the transhumanist movement, and that without a major overhaul of political liberalism, technological progress will escape democratic oversight. For the first time in history we have the ability to choose what it means to be human, and yet our liberal pluralist societies preclude substantive debate about our collective future. Modern liberal states are based upon the assumption that there is no single best way to live, and that for the state to endorse a substantive vision of the good life is to open the door to totalitarianism. On matters of personal conviction – human nature, our place in the cosmos, and our ultimate goals – liberal states want us to agree to disagree. However, we cannot simply agree to disagree about transhumanism because our individual choices will affect the entire species. If you decide to upload your brain onto a computer and abandon your biological body, you are choosing what is essential to humanity: you are defining human nature. If, on the other hand, the government bans technological enhancement, it is also imposing a vision of humanity. Thus, only once liberalism abandons the pretense of neutrality can we start imagining alternative technological futures and debating the underlying vision of the good life that will orient our choice. I’m a political theory researcher at Sciences Po, and this talk draws on modern political theories of liberalism, the latest transhumanist literature, and ancient Greek theories of the good life.

2016 drehte der Anti-Terror-Kampf in der EU auf. Nicht nur im Rahmen der Anti-Terror-Richtlinie wurde über neue Wege diskutiert, wie man das Netz verstärkt unter Kontrolle bringen kann.

Im Forum Internet treffen sich seit einem Jahr EU-Vertreter mit Vertretern der großen US-Plattformen, um über freiwillige Kooperationen zu verhandeln. Damit soll der Rechtsstaat umgangen und die Terrorbekämpfung ohne notwendige demokratische Kontrolle teilweise privatisiert werden. Die Vorgehensweise ist dabei aus der Urheberrechtsdurchsetzung und gescheiterten Handelsabkommen wie ACTA bekannt. Und mit der Hate-Speech-Debatte haben Regierungsvertreter zugleich das richtige Erpressungswerkzeug, um die Plattformen zur Kooperation zu bewegen: Wenn sie nicht mitmachen, haften sie einfach. Der Vortrag möchte über die aktuellen Entwicklungen aufklären und die Parallelen zwischen Anti-Terror-Kampf, Urheberrechtsdurchsetzung und Hate-Speech-Debatte berichten.

The ‚Investigative Powers Bill‘ is about to become law in the UK. Its provisions, from looking up Internet connection records without a warrant to forcing communication service providers to assist with interception and decryption of data, have caused an outcry in the Western world. But how and why did British politics get here? And, most importantly of all: How could we fight back?

Roughly a year ago then home secretary Theresa May presented the ‚Investigative Powers Bill‘ or the so-called Snooper’s Charter. Law enforcement and intelligence agencies will enjoy new powers like bulk hacking while having reinforced their existing rights of mass surveillance. At the same time, a proper form of oversight is all but missing. Other countries such as China have even defended their own terrorism bills pointing at this very piece of legislation. Amid loud privacy and civil right concerns, the Bill has already passed the House of Commons where only 5 % of casted votes opposed it. But, does this reflect the will of the electorate? Is this the lesson from the Snowden revelations that we are going to see more not less infringements on civil rights? The talk will also answer the question how the bill’s provisions compare to other initiatives like the new BND law in Germany or the Patriot Act in the USA.

Der Vortrag stellt die in Deutschland zulässigen Überwachungsmaßnahmen des Internetverkehrs aus rechtlicher und operativer Sicht dar und versucht, die sich aus den Erkenntnissen des NSA-Untersuchungsausschusses ergebenden Fragen auf die gelebte Praxis anzuwenden.

Der Vortrag beleuchtet die Hintergründe der Klage des DE-CIX gegen die heute verwendeten G10-Anordnungen und die sich durch das neue Gesetz zur Ausland-Ausland-Fernmeldeaufklärung ergebenden Änderungen zur Überwachung im Inland. Die Probleme des Grundrechtsschutzes in einem „Bulk Collection“-Umfeld werden ebenso erörtert wie die technischen Möglichkeiten einer Filterung und des sich hieraus ergebenden Zahlen- und Mengengerüsts zur Überwachung.

Over the last two years secure boot support for virtual machines was added to qemu, kvm (linux kernel) and ovmf (edk2/tianocore). This talk covers the implementation details and the issues we had to deal with along the way.

Well, to be exact ovmf (open virtual machine firmware, part of tianocore) has support for the secure boot interfaces for a long time already. But it used to not provide any actual security, the guest os could easily tamper with the secure boot variable storage by simply writing to the (virtual) firmware flash. This is no longer the case now. Making secure boot actually secure was a bigger effort than we initially expected and it required changes in three software projects: kvm got smm emulation support. qemu got smm emulation support, and the q35 chipset emulation needed some fixes and improvements too. ovmf makes use of the smm lockbox now as tamper-resitant storage for secure boot variables (and some other bits).

The 8-bit Game Boy was sold between 1989 and 2003, but its architecture more closely resembles machines from the early 1980s, like the Commodore 64 or the NES. This talk attempts to communicate "everything about the Game Boy" to the listener, including its internals and quirks, as well as the tricks that have been used by games and modern demos, reviving once more the spirit of times when programmers counted clock cycles and hardware limitations were seen as a challenge.

The Nintendo Game Boy was an 8-bit handheld gaming console that competed with the SEGA Game Gear and the Atari Lynx. Compared to its competition, it had very little RAM (8 KB) and no color support (4 shades of gray at 160x144). It was succeeded by the Game Boy Color, which fixed this main shortcoming, but shared the same architecture. During the 14 year life span of the 8 bit Game Boy platform, game programmers kept understanding the hardware better and better, and continued finding new tricks for better graphics effects, such as sprite multiplexing, parallax and palette effects. This talk explains all the hardware details of the Game Boy: The programming model of the 8080/Z80-like LR35902 CPU, the system's sound, timer and I/O functionality, and programming details as well as common tricks involving the graphics processor ("PPU"), which was specifically designed for LCD output. The listener will get a good understanding of 8 bit programming and creative programming on extremely limited hardware, as well as common tricks that can be generalized to other systems.

NOC, POC, VOC and QOC show interesting facts and figures as an excuse to present all the mischief they’ve been up to this year.

Was hat sich im letzten Jahr im Bereich IT-Sicherheit getan? Welche neuen Entwicklungen haben sich ergeben? Welche neuen Buzzwords und Trends waren zu sehen?

Wie immer wagen wir den IT-Security-Alptraum-Ausblick auf das Jahr 2017 und darüber hinaus. Denn was wir wirklich wissen wollen, ist ja schließlich: Was kriecht, krabbelt und fliegt in Zukunft auf uns zu und in unseren digitalen Implants herum? Im Zuge von noch mehr Transparenz, Kritik & Selbstkritik und kontinuierlicher nachhaltiger Optimierung aller Prozesse werden wir außerdem frühere Voraussagen hinsichtlich des Eintreffens unserer Weissagungen prüfen.

In the last years, technology-savvy artists and technologists have taken over the art world with works addressing current societal and political issues. Their works are located at the intersection between art, technology and activism and are dealing with a variety of problems like free speech, freedom of movement, military and governmental power, corporate and governmental surveillance to name just a few. This talk will present relevant works in this field and will draw connections between critical art and regulatory power, warfare, surveillance, electronic waste, electronic self-defense and the re-appropriation of architectural and technological artifacts in militant ways.

In the first part of this presentation, I will talk about critical technological art in general and its connections to (defensive) architecture, electronic and physical warfare and international power relations, with a special focus on surveillance, borders, and international contracts. In the latter part I am going to exemplify these concepts by showing important works in their fields, like artistic counter-survellance installations, passive reconnaissance walks through metropolitan cities, forensic analysis of HDDs discarded as electronic waste and so on. I will also show some of my personal works in this field, ranging from passive radio antenna stations towards universal modems to transform existing conductive architecture into a computer network. As a hybrid between computer scientist and media artist, I am creating works at the intersection of engineering, sculpture and formal aesthetics, which investigate power relations between citizens and technology, and often also the relations between citizens and the state. In my latest works, I am pondering how technology can be capable of re-democratizing public space, and how the issues surrounding the creation of private spaces through technological means can be artistically addressed. As a computer scientist, I have worked in high-tech environments and published scientific articles in the fields of artificial intelligence and digital culture.