jetlib.sec » Tags » chaos-communication-camp

Authors: Javier Real
Tags: social engineering
Event: Chaos Communication Camp 2003
Abstract: The workshop gives a introduction into social engineering including hands-on examples and practical training.

Tags:  workshop engineering training javier-real chaos-communication-camp engineering-workshop practical-training  

Authors: Tim Pritlove
Tags: social
Event: Chaos Communication Camp 2003

Tags:  video event opening tim-pritlove chaos-communication-camp  

Tags: social
Event: Chaos Communication Camp 2003
Abstract: we are working on a project dealing with the "technologies of political control". It is a mixed media installation for public space, combining elements of interactive media art, mobile architecture and environmental theatre. we are planning to communicate information on latest high end police technology, which mostly is in a state of research and development right now. the core subject of it is crowd control technology like microwave guns, electrorifles, sticky foam, toxic aerosol projectors, flash-bang bombs and as well e.g. gentically modified ethnically selective gas and visual + sonic holograms. the bigger part of the information is coming from an NGO called Omega Foundation which are consultatnts of the EU Stoa programme, being responsible to assess scientific and technological options in Europe regarding their relation towards human rights. we are in fact planning to use and demonstrate such technology in visitor-friendly testbeds. we are kind of pinching those hardware elements or (re)write software which makes it feasible for the audience to experience the effects of those so called "non-lethal weapons". the creative process will be "bricolage", squatting areas which normally are the domain of top secret research and production facilities --- and convert it for subversive use. we are planning to build an "intelligent room" stuck with sensors, soundsystems, light and so on. a second layer will be that we work with actors that mingle with the audience and spread information in a more or less "paranoic" way, like "agents provocateurs".

Tags:  chaos-communication-camp interactive-media-art microwave-guns  

Authors: Carsten Grohmann Tom Vogt
Tags: Linux
Event: Chaos Communication Camp 2003
Abstract: SELinux is a modification of the Linux kernel and some userspace tools that adds Mandatory Access Controls and Role-Based Access Controls to the Linux system. We will be holding a 3-part SELinux introduction. This will consist of: a) Short overview and background for basic understanding b) Installation (participants should bring their own systems, they can be reinstalled from scratch or updated) c) Workshop to get the installed system up and running, installing additional software, reconfiguring the security policy, etc. We expect the whole session to fit into a 120 minute slot, though the workshop might extend beyond that, if interest is high. We will also try to bring an SELinux "play machine" where interested people can take a look at a running system and try to take it apart.

Tags:  selinux system linux tom-vogt carsten-grohmann chaos-communication-camp linux-kernel  

Authors: Rene Schickbauer
Tags: technology
Event: Chaos Communication Camp 2003
Abstract: This is supposed to be a (funny) aproach for hackers to understand non-hackers. You know, according to Arthur C. Clarke, any sufficiently advanced technology, is, for those who don't understand it, indistingiushable from magic. If people are interested and weather permits, i'd like to do raise a discussion out in the sun after the lecture. There are not yet any documents, but i estimate the length of the lecture to be about 40 minutes.

Tags:  technology magic lecture art-of rene-schickbauer arthur-c.-clarke chaos-communication-camp arthur-c-clarke aproach  

Authors: Paul Wouters
Tags: spam
Event: Chaos Communication Camp 2003

Tags:  video spam anatomy paul-wouters chaos-communication-camp wouters  

Authors: Davide Del Vecchio
Tags: honeypot
Event: Chaos Communication Camp 2003

Tags:  honey video pots del-vecchio chaos-communication-camp honey-pots  

Authors: Markus Beckedahl Ralf Bendrath
Tags: social
Event: Chaos Communication Camp 2003
Abstract: The World Summit on the Information Society (WSIS) is the latest in a long series of world summits organized by the United Nations that deal with central questions of humanity like the environment, women‚s rights, development, climate change, etc. At the WSIS, information and communication are on the agenda for the first time. The world summit is supposed to develop a common understanding of the information society. In Germany, a WSIS working group initiated by the Network New Media has been meeting continuously since summer 2002. The group has debated the themes of the WSIS, developed civil society positions and planned own interventions. Since January 2003, three open meetings of this working group with members of other non-governmental organizations, alternative media and scientific institutions have been held in Berlin. The working group was expanded and officially established as the "German Civil Society Coordinating Group for WSIS". Delegates of the group have attended important European and world-wide preparatory conferences. They monitor the developments and try to influence the agenda in favor of civil society demands. Single members of the working group are engaged in the sub-committees and caucuses of the international Civil Society Plenary Coordination Group. For the worldwide preparatory meeting in Paris in July, the group sent Georg Greve, President of the Free Software Foundation, Europe, as a civil society delegate into the German governmental delegation. Other members of the group are involved in the counter and alternative summit activities that are currently being planned by media and computer activists, such as the Polymedia lab or the World Forum on Communication Rights. In this panel at the ccc-camp we want to talk about and discuss the topics of the WSIS. What is going on globally and which positions do the different Players like governments, civil society and business have? What are the positions, campains and activities of the global civil society? What is happening especially in Germany? How can civil society use the attention while the WSIS is going on to transport alternative topics like freedoms of information, free software and human rights in the information society?

Tags:  wsis group society markus-beckedahl ralf-bendrath georg-greve germany europe paris berlin chaos-communication-camp  

Authors: Markus Beckedahl Ralf Bendrath
Tags: social
Event: Chaos Communication Camp 2003
Abstract: The World Summit on the Information Society (WSIS) is the latest in a long series of world summits organized by the United Nations that deal with central questions of humanity like the environment, women‚s rights, development, climate change, etc. At the WSIS, information and communication are on the agenda for the first time. The world summit is supposed to develop a common understanding of the information society. In Germany, a WSIS working group initiated by the Network New Media has been meeting continuously since summer 2002. The group has debated the themes of the WSIS, developed civil society positions and planned own interventions. Since January 2003, three open meetings of this working group with members of other non-governmental organizations, alternative media and scientific institutions have been held in Berlin. The working group was expanded and officially established as the "German Civil Society Coordinating Group for WSIS". Delegates of the group have attended important European and world-wide preparatory conferences. They monitor the developments and try to influence the agenda in favor of civil society demands. Single members of the working group are engaged in the sub-committees and caucuses of the international Civil Society Plenary Coordination Group. For the worldwide preparatory meeting in Paris in July, the group sent Georg Greve, President of the Free Software Foundation, Europe, as a civil society delegate into the German governmental delegation. Other members of the group are involved in the counter and alternative summit activities that are currently being planned by media and computer activists, such as the Polymedia lab or the World Forum on Communication Rights. In this panel at the ccc-camp we want to talk about and discuss the topics of the WSIS. What is going on globally and which positions do the different Players like governments, civil society and business have? What are the positions, campains and activities of the global civil society? What is happening especially in Germany? How can civil society use the attention while the WSIS is going on to transport alternative topics like freedoms of information, free software and human rights in the information society?

Tags:  wsis group society markus-beckedahl ralf-bendrath georg-greve germany europe paris berlin chaos-communication-camp  

Authors: Elisa Jasinska Maxim Salomon Niels Bakker
Tags: network
Event: Chaos Communication Camp 2007
Abstract: An introduction into the structure and design of the camp network - featuring a description of hardware setup and focusing on the Backbone Network infrastructure and Wireless LAN. Building a high-demand outdoor network in less than one week is a job that requires sufficient planning in advance. It starts with organizing hardware that is capable to serve the usage profile of about 2342 power-users and ends in asking providers to contribute in upstream connectivity. This talk will give you an outline of what the NOC people do - beginning month before Camp doors open. The Camp network concept is based on the experiences of the last Congresses. So this talk will show you why network is the way it is. Focus of this talk is network from access layer to the backbone and our Wireless LAN. It intends to give network administrators a brief overview of our approach to meet all requirements.

Tags:  talk network Hardware lan elisa-jasinska maxim-salomon-niels-bakker camp-network chaos-communication-camp backbone-network video-camp  

Authors: Elisa Jasinska Maxim Salomon Niels Bakker
Tags: network
Event: Chaos Communication Camp 2007
Abstract: An introduction into the structure and design of the camp network - featuring a description of hardware setup and focusing on the Backbone Network infrastructure and Wireless LAN. Building a high-demand outdoor network in less than one week is a job that requires sufficient planning in advance. It starts with organizing hardware that is capable to serve the usage profile of about 2342 power-users and ends in asking providers to contribute in upstream connectivity. This talk will give you an outline of what the NOC people do - beginning month before Camp doors open. The Camp network concept is based on the experiences of the last Congresses. So this talk will show you why network is the way it is. Focus of this talk is network from access layer to the backbone and our Wireless LAN. It intends to give network administrators a brief overview of our approach to meet all requirements.

Tags:  talk network Hardware lan elisa-jasinska maxim-salomon-niels-bakker camp-network chaos-communication-camp backbone-network usage-profile  

Tags: culture
Event: Chaos Communication Camp 2007

Tags:  video event tags camp-closing chaos-communication-camp video-camp culture-event  

Authors: Paul Böhm
Tags: social
Event: Chaos Communication Camp 2007
Abstract: Great things rarely happen just because of good people or great ideas. For something interesting to happen opportunity, vision, and the ability to execute must come together. Why are there so few European ICT startups? If you've been following EU Reports on Innovation, you can see how bad the situation is already. In the words of the former Finnish Prime Minister, Mr. Esko Aho, in what is the Europan Union's prime document outlining a strategy for creating an innovative Europe: "Europe and its citizens should realize that their way of life is under threat[...] This society, averse to risk and reluctant to change, is in itself alarming but it is also unsustainable in the face of rising competition from other parts of the world." This talk explores Europe's seeming inability to innovate in ICT, looks for explanations from the perspective of founders, and tries to offer solutions to Europe's Innovation Dilemma.

Tags:  video ict innovation paul-bhm europe chaos-communication-camp europan-union europe-europe  

Tags: brain NLP
Event: Chaos Communication Camp 2007

Tags:  brain nlp tags chaos-communication-camp hack  

Tags: brain NLP
Event: Chaos Communication Camp 2007

Tags:  slides brain tags chaos-communication-camp  

Tags: brain NLP
Event: Chaos Communication Camp 2007

Tags:  brain nlp tags chaos-communication-camp hack  

Tags: engineering
Event: Chaos Communication Camp 2007
Abstract: John von Neumann is considered one of the greatest and most influential mathematicians of the 20th century, one of the men who invented computers. This audio feature captures his life in a live spoken-word visual performance. Dr. John von Neumann, a witty, plump Hungarian, was a brilliant mathematician, a computer pioneer, and the founder of game theory whom nobody hesitated to call a genius. He was known as great fun at parties, once drank fifteen vodka martinis in a single evening as a kind of experiment. But he also brought the first computers to Los Alamos, and his machines were promptly put to work on calculations of implosion. Von Neumann made important contributions to the development of the atomic and hydrogen bomb, calculated that implosion was indeed feasible. The legendary scientist became a consultant, served on the Atomic Energy Commission from 1954 to his death 1957.

Tags:  video proof implosion john-von-neumann dr.-john-von-neumann von-neumann chaos-communication-camp dr-john-von-neumann  

Authors: Sven Moritz Hallberg
Tags: cryptography
Event: Chaos Communication Camp 2007
Abstract: This talk will describe how a team of Swedish cryptanalysts broke the electromechanical cryptographic teleprinter "Siemens & Halske T52" which was used by the Germans during World War II for "important" traffic. It contained a stream cipher implementation much more sophisticated than the substitution engine of the well-known Enigma. The talk will focus on reconstructing how the Swedes, specifically the key figure of Arne Beurling, could have gotten the ideas for breaking the cipher -- a process about which next to no historical accounts exist. The machine called Enigma, widely famous for being used by German armies during World War II to secretly (or so they hoped) communicate among troops, was a field device. It was portable, simple to operate, as well as relatively cheap to produce, containing neither electrical motors nor any coding/decoding assembly. It was, however, not the only crypto device employed by the Germans. The Siemens & Halske T52 (in its several variants), commonly referred to as the Geheim- or G-Schreiber (German for "secretly-writer"), was a teleprinter with integrated encryption/decryption facility. It was cryptographically superior to the Enigma and, by its nature, much more sophisticated in terms of its electro-mechanical engineering. Due to the latter, it was also much bulkier, weighing no less than 100kg, excluding the transport case. Therefore it was used as a stationary unit, primarily by the German air force, navy, and for diplomatic purposes. In total, about 600 units were in operation. From April 1940, Swedish authorities gained access to large quantities of T52-encrypted telegraph traffic. With Norway just invaded and significant parts of Finland already surrendered to Russia, the Swedes were obviously interested in the plaintexts and, having been quite successful at breaking Russian and French crypto already, promptly tried their luck in deciphering the German messages. The initial successfull cryptanalysis was done in only a matter of weeks by a scientist named Arne Beurling with next to no knowledge but the mere basics of teleprinter technology and a bunch of ciphertext intercepts. Unfortunately he refused to talk about the details of how he actually broke the cipher. This talk will try to reconstruct a possible sequence of ideas that could have led to the eventual breaking of the code. Thus it tries to shed some light on the "magical" work of a cryptanalyst.

Tags:  talk teleprinter crypto arne-beurling sven-moritz-hallberg norway russia finland chaos-communication-camp german-air-force siemens-halske  

Authors: Sven Moritz Hallberg
Tags: cryptography
Event: Chaos Communication Camp 2007
Abstract: This talk will describe how a team of Swedish cryptanalysts broke the electromechanical cryptographic teleprinter "Siemens & Halske T52" which was used by the Germans during World War II for "important" traffic. It contained a stream cipher implementation much more sophisticated than the substitution engine of the well-known Enigma. The talk will focus on reconstructing how the Swedes, specifically the key figure of Arne Beurling, could have gotten the ideas for breaking the cipher -- a process about which next to no historical accounts exist. The machine called Enigma, widely famous for being used by German armies during World War II to secretly (or so they hoped) communicate among troops, was a field device. It was portable, simple to operate, as well as relatively cheap to produce, containing neither electrical motors nor any coding/decoding assembly. It was, however, not the only crypto device employed by the Germans. The Siemens & Halske T52 (in its several variants), commonly referred to as the Geheim- or G-Schreiber (German for "secretly-writer"), was a teleprinter with integrated encryption/decryption facility. It was cryptographically superior to the Enigma and, by its nature, much more sophisticated in terms of its electro-mechanical engineering. Due to the latter, it was also much bulkier, weighing no less than 100kg, excluding the transport case. Therefore it was used as a stationary unit, primarily by the German air force, navy, and for diplomatic purposes. In total, about 600 units were in operation. From April 1940, Swedish authorities gained access to large quantities of T52-encrypted telegraph traffic. With Norway just invaded and significant parts of Finland already surrendered to Russia, the Swedes were obviously interested in the plaintexts and, having been quite successful at breaking Russian and French crypto already, promptly tried their luck in deciphering the German messages. The initial successfull cryptanalysis was done in only a matter of weeks by a scientist named Arne Beurling with next to no knowledge but the mere basics of teleprinter technology and a bunch of ciphertext intercepts. Unfortunately he refused to talk about the details of how he actually broke the cipher. This talk will try to reconstruct a possible sequence of ideas that could have led to the eventual breaking of the code. Thus it tries to shed some light on the "magical" work of a cryptanalyst.

Tags:  talk teleprinter crypto arne-beurling sven-moritz-hallberg norway russia finland chaos-communication-camp german-air-force siemens-halske  

Authors: Sven Moritz Hallberg
Tags: cryptography
Event: Chaos Communication Camp 2007
Abstract: This talk will describe how a team of Swedish cryptanalysts broke the electromechanical cryptographic teleprinter "Siemens & Halske T52" which was used by the Germans during World War II for "important" traffic. It contained a stream cipher implementation much more sophisticated than the substitution engine of the well-known Enigma. The talk will focus on reconstructing how the Swedes, specifically the key figure of Arne Beurling, could have gotten the ideas for breaking the cipher -- a process about which next to no historical accounts exist. The machine called Enigma, widely famous for being used by German armies during World War II to secretly (or so they hoped) communicate among troops, was a field device. It was portable, simple to operate, as well as relatively cheap to produce, containing neither electrical motors nor any coding/decoding assembly. It was, however, not the only crypto device employed by the Germans. The Siemens & Halske T52 (in its several variants), commonly referred to as the Geheim- or G-Schreiber (German for "secretly-writer"), was a teleprinter with integrated encryption/decryption facility. It was cryptographically superior to the Enigma and, by its nature, much more sophisticated in terms of its electro-mechanical engineering. Due to the latter, it was also much bulkier, weighing no less than 100kg, excluding the transport case. Therefore it was used as a stationary unit, primarily by the German air force, navy, and for diplomatic purposes. In total, about 600 units were in operation. From April 1940, Swedish authorities gained access to large quantities of T52-encrypted telegraph traffic. With Norway just invaded and significant parts of Finland already surrendered to Russia, the Swedes were obviously interested in the plaintexts and, having been quite successful at breaking Russian and French crypto already, promptly tried their luck in deciphering the German messages. The initial successfull cryptanalysis was done in only a matter of weeks by a scientist named Arne Beurling with next to no knowledge but the mere basics of teleprinter technology and a bunch of ciphertext intercepts. Unfortunately he refused to talk about the details of how he actually broke the cipher. This talk will try to reconstruct a possible sequence of ideas that could have led to the eventual breaking of the code. Thus it tries to shed some light on the "magical" work of a cryptanalyst.

Tags:  talk teleprinter crypto arne-beurling sven-moritz-hallberg norway russia finland chaos-communication-camp german-air-force siemens-halske  

Authors: David Gustin
Tags: hardware hacking
Event: Chaos Communication Camp 2007
Abstract: How to build your own lab in your basement for engineering and reverse-engineering on a budget. Demystifying modern System On a Chip (SOC) Micro-Controllers for early hardware prototyping and software development. Practical reverse engineering; using your verification tools to reverse engineer and modify systems without source code. A presentation on getting started with embedded engineering. There is a lot to be said about the work area required for embedded engineering, what tools you will need and how to use them to accomplish useful tasks. An overview of hardware and software necessary to develop or reverse engineer embedded devices. As you will learn in this talk the tools are the same for both tasks. When you begin an embedded project of your own, what chips do you want to use? How do you go about prototyping your hardware? What methods should be considered before designing the system. Is your task better suited to multiple microcontrollers? Once you start writing code, how do you test it? Will your method of loading a binary into your final hardware differ? Do you need to write a bootloader? All these questions need to have answers to tackle an embedded project, we will be showing a variety of methods to solve these common questions. When reverse engineering a device, you need to figure out how it was put together. You need to get into the designer's head and figure out what methods were used to create the device. As you begin to answer these questions you can slowly unravel the device's secrets. We will show some techniques for reverse engineering embedded electronics and firmware and present a plethora of resources to start you off on your own journeys into this field.

Tags:  engineering Hardware Software chip david-gustin-tags chaos-communication-camp david-gustin hardware-prototyping  

Tags: social
Event: Chaos Communication Camp 2007
Abstract: Following hurricane Katrina, hundreds of thousands of people were hit with one of the worst disasters in US history; the mismanagement and neglect of the government, better known in New Orleans as the FEDERAL FLOOD. While the major media and the government itself carry out an information blackout about the details of this ongoing disaster, some bloggers and podcasters have taken matters into their own hands, reporting the news, exposing the corruption, and using the internet to speak directly to the outside world. This presentation is about my first hand experience, and their ongoing struggle.

Tags:  flood federal communication katrina new-orleans chaos-communication-camp hurricane-katrina federal-flood  

Authors: Julian Finn Petra Buhr
Tags: privacy
Event: Chaos Communication Camp 2007
Abstract: The WIPO Broadcasting treaty in its original form is a threat not only to the rights of creative people around the world but to the core understanding of the internet. The Broadcasting Treaty within the WIPO originally intended to prohibit so-called "signal piracy". Instead it proposed a whole new form of copyright as an envelope around the existing forms. Together with a very light definition of "Webcasting" this could possibly change the way people work and publish on the internet. Currently civil society organizations from all over the world are joining large telecommunications corporations in a joint struggle against this treaty. A talk not only about a very bad treaty but also about successful lobbying on an international level.

Tags:  treaty broadcasting wipo julian-finn-petra-buhr chaos-communication-camp petra-buhr telecommunications-corporations  

Authors: Erik Tews
Tags: WiFi
Event: Chaos Communication Camp 2007
Abstract: WEP is the currently most used protocol for securing 802.11 networks, also called wireless lans or wlans. Recently, a new attack on WEP, the PTW attack, was discovered, which allows an attacker to recover the secret key in less than 60 seconds in some cases. WEP is the currently most used protocol for securing 802.11 networks, also called wireless lans or wlans. Recently, a new attack on WEP, the PTW attack, was discovered, which allows an attacker to recover the secret key in less than 60 seconds in some cases. We will explain how this attack works and how it can be appied to a real network. Furthermore, a passive version of the PTW attack has now been implemented, which allows an attacker to attack a network without the risk of beeing detected by an wireless IDS system. Additionally, we will present some other intresting attacks currently available in the aircrack-ng toolsuite. This includes the wesside-tool, which does wep-cracking fully automatically, and the easside-tool, which allows real-time-decryption of WEP-traffic without the secret key.

Tags:  wep attack ptw erik-tews chaos-communication-camp wireless-lans secret-key  

Authors: Erik Tews
Tags: WiFi
Event: Chaos Communication Camp 2007
Abstract: WEP is the currently most used protocol for securing 802.11 networks, also called wireless lans or wlans. Recently, a new attack on WEP, the PTW attack, was discovered, which allows an attacker to recover the secret key in less than 60 seconds in some cases. WEP is the currently most used protocol for securing 802.11 networks, also called wireless lans or wlans. Recently, a new attack on WEP, the PTW attack, was discovered, which allows an attacker to recover the secret key in less than 60 seconds in some cases. We will explain how this attack works and how it can be appied to a real network. Furthermore, a passive version of the PTW attack has now been implemented, which allows an attacker to attack a network without the risk of beeing detected by an wireless IDS system. Additionally, we will present some other intresting attacks currently available in the aircrack-ng toolsuite. This includes the wesside-tool, which does wep-cracking fully automatically, and the easside-tool, which allows real-time-decryption of WEP-traffic without the secret key.

Tags:  wep attack ptw erik-tews chaos-communication-camp wireless-lans secret-key  

Authors: Axel Neumann Elektra Wagenrad
Tags: network
Event: Chaos Communication Camp 2007
Abstract: B.A.T.M.A.N. is a new routing algorithm developed by the Freifunk community. It is a simple and robust algorithm for establishing multi-hop routes in mobile ad-hoc networks. It ensures highly adaptive and loop-free routing while causing only low processing and traffic cost. B.A.T.M.A.N BETTER APPROACH TO MOBILE AD-HOC NETWORKING B.A.T.M.A.N. is a new routing algorithm developed by the Freifunk community. It is a simple and robust algorithm for establishing multi-hop routes in mobile ad-hoc networks. It ensures highly adaptive and loop-free routing while causing only low processing and traffic cost. The described performance properties are not just assumptions based on theory or MANET simulations - the new algorithm has already been implemented for GNU/Linux and is now in use in Freifunk mesh networks in real life. We offer a performance optimised routing daemon for routing on Layer 3 of the OSI-model as well as a new daemon (batman-advanced) that routes on Layer 2. Check out the source code and documentation at http://open-mesh.net/batman . B.A.T.M.A.N. is a routing protocol that is proactive in the sense that it pro actively populates the routing table of each each mesh node without calculating topology graphs. It is hard to classify the algorithm - some people say 'it is clearly proactive', some think 'ah, yes this is a pheromone (ant-based) algorithm', others think it is a distance vector protocol. We recommend to watch our presentation and build your own opinion... B.A.T.M.A.N. is neither calculating nor searching routes unlike many famous proactive or reactive routing protocols. The algorithm is designed for wireless networks where the view of the topology is always fuzzy and constantly changing. Routing decisions are made based on the existence of information rather than on the content of information sent by other nodes in the mesh. Basically the algorithm is flooding the mesh with Originator messages (quite similar to Hello messages in other protocols) according to certain rules. The rules are designed for two objectives. Effectively controlling the originator-message propagation in the mesh and enabling loop-free route detection based on the reception of such originator messages from other nodes. Freifunk is using B.A.T.M.A.N. now on Layer 3 parallel to Freifunk-OLSR to compare the performance. The results are very good and the implementation has just passed testing under tough conditions. So we are ready now for large scale deployments. It is likely that B.A.T.M.A.N. will replace Freifunk-OLSR in the near future. We created with B.A.T.M.A.N. a serious competition to our last routing algorithm Freifunk-OLSR. The same community that improved OLSR RFC3626 to Freifunk-OLSR is now working on the ideas and the development of B.A.T.M.A.N.

Tags:  algorithm routing olsr elektra-wagenrad b.a.t.m.a.n b.a.t.m.a.n--better axel-neumann b.a.t.m.a.n. chaos-communication-camp mobile-ad-hoc-networks robust-algorithm  

Authors: Lisa Thalheim
Tags: vulnerability
Event: Chaos Communication Camp 2007
Abstract: This lecture wants to make the audience a bit more familiar with a species of bugs that is not yet as boring and overfished as your vanilla buffer overflow: concurrency issues. Bring your debugger and some rubber gloves, because when investigating these beasts, you will need them. Concurrency of operation can be found in most larger software systems; think multi-threading, think UNIX signals, think asynchronous I/O operations, to give just a few hints. However, since concurrency always adds complexity in non-obvious ways, there are all kinds of things that it can make go wrong. Usually, this boils down to the violation of assumptions the system's developers have made - and violated assumptions have always been a hacker's best friend. After a brief introduction to what concurrency issues actually are, this presentation will show how to approach finding and exploiting these issues in software systems and highlight some of the challenges the nosy hacker faces in doing so. The presented material will be supported by examples from real-world software.

Tags:  hacker concurrency Software lisa-thalheim chaos-communication-camp concurrency-issues unix-signals  

Authors: Lisa Thalheim
Tags: vulnerability
Event: Chaos Communication Camp 2007
Abstract: This lecture wants to make the audience a bit more familiar with a species of bugs that is not yet as boring and overfished as your vanilla buffer overflow: concurrency issues. Bring your debugger and some rubber gloves, because when investigating these beasts, you will need them. Concurrency of operation can be found in most larger software systems; think multi-threading, think UNIX signals, think asynchronous I/O operations, to give just a few hints. However, since concurrency always adds complexity in non-obvious ways, there are all kinds of things that it can make go wrong. Usually, this boils down to the violation of assumptions the system's developers have made - and violated assumptions have always been a hacker's best friend. After a brief introduction to what concurrency issues actually are, this presentation will show how to approach finding and exploiting these issues in software systems and highlight some of the challenges the nosy hacker faces in doing so. The presented material will be supported by examples from real-world software.

Tags:  hacker concurrency Software lisa-thalheim chaos-communication-camp concurrency-issues unix-signals  

Authors: Gadi Evron Gil Dabah
Tags: vulnerability incident response
Event: Chaos Communication Camp 2007
Abstract: ZERT, the Zeroday Emergency Response Team, hit the news in the past 2 years with third-party patches to 0day attacks such as VML and ANI. What's behind these vulnerabilities, and how were the patches constracted? In this lecture we will discuss the VML and ANI vulnerabilities in depth (assembly knowledge required), and the ZERT response mechanisms. We will then proceed and describe how the ZERT patches were built (whether to avoid collisions with the real patch when it comes out, or how generic patching in-memory was accomplished).

Tags:  vml zert response gil-dabah third-party ani chaos-communication-camp emergency-response-team zeroday-emergency-response-team  

Tags: culture
Event: Chaos Communication Camp 2007
Abstract: Taugshow is a tour-de-farce. A joyful bucket full of good clean fanaticism, crisis, language, culture, self-content, identity, utopia, mania and despair, condensed into the well known cultural technique of a prime time TV show. The flat hierarchies of talk shows are about as subversive as NYC Democrats smoking dope. But count us out! We won't produce a talk show. Nope. We produce a TAUGSHOW! Where people will be persons, even legal bodies. Which means: we dig it. Our guests are geeks, heretics, and other coevals.

Tags:  culture taugshow show chaos-communication-camp prime-time-tv tour-de-farce  

Authors: Marco Gercke
Tags: cybercrime
Event: Chaos Communication Camp 2007
Abstract: The need for new investigation instruments in the fight against Cybercrime is a topic that is currently discussed on an intensive level – not only in Germany and not only in Europe. One instrument that is in the focus of the law-makers is the online search. Listening to the promoters of such an instruments it is easy to get the impression that the online search is the key to an effective fight against cybercrime – but is it really? The presentation summaries the discussion, highlights potential difficulties and points out alternative solutions. From my point of view it could be interesting to combine the legal issues with a technical approach.

Tags:  cybercrime online search marco-gercke germany europe chaos-communication-camp presentation-summaries intensive-level  

Authors: Marco Gercke
Tags: cybercrime
Event: Chaos Communication Camp 2007
Abstract: The need for new investigation instruments in the fight against Cybercrime is a topic that is currently discussed on an intensive level – not only in Germany and not only in Europe. One instrument that is in the focus of the law-makers is the online search. Listening to the promoters of such an instruments it is easy to get the impression that the online search is the key to an effective fight against cybercrime – but is it really? The presentation summaries the discussion, highlights potential difficulties and points out alternative solutions. From my point of view it could be interesting to combine the legal issues with a technical approach.

Tags:  cybercrime online search marco-gercke germany europe chaos-communication-camp presentation-summaries intensive-level  

Authors: David Hulton Joshua Lackey
Tags: GSM
Event: Chaos Communication Camp 2007
Abstract: A lot of work has been done on coding together GSM support for GNU Radio and now the next question is how to get past the A5 over-the-air encryption. In this talk we will present the GNU Radio software we've thrown together which let you monitor unencrypted GSM traffic and will go over the various published attacks on A5. The primary goal of this talk is to present our findings on building a practical and feasible A5/1 cracker that can decrypt GSM communications in a reasonable amount of time. First, this presentation will present the code that has been developed for capturing GSM traffic and how you can use it on your GNU Radio hardware. Then we'll provide a brief overview of the GSM protocols, encryption, and the past attacks on GSM, and what you can really do once you're able to start sniffing GSM packets. The other half of the talk will focus on our A5/1 cracking project and on our current findings on attacking A5/1. Many different attacks on A5/1 have been published, but most of them haven't been extremely practical. For our purposes, the known-plaintext attacks weren't as appealing as the ciphertext-only attacks so we try to focus only on these attacks. Additionally, attacks that require more than a few months to pre-compute or a day or two to reverse a key take too long for our purposes and seem impractical. We would also like to ideally implement this attack fully passively, mostly for legal reasons, but it isn't required. Because of these requirements, we mostly focus on time-space tradeoff attacks since they can be pre-computed ahead of time and possibly using FPGAs. Some of the most promising attacks include implementing the ciphertext-only attack published by Barkan, Biham, and Keller and other variations that essentially build a rainbowtable for reversing parts of A5/1. We have also found that FPGAs have the potential of being able to brute force the A5/1 keyspace in a reasonable timeframe so we will also present on the feasibility and the amount of hardware required to brute force the keyspace in different scenarios. The hope is that this talk will present a technical perspective on current state of GSM security and fuel a discussion on what's to come. Now that anyone with a GNU Radio board is able to start checking out GSM traffic, what does that mean to us and our privacy? Is it possible that there are a whole new set of vulnerabilities down at the lower protocol layers? What sort of useful things can we do now? At what point are we breaking the law? A lot of these questions should be answered now that software defined radio's are becoming more prevalent. Bring your thinking caps and join in on our discussion!

Tags:  talk radio gnu david-hulton joshua-lackey gsm chaos-communication-camp gsm-traffic  

Authors: Henryk Plötz Milosch Meriac
Tags: RFID
Event: Chaos Communication Camp 2007
Abstract: This presentation will explain how to access information stored on 13.56MHz RFID cards by using the open hardware RFID reader/writer design OpenPCD. It will enable users of the OpenPICC 13.56Mhz RFID emulator to add software support for RFID emulation profiles and show how to practically sniff RFID transactions with OpenPICC. OpenPCD is a free hardware design for Proximity Coupling Devices (PCD) based on 13,56MHz communication. This device is able to screen informations from Proximity Integrated Circuit Cards (PICC) conforming to vendor-independent standards such as ISO 14443, ISO 15693 as well as proprietary protocols such as Mifare Classic. Contactless cards like these are for example used in the new electronic passports. The intention of the OpenPCD project is to offer the users full hardware control of the RFID signal and to provide different output signals for screening the communication. With already existing Free Software from the OpenMRTD project for implementing the PCD side protocol stack of various RFID protocols, this project will happily extend the free toolchain around RFID verification. The OpenPICC project for Proximity Integrated Circuit Cards (PICC) is the counterpart to OpenPCD. It is a device that emulates 13.56MHz based RFID transponders / smartcards. OpenPICC can be used to e.g. simulate ISO 14443 or ISO 15693 transponders, such as those being used in biometric passports and FIFA worldcup tickets. Like OpenPCD, the hardware design and software are available under Free Licenses.

Tags:  mhz rfid openpcd chaos-communication-camp fifa-worldcup-tickets biometric-passports  

Authors: Henryk Plötz Milosch Meriac
Tags: RFID
Event: Chaos Communication Camp 2007
Abstract: This presentation will explain how to access information stored on 13.56MHz RFID cards by using the open hardware RFID reader/writer design OpenPCD. It will enable users of the OpenPICC 13.56Mhz RFID emulator to add software support for RFID emulation profiles and show how to practically sniff RFID transactions with OpenPICC. OpenPCD is a free hardware design for Proximity Coupling Devices (PCD) based on 13,56MHz communication. This device is able to screen informations from Proximity Integrated Circuit Cards (PICC) conforming to vendor-independent standards such as ISO 14443, ISO 15693 as well as proprietary protocols such as Mifare Classic. Contactless cards like these are for example used in the new electronic passports. The intention of the OpenPCD project is to offer the users full hardware control of the RFID signal and to provide different output signals for screening the communication. With already existing Free Software from the OpenMRTD project for implementing the PCD side protocol stack of various RFID protocols, this project will happily extend the free toolchain around RFID verification. The OpenPICC project for Proximity Integrated Circuit Cards (PICC) is the counterpart to OpenPCD. It is a device that emulates 13.56MHz based RFID transponders / smartcards. OpenPICC can be used to e.g. simulate ISO 14443 or ISO 15693 transponders, such as those being used in biometric passports and FIFA worldcup tickets. Like OpenPCD, the hardware design and software are available under Free Licenses.

Tags:  mhz rfid openpcd chaos-communication-camp fifa-worldcup-tickets biometric-passports  

Authors: Ilya V. Vasilyev
Tags: hacking
Event: Chaos Communication Camp 2007
Abstract: At the beginning of 90s Soviet (now Russian) hackerdom begin to experience same problems, as everywhere. Journalists became to blame computer fandom in virtually every crime they could imagine. At 1996, I have found just another solution by opening the School of Hacking Art very like karate-do Schools. In Germany there was TV Show "Die Hackerschule. Galileo. ProSieben. November, 13, 2000, 19:30 about the School. Also here is something in German, check it: http://web.archive.org/web/20050218210212/hscool.net/about/article2.html The event will be a free-style seminar. The basic idea: What have already been done, what should be done. The history of hacking education, relations/communications with government, business, media, etc. Strength and weakness of this way. Some examples of educational technologies from Russia, that are helpful to the whole underground. Q&A session.

Tags:  school hacking art ilya-v.-vasilyev germany russia chaos-communication-camp education-relations schools-in-germany  

Authors: Ilya V. Vasilyev
Tags: hacking
Event: Chaos Communication Camp 2007
Abstract: At the beginning of 90s Soviet (now Russian) hackerdom begin to experience same problems, as everywhere. Journalists became to blame computer fandom in virtually every crime they could imagine. At 1996, I have found just another solution by opening the School of Hacking Art very like karate-do Schools. In Germany there was TV Show "Die Hackerschule. Galileo. ProSieben. November, 13, 2000, 19:30 about the School. Also here is something in German, check it: http://web.archive.org/web/20050218210212/hscool.net/about/article2.html The event will be a free-style seminar. The basic idea: What have already been done, what should be done. The history of hacking education, relations/communications with government, business, media, etc. Strength and weakness of this way. Some examples of educational technologies from Russia, that are helpful to the whole underground. Q&A session.

Tags:  school hacking art ilya-v.-vasilyev germany russia chaos-communication-camp education-relations schools-in-germany  

Authors: Gadi Evron
Tags: warfare
Event: Chaos Communication Camp 2007
Abstract: Estonia is one of the most advanced countries in the world, and just now survived what has been referred to as "the first 'real' cyber conflict". What really happened there, and what does it mean to us? What can we learn from these attacks and the battle strategies used? In this talk we will go over an outline of the attacks and the defense the Estonians mounted, and proceed to discuss the impact and what actually happened during these attacks. We will then discuss military strategy for use in information warfare as it can be learned from test cases observed during this incidents.

Tags:  video warfare information estonia chaos-communication-camp battle-strategies estonians  

Authors: Eric Blossom Matt Ettus
Tags: radio
Event: Chaos Communication Camp 2007
Abstract: Eric Blossom and Matt Ettus will present an update on GNU Radio and the Universal Software Radio Peripheral 2 (USRP2). We'll talk about new applications and hardware, the port to the Cell (PS3), and demo a thing or two.

Tags:  radio universal gnu eric-blossom matt-ettus chaos-communication-camp software-radio universal-software  

Authors: Gadi Evron
Tags: hacking
Event: Chaos Communication Camp 2007
Abstract: In this lecture we will discuss how security issues may impact the future, which may be confused with science fiction. Already today we find cyber-implants of different kinds embedded within the human machine. As security professionals we know there is no such things as perfect code, and security solutions are far from perfect. What will we be facing in 2040, and how might we defend ourselves - if at all.

Tags:  video security hacking chaos-communication-camp perfect-code bionic-man  

Tags: science
Event: Chaos Communication Camp 2007
Abstract: What is the relationship between energy, information and complexity? How does nature organise itself, and why? How does evolution get from a bacteria to, say, a wombat? How far are we in understanding and simulating life and other complex systems? Although many of these questions are still largely unanswered, some interesting advancements have been made in recent years and decades. A number of these will be discussed and illustrated in this lecture. Why are organisms and ecosystems the way they are? While science has made great advances in explaining how the parts of such systems work, surprisingly little is still known about why and how the building blocks of living systems and their interactions actually came about. In recent decades we have begun to realise that phenomena such as self-organisation and 'emergent' properties of complex systems play an important role. Unfortunately such systems do not lend themselves very well to study by traditional scientific methods, hence the name 'complex systems'. The arrival of fast computers in the last two decades has made it possible to actually simulate the behaviour and evolution of large collections of simple 'agents'. This, coupled with advances in other fields such as genomics, thermodynamics, and information theory, has made that we are slowly beginning to understand why 'complex systems' behave the way they do.

Tags:  chaos-communication-camp behaviour-and-evolution science-event  

Tags: science
Event: Chaos Communication Camp 2007
Abstract: What is the relationship between energy, information and complexity? How does nature organise itself, and why? How does evolution get from a bacteria to, say, a wombat? How far are we in understanding and simulating life and other complex systems? Although many of these questions are still largely unanswered, some interesting advancements have been made in recent years and decades. A number of these will be discussed and illustrated in this lecture. Why are organisms and ecosystems the way they are? While science has made great advances in explaining how the parts of such systems work, surprisingly little is still known about why and how the building blocks of living systems and their interactions actually came about. In recent decades we have begun to realise that phenomena such as self-organisation and 'emergent' properties of complex systems play an important role. Unfortunately such systems do not lend themselves very well to study by traditional scientific methods, hence the name 'complex systems'. The arrival of fast computers in the last two decades has made it possible to actually simulate the behaviour and evolution of large collections of simple 'agents'. This, coupled with advances in other fields such as genomics, thermodynamics, and information theory, has made that we are slowly beginning to understand why 'complex systems' behave the way they do.

Tags:  science life complexity chaos-communication-camp behaviour-and-evolution science-event  

Tags: science
Event: Chaos Communication Camp 2007
Abstract: What is the relationship between energy, information and complexity? How does nature organise itself, and why? How does evolution get from a bacteria to, say, a wombat? How far are we in understanding and simulating life and other complex systems? Although many of these questions are still largely unanswered, some interesting advancements have been made in recent years and decades. A number of these will be discussed and illustrated in this lecture. Why are organisms and ecosystems the way they are? While science has made great advances in explaining how the parts of such systems work, surprisingly little is still known about why and how the building blocks of living systems and their interactions actually came about. In recent decades we have begun to realise that phenomena such as self-organisation and 'emergent' properties of complex systems play an important role. Unfortunately such systems do not lend themselves very well to study by traditional scientific methods, hence the name 'complex systems'. The arrival of fast computers in the last two decades has made it possible to actually simulate the behaviour and evolution of large collections of simple 'agents'. This, coupled with advances in other fields such as genomics, thermodynamics, and information theory, has made that we are slowly beginning to understand why 'complex systems' behave the way they do.

Tags:  science life complexity chaos-communication-camp behaviour-and-evolution science-event  

Authors: Sergio Alvarez
Tags: antivirus
Event: Chaos Communication Camp 2007
Abstract: Nowadays Antivirus Software are the larger defense deployed in corporations and final user desktops (mail servers, file servers, http and ftp internet gateways, workstations, etc) and their engines are reused in the IPSs that the same vendors develop. This talk will be about the findings and lessons learned while targeting the antivirus software that most of companies and users use. The talk will focus mainly in the type of bugs found (stack based buffer overflows, heap overflows, integer issues, uninitialized variables, traversals, etc) and the techniques used to find them.

Tags:  talk antivirus Software sergio-alvarez chaos-communication-camp mail-servers security-authors  

Authors: Sergio Alvarez
Tags: antivirus
Event: Chaos Communication Camp 2007
Abstract: Nowadays Antivirus Software are the larger defense deployed in corporations and final user desktops (mail servers, file servers, http and ftp internet gateways, workstations, etc) and their engines are reused in the IPSs that the same vendors develop. This talk will be about the findings and lessons learned while targeting the antivirus software that most of companies and users use. The talk will focus mainly in the type of bugs found (stack based buffer overflows, heap overflows, integer issues, uninitialized variables, traversals, etc) and the techniques used to find them.

Tags:  talk antivirus Software sergio-alvarez chaos-communication-camp mail-servers security-authors  

Authors: Toralv Dirro
Tags: malware trojan
Event: Chaos Communication Camp 2007
Abstract: This talk focuses on the various trojans the we actually see being used against companies and individuals in the world. It will show the real threats, how they work, what the real impact is. The talk will include screenshots from dropzones and practical demos, possibly as video clips. Today there is a lot of hype around some new proof-of-concept technology or around politically motivated trojans, etc. This talk will deliver a reality check, give an idea what kind of malware the McAfee Research organisation is actually seeing to be used in the real world and show how the diffent trojans work, what the impact is. The material used are internal statistics of the various threats sent to oder discovered by us, some more detailed analysis to make functionality more transparent and some demo's screenshots, etc. This talk will not advertise any products from us or anyone else. Instead of that short examples of various technologies will be used to discuss of that may help or why it fails.

Tags:  malware talk reality trojans chaos-communication-camp internal-statistics idea-what-kind  

Tags: Rich Internet Applications Flash
Event: Chaos Communication Camp 2007
Abstract: Flash is used for so-called RIA quite a long time now. Many of us know that Flash is evil and can be used for bad and ugly things, but it was not too easy to audit Flash apps in the past. The lecture will start with an overview over the history of Flash/ActionScript, its capabilities and flaws. A deeper look into the object and security model as well as the variable handling will follow, including an analyze of common developer mistakes and how it is possible to exploit those. But Flash is also a powerful tool for filing attacks over the network. So a couple of possible attack examples such as request forging, network scanning or Flash based attack back channels will be explained. The talk includes a section where free tools for auditing will be introduced.

Tags:  network attack flash ria rich-internet chaos-communication-camp applications-flash back-channels  

Tags: Rich Internet Applications Flash
Event: Chaos Communication Camp 2007
Abstract: Flash is used for so-called RIA quite a long time now. Many of us know that Flash is evil and can be used for bad and ugly things, but it was not too easy to audit Flash apps in the past. The lecture will start with an overview over the history of Flash/ActionScript, its capabilities and flaws. A deeper look into the object and security model as well as the variable handling will follow, including an analyze of common developer mistakes and how it is possible to exploit those. But Flash is also a powerful tool for filing attacks over the network. So a couple of possible attack examples such as request forging, network scanning or Flash based attack back channels will be explained. The talk includes a section where free tools for auditing will be introduced.

Tags:  network attack flash ria rich-internet chaos-communication-camp applications-flash back-channels  

Tags: technology
Event: Chaos Communication Camp 2007
Abstract: Tits-n-Bits chronicles the technical and social challenges working at an adult video website. The presentation is focused on: an industry backgrounder, encoding/codec technology, performance monitoring, security and other goodies from the dark-n-profitable side of the interweb. Originally dared as a party joke, Tits-n-Bits is the resulting look behind-the-scenes of one adult video site - VideoBox.com. Launched in 2003, VideoBox pioneered custom video downloading; allowing users to steam only the video segments they're interested in. VB is unique with zero DRM and flat-rate billing. Recently the adult industry has adopted many of the popular "web 2.0" features - RSS, karma or feedback mechanisms, recommendation engines (e.g. Amazon), even XHTML/CSS compliant pages. These modern features along with many of the technical inner-workings will be discussed. Additionally the presentation will include crowd participation and unique visualizations will be shared. With brief stopovers in bubble 1.0 (CPTH), WiFi (both community and for-pay), web 2.0 (SixApart) and now pr0n 2.0 - Matt 'petey' Peterson is poised to shed some light on this amusing industry. Petey has been knob turning since the days of Gopher and ISDN, thought ironically is still young enough to prefer lambic to real beer.

Tags:  chaos-communication-camp crowd-participation party-joke  

Authors: Stephan Karpischek
Tags: phone
Event: Chaos Communication Camp 2007
Abstract: The lecture offers an introduction in Near Field Communication (NFC) on mobile phones. You will get an overview about existing and future NFC applications and a starting point for developing your own.

Tags:  chaos-communication-camp field-communication video-fun  

Authors: Felix von Leitner
Tags: secure development
Event: Chaos Communication Camp 2007
Abstract: Programmers often attempt to make their code faster but end up only making it less readable. This talk attempts to show what kind of optimizations you can (and should) leave to your compiler.

Tags:  video authors compiler felix-von-leitner chaos-communication-camp optimizations  

Authors: Felix von Leitner
Tags: secure development
Event: Chaos Communication Camp 2007
Abstract: Programmers often attempt to make their code faster but end up only making it less readable. This talk attempts to show what kind of optimizations you can (and should) leave to your compiler.

Tags:  authors compiler tags felix-von-leitner chaos-communication-camp optimizations  

Authors: Marco Gercke
Tags: terrorism
Event: Chaos Communication Camp 2007
Abstract: A number of legislative approaches that are regulating the use of the internet have two things in common: The cut back civil liberties and justify this with the fight against terrorism. But is it sufficient to justify such intensive measures with vague topics? The presentations highlights those areas where terrorists make use of the internet, analysis the potential of some of the measures that are currently on the wish list of law makers worldwide and compares both aspects.

Tags:  internet use terrorism marco-gercke chaos-communication-camp terrorism-event legislative-approaches  

Authors: Marco Gercke
Tags: terrorism
Event: Chaos Communication Camp 2007
Abstract: A number of legislative approaches that are regulating the use of the internet have two things in common: The cut back civil liberties and justify this with the fight against terrorism. But is it sufficient to justify such intensive measures with vague topics? The presentations highlights those areas where terrorists make use of the internet, analysis the potential of some of the measures that are currently on the wish list of law makers worldwide and compares both aspects.

Tags:  internet use terrorism marco-gercke chaos-communication-camp terrorism-event legislative-approaches  

Tags: reverse engineering
Event: Chaos Communication Camp 2007
Abstract: Dual beam systems are a research and development tool widely used in semiconductor industry. They integrate a scanning electron microscope with a focused ion beam and allow to image, remove, and deposit nanometer size structures. The lecture introduces the basic principles, shows application examples, and explains how these devices can be used for hacking on the hardware level. At the headquarter of the worlds largest microchip manufacturer the atmosphere in the executive meeting is tensed. The competitor has just revealed a new processor with far superior performance. The own R&D has been working on the same technology but is at least one year behind. They seem to be just not able to figure out how to get the thing working. But there is this early prototype the guy they managed to poach last month brought with him. They should get to work. Within a few hours the guys at the lab had managed to cut through the packaging. The circuitry on the surface of the chip was already visible. They quickly figured out at which locations they had to dig deeper to get to the sweet secret. They milled out several of the transistors with nanometer precision. With the remote controlled arm of a micromanipulator they took the tiny parts out for final preparation. Once the pieces were in the microscope it was only a matter of waiting. The next morning the tomography was done and a 3d model of the transistor was rotating on the computer screen. Now with the elemental mappings in front of them it would be a piece of cake to copy the process. What would have sounded like science fiction only a few years ago is nowadays a standard application in companies. With more than a hundred deployed devices, sales rising, new vendors entering the market, and prices dropping dual beam systems will become as commonly available as scanning electron microscopes are today. However, this will not only propel research in science and industry but it has also the potential to deeply impact present security paradigms. It is the end of the hardware black box. Since it allows to image, dissect, and rewire on-chip circuitry statements like the following about the trusted platform module: "The endorsement key is a 2,048-bit RSA public and private key pair, which is created randomly on the chip at manufacture time and CANNOT be changed."*) might need to be reconsidered.

Tags:  research industry beam chaos-communication-camp scanning-electron-microscopes scanning-electron-microscope  

Tags: social
Event: Chaos Communication Camp 2007
Abstract: This talk will present the actual Situation of modern digital controlled Bike and Vehicle Motors. The technology of pulse width modulation is wide spread and simple today, but its a hard and slow path to bring them on the Streets for day to day use. The lean development on the side of the Mass Industries, and the groundbreaking new devices that are build in small Garages and Factory's all over the world are the topic. Also there are some field reports from Drivers experience, the legal Situation in Germany/EU and a whole bunch of News for Nerds who want to move away from Gas. The development of alternative electronic Vehicles is traditionally very slow and on a small border of the gigantic classic automotive market in the world. Bikes with an electronic support Motor are available for nearly 30 Years now, but where are they on the Streets, and why are this first approaches not ready for the Mass? Since a few years there is an ongoing development for modern digital Controlled Motors, more feature-rich and hackable than the classic Brush Motor concept.

Tags:  situation bikes development germany chaos-communication-camp pulse-width-modulation news-for-nerds  

Tags: social
Event: Chaos Communication Camp 2007
Abstract: This talk will present the actual Situation of modern digital controlled Bike and Vehicle Motors. The technology of pulse width modulation is wide spread and simple today, but its a hard and slow path to bring them on the Streets for day to day use. The lean development on the side of the Mass Industries, and the groundbreaking new devices that are build in small Garages and Factory's all over the world are the topic. Also there are some field reports from Drivers experience, the legal Situation in Germany/EU and a whole bunch of News for Nerds who want to move away from Gas. The development of alternative electronic Vehicles is traditionally very slow and on a small border of the gigantic classic automotive market in the world. Bikes with an electronic support Motor are available for nearly 30 Years now, but where are they on the Streets, and why are this first approaches not ready for the Mass? Since a few years there is an ongoing development for modern digital Controlled Motors, more feature-rich and hackable than the classic Brush Motor concept.

Tags:  situation bikes development germany chaos-communication-camp pulse-width-modulation news-for-nerds  

Authors: Ben Kurtz
Tags: fuzzing
Event: Chaos Communication Camp 2007
Abstract: This talk will introduce a simple and incredibly powerful framework for the scripted generation of network traffic: Funk, a new tool for fuzzing arbitrary network protocols written using the Chicken Scheme-to-C compiler. Source code will be provided and explained, so you can start using this framework today for all your network traffic generation needs! Some familiarity with functional languages like Lisp or Scheme will be helpful, but not required. At my talk at DefCon 13, I described a framework and development environment for the generation of network traffic of arbitrary protocols. This framework was limited by it's reliance on a domain-specific language and the use of regular grammars. By re-visiting the same problem with a new perspective, the use of a functional language like Scheme, I've found a much simpler and more powerful approach. By using Chicken Scheme instead of a home-grown scripting language, even complicated protocols like ASN.1 can be fuzz-tested with ease. The use of a functional language makes it possible to provide a unified interface to all network protocols. This allows the abstraction of behavior for traffic generating programs, like fuzzers.

Tags:  network framework traffic ben-kurtz chaos-communication-camp compiler-source-code defcon-13  

Authors: Torbjörn Pettersson
Tags: forensic cryptography
Event: Chaos Communication Camp 2007
Abstract: Cryptoloop and dm-crypt are the two disk encryption solutions provided by the stock Linux kernel. This lecture will describe in detail how to find and reuse cryptoloop and dm-crypt keys from kernel memory. When disk encryption is done right it is virtually impossible to break, but as with any security function it is never stronger than its weakest link. Out of necessity keys needs to be stored in cleartext in memory during usage and can be collected by anyone with access to a memory dump of the system. This presentation will go into the details of how cryptographic keys used by dm-crypt and cryptoloop are stored and used in the Linux 2.6 kernel-series and how they can be recovered and reused.

Tags:  memory cryptoloop linux chaos-communication-camp kernel-memory kernel-series  

Authors: Christian Rechberger
Tags: cryptography
Event: Chaos Communication Camp 2007
Abstract: It is now already two years since the first theoretical attacks on the popular hash function SHA-1 have been announced. However so far nobody could show a collision for SHA-1. This talk surveys recent progress in the analysis of this hash function. How to contribute? Find out.

Tags:  function video hash christian-rechberger chaos-communication-camp hash-function sha  

Authors: Jens Ohlig Nika Bertram
Tags: web
Event: Chaos Communication Camp 2007
Abstract: While there are interesting experiments in electronic literature, interactive fiction, and hypertext poetry, few are known to the mainstream. We'll have a look at different approaches, from the standpoint of literary criticism, a technical standpoint and from experiences in the literature market. "You are standing in an open field west of a white house, with a boarded front door. There is a small mailbox here." Thus begins Zork, a 1980 computer game and one of the earliest examples of a genre that the New York Times Book Review described in 1983 as "games, which have been called 'participatory novels,' 'interactive fiction' and 'participa-stories'". Ever since, writers have tried out new forms of story-telling only possible on a computer, such as text adventures or the hypertext poetry of the early World-Wide Web. We want to introduce you to digital story-telling and present a few examples from the genre. We will also show you some authoring tools and programming languages for digital literature. Last, not least, and for putting things into a real world perspective, novelist Nika Bertram, author of "Der Kahuna Modus" (Eichborn, 2001), will share her experiences of an experiment where she developed an interactive fiction as a side-story to a conventionally published printed novel and the book market's reaction to that. Digital literature is a fine example of the blurring lines between hackers and poets. We feel that while literary theorists love to ponder on the "endless possibilities of the new medium", few people really read or experience electronic literature. Let's talk about Infocom-style dungeon crawls, chatterbots like SHRDLU and Eliza, and non-linear text in general.

Tags:  chaos-communication-camp nika-bertram jens-ohlig  

Authors: Torbjörn Pettersson
Tags: forensic cryptography
Event: Chaos Communication Camp 2007
Abstract: Cryptoloop and dm-crypt are the two disk encryption solutions provided by the stock Linux kernel. This lecture will describe in detail how to find and reuse cryptoloop and dm-crypt keys from kernel memory. When disk encryption is done right it is virtually impossible to break, but as with any security function it is never stronger than its weakest link. Out of necessity keys needs to be stored in cleartext in memory during usage and can be collected by anyone with access to a memory dump of the system. This presentation will go into the details of how cryptographic keys used by dm-crypt and cryptoloop are stored and used in the Linux 2.6 kernel-series and how they can be recovered and reused.

Tags:  memory cryptoloop linux chaos-communication-camp kernel-memory kernel-series  

Authors: Torbjörn Pettersson
Tags: forensic cryptography
Event: Chaos Communication Camp 2007
Abstract: Cryptoloop and dm-crypt are the two disk encryption solutions provided by the stock Linux kernel. This lecture will describe in detail how to find and reuse cryptoloop and dm-crypt keys from kernel memory. When disk encryption is done right it is virtually impossible to break, but as with any security function it is never stronger than its weakest link. Out of necessity keys needs to be stored in cleartext in memory during usage and can be collected by anyone with access to a memory dump of the system. This presentation will go into the details of how cryptographic keys used by dm-crypt and cryptoloop are stored and used in the Linux 2.6 kernel-series and how they can be recovered and reused.

Tags:  memory cryptoloop linux chaos-communication-camp kernel-memory kernel-series  

Authors: Jens Ohlig Nika Bertram
Tags: web
Event: Chaos Communication Camp 2007
Abstract: While there are interesting experiments in electronic literature, interactive fiction, and hypertext poetry, few are known to the mainstream. We'll have a look at different approaches, from the standpoint of literary criticism, a technical standpoint and from experiences in the literature market. "You are standing in an open field west of a white house, with a boarded front door. There is a small mailbox here." Thus begins Zork, a 1980 computer game and one of the earliest examples of a genre that the New York Times Book Review described in 1983 as "games, which have been called 'participatory novels,' 'interactive fiction' and 'participa-stories'". Ever since, writers have tried out new forms of story-telling only possible on a computer, such as text adventures or the hypertext poetry of the early World-Wide Web. We want to introduce you to digital story-telling and present a few examples from the genre. We will also show you some authoring tools and programming languages for digital literature. Last, not least, and for putting things into a real world perspective, novelist Nika Bertram, author of "Der Kahuna Modus" (Eichborn, 2001), will share her experiences of an experiment where she developed an interactive fiction as a side-story to a conventionally published printed novel and the book market's reaction to that. Digital literature is a fine example of the blurring lines between hackers and poets. We feel that while literary theorists love to ponder on the "endless possibilities of the new medium", few people really read or experience electronic literature. Let's talk about Infocom-style dungeon crawls, chatterbots like SHRDLU and Eliza, and non-linear text in general.

Tags:  web fiction literature eliza nika-bertram nika-bertram-tags jens-ohlig chaos-communication-camp  

Authors: Sandro Gaycken
Tags: privacy
Event: Chaos Communication Camp 2007
Abstract: One thing often lacking in discussions around privacy is a clear argument apart from the intuitive “I don’t like to be under surveillance”. This absence fatally leads to the wrong public impression that it is only about a personal taste for privacy against hits on child molesters, credit card fraud and terrorism. My talk thus will give some clear and rock-solid arguments, demonstrating privacy as a protection from injustice and from a new and speculative class society, as the foundation of our abilities to judge independently and ethically, as the breeding ground for personal and societal development, as our impression of freedom and as an important pre-emptive value to prohibit technological infrastructures for dictatorships. One thing often found to be lacking in many discussions on the struggle for privacy is a clear argument in favour of it. Even most activists whom everyone would suppose to have clear reasons mostly argue in strongly subjective terms, stating their personal uneasiness or discomfort with some surveillance problem in terms as “I don’t like to be under surveillance”. And sure enough: who does? But in times where terrorists disguise as civilians, where child molesters and credit card frauds use synonyms and all sorts of electronic communication, also disguised as harmless people, and where surveillance is ubiquitous in the sense that it is disseminated entirely invisible and unpresent – why not feel different? On what grounds can we really charge someone who says: “If surveillance doesn’t really disturb me and if it helps to catch terrorists and child molesters and protect my credit card, I think it’s ok”. In fact, even John Perry Barlow (on the last congress) seemed to be in favour of some sort of intern, panoptical self-surveillance if it does protect his credit card from fraud and his email account from spam. So why bother? Are we only protecting our very own (and probably misplaced) feelings? Of course not. By fighting for privacy, we fight for a most basic, most human need: our space. We need our space and we need it for a whole variety of important reasons: psychological, ethical, political, societal and others. And many scholars have in fact explored and argued in depth for these reasons. They only have to be translated and be made accessible. In my talk, I will thus present these scholarly perspectives in an understandable manner and thus will support the privacy activist with two whole fistfuls of most reasonable and valuable arguments in favour of privacy and in strong opposition to any kind of surveillance. By this, I deeply hope to fill that argumentative gap and clarify the activists intuitions.

Tags:  surveillance credit privacy john perry-barlow chaos-communication-camp john-perry-barlow credit-card-frauds  

Authors: Felix von Leitner
Tags: C / C++
Event: Chaos Communication Camp 2007
Abstract: The selling points for C++ are mostly focused on how it supposedly makes it easier to write code. This talk will argue that it is much more important to make code easy to read, and in that respect C++ is a huge regression compared to C. The talk is mostly from the perspective of a professional code auditor. The point of the talk is to get people to think about how others (and themselves!) will have to read and understand the code in the future. This point is also true for other programming languages, so this is not just about C++ bashing, it is about showing what coding style is good for future generations and which will just get you in trouble. The examples will mostly be C++, obviously, but people from other programming languages might learn a thing or two from the talk, too.

Tags:  talk code point c.--the felix-von-leitner chaos-communication-camp future-generations  

Authors: Nick Farr
Tags: games
Event: Chaos Communication Camp 2007
Abstract: Geocaching and Alternative Reality Games are the first wave of "global gaming", involving players who use the GPS and internet technologies to create and solve challenges in physical space. This talk will highlight how these global games are helping illustrate the problems of the future and training players how to use their technology, wits and available resources to solve them. Geocaching and Alternative Reality Games are the first steps into true, physical world "global gaming". Players use digital technologies like GPS, geospatial imaging and online communication tools to create and solve challenges in the physical world. While these games attract adventure seekers of all levels from all walks of life, the players acquire the skills necessary to address global challenges beyond the capabilities of traditional institutions. These games are creating a new class of informed, networked global citizens who will shape the solution to tomorrow's problems. This first part of this talk will describe what Geocaching and Alternative Reality Games are. The intersection between the two is not readily apparent. Those participating in Geocaching use GPS devices and clever placement of "caches" in the real world to create a challenging pastime that encourages players to think critically about their world. Those who take part in ARGs mix issues, events and physical spaces in the real world to create situations that encourage players to, as in Geocaching, think critically about their world. The two pastimes are starting to intersect in ways that few non-participants could imagine. While these pastimes seem simple on the surface, players are creating and solving new challenges for each other that require a perfect intersection of digital and physical-world knowledge and skills. Few games in the past have called for skills ranging from scuba diving and rope climbing to cryptanalysis and social engineering. These games present no simple solutions, and require players to think on their feet. The second part of this talk will discuss three major challenges that have required players to acquire and use a mix of physical and mental skills. The final part of this talk will illustrate how players from many different cultures, backgrounds and classes are connecting with each other to not only play the game but advance in the hierarchy of gameplay by pooling knowledge and resources. These interactions among players are helping create relationships and skillsets that are showing us what the problems of tomorrow will be and how "everyday people" will unite to solve them.

Tags:  world reality geocaching nick-farr chaos-communication-camp alternate-reality-games  

Authors: Marvin Mauersberger
Tags: GPS
Event: Chaos Communication Camp 2007
Abstract: This talk gives a detailed overview on the state of the art of GPS tracking system (aka. location bugs), how they work and how to find and defeat them. GPS based tracking of peoples, cars and things is quickly becoming a real threat to personal privacy. Trackers are now cheap and easy to build and deliver high position accuracy and real-time transmission if desired. Low-power electronics and modern battery technology combined result in tracking systems that can live for weeks and months hidden in your car, motorbike or even backpack, transmitting your moves and whereabouts unknown to you to unfriendly people. The talk describes how GPS trackers work, how and where they are usually hidden, how you can find them (by physical search and other means) and what you can do against them. We will also briefly cover GPS chips in mobile phones and tracking by mobile phones in general.

Tags:  talk video gps marvin-mauersberger chaos-communication-camp gps-trackers low-power-electronics  

Authors: Felix von Leitner
Tags: C / C++
Event: Chaos Communication Camp 2007
Abstract: The selling points for C++ are mostly focused on how it supposedly makes it easier to write code. This talk will argue that it is much more important to make code easy to read, and in that respect C++ is a huge regression compared to C. The talk is mostly from the perspective of a professional code auditor. The point of the talk is to get people to think about how others (and themselves!) will have to read and understand the code in the future. This point is also true for other programming languages, so this is not just about C++ bashing, it is about showing what coding style is good for future generations and which will just get you in trouble. The examples will mostly be C++, obviously, but people from other programming languages might learn a thing or two from the talk, too.

Tags:  talk code point c.--the felix-von-leitner chaos-communication-camp future-generations  

Authors: Milosch Meriac
Tags: embedded
Event: Chaos Communication Camp 2007
Abstract: We want to empower users to use their Sputnik badges after the camp for all kinds of uses - as wireless keyboard sniffers, remote controls, door security systems, for art performances, intelligence applications and Smart Dust meshing systems. This talk provides a deep insight into OpenBeacon and Sputnik hardware, firmware and protocols of used. It will show how to create custom low cost 2.4GHz nodes based on this technology. The OpenBeacon platform is a project that is dedicated to provide very low cost communication hardware for 2.4GHz ISM band enabled devices for all kinds of uses. The Sputnik device - the first incarnation of OpenBeacon - is a small active 2.4GHz real-time tracking device, whose signal is picked up by the 30+ OpenBeacon base stations installed in the event venue. We just finished a new memory-stick-sized meshing node hardware design around the 32 bit ARM7 AT91SAM7S128 Microcontroller and the nRF24L01 2.4GHz frontend with GPL'ed firmware to enable users to create low cost wireless nodes based on their own firmware. No special hardware or compilers are needed to reprogram the device - the free gcc ARM crosscompiler toolchain is supported. The device can be reprogrammed and powered over USB. It also supports stand alone applications by using a battery pack. To allow a high range it provides a RP-SMA connector and a full size rubber antenna. The OpenBeacon tag - as used for tracking 900 people on the 23rd Chaos Comminucation Congress in Berlin - is a free design for an active RFID device which operates in the 2.4GHz ISM band. OpenBeacon is designed as a transceiver device and therefore both transmits and receives radio waves. The intention of this device is to offer a wide range of use cases such as visitor or item tracking and wireless remote controls with a free self-contained and low-cost RFID design. The OpenBeacon tag hardware is based on a PCB antenna connected to a Nordic Semiconductors 2.4GHz RF Chip (NRF24L01) and is controlled via a dedicated microcontroller (MicroChip PIC16F684). The 8-Bit RISC CPU with special low-power features provides the opportunity to implement a very sleek and power saving transmit design at minimal costs. The device is powered with one CR2032 coin cell and is expected to run for up to several months without changing battery. The OpenBeacon design offers an additional watch quartz for better time and delay reliability to support anticollosion and meshing protocols. A LED output and a touch sensor input is provided for interaction purposes. The transmitting range of the OpenBeacon tag depends on local conditions and is tested indoor within 10 meters through two dry walls or up to 30 meters under optimal line-of-sight conditions. To track OpenBeacon on this venue, the device signals are received by Ethernet based RFID reader base stations. The current base station design provides three switched 10/100 Ethernet ports (switched) and is powered over Ethernet (fully IEEE 802.3af compliant).

Tags:  openbeacon device ghz chip berlin chaos-communication-camp keyboard-sniffers ism-band  

Authors: Milosch Meriac
Tags: embedded
Event: Chaos Communication Camp 2007
Abstract: We want to empower users to use their Sputnik badges after the camp for all kinds of uses - as wireless keyboard sniffers, remote controls, door security systems, for art performances, intelligence applications and Smart Dust meshing systems. This talk provides a deep insight into OpenBeacon and Sputnik hardware, firmware and protocols of used. It will show how to create custom low cost 2.4GHz nodes based on this technology. The OpenBeacon platform is a project that is dedicated to provide very low cost communication hardware for 2.4GHz ISM band enabled devices for all kinds of uses. The Sputnik device - the first incarnation of OpenBeacon - is a small active 2.4GHz real-time tracking device, whose signal is picked up by the 30+ OpenBeacon base stations installed in the event venue. We just finished a new memory-stick-sized meshing node hardware design around the 32 bit ARM7 AT91SAM7S128 Microcontroller and the nRF24L01 2.4GHz frontend with GPL'ed firmware to enable users to create low cost wireless nodes based on their own firmware. No special hardware or compilers are needed to reprogram the device - the free gcc ARM crosscompiler toolchain is supported. The device can be reprogrammed and powered over USB. It also supports stand alone applications by using a battery pack. To allow a high range it provides a RP-SMA connector and a full size rubber antenna. The OpenBeacon tag - as used for tracking 900 people on the 23rd Chaos Comminucation Congress in Berlin - is a free design for an active RFID device which operates in the 2.4GHz ISM band. OpenBeacon is designed as a transceiver device and therefore both transmits and receives radio waves. The intention of this device is to offer a wide range of use cases such as visitor or item tracking and wireless remote controls with a free self-contained and low-cost RFID design. The OpenBeacon tag hardware is based on a PCB antenna connected to a Nordic Semiconductors 2.4GHz RF Chip (NRF24L01) and is controlled via a dedicated microcontroller (MicroChip PIC16F684). The 8-Bit RISC CPU with special low-power features provides the opportunity to implement a very sleek and power saving transmit design at minimal costs. The device is powered with one CR2032 coin cell and is expected to run for up to several months without changing battery. The OpenBeacon design offers an additional watch quartz for better time and delay reliability to support anticollosion and meshing protocols. A LED output and a touch sensor input is provided for interaction purposes. The transmitting range of the OpenBeacon tag depends on local conditions and is tested indoor within 10 meters through two dry walls or up to 30 meters under optimal line-of-sight conditions. To track OpenBeacon on this venue, the device signals are received by Ethernet based RFID reader base stations. The current base station design provides three switched 10/100 Ethernet ports (switched) and is powered over Ethernet (fully IEEE 802.3af compliant).

Tags:  openbeacon device ghz chip berlin chaos-communication-camp keyboard-sniffers ism-band  

Authors: Alexander Ljung Eric Wahlforss
Tags: social
Event: Chaos Communication Camp 2007
Abstract: Trustmojo.com is a research project exploring the nature of interpersonal trust in the world of web-mediated social spaces. In this talk we aim to present some food for thought on why trust is increasingly important and how we as designers and architects must relate to it especially when creating social software. The unique human ability of trusting has long been essential to all collaboration, participation and to the forming of community and society. Trustmojo.com is a research project exploring the nature of interpersonal trust in the world of web-mediated social spaces. For CCC Camp 2007 we would like to present what we consider being the most important aspects of human trust online by looking at questions such as: How do we establish "architectures for trust" in online social spaces? How do we design for human trusting behavior to be possible? And what type of trust are we seeking to establish? In this talk Alexander Ljung and myself aim to present some food for thought on why trust is increasingly important and how we as designers and architects must relate to it especially when creating social software.

Tags:  trustmojo camp trust eric-wahlforss alexander-ljung chaos-communication-camp ccc-camp interpersonal-trust  

Authors: Ralph Bruckschen
Tags: hacking
Event: Chaos Communication Camp 2007
Abstract: Reaching space so far is the business of large companies and national endeavors. However, small groups are working on achieving low cost space access using high end technology. This talk will give a brief insight into JP Aerospace, "America's other space program" and is connected to a real launch of a near space probe. From 2001 to 2004 I was working with JP Aerospace (JPA), a volunteer-based organization that is dedicated to the achievment of low cost space access. This non profit group, run by volunteers is only financed by donations and sponsoring. I will talk about my experiences with this group and about the idea of reaching space using "hacking" methods. The goal of JPA is to reach space using a lighter then air method consisting of 3 stages. The first stage is an airship that transports the payload from ground to the upper stratosphere. The second is a station in the upper stratosphere, acting as a spaceport. The third stage is a gigantic inflatable wing, that is being pushed by ion drives into orbit. To achive this final goal, a lot of small steps are being made to test technologies that are needed. At JPA, these steps are called missions and I was able to participate in several of them. The challenge with each mission is, that you don't really have a budget. You need to work with the parts, that are available (mostly from previous missions) and stuff that you can buy at high end places like "Home Depot" or "Radio Shack". My personal goal was to obtain some high resolution digital imagery from "up there". It has been achieved with the mission "Away 25". I will talk about some of the missions I was participating in and a bit about the oddities and weirdness that is connected with private space projects. As a demonstration, I would like to launch a weather balloon on site. This project is now about 50% completed. Instead of using amateur radio, I will rely on the dense cell phone network of Germany together with GPS. If the mission works out, we will get high resolution digital pictures from an altitude of up to 100.000 feet. Of course, these images can be published on the camp web page. If I may, I would like to auction off a large poster (90cmx2.8m) of a panoramic picture from 96.000 feet that has been made by Away 25 to finance this mission.

Tags:  jpa space mission ralph-bruckschen germany america chaos-communication-camp jp-aerospace weather-balloon  

Tags: hacking
Event: Chaos Communication Camp 2007
Abstract: A welcome to the Camp. Explanation of facilities, organizational hints and and an introduction to the upcoming conference schedule.

Tags:  video event tags camp-opening chaos-communication-camp video-camp  

Authors: Christoph Weber
Tags: FPGA
Event: Chaos Communication Camp 2007
Abstract: Hardware developers ever envyed the software developers in the way that they can build and try something extremly fast an with no cost, minutes compared to days or weeks. Today the field of programable logic, mostly the FPGA, has reached a point where digital hardware design is as easy as writing software and with the possibility to make many iterations without rebuilding your device. I show you some examples and what is behind programable logic. In the rest of the presentation I present you an new compact board for FPGA based system development, the GECKO3. Starting with the description of programable logic I will go on to the ways how you can programm them, what modern tools can do for you and what you have to think about when you would like to start building your own CPUs, Cryptocrackers or other things that are better fittet in hardware than in software. After I gave you a basic knowledge of the field, I will talk about an new FPGA based application board, called GECKO3. The complete board, schematics, pcb files, source codes,... is opensource, so you can use it as it is or take it as a help to build your own system from scratch. It is an application board, these means that it is small and cheap enought to include it in your product, not like a typical big overloaded development board. These board was developed at the Berne School of Applied Science in Biel Switzerland, where I work currently. The GECKO3 is built around a large FPGA (in the range from 1 Mio. to 4 Mio Gates) and includes the necessary things to achive a fast and riskless start of YOUR project. Around the FPGA there is the powersupply, 32 Mbyte of NOR Flash, 2x64 Mbyte DDR SDRAM, 100 Mbit/s Ethernet and a USB 2.0 Controler. Most important for your own application is that you get over 160 digital I/O pins to connect your application specific hardware. The Board is completly configurable through the USB connection, you do not need a special cable. we wrote software to make it easy to exchange any data between your PC and the FPGA without any knowledge of USB.

Tags:  fpga board Hardware christoph-weber switzerland chaos-communication-camp digital-hardware-design berne-school  

Authors: Sandro Gaycken
Tags: privacy
Event: Chaos Communication Camp 2007
Abstract: One thing often lacking in discussions around privacy is a clear argument apart from the intuitive “I don’t like to be under surveillance”. This absence fatally leads to the wrong public impression that it is only about a personal taste for privacy against hits on child molesters, credit card fraud and terrorism. My talk thus will give some clear and rock-solid arguments, demonstrating privacy as a protection from injustice and from a new and speculative class society, as the foundation of our abilities to judge independently and ethically, as the breeding ground for personal and societal development, as our impression of freedom and as an important pre-emptive value to prohibit technological infrastructures for dictatorships. One thing often found to be lacking in many discussions on the struggle for privacy is a clear argument in favour of it. Even most activists whom everyone would suppose to have clear reasons mostly argue in strongly subjective terms, stating their personal uneasiness or discomfort with some surveillance problem in terms as “I don’t like to be under surveillance”. And sure enough: who does? But in times where terrorists disguise as civilians, where child molesters and credit card frauds use synonyms and all sorts of electronic communication, also disguised as harmless people, and where surveillance is ubiquitous in the sense that it is disseminated entirely invisible and unpresent – why not feel different? On what grounds can we really charge someone who says: “If surveillance doesn’t really disturb me and if it helps to catch terrorists and child molesters and protect my credit card, I think it’s ok”. In fact, even John Perry Barlow (on the last congress) seemed to be in favour of some sort of intern, panoptical self-surveillance if it does protect his credit card from fraud and his email account from spam. So why bother? Are we only protecting our very own (and probably misplaced) feelings? Of course not. By fighting for privacy, we fight for a most basic, most human need: our space. We need our space and we need it for a whole variety of important reasons: psychological, ethical, political, societal and others. And many scholars have in fact explored and argued in depth for these reasons. They only have to be translated and be made accessible. In my talk, I will thus present these scholarly perspectives in an understandable manner and thus will support the privacy activist with two whole fistfuls of most reasonable and valuable arguments in favour of privacy and in strong opposition to any kind of surveillance. By this, I deeply hope to fill that argumentative gap and clarify the activists intuitions.

Tags:  surveillance credit privacy john perry-barlow chaos-communication-camp john-perry-barlow credit-card-frauds  

Authors: Seth Schoen
Tags: barcode
Event: Chaos Communication Camp 2007
Abstract: Almost all color laser printers help track their users by printing hard-to-see patterns of yellow dots all over every page. The Electronic Frontier Foundation has been trying to get to the bottom of these dot patterns. What are these dots saying, where do they come from, who can read them, and is there any hope of getting rid of them? For decades, color laser printers have invisibly tracked their users by including patterns of tiny yellow dots on every single output page. This tracking was known to people who worked in the imaging industry and was intermittently disclosed by some manufacturers in their documentation. But even today, most end-users remain unaware of it. For the past two years, the Electronic Frontier Foundation (EFF) has examined this tracking mechanism - a system of exemplary interest because of the non-transparent way in which governments appear to have persuaded technology firms to change their product design without any specific legal basis - and, with the help of many volunteers, we've learned how to read some of the hidden information. This research is ongoing, but we already know how to make the dots easily visible (with LED lights, microscopes, or ordinary color scanners), and we know how to read the data embedded by several major printer manufacturers. Typically, a printer will mark its output pages with the printer serial number and the date and time that the page was printed (if the printer has its own built-in clock). This information facilitates associating color print output with individuals, because it could be correlated with credit card records, server logs, surveillance camera footage, and the like. We've succeeded in attracting a large amount of media interest, including television, newspaper, and magazine coverage in the United States and around the world. (Note that we did not discover the existence of these dots; we are simply the first organization to start to make a reasonably detailed and public study of them.) This coverage is valuable, but it has not necessarily changed industry practices. To do that, we need to go further. We're continuing to try to break printer codes, to explore the world of document forensics and expose why many recordable media are far less anonymous than their users expect, and to try to compel the U.S. government to reveal its role in inducing printer companies to create this technology. In this talk, I'll present a hands-on demonstration of how to find and interpret the tracking codes in some typical color laser printer output, survey some of the historical and political issues, and invite audience members to join us in shedding more (blue?) light on the subject. We're also interested in countermeasures that would disable the tracking or make it ineffective, and I'll present the best known countermeasures together with their possible limitations. Perhaps CCC attendees can help us find better countermeasures.

Tags:  printer laser color seth-schoen u.s. united-states chaos-communication-camp color-laser-printers electronic-frontier-foundation  

Authors: Julia Lüning Kirian Scheuplein
Tags: hacking
Event: Chaos Communication Congress 24th (24C3) 2007
Abstract: The Chaos Communication Camp 2007 was an international, five-day open-air event for hackers and associated life-forms... let's see what the documentation team made out of it.

Tags:  communication chaos camp julia-lning chaos-communication-camp chaos-communication-congress documentation-team  

Authors: Steph Alarcon
Tags: data mining
Event: Chaos Communication Camp 2011
Abstract: Philadelphia (USA) recently launched an initiative to open up tons of city records and municipal data. This talk will review some of the things people are using it for, and show how open city data is useful to many kinds of people. Philadelphia (USA) recently launched an initiative to open up tons of city records and municipal data. By the time Camp rolls around, there will have been several hackathons and programs in Philadelphia using this newly available data, from a GIS firm to journalists to (probably) participants in Random Hacks of Kindness. This talk will give a snapshot of how Philadelphians are using and benefiting from this data, what apps are coming out of it, how it helps citizens and city government alike. If disadvantages are found they will also be discussed along, with some of the concerns that prevented the data from being available before. Hopefully this talk will provide ideas for people in other places who want to use data to make their cities better, stronger, more just, more liveable/bikeable/walkable, and more fun all around. Information will come from my own participation in organizing Philadelphia's contribution to Random Hacks of Kindness in June, possibly another city--oriented hackathon the next weekend with partners from Seattle, WA, and from interviews with organizers and coders from other events using open city data.

Tags:  talk city mining steph-alarcon philadelphia seattle usa chaos-communication-camp philadelphia-usa time-camp  

Authors: Steph Alarcon
Tags: data mining
Event: Chaos Communication Camp 2011
Abstract: Philadelphia (USA) recently launched an initiative to open up tons of city records and municipal data. This talk will review some of the things people are using it for, and show how open city data is useful to many kinds of people. Philadelphia (USA) recently launched an initiative to open up tons of city records and municipal data. By the time Camp rolls around, there will have been several hackathons and programs in Philadelphia using this newly available data, from a GIS firm to journalists to (probably) participants in Random Hacks of Kindness. This talk will give a snapshot of how Philadelphians are using and benefiting from this data, what apps are coming out of it, how it helps citizens and city government alike. If disadvantages are found they will also be discussed along, with some of the concerns that prevented the data from being available before. Hopefully this talk will provide ideas for people in other places who want to use data to make their cities better, stronger, more just, more liveable/bikeable/walkable, and more fun all around. Information will come from my own participation in organizing Philadelphia's contribution to Random Hacks of Kindness in June, possibly another city--oriented hackathon the next weekend with partners from Seattle, WA, and from interviews with organizers and coders from other events using open city data.

Tags:  talk city mining steph-alarcon philadelphia seattle usa chaos-communication-camp philadelphia-usa time-camp  

Tags: hacking
Event: Chaos Communication Camp 2011

Tags:  video closing event chaos-communication-camp  

Authors: Marek Möckel
Tags: space
Event: Chaos Communication Camp 2011
Abstract: This talk is about different sources of space debris and how they are a problem for current and future space travel. I'll introduce some of the computational models that are used to simulate space debris objects and some ideas to prevent them. The environment around Earth is littered with different types of debris - some of natural origin, some human-made. They already pose a risk to spacecraft which will increase if nothing is done about the problem. I will introduce the different known sources of space debris. The objects' sizes range from several meters to only micrometers so it is impossible to detect most objects. Therefore the space debris environment has to be simulated to estimate current and future collision risks for spacecraft. Since we're talking millions of objects that have to be treated individually, a lot of computational power is required. Preventing space debris is a matter of global concern. Many proposals have been issued about how to achieve this; but especially the active removal of existing space debris objects is an open problem.

Tags:  space debris problem marek-mckel chaos-communication-camp debris-environment space-debris  

Authors: Seth Schoen
Tags: privacy
Event: Chaos Communication Camp 2011
Abstract: The Electronic Frontier Foundation will discuss the legal situation that international travelers face when entering or leaving the United States, as well as various ways that travelers can safeguard electronic devices and digital information at the border. A series of unfortunate court decisions allows border patrol agents to search travelers' laptops, mobile phones, and other digital devices without limitation at the United States border. Courts even allow agents to copy entire hard drives for no particular reason -- unlike domestic law enforcement, where civil liberties laws strictly regulate and limit search powers. These searches are relatively rare, but they continue to occur and could become more routine as computer forensics gets cheaper or agents develop new ways of targeting particular travelers. How can international travelers protect themselves when they enter the United States? Seth Schoen and Marcia Hofmann of the Electronic Frontier Foundation will present their latest research into protecting data during border crossings. Their white paper, "Laptop and Electronics Searches at the U.S. Border: A Privacy Guide for Travelers", will be unveiled at this presentation. It combines legal and technical perspectives, discussing the legal situation that international travelers face when entering or leaving the United States, as well as various ways that travelers can safeguard electronic devices and digital information at the border. Since border agents' powers are so extensive, our conclusions may not be happy ones; there is no magical technical or legal solution and all precautions and approaches still involve risks and tradeoffs. We hope that our work will provide a clear, up-to-date, and thorough overview of this issue for all travelers to the U.S.

Tags:  electronics border laptop seth-schoen u.s.-border marcia-hofmann u.s. united-states chaos-communication-camp electronic-frontier-foundation  

Authors: Frank Rehberger
Tags: network
Event: Chaos Communication Camp 2011
Abstract: For scaling real time applications multicast transport is the enabling technology. This event will present solutions for multicast security, that can be used for group conferencing and scaling data distribution services as transport layer security. Keywords: SRTP, AES-CM, Keystream, Multimedia Internet KEYing

Tags:  multicast event security frank-rehberger chaos-communication-camp transport-layer-security security-authors  

Tags: science
Event: Chaos Communication Camp 2011
Abstract: The "Arguna" rocket family consist of four one-stage sounding rockets that can reach altitudes up to 10km. We will present the designs of these rockets and discuss the performed flights and results from avionics experiments.

Tags:  family rocket arguna chaos-communication-camp sounding-rockets science-event  

Authors: Frank Rehberger
Tags: network
Event: Chaos Communication Camp 2011
Abstract: For scaling real time applications multicast transport is the enabling technology. This event will present solutions for multicast security, that can be used for group conferencing and scaling data distribution services as transport layer security. Keywords: SRTP, AES-CM, Keystream, Multimedia Internet KEYing

Tags:  multicast event security frank-rehberger chaos-communication-camp transport-layer-security security-authors  

Authors: Stefan Zehl
Tags: hacker jeopardy
Event: Chaos Communication Camp 2011
Abstract: The Hacker Jeopardy is a quiz show. The well known reversed quiz format, but of course hacker style. It once was entitled "number guessing for geeks" by a German publisher, which of course is an unfair simplification. It's also guessing of letters and special characters. ;) Three initial rounds will be played, the winners will compete with each other in the final.

Tags:  hacker quiz jeopardy stefan-zehl chaos-communication-camp video-hacker  

Authors: Mario Lorenz
Tags: satellite radio
Event: Chaos Communication Camp 2011
Abstract: Radio amateurs have been building and operating satellites for almost fifty years now, and we are aiming for more. In this talk, I'll present who AMSAT is, what we have achieved in the last fifty years, and what we are working on now. Back in the 1960's, radio amateurs seized the opportunity of launching a satellite into space. It would not be the only one; we are approaching OSCAR 70 now. Building satellites has always been challenging and involves using technology in creative ways. I'll cover some of the more fascinating cases, including some lessons learned during the process. In addition to the satellites in earth orbit, we are also aiming for Mars, and I'll show what are doing to get there.

Tags:  chaos-communication-camp radio-amateurs earth-orbit  

Tags: security phone
Event: Chaos Communication Camp 2011
Abstract: Today, more and more real-world things and machines are equipped with some kind of connection back home to the vendor. Such machine-to-machine (M2M) communication is often poorly secured and some day, the shit will hit the fan! Due to the wide availability of broadband internet and mobile communication, the number of embedded systems that come with a network connection is constantly increasing. These devices are ubiquitous and used in a wide range of applications: smart grid, building management, surveillance, traffic control and individual vehicles. Those embedded devices are often poorly secured, if at all. But things get a lot worse: Vendors often don't take into account, that a device might get compromised, thus giving the attacker access to their network. This talk will give an overview over general machine-to-machine (M2M) communications and corresponding attack scenarios. In addition to wired systems, wireless systems will be considered. Of the latter, GSM based systems are the most interesting. Several ways to attack an embedded device, extract secret data and gain network access will be shown. Finally, some good and bad attempts to enhance the security of M2M systems will be presented.

Tags:  network security communication chaos-communication-camp availability-of-broadband security-tags  

Tags: security phone
Event: Chaos Communication Camp 2011
Abstract: Today, more and more real-world things and machines are equipped with some kind of connection back home to the vendor. Such machine-to-machine (M2M) communication is often poorly secured and some day, the shit will hit the fan! Due to the wide availability of broadband internet and mobile communication, the number of embedded systems that come with a network connection is constantly increasing. These devices are ubiquitous and used in a wide range of applications: smart grid, building management, surveillance, traffic control and individual vehicles. Those embedded devices are often poorly secured, if at all. But things get a lot worse: Vendors often don't take into account, that a device might get compromised, thus giving the attacker access to their network. This talk will give an overview over general machine-to-machine (M2M) communications and corresponding attack scenarios. In addition to wired systems, wireless systems will be considered. Of the latter, GSM based systems are the most interesting. Several ways to attack an embedded device, extract secret data and gain network access will be shown. Finally, some good and bad attempts to enhance the security of M2M systems will be presented.

Tags:  chaos-communication-camp availability-of-broadband security-tags  

Authors: Christiane Ruetten
Tags: social
Event: Chaos Communication Camp 2011
Abstract: What makes us gravitate towards other people? In Intellectual Vampires it is the craving for fresh ideas, and in Intellectual Fangbangers it is the joy of sharing them. A talk on the fine art of communication, channels, contexts, and language. It was Charlaine Harris, author of The Sookie Stackhouse Novels behind the TV series True Blood, who portrayed vampirism as something potentially mutually enriching for both the sucker and the suckee. Intellectual Vampires need fresh ideas. They crave them, they seek inspiring people, feed on them, and leave as soon as there is nothing new to be learned. Their willing mindfuck partners are Intellectual Fangbangers who volunteer in providing for new ideas, take pleasure in sharing them, and see them evolve in emerging new contexts. Given that the human mind is all about information flow, interesting patterns emerge if IV/IFB thinking is applied to human relations in all walks of life. Which channels do we employ and what encodings do we use? Can we use them more efficiently? What does the Internet change? Why is secrecy harmful and transparency, openness, and honesty so compellingly satisfying? How do relationships evolve over time? Does intelligence matter? And what makes for mutually pleasing IV/IFB connections?

Tags:  intellectual communication vampirism joy christiane-ruetten charlaine-harris chaos-communication-camp intelligence-matter  

Authors: Bernhard Tittelbach Christian Pointner
Tags: satellite
Event: Chaos Communication Camp 2011
Abstract: In 2011, mur.at will have a pico satellite launched into a low earth orbit (310 km above the surface of our planet). The satellite itself is the evolved descendant of a TubeSat personal satellite kit from Interorbital Systems. mur.sat is a joint venture of mur.at, ESC im Labor and realraum. This talk will give an overview of the project and the technical hacking done so far. A team of about 15 people around mur.at (Graz/Austria) builds its first picosatellite called mursat1, based on the knowledge of Interorbital Systems, IOS, and developped further following our research requests. In 2011, mursat1 will be sent into space. We expand Public Space - noncommercial, noninstitutional, experimental, researching and exploring - to see, hear, test, send, receive, and perform. In the timespan of one century, the space outside earth has been integrated smoothly and without friction into economic utilization processes. In order to counterbalance economical procedures that have been employed in the exploration and investigation of space, we vindicate the right to explore and investigate for ourselves. We claim "the" space as "public" space, in which other projections, wishes, concerns, desires, purposes and undertakings of different matter have authority and entitlement. With the move out into space, mur.sat takes the opportunity to analyse earth from outside. With the development of TubeSat, it has become relatively easy and affordable to send out our own research device. Adding some technical know how, we are able to define a set of tasks that mur.sat should fulfill during his short life time. In some ways, this current situation now is comparable with the 1980ies, beginning of 1990ies, when artists experimented with connected computers, what is now mostly known as world-wide-web/internet. The excitement is found in exploring new spaces, and getting to know and understand them. Probably one of the main attractions lies in the fact, that in unknown spaces one can formulate new hypothesis and try to find out and explore by one's own wish and curiosity. The strength and empowerment that lies in this possibility, is the subjective approach of individuals - noone can say beforehand if a certain question is relevant. It is also very likely that new questions will come up due to intense work on the matter during the work itself. At this stage (summer 2011) mursat1 itself will become our performer, taking selfportraits with a camera, transmitting data about his position relative to earth by torquers, receiving and translating particle detection and collision with a piezo microphone, sending compressed audiodata for radio transmission on earth, hosting children's wishes to become a shooting star themselves, counting. On earth, in the space center in Graz, and optionally on all other sorts of locations, available data will be received and interpreted, in sound, light, temperature installations, to create his sensation of NOW, of present time, and of connectedness to this expansion and extension that surrounds us. Why should only economically potent entities like states or companies be entitled to develop the imagery and broadcast (and thereby define) the ways of perception of the outer world, and of the representations of earth and the universe?

Tags:  chaos-communication-camp low-earth-orbit interorbital-systems  

Authors: Bernhard Tittelbach Christian Pointner
Tags: satellite
Event: Chaos Communication Camp 2011
Abstract: In 2011, mur.at will have a pico satellite launched into a low earth orbit (310 km above the surface of our planet). The satellite itself is the evolved descendant of a TubeSat personal satellite kit from Interorbital Systems. mur.sat is a joint venture of mur.at, ESC im Labor and realraum. This talk will give an overview of the project and the technical hacking done so far. A team of about 15 people around mur.at (Graz/Austria) builds its first picosatellite called mursat1, based on the knowledge of Interorbital Systems, IOS, and developped further following our research requests. In 2011, mursat1 will be sent into space. We expand Public Space - noncommercial, noninstitutional, experimental, researching and exploring - to see, hear, test, send, receive, and perform. In the timespan of one century, the space outside earth has been integrated smoothly and without friction into economic utilization processes. In order to counterbalance economical procedures that have been employed in the exploration and investigation of space, we vindicate the right to explore and investigate for ourselves. We claim "the" space as "public" space, in which other projections, wishes, concerns, desires, purposes and undertakings of different matter have authority and entitlement. With the move out into space, mur.sat takes the opportunity to analyse earth from outside. With the development of TubeSat, it has become relatively easy and affordable to send out our own research device. Adding some technical know how, we are able to define a set of tasks that mur.sat should fulfill during his short life time. In some ways, this current situation now is comparable with the 1980ies, beginning of 1990ies, when artists experimented with connected computers, what is now mostly known as world-wide-web/internet. The excitement is found in exploring new spaces, and getting to know and understand them. Probably one of the main attractions lies in the fact, that in unknown spaces one can formulate new hypothesis and try to find out and explore by one's own wish and curiosity. The strength and empowerment that lies in this possibility, is the subjective approach of individuals - noone can say beforehand if a certain question is relevant. It is also very likely that new questions will come up due to intense work on the matter during the work itself. At this stage (summer 2011) mursat1 itself will become our performer, taking selfportraits with a camera, transmitting data about his position relative to earth by torquers, receiving and translating particle detection and collision with a piezo microphone, sending compressed audiodata for radio transmission on earth, hosting children's wishes to become a shooting star themselves, counting. On earth, in the space center in Graz, and optionally on all other sorts of locations, available data will be received and interpreted, in sound, light, temperature installations, to create his sensation of NOW, of present time, and of connectedness to this expansion and extension that surrounds us. Why should only economically potent entities like states or companies be entitled to develop the imagery and broadcast (and thereby define) the ways of perception of the outer world, and of the representations of earth and the universe?

Tags:  chaos-communication-camp low-earth-orbit interorbital-systems  

Authors: Steph Alarcon
Tags: ecology
Event: Chaos Communication Camp 2011
Abstract: Everything we do as technologists depends on the critical minerals from which our devices are made. Recycling junk electronics is no longer just the right thing to do, it's the smart thing to do. Everything we do as technologists depends on the critical minerals from which our devices are made. From iron, aluminum and plastic, to gold, coltan and rare earth metals impact, these raw materials affect the availability and price of the electronics we use all the time. What happens at the end of their useful lives? By now, the problems with electronic waste are well known: Recycling is difficult and expensive, and exportation of junk electronics from rich to poor nations incentivizes informal recycling that is incredibly dangerous to workers and harmful to the environment. But with extreme monopolization of certain mineral markets, particularly China's domination of the rare earths market, recycling has ceased to be simply a good thing to do, and now provides an economic hedge against volatile commodities markets. This talk will be an update of a talk I gave at The Next Hope (July, 2010, New York City, link below) and will outline the e-waste problem and how both regulations and materials innovation in places like the EU and Japan have put them ahead of the manufacturing curve, with special emphasis on rare earth elements. Any specific questions from economics to chemistry that are sent in advance, will be researched and answered the best I can. I work at a research university so there are lots of smart people to ask. A draft of my capstone paper is available if you'd like to take a closer look at how I approach the topic. Please note that the paper linked below is a draft...the final draft is due May 3, after the deadline for talk submissions! Talk image is courtesy of Greenpeace.

Tags:  thing talk recycling steph-alarcon japan new-york-city chaos-communication-camp rare-earth-metals rare-earth-elements  

Authors: Steph Alarcon
Tags: ecology
Event: Chaos Communication Camp 2011
Abstract: Everything we do as technologists depends on the critical minerals from which our devices are made. Recycling junk electronics is no longer just the right thing to do, it's the smart thing to do. Everything we do as technologists depends on the critical minerals from which our devices are made. From iron, aluminum and plastic, to gold, coltan and rare earth metals impact, these raw materials affect the availability and price of the electronics we use all the time. What happens at the end of their useful lives? By now, the problems with electronic waste are well known: Recycling is difficult and expensive, and exportation of junk electronics from rich to poor nations incentivizes informal recycling that is incredibly dangerous to workers and harmful to the environment. But with extreme monopolization of certain mineral markets, particularly China's domination of the rare earths market, recycling has ceased to be simply a good thing to do, and now provides an economic hedge against volatile commodities markets. This talk will be an update of a talk I gave at The Next Hope (July, 2010, New York City, link below) and will outline the e-waste problem and how both regulations and materials innovation in places like the EU and Japan have put them ahead of the manufacturing curve, with special emphasis on rare earth elements. Any specific questions from economics to chemistry that are sent in advance, will be researched and answered the best I can. I work at a research university so there are lots of smart people to ask. A draft of my capstone paper is available if you'd like to take a closer look at how I approach the topic. Please note that the paper linked below is a draft...the final draft is due May 3, after the deadline for talk submissions! Talk image is courtesy of Greenpeace.

Tags:  thing talk recycling steph-alarcon japan new-york-city chaos-communication-camp rare-earth-metals rare-earth-elements  

Tags: TCP/IP
Event: Chaos Communication Camp 2011
Abstract: A few short weeks ago, APNIC's supply of IPv4 address space reached depletion. ARIN and the RIPE NCC will follow soon, most likely somewhere this year. In this talk I will discuss the history of the internet as seen from the point of view of the RIRs.

Tags:  chaos-communication-camp ripe-ncc rirs  

Authors: Moritz von Buttlar
Tags: science
Event: Chaos Communication Camp 2011
Abstract: Opensource-solar.org is working on open hardware power supplies for off-grid applications. The systems consist of self-build solar panels, charge controllers with microcontroller, and LiFePo4 rechargeable batteries. Green energy for your gadgets ! A photovoltaic based power supply for small devices is especially useful if an electricity grid is unavailable, if cabling is inconvenient, and in emergency situations. Opensource-solar.org designs modular open hardware photovoltaic power systems which can be incorporated in other projects. The focus is on micro-energy systems with less then 16 W. Examples for usage include LED lighting systems, cell-phone charging and power for wireless networks. The goal is to make a very high quality system at a fraction of the cost of current systems. Currently it consists of a self-made solar panel build from solar cells, a MSP430 based charging and control module, and a rechargeable LiFePo4 battery. The open hardware approach allows collaborative development, support and building instructions for users worldwide. This could be especially interesting for makers in Africa and other parts of the world without grid connectivity in rural areas. Success of photovoltaic based systems is slowed down by a scarcity of skilled people and high costs. Open source hardware and internet comunities can provide essential information for self-learning the required skills to assemble, develop and install such systems.

Tags:  power source Hardware w.-examples moritz-von-buttlar africa chaos-communication-camp solar-panels-charge open-source-hardware  

Authors: Torbjörn Lofterud
Tags: games
Event: Chaos Communication Camp 2011
Abstract: For a few years I was part of a team that developed and ran autonomous poker playing robots on commercial Internet poker sites; playing poker with real money against real people in real time. The project failed... At first glance, Texas hold'em poker does seem like a fairly simple game. Developing poker playing software can be done and has been done, and there are rumors on the Internet about poker playing robots winning millions online. There are even some commercial poker playing software available on the Internet. But building a functional poker bot have two major parts; firstly integration with the online poker site, and secondly developing software capable of winning against human opponents in Texas hold'em poker. Contrary to popular belief, the first part is easy and the second part is hard. Texas hold'em provides a programming challenge extraordinaire because its an imperfect information game paired with lots of randomness and psychology. Only small pieces of information is available at a given time, and the available information is biased and often deceptive. The complete game-tree Texas hold'em poker is so large that its infeasible to calculate even offline, and impossible to do in real-time, a feat necessary for online game-play.

Tags:  internet part poker texas chaos-communication-camp contrary-to-popular-belief human-opponents  

Tags: science space
Event: Chaos Communication Camp 2011
Abstract: Flying hardware must perform its intended function under harsh environmental conditions while fulfilling strict requirements due to boundary conditions like weight, size, and power consumption. The design must exhibit redundancy and resilience against adversary conditions and special care has to be given to thermal management and energy sources. We will discuss design rules to cope with specific problems and present a prototype system based on the multicore chip P8X32A. The succesful operation of electronic equipment in space must take effects into account that are normally not encountered under terrestrial conditions. The hardware must be protected against accelerations and vibrations during takeoff, reentry, and landing by protecting it mechanically. The ubiquitous vacuum in space leads to an elevated radiation field, (re)sublimation of materials, and exposure to extreme temperature cycles. This constant tear and wear leads to an accelerated decay of structures on different scales, from microscopic structures in semiconductors to macroscopic parts like junctions, cables and batteries. We will discuss in this lecture some of the effects in detail to give an overview of the challenges and give guidelines to avoid typical pitfalls during design.

Tags:  design space Hardware a.--the chaos-communication-camp typical-pitfalls harsh-environmental-conditions  

Authors: Andreas Schreiner Clemens Hopfer Patrick Strasser
Tags: radio
Event: Chaos Communication Camp 2011
Abstract: Moon bounce, also known as EME (Earth-Moon-Earth), is a technique that allows two earth-based radio stations to communicate directly by using the moon as passive reflector. It is the longest path two stations on Earth can use to establish direct connection with each other. First developed the late 1940s by the United States Navy it was used as a revolutionary way to communicate without the uncertainties of shortwave radio propagation. The development of artificial satellites completely obsoleted this usecase only a few years later but the technique itself is still one of the most challenging tasks in radio communication. Today it's Amateur Radio stations that are practising the art of Moon bounce. We are here to tell and to show you how it is done. Amateur Radio Operators are one of the oldest sub-groups in the Hacker universe. Long before the term Hacker was coined there were people tinkering in their Shacks, building equipment and trying to communicate with like-minded spirits from all over the world. Moon bounce is not the newest kid on the block in the radio field but still most demanding in terms of necessary equipment as well as operating skills. We provide you with a little historic background, some basic facts about how radio communication even works and then explain what has to be done to achieve the goal of bouncing signals off the moon. In a weird coincidence we will actually have a Moon bounce setup at the camp site so expect some current pictures as well as juicy tales of the radio art. "But wait!" you say, "The moon's only up half of the day". Well, you're right. Remember those artificial satellites that replaced the moon in military as well as commercial applications? We have them too! Amateur Radio Satellites and even the International Space Station can easily be reached with a very modest radio setup so we will explore these communication modes too.

Tags:  radio communication moon patrick-strasser andreas-schreiner clemens-hopfer space-station chaos-communication-camp amateur-radio-satellites earth-moon-earth  

Tags: space
Event: Chaos Communication Camp 2011
Abstract: Retrieval of information is essential for every experiment, especially involving rockets. The use of electromagnetic waves is the natural choice for communication with a rocket and sometimes the only means to retrieve flight hardware afterwards.

Tags:  video communication telemetry chaos-communication-camp electromagnetic-waves space-event  

Authors: Andreas Schreiner Clemens Hopfer Patrick Strasser
Tags: radio
Event: Chaos Communication Camp 2011
Abstract: Moon bounce, also known as EME (Earth-Moon-Earth), is a technique that allows two earth-based radio stations to communicate directly by using the moon as passive reflector. It is the longest path two stations on Earth can use to establish direct connection with each other. First developed the late 1940s by the United States Navy it was used as a revolutionary way to communicate without the uncertainties of shortwave radio propagation. The development of artificial satellites completely obsoleted this usecase only a few years later but the technique itself is still one of the most challenging tasks in radio communication. Today it's Amateur Radio stations that are practising the art of Moon bounce. We are here to tell and to show you how it is done. Amateur Radio Operators are one of the oldest sub-groups in the Hacker universe. Long before the term Hacker was coined there were people tinkering in their Shacks, building equipment and trying to communicate with like-minded spirits from all over the world. Moon bounce is not the newest kid on the block in the radio field but still most demanding in terms of necessary equipment as well as operating skills. We provide you with a little historic background, some basic facts about how radio communication even works and then explain what has to be done to achieve the goal of bouncing signals off the moon. In a weird coincidence we will actually have a Moon bounce setup at the camp site so expect some current pictures as well as juicy tales of the radio art. "But wait!" you say, "The moon's only up half of the day". Well, you're right. Remember those artificial satellites that replaced the moon in military as well as commercial applications? We have them too! Amateur Radio Satellites and even the International Space Station can easily be reached with a very modest radio setup so we will explore these communication modes too.

Tags:  radio communication moon patrick-strasser andreas-schreiner clemens-hopfer space-station chaos-communication-camp amateur-radio-satellites earth-moon-earth  

Authors: Harald Welte
Tags: GSM radio
Event: Chaos Communication Camp 2011
Abstract: Financing The Revolution is a discussion about digital currencies with a particular emphasis on Bitcoin, a new distributed peer-to-peer electronic currency. Digital cash and Bitcoin in particular have caused many new and interesting markets to appear, and these are examined as well as the link between economic freedom and the expression of other basic rights. Keywords: digital cash, cryptography, bitcoin, dgc, darknets, markets, civil liberties Financing The Revolution is a discussion about digital currencies with a particular emphasis on Bitcoin, a new distributed peer-to-peer electronic currency. Digital cash and Bitcoin in particular have caused many new and interesting markets to appear, and these are examined as well as the link between economic freedom and the expression of other basic rights. Jeffrey Paul is a American hacker and entrepreneur currently based in Berlin. Founder of datavibe.net (1999) and EEQJ (2009), he writes, presents, and consults on a wide range of topics including civil liberties and practical applications of networking, cryptography, and security systems.

Tags:  chaos-communication-camp digital-currencies electronic-currency  

Authors: Jeffrey Paul
Tags: bank economy
Event: Chaos Communication Camp 2011
Abstract: Financing The Revolution is a discussion about digital currencies with a particular emphasis on Bitcoin, a new distributed peer-to-peer electronic currency. Digital cash and Bitcoin in particular have caused many new and interesting markets to appear, and these are examined as well as the link between economic freedom and the expression of other basic rights. Keywords: digital cash, cryptography, bitcoin, dgc, darknets, markets, civil liberties Financing The Revolution is a discussion about digital currencies with a particular emphasis on Bitcoin, a new distributed peer-to-peer electronic currency. Digital cash and Bitcoin in particular have caused many new and interesting markets to appear, and these are examined as well as the link between economic freedom and the expression of other basic rights. Jeffrey Paul is a American hacker and entrepreneur currently based in Berlin. Founder of datavibe.net (1999) and EEQJ (2009), he writes, presents, and consults on a wide range of topics including civil liberties and practical applications of networking, cryptography, and security systems.

Tags:  revolution financing bitcoin jeffrey-paul-tags jeffrey-paul berlin chaos-communication-camp digital-currencies electronic-currency  

Authors: Andreas Bogk
Tags: PDF
Event: Chaos Communication Camp 2011
Abstract: Dependent types expand the concept of types in programming languages by arbitrary predicates depending on the value of the type. This lecture will introduce the concept and show how it can be used to develop formally verified code. As part of this lecture, a PDF parser written using the described methods will be released. Initial tests show that produces excellent results in distinguishing between legitimate PDFs and those with malicious payloads, with a rejection rate for malicious PDFs exceeding 95%.

Tags:  chaos-communication-camp arbitrary-predicates rejection-rate  

Authors: Kat Braybrooke
Tags: hacking
Event: Chaos Communication Camp 2011
Abstract: In 2002, Ghosh et al released a study which found that in F/LOSS coder/hacker communities, only 1.5% of members were female. This participation-heavy session is about the challenges of immersive ethnographic research in a time of gender transformation. First, a bit about my background. My name is Kat Braybrooke, I'm a Canadian from Vancouver, and I am currently finishing my MSc thesis for University College London's Digital Anthropology program regarding the role of gender in FLOSS hacker and coder cultures. For this thesis (abstract at http://shehackers.kaibray.com), I engaged in a combination of phenomenological immersivity and informant relationship-building with over 30 hackers and coders (male and female) in hackspaces and recursive tech/'geek' cultures across Europe. When I started my research, I had specific assumptions about who I wanted to talk to and what I thought I'd find. However, through the process of engaging with the spaces and individuals involved in these communities, I have come to realize how incorrect these assumptions were - and I'm hoping these realizations can be of benefit future social scientists, anthropologist and media theorists studying recursive subcultures in periods of ultramodern transformation. This session is about group participation - discussion, debate, criticism and new ideas. I'm not here to tell you who you are. Instead, I want to learn what you, as Chaos Camp attendees, think of these sorts of academic studies of your own communities, and how you feel my methodology can be improved upon. While I'm a self-defined 'geek', I am the outsider here - so before I publish this research, I'd love to hear how my understandings can be improved.

Tags:  research gender loss kat-braybrooke london europe vancouver chaos-communication-camp digital-anthropology hacker-communities  

Authors: Kat Braybrooke
Tags: hacking
Event: Chaos Communication Camp 2011
Abstract: In 2002, Ghosh et al released a study which found that in F/LOSS coder/hacker communities, only 1.5% of members were female. This participation-heavy session is about the challenges of immersive ethnographic research in a time of gender transformation. First, a bit about my background. My name is Kat Braybrooke, I'm a Canadian from Vancouver, and I am currently finishing my MSc thesis for University College London's Digital Anthropology program regarding the role of gender in FLOSS hacker and coder cultures. For this thesis (abstract at http://shehackers.kaibray.com), I engaged in a combination of phenomenological immersivity and informant relationship-building with over 30 hackers and coders (male and female) in hackspaces and recursive tech/'geek' cultures across Europe. When I started my research, I had specific assumptions about who I wanted to talk to and what I thought I'd find. However, through the process of engaging with the spaces and individuals involved in these communities, I have come to realize how incorrect these assumptions were - and I'm hoping these realizations can be of benefit future social scientists, anthropologist and media theorists studying recursive subcultures in periods of ultramodern transformation. This session is about group participation - discussion, debate, criticism and new ideas. I'm not here to tell you who you are. Instead, I want to learn what you, as Chaos Camp attendees, think of these sorts of academic studies of your own communities, and how you feel my methodology can be improved upon. While I'm a self-defined 'geek', I am the outsider here - so before I publish this research, I'd love to hear how my understandings can be improved.

Tags:  research gender loss kat-braybrooke london europe vancouver chaos-communication-camp digital-anthropology hacker-communities  

Authors: Dan Kaminsky
Tags: TCP/IP
Event: Chaos Communication Camp 2011
Abstract: Remember when networks represented interesting targets, when TCP/IP was itself a vector for messiness, when packet crafting was a required skill?

Tags:  chaos-communication-camp dan-kaminsky black-ops  

Tags: intelligence
Event: Chaos Communication Camp 2011
Abstract: This presentation will show how the RCMP, CSIS, CSEC and other groups worked to "secure" the 2010 Olympics, G8 and G20 by criminalising dissent, and the use of "Open Source Surveillance" to attempt to crack down on all opposition to these mega-events. In 2010, Canada was hosting two of the world's largest events, the 2010 Winter Olympic Games in Vancouver, British Columbia, and the G20 summit in Toronto, Ontario. In both cases, there was a special group formed from the various security groups in Canada, and these groups were called the Vancouver 2010 Integrated Security Unit and the G8-G20 Integrated Security Unit. In the case of both Toronto and Vancouver, citizens found that their city was being turned into a fortress to ensure security, and surveillance was being used against its own people. This is combined with laws that are designed to protect the corporate sponsors of the games, as well as the International Olympic Committee (IOC). This talk will focus primarily on the tactics of the Vancouver 2010 Integrated Security Unit during the Olympics, and may touch on the G8-G20 Integrated Security Unit in Ontario, and how these groups used various public forums on the Internet to identify and compile a secret list of Activists to be targeted with intimidation tactics, arrest and in some cases, prolonged detainment. This will also cover the aftermath of the surveillance to see what lessons an international audience can take from this, as well as a dispelling the myth that Canada (and other Western countries) don't engage in the same behaviour, despite their reputation as being "Better than the United States". This talk is of particular interest to technologists, due to the recent case of Byron Sonne, a security researcher, who, like me, dared to poke the Security Apparatus in the eye, but unfortunately was still in prison when I wrote this presentation. Due to a publication ban, his information will NOT be presented, but other defendants in the G20 who have published their material will have theirs presented.

Tags:  chaos-communication-camp g20-summit 2010-winter-olympic-games  

Authors: Dominik Meyer
Tags: hardware hacking
Event: Chaos Communication Camp 2011
Abstract: The talk will give the audience an introduction to the world of runtime reconfigurable processors. The current state of the art in processor performance improvements are multicore-processor systems. These systems offer a number of homogeneous and static processor cores for the parallel distribution of computational tasks. Another approach are reconfigurable processors or reconfigurable multicore processor systems, which can adapt to program needs on the fly during runtime. This is done through swapping different kinds of functional units in and out or by giving the processor freely available space for hardware configuration. After years of just being a research field such systems can be seen in the wild. For example the HC1 architecture from Convey or the combination of an Intel Atom processor with an Altera FPGA. The talk will introduce the audience to the field of reconfigurable processors. It will classify the different kinds of such processors and describe some architectures briefly. At the end general security issues are explained.

Tags:  processor runtime Hardware dominik-meyer-tags chaos-communication-camp reconfigurable-processors processor-cores  

Tags: privacy
Event: Chaos Communication Camp 2011
Abstract: The internet is increasingly falling under the control and restrictions of governments and multinational corporations. Internet connections are filtered and censored, not only in China but blatantly so in 'western' countries such as Australia and Canada. The content industry is clamping down on infringement on intellectual property and calls for ever more far-fetching and over-reaching laws to be put into effect. Meanwhile, telco's are making deals with content providers to decide how gets premium access and who gets degraded access to their networks. We have seen the internet rise, saw its potential and then lost it to capitalism and state control. It is time we truly 'take back the web'. The modern manifest of cyberspace is a call to action, urging the community to regain control and fight for a free infrastructure to sustain an uncensored and unbiased flow of information. The internet is increasingly falling under the control and restrictions of governments and multinational corporations. Internet connections are filtered and censored, not only in China but blatantly so in 'western' countries such as Australia and Canada. The content industry is clamping down on infringement on intellectual property and calls for ever more far-fetching and over-reaching laws to be put into effect. Meanwhile, telco's are making deals with content providers to decide how gets premium access and who gets degraded access to their networks. As such, the independence of cyberspace [https://projects.eff.org/~barlow/Declaration-Final.html as declared in 1996] is a thing of the past. We urgently need to reclaim this independence, to ensure the free flow of information. One way out is the deployment of darknets and encrypted tunnels layered over the existing commercial internet. In this talk I will argue for a more radical option though; I will call to abandon the existing infrastructure and build our own. This talk will highlight various already ongoing initiatives supporting this bold idea, and ideas that are currently bubbling up to build grass-roots internet. Wireless mesh networks that connect local areas, initiatives to connect rural areas to the larger networking community and the [http://events.ccc.de/camp/2011/space.html hackerspaces space program] launching this year at the CCC camp in August, which creates the environment for an actual grass-roots telecommunications satellite network and unites various ongoing efforts in this area. But most of all, this talk will argue that the time is here to join loose initiatives and localized grass-roots telecommunication efforts to implement a world-wide and independent communications network. This talk will explore possibilities, challenges and perhaps the need to unlearn the familiar and adapt to a new era of a truly decentralized infrastructure without traditional hubs of power and controlling agencies.

Tags:  chaos-communication-camp encrypted-tunnels free-infrastructure  

Authors: Karsten Nohl
Tags: smart card
Event: Chaos Communication Camp 2011
Abstract: Smart cards chips – originally invented as a protection for cryptographic keys – are increasingly used to keep protocols secret. This talk challenges the chips' security measures to unlock the protocols for public analysis. Hardened security chips are protecting secret cryptographic keys throughout the virtual and physical worlds. These smart card chips are found in banking cards, authentication tokens, encryption appliances, and master key vaults. The protection capabilities of the chips is increasingly used to also keep secret application code running on the devices. For example, the protocols of modern EMV credit cards are not publicly known. Such obscurity is hindering analysis, hence letting logic and implementation flaws go unnoticed in widely deployed systems, including credit card systems. We demonstrate a method of extracting application code from smart cards with simple equipment to open the application code for further analysis.

Tags:  analysis card application chaos-communication-camp smart-card-chips authentication-tokens  

Authors: Herr Urbach
Tags: privacy obfuscation
Event: Chaos Communication Camp 2011
Abstract: In January 2011 the fear of all internauts became bitter truth. A whole country was kill-switched by the government. The flow of data was interrupted, communication laid waste. Not only the Internets was taken down, other means of communication were interrupted too. Cell Phone providers took down their services. So, there was no Internets in Egypt. Internauts had no chance to communicate what is happening, mothers and fathers could not send emails to theire relatives. No data was flowing. As the phone lines were working, this was the solutions: Modems. In this talk I will describe what Telecomix agents had done during these days to bring back internet to the people of egypt. We used modem technology and set up dial up points all over the world and convinced providers with modem pools to open theire pools for the egyptians for free. Another thing we did was communication via HAM radio and of course fax. Not like anonymous who like to fax cables and stuff, but helpful information about medical help, how to communicate on a secure base and things like that. Furthermore I will describe the structure of Telecomix who are working as a decentralized cluster.

Tags:  communication phone internets ham egypt chaos-communication-camp cell-phone-providers modem-pools  

Authors: Karsten Nohl
Tags: smart card
Event: Chaos Communication Camp 2011
Abstract: Smart cards chips – originally invented as a protection for cryptographic keys – are increasingly used to keep protocols secret. This talk challenges the chips' security measures to unlock the protocols for public analysis. Hardened security chips are protecting secret cryptographic keys throughout the virtual and physical worlds. These smart card chips are found in banking cards, authentication tokens, encryption appliances, and master key vaults. The protection capabilities of the chips is increasingly used to also keep secret application code running on the devices. For example, the protocols of modern EMV credit cards are not publicly known. Such obscurity is hindering analysis, hence letting logic and implementation flaws go unnoticed in widely deployed systems, including credit card systems. We demonstrate a method of extracting application code from smart cards with simple equipment to open the application code for further analysis.

Tags:  analysis card application chaos-communication-camp smart-card-chips authentication-tokens  

Tags: science space
Event: Chaos Communication Camp 2011
Abstract: Design and implementation of rocket engines with two-phase propellants

Tags:  video hybrid rocket chaos-communication-camp hybrid-rocket space-event  

Authors: André Franz
Tags: science
Event: Chaos Communication Camp 2011
Abstract: Nowadays many office environments offer small tea kitchens for their employees. From subjective experiences there seems to be a milk drain in these environments. However, fundamentel research is still missing. Therefore, in this talk we will present experiments and the experimental setup to determine the volatility of milk in tea kitchens and possible causes. The experimental setup consists of a device for determining the amount of vanished milk (DDAVM), a device for counting fridge door openings (DCFDO) and a device for measuring the consumed electrical energy (DMCEE). The light diode based DCFDO is hidden in a regular yoghurt cup. Additional to these measurements we will present some model canditates which are based on plausible psychological behavior of the employees. With innovative model discrimination techniques, model candidates are falsified by suggesting model-based experimental designs. With these experiments and mathematical models we strongly believe to contribute to a better understanding of vanishing bovine products in office environments. This can help to predict the present state of milk in refrigerators, which leads to a more efficient milk consumption. Further, deep insights into social-psycological interplays between colleagues may be extrapolated to generic properties of different societies. The snitching milk consumption curve may also hint, which kind of social system (e.g. communism, socialism, capitalism), people belong to.

Tags:  device milk model franz-tags chaos-communication-camp model-discrimination milk-consumption  

Tags: bank economy
Event: Chaos Communication Camp 2011
Abstract: What comes after capitalism? We will give an overview on the development of complementary and alternative monetary systems: Which ones are there to stay, how they influence social development, how they can be improved and why hackers should really care. DYNDY is an effort to inform and empower communities with concepts and tools to overcome scarcity. Since the beginning of 2010 it unfolds as an academic research conducted in cooperation with experts from various fields: economists, philosophers and hackers. Its outcomes are visible as publications which, still being grounded in scholarly written theory, aim at divulgation of innovative concepts and at interaction with existing and future implementations of monetary systems. Quoting Bernard Lietaer: “We can’t imagine to enter the Information Age without changing the fundamental and most used communication tool: Money”. At the CCC camp 2011 we intend to follow this call and break the foremost taboo of our time which is, indeed, money. With our research we intend to establish a theoretical and practical framework for further development of this ancient media, which is widely used around the world and can finally benefit from the innovative drive that hackers have given so far to networking technologies. After about 2 years of research, in this lecture we intend to present in detail our findings, mostly answering impelling questions as: How financiarization is leading to the dissolution of the capitalist market and which values will naturally arise afterwards, what is the meaning of General Sentiment and how affect converges in the information economy, what peer 2 peer cryptographic currencies mean to the global markets and what we can still develop to benefit and share wealth among all those who are using money around the World. The language used will be both technical and theoretical, still no particular knowledge is needed, but pure interest on the subject and inclination to follow an interdisciplinary discourse between humanities and science.

Tags:  research development money general-sentiment bernard-lietaer chaos-communication-camp alternative-monetary-systems ccc-camp  

Authors: Christian Bahls Jérémie Zimmermann
Tags: law
Event: Chaos Communication Camp 2011
Abstract: The german access-blocking debate in 2009 only was a prelude to the EU-wide introduction of a blocking infrastructure in the Internet. Only delayed by the Lisbon Treaty compulsory, blocking by all EU-Memberstate has been discussed in the European Parliament since March 2010. Jérémie Zimmermann and Christian Bahls will describe how to get involved with policy-making in the EU using the discussion around Access-blocking as a case study.

Tags:  parliament jrmie zimmermann christian-bahls lisbon chaos-communication-camp bahls video-counter  

Tags: bank economy
Event: Chaos Communication Camp 2011
Abstract: What comes after capitalism? We will give an overview on the development of complementary and alternative monetary systems: Which ones are there to stay, how they influence social development, how they can be improved and why hackers should really care. DYNDY is an effort to inform and empower communities with concepts and tools to overcome scarcity. Since the beginning of 2010 it unfolds as an academic research conducted in cooperation with experts from various fields: economists, philosophers and hackers. Its outcomes are visible as publications which, still being grounded in scholarly written theory, aim at divulgation of innovative concepts and at interaction with existing and future implementations of monetary systems. Quoting Bernard Lietaer: “We can’t imagine to enter the Information Age without changing the fundamental and most used communication tool: Money”. At the CCC camp 2011 we intend to follow this call and break the foremost taboo of our time which is, indeed, money. With our research we intend to establish a theoretical and practical framework for further development of this ancient media, which is widely used around the world and can finally benefit from the innovative drive that hackers have given so far to networking technologies. After about 2 years of research, in this lecture we intend to present in detail our findings, mostly answering impelling questions as: How financiarization is leading to the dissolution of the capitalist market and which values will naturally arise afterwards, what is the meaning of General Sentiment and how affect converges in the information economy, what peer 2 peer cryptographic currencies mean to the global markets and what we can still develop to benefit and share wealth among all those who are using money around the World. The language used will be both technical and theoretical, still no particular knowledge is needed, but pure interest on the subject and inclination to follow an interdisciplinary discourse between humanities and science.

Tags:  research development money general-sentiment bernard-lietaer chaos-communication-camp alternative-monetary-systems ccc-camp  

Authors: André Franz
Tags: science
Event: Chaos Communication Camp 2011
Abstract: Nowadays many office environments offer small tea kitchens for their employees. From subjective experiences there seems to be a milk drain in these environments. However, fundamentel research is still missing. Therefore, in this talk we will present experiments and the experimental setup to determine the volatility of milk in tea kitchens and possible causes. The experimental setup consists of a device for determining the amount of vanished milk (DDAVM), a device for counting fridge door openings (DCFDO) and a device for measuring the consumed electrical energy (DMCEE). The light diode based DCFDO is hidden in a regular yoghurt cup. Additional to these measurements we will present some model canditates which are based on plausible psychological behavior of the employees. With innovative model discrimination techniques, model candidates are falsified by suggesting model-based experimental designs. With these experiments and mathematical models we strongly believe to contribute to a better understanding of vanishing bovine products in office environments. This can help to predict the present state of milk in refrigerators, which leads to a more efficient milk consumption. Further, deep insights into social-psycological interplays between colleagues may be extrapolated to generic properties of different societies. The snitching milk consumption curve may also hint, which kind of social system (e.g. communism, socialism, capitalism), people belong to.

Tags:  device milk model franz-tags chaos-communication-camp model-discrimination milk-consumption  

Authors: Sébastien Bourdeauducq
Tags: embedded microcontroller
Event: Chaos Communication Camp 2011
Abstract: Milkymist develops a comprehensive solution for the live synthesis of interactive visual effects. It features one of the first open source system-on-chip designs. This talk gives a roundup of what has happened during the last 1.5 year in this project. The Milkymist project is an informal organization of people and companies who develop, manufacture and sell a comprehensive open source hardware and software solution for the live synthesis of interactive visual effects for VJs. The project goes great lengths to apply the open source principles at every level possible, and is best known for the Milkymist system-on-chip (SoC) which is among the first commercialized system-on-chip designs with free HDL source code. As a result, several Milkymist components have been reused in applications unrelated to video synthesis. For example, NASA's Communication Navigation and Networking Reconfigurable Testbed (CoNNeCT) experiment uses the memory controller that was originally developed for the Milkymist system-on-chip and published under the GNU GPL. A lot has happened since the introduction to the project at the 26C3. We have designed and are now producing and selling our own hardware called Milkymist One. The system-on-chip design has reached a very usable state, with improved graphics acceleration capabilities, support for all the interfaces on the Milkymist One (e.g. video digitizer, USB, Ethernet, MIDI, DMX, ...) and a GDB-compatible in-system debugger. On the software side, we have ported the RTEMS real time operating system and up-leveled the Linux port. We also have developed our own end-user video synthesis application which runs on RTEMS and uses the MTK embedded GUI toolkit (based on Genode FX). Several third-party applications and many libraries were successfully run on the Milkymist SoC, such as the MuPDF document viewer and the Lua and Ruby programming languagues. The SoC software can also be run and debugged in the latest versions of the QEMU emulator. This talk presents all this, and more. Demonstrations included.

Tags:  chaos-communication-camp open-source-system video-digitizer  

Authors: Ilja van Sprundel
Tags: secure development iPhone
Event: Chaos Communication Camp 2011
Abstract: Over the last few years there has been a signifant amount of iPhone and iPad application development going on. Although based on Mac OSX, its development APIs are new and very specific to the iPhone and iPad. In this presentation, Ilja van Sprundel, Principal Security Consultant at IOActive, will discuss lessons learned from auditing iPhone and iPad applications over the last year. It will cover the use of specific APIs, why some of them aren't granular enough, and why they might expose way too much attack surface. The talk will cover ssl, xml, url handling, UIWebViews and more. Furthermore, it will also cover what apps are allowed to do when inside their sandbox once an application has been hacked.

Tags:  development application iphone mac-osx chaos-communication-camp security-authors  

Authors: Ilja van Sprundel
Tags: secure development iPhone
Event: Chaos Communication Camp 2011
Abstract: Over the last few years there has been a signifant amount of iPhone and iPad application development going on. Although based on Mac OSX, its development APIs are new and very specific to the iPhone and iPad. In this presentation, Ilja van Sprundel, Principal Security Consultant at IOActive, will discuss lessons learned from auditing iPhone and iPad applications over the last year. It will cover the use of specific APIs, why some of them aren't granular enough, and why they might expose way too much attack surface. The talk will cover ssl, xml, url handling, UIWebViews and more. Furthermore, it will also cover what apps are allowed to do when inside their sandbox once an application has been hacked.

Tags:  chaos-communication-camp security-authors iphone  

Authors: Marc Juul
Tags: science
Event: Chaos Communication Camp 2011
Abstract: Genetic modification is getting cheaper and biohackers are making it more accessible. This talk outlines the state of DIYbio and institutional synthetic biology; current challenges in biological programming and why you should be hacking biology. The technology to program biological self-replicating machines is here now. Synthetic biologists are reverse-engineering living cells and building bio-compilers that will facilitate abstract design of complex genetic programs. This talk will show how such a genetic program can be written using freely available parts and design tools. How the DNA can be synthesized, assembled, inserted into a cell culture and the result debugged. The tools to accomplish this exist in two spaces: The wetlab (biological) and the drylab (software). Wetlab access continues to be a limiting factor in participation by the wider community of citizen scientists, hackers and makers. Access restrictions both technological and legal are not foreign to hackers, and biohackers are currently facing obstacles such as GMO laws, expensive lab equipment and restricted access to materials, yet DIYbio groups around the world are building labs, acquiring expertise and making this technology available to everyone. This talk gives an overview of the gap in capabilities between professional labs and DIYbio labs, how it can be overcome, and the unique challenges of biosafety, ethics and intellectual property in biology.

Tags:  talk biology access marc-juul diybio chaos-communication-camp citizen-scientists professional-labs  

Authors: Sébastien Bourdeauducq
Tags: embedded microcontroller
Event: Chaos Communication Camp 2011
Abstract: Milkymist develops a comprehensive solution for the live synthesis of interactive visual effects. It features one of the first open source system-on-chip designs. This talk gives a roundup of what has happened during the last 1.5 year in this project. The Milkymist project is an informal organization of people and companies who develop, manufacture and sell a comprehensive open source hardware and software solution for the live synthesis of interactive visual effects for VJs. The project goes great lengths to apply the open source principles at every level possible, and is best known for the Milkymist system-on-chip (SoC) which is among the first commercialized system-on-chip designs with free HDL source code. As a result, several Milkymist components have been reused in applications unrelated to video synthesis. For example, NASA's Communication Navigation and Networking Reconfigurable Testbed (CoNNeCT) experiment uses the memory controller that was originally developed for the Milkymist system-on-chip and published under the GNU GPL. A lot has happened since the introduction to the project at the 26C3. We have designed and are now producing and selling our own hardware called Milkymist One. The system-on-chip design has reached a very usable state, with improved graphics acceleration capabilities, support for all the interfaces on the Milkymist One (e.g. video digitizer, USB, Ethernet, MIDI, DMX, ...) and a GDB-compatible in-system debugger. On the software side, we have ported the RTEMS real time operating system and up-leveled the Linux port. We also have developed our own end-user video synthesis application which runs on RTEMS and uses the MTK embedded GUI toolkit (based on Genode FX). Several third-party applications and many libraries were successfully run on the Milkymist SoC, such as the MuPDF document viewer and the Lua and Ruby programming languagues. The SoC software can also be run and debugged in the latest versions of the QEMU emulator. This talk presents all this, and more. Demonstrations included.

Tags:  synthesis milkymist source chip authors ruby lua chaos-communication-camp open-source-system video-digitizer  

Authors: Marc Juul
Tags: science
Event: Chaos Communication Camp 2011
Abstract: Genetic modification is getting cheaper and biohackers are making it more accessible. This talk outlines the state of DIYbio and institutional synthetic biology; current challenges in biological programming and why you should be hacking biology. The technology to program biological self-replicating machines is here now. Synthetic biologists are reverse-engineering living cells and building bio-compilers that will facilitate abstract design of complex genetic programs. This talk will show how such a genetic program can be written using freely available parts and design tools. How the DNA can be synthesized, assembled, inserted into a cell culture and the result debugged. The tools to accomplish this exist in two spaces: The wetlab (biological) and the drylab (software). Wetlab access continues to be a limiting factor in participation by the wider community of citizen scientists, hackers and makers. Access restrictions both technological and legal are not foreign to hackers, and biohackers are currently facing obstacles such as GMO laws, expensive lab equipment and restricted access to materials, yet DIYbio groups around the world are building labs, acquiring expertise and making this technology available to everyone. This talk gives an overview of the gap in capabilities between professional labs and DIYbio labs, how it can be overcome, and the unique challenges of biosafety, ethics and intellectual property in biology.

Tags:  talk biology access marc-juul diybio chaos-communication-camp citizen-scientists professional-labs  

Authors: Jens Ohlig
Tags: hacking
Event: Chaos Communication Camp 2011
Abstract: Several newly formed hacker groups were in the press, like Anonymous and lulzsec. We will analyze and discuss how these fit into the world, and how the different groups (politics, press, media, hackers) react to this new movement. Set sail for fail! There are more and more interesting groups active in the internet, apart from the usual lolpicz and pictures of kittens. There was wikileaks which had a big impact to mainstream media, similar to the BTX and the KGB hack from the CCC in the last century. The politicians now discuss about wikileaks and declare cyberwar and want to privatize the internet ("the main problem of the internet is the open content"). Additionally there are new groups, anonymous and lulzsec, which discovered a major problem in wikileaks, that there is a single face connected to it. They get over it and act anonymously without a clear political agenda (simply because every new activity attracts a different set of people). "Anonymous" also eases participation of non-hackers in some activities, like DDoS VISA/paypal etc). While some hacker groups join the establishment and react, others finally wake up from their powerlessness and act, in a sensefull or senseless way. We will compare different approaches and look into history and achievements of non-parliamentary groups. We want to provide useful discourse and provoke a fruitful discussion.

Tags:  chaos-communication-camp pictures-of-kittens hacker-ethics  

Authors: Jayson E. Street
Tags: security
Event: Chaos Communication Camp 2011
Abstract: This is not a presentation where I talk about how I would get in or the things I might be able to do. This is a talk where I am already in and I show you pictures from actual engagements that I have been on. They say one picture is worth a thousand words I show you how one picture cost a company a million dollars and maybe even a few lives. In a community where we focus so much on the offensive I also make sure with every attack I highlight. I spend time discussing what would have stopped me. We need to know the problems but we need more talks providing solutions and that is what I hope people will get from this. I show the dangers of Social engineering and how even an employee with no SE experience can be an eBay James Bond which can cause total financial ruin to a company. These Security threats are real. So are these stories! I talk about how there is only 1 fact that should concern a business I am GETTING IN! No need to discuss defense we are way past that! I discuss the 2 rules I operate under "I aim to misbehave" & "Let's go be bad guys" notice nothing about audits or PCI, HIPPA or Gramm–Leach–Bliley Act I just want to do as much evil as I can get away with and what causes you the most harm I could care less if you are 'compliant' on anything. Those 2 rules gives me these 3 outcomes which I discuss in depth. Steal everything I show with actual pictures how I could steal purses, backpacks, cell phones, cars, laptops, etc? I also provide a real world story from the news showing it is not theory but known practice of thieves. Kill everybody I show pictures of mechanical rooms that I was able to get in. Pictures of the fire suppression and alarm systems I could have turned off even a video of me walking into the back of a hotel going to their hazardous chemical closet that was unlocked and then walking unchallenged through the kitchen where I could have used those chemicals to poison all the food and also start a fire with them. I also provide a real world story from the news showing it is not theory but known practice of killers and terrorist. Cause total financial ruin I will show offices of VPs and CEOs that I had access to and where I would have been able to steal company secrets and actual formulas that are the livelihood of the companies I breached. I also provide a real world story from the news showing it is not theory but known practice of corporations. Countermeasures With every outcome I provide the ways I could have been stopped and things that should have been in place that would have prevented me from carrying out any of these attacks. Some of the defenses are the same for everyone though once again defense in depth is what could have saved the day.

Tags:  chaos-communication-camp gramm-leach financial-ruin  

Tags: science
Event: Chaos Communication Camp 2011
Abstract: The motion of objects through space can be observed in everyday life and the analysis of their dynamics leads to a fundamental notion of theoretical mechanics, the rigid body. Inertial navigation is based on continuous measurement of acceleration and angular velocities and the inversion of the rigid body's equations of motion. Additionally, the modeling of noise and error propagation is essential to correctly estimate position and attitude.

Tags:  chaos-communication-camp angular-velocities theoretical-mechanics  

Authors: Frantisek Apfelbeck
Tags: science
Event: Chaos Communication Camp 2011
Abstract: The regular consumption of life foods was very important for healthy life style thousands years ago and the same applies for today. The use of today's scientific knowledge in combination with current technology will allow us to optimise these techniques. Cultural heritages of human societies around the world include sets of traditional techniques for life-culture foods and beverages preparations the consumption of which was part of everyday life. Documentation and analysis of these techniques can result in deeper understanding of the relationships of the local communities and their environments that has allowed them to live in these locations for many generations. This project discovers and distinguishes key functional elements of these relationships to promote them. This can result in more efficient and environmentally friendly food and beverage culturing approaches combining traditional wisdom with today's scientific understanding and technology, activity described as food and beverage hacking. Open source practices will facilitate promotion of these newly developed approaches and techniques in various communities around the world, improving their sustainability and decreasing their impact on the environment.

Tags:  life today consumption chaos-communication-camp healthy-life-style foods-and-beverages  

Tags: social
Event: Chaos Communication Camp 2011
Abstract: Mitch Altman has taught well over 10,000 people to solder and make cool things at workshops around the world. Drawing from his experiences, this lecture will show you how to create and give your own successful workshops about what you know. We all know something that others can benefit from, that others want to learn. A workshop is a gratifying way to share what you know with others. One of the reasons for the increasing popularity of Maker Faires, hacker conferences, and hackerspaces is that they all provide workshops. Workshops are not only fun, but they work. They incorporate learning-by-doing, a very effective method of teaching, learning, and sharing knowledge and skills. They also make use of the community that forms during the workshop, where all participants become available to help one another. Creation within community is a very compelling combination that we can all make use of and enjoy. This is what a successful workshop is all about. In this lecture Mitch Altman will share what he has learned from his experience giving workshops around the world for the last few years. Although he teaches people how to solder and to make cool things with microcontrollers, what Mitch has learned about giving workshops is applicable to giving a workshop on just about any topic. Topics included: Choosing an objective that can be accomplished in the allotted time, including setup and cleanup. Choosing a topic that is appropriate for a workshop format, where all participants can create something. Making the workshop an enjoyable process for all. Building confidence and enthusiasm that will be shared with others during and after the workshop. Making your workshop appear effortless and easy to the participants. Preparation needed before planning the workshop. Taking your workshop on the road.

Tags:  solder workshop workshops mitch-altman mitch chaos-communication-camp hacker-conferences  

Authors: Walter van Holst
Tags: law privacy data retention
Event: Chaos Communication Camp 2011
Abstract: Right now the European Union is in a bit of a lawmaking frenzy on areas that are relevant to the internet in general. This Commission has several ambitious undertakings going on with regard to: enforcement of so-called intellectual property rights data protection data retention directive Passenger Name Records (PNR) Furthermore, several recent efforts are wrapping up and are moving to the national level, such as ACTA and webfilters against child pornography. During this lecture Katarzyna Szymielewicz (Panoptykon Foundation Poland) and Walter van Holst (European Digital Rights) will explain the main topics in Brussels, what you can do to get involved to defend your freedoms.

Tags:  chaos-communication-camp van-holst ambitious-undertakings  

Authors: Jérémie Zimmermann
Tags: privacy
Event: Chaos Communication Camp 2011
Abstract: overnments and corporations craft powerful memes to justify their repressive policies, it is time for us to provide with solid countermeasures. Will we get "cyberwar", censorship, and repression of sharing, or impose that Internet remains the instrument of (cyber)Peace, (data)Love and (hackers)Unity? The turn of 2010/2011 has been decisive for the ecology of the Internet, as well as for its perception in the eye of the general public. From Cablegate to the "Arab spring", it is now clear for everyone that Internet is the tool for freedom of expression and democratic participation. At the same time, the violent attacks against Wikileaks, repression in the Arab countries, as well as the finalization of the ACTA agreement or the notion of a "civilized Internet" pushed by Nicolas Sarkozy clutter in our skies like a dense, dark storm. Between the "eG8" and the G20, governments talk of cooperation and exceptional measures... In the name of an upcoming "cyberwar", control over the network they might obtain could become the perfect tool to restrict our freedoms. What is this "cyberwar" about anyway? Isn't it just a state of permanent war, like in Orwell's "1984", justifying the unjustifiable, beyond the rule of law? As these political and commercial attacks against a free, open, universal therefore neutral Internet intensify, citizens get more and more trained to react against legislative attacks, by coordinated advocacy. But when powerful memes are crafted in order to justify restrictions on our freedoms, how can we react? As diverse hacker communities loving the Internet and the flow of data, we must address mass manipulation and anti-democratic influence designed at imposing restriction of our freedoms.

Tags:  chaos-communication-camp hacker-communities mass-manipulation  

Authors: Walter van Holst
Tags: law privacy data retention
Event: Chaos Communication Camp 2011
Abstract: Right now the European Union is in a bit of a lawmaking frenzy on areas that are relevant to the internet in general. This Commission has several ambitious undertakings going on with regard to: enforcement of so-called intellectual property rights data protection data retention directive Passenger Name Records (PNR) Furthermore, several recent efforts are wrapping up and are moving to the national level, such as ACTA and webfilters against child pornography. During this lecture Katarzyna Szymielewicz (Panoptykon Foundation Poland) and Walter van Holst (European Digital Rights) will explain the main topics in Brussels, what you can do to get involved to defend your freedoms.

Tags:  authors european retention katarzyna-szymielewicz walter-van-holst brussels chaos-communication-camp van-holst ambitious-undertakings  

Authors: Karsten Nohl Luca Melette
Tags: GSM
Event: Chaos Communication Camp 2011
Abstract: GPRS data networks provide the backbone for our mobile society. Just like their siblings, GSM networks, the GPRS infrastructure is often lacking an appropriate level of protection. This talk introduces the concepts behind GPRS transmissions and illustrates how GPRS data can be sniffed. We will release tools to be used at the camp.

Tags:  chaos-communication-camp mobile-society gsm-networks  

Authors: Karsten Nohl Luca Melette
Tags: GSM
Event: Chaos Communication Camp 2011
Abstract: GPRS data networks provide the backbone for our mobile society. Just like their siblings, GSM networks, the GPRS infrastructure is often lacking an appropriate level of protection. This talk introduces the concepts behind GPRS transmissions and illustrates how GPRS data can be sniffed. We will release tools to be used at the camp.

Tags:  chaos-communication-camp mobile-society gsm-networks  

Authors: Stefan Zehl
Tags: embedded microcontroller
Event: Chaos Communication Camp 2011
Abstract: The r0ket is the badge for the Chaos Communication Camp 2011. Besides being a shiny electronic name tag, the r0ket is an easy to use full featured microcontroller development board. We want to encourage you to tinker with your badge. Write your own software or build a pluggable hardware m0dul. Surprise the camp audience with your creative ideas!

Tags:  ket microcontroller camp stefan-zehl chaos-communication-camp microcontroller-development  

Authors: Greg Newby
Tags: management
Event: Chaos Communication Camp 2011
Abstract: What motivates people to create and freely distribute their works? This presentation will draw on personal experience, research literature, and existing communities of those who build and give away. Open source software, hardware, community building. The presenter will draw upon over 20 years experience with Project Gutenberg, as well as numerous other activities in which the focus is on building (things, software, communities, infrastructure) and giving them away (free and open source software, free literature, and physical artifacts). What motivates individuals to spend thousands of hours -- often in detriment to time spent with family, work, or other endeavors -- on activity which is primarily devoted to the well being of other people? Often, other people who are not personally known. Is there overlap in motivations for online communities versus volunteerism at the local level? Can such behaviors be learned? What motivates people to create and freely distribute their works? This presentation will draw on personal experience, research literature, and existing communities of those who build and give away. Open source software, hardware, community building. Characterizations of different types of motivations, levels and types of involvement, and outcomes will be made. Anomalies will be identified between individual values and targeted community outcomes, along with their sometimes disastrous impact on community identity-building or planning. Different leadership styles, and their impacts on emerging communities of contributors, will be compared. The presentation will draw some conclusions about how it might be possible to foster altruism in such communities, and to encourage increased interests in their outcomes. The audience will be asked to contribute their own experiences, especially advice about what works and what doesn't work to foster new member involvement. What are impediments to personal time investment, to sharing common goals, and to taking leadership roles? What lifecycles, governance structures, and other characteristics of successful projects (both large and small scale) can we learn from? We have seen hugely beneficial projects of all types where communities sprung up to support the building of things, software and ideas; we also have many examples of projects which did not seem to achieve their goals. How might future builders learn from these past experiences?

Tags:  Community building Software greg-newby chaos-communication-camp different-leadership-styles physical-artifacts  

Authors: Stefan Zehl
Tags: embedded microcontroller
Event: Chaos Communication Camp 2011
Abstract: The r0ket is the badge for the Chaos Communication Camp 2011. Besides being a shiny electronic name tag, the r0ket is an easy to use full featured microcontroller development board. We want to encourage you to tinker with your badge. Write your own software or build a pluggable hardware m0dul. Surprise the camp audience with your creative ideas!

Tags:  ket microcontroller camp stefan-zehl chaos-communication-camp microcontroller-development  

Authors: Greg Newby
Tags: management
Event: Chaos Communication Camp 2011
Abstract: What motivates people to create and freely distribute their works? This presentation will draw on personal experience, research literature, and existing communities of those who build and give away. Open source software, hardware, community building. The presenter will draw upon over 20 years experience with Project Gutenberg, as well as numerous other activities in which the focus is on building (things, software, communities, infrastructure) and giving them away (free and open source software, free literature, and physical artifacts). What motivates individuals to spend thousands of hours -- often in detriment to time spent with family, work, or other endeavors -- on activity which is primarily devoted to the well being of other people? Often, other people who are not personally known. Is there overlap in motivations for online communities versus volunteerism at the local level? Can such behaviors be learned? What motivates people to create and freely distribute their works? This presentation will draw on personal experience, research literature, and existing communities of those who build and give away. Open source software, hardware, community building. Characterizations of different types of motivations, levels and types of involvement, and outcomes will be made. Anomalies will be identified between individual values and targeted community outcomes, along with their sometimes disastrous impact on community identity-building or planning. Different leadership styles, and their impacts on emerging communities of contributors, will be compared. The presentation will draw some conclusions about how it might be possible to foster altruism in such communities, and to encourage increased interests in their outcomes. The audience will be asked to contribute their own experiences, especially advice about what works and what doesn't work to foster new member involvement. What are impediments to personal time investment, to sharing common goals, and to taking leadership roles? What lifecycles, governance structures, and other characteristics of successful projects (both large and small scale) can we learn from? We have seen hugely beneficial projects of all types where communities sprung up to support the building of things, software and ideas; we also have many examples of projects which did not seem to achieve their goals. How might future builders learn from these past experiences?

Tags:  Community building Software greg-newby chaos-communication-camp different-leadership-styles physical-artifacts  

Tags: smart card phone
Event: Chaos Communication Camp 2011
Abstract: This talk sheds some light on a cellphone-component, that's inevitable, virtually unclonable and as closed as it gets: the SIM. The SIM can do a lot more than just user-authentication nowadays: the SIM Application Toolkit gives it control over your phone Recently, location tracking in major smartphones caused quite a stir. Closed systems make discovering such unwanted behavior more difficult. While projects like osmocomBB aim at creating an open cellphone architecture, the SIM seems to be mostly inconsiderable and harmless. It's little known, that the SIM Application Toolkit (SAT) gives the SIM extensive control over the phone. Via the SAT, the SIM can obtain location information, monitor and redirect calls and send/receive short messages, as well as IP packets. The SIM-firmware can be updated over-the-air. Most of these features can even be used without the user noticing. Along with the mentioned SAT, this talk will illuminate the classic GSM SIM, as well as the 3G USIM altogether. After a quick introduction to smartcards in general, communication with the SIM will be explained in more detail. The most important SIM commands and files will be explained and how one can monitor communication with a SIM and inject arbitrary data into the session.

Tags:  communication sat phone sim g-usim sim-application sim-application-toolkit chaos-communication-camp 3g-usim  

Tags: smart card phone
Event: Chaos Communication Camp 2011
Abstract: This talk sheds some light on a cellphone-component, that's inevitable, virtually unclonable and as closed as it gets: the SIM. The SIM can do a lot more than just user-authentication nowadays: the SIM Application Toolkit gives it control over your phone Recently, location tracking in major smartphones caused quite a stir. Closed systems make discovering such unwanted behavior more difficult. While projects like osmocomBB aim at creating an open cellphone architecture, the SIM seems to be mostly inconsiderable and harmless. It's little known, that the SIM Application Toolkit (SAT) gives the SIM extensive control over the phone. Via the SAT, the SIM can obtain location information, monitor and redirect calls and send/receive short messages, as well as IP packets. The SIM-firmware can be updated over-the-air. Most of these features can even be used without the user noticing. Along with the mentioned SAT, this talk will illuminate the classic GSM SIM, as well as the 3G USIM altogether. After a quick introduction to smartcards in general, communication with the SIM will be explained in more detail. The most important SIM commands and files will be explained and how one can monitor communication with a SIM and inject arbitrary data into the session.

Tags:  communication sat phone sim g-usim sim-application sim-application-toolkit chaos-communication-camp 3g-usim  

Authors: James Carlson
Tags: science space
Event: Chaos Communication Camp 2011
Abstract: Our mission is to provide financial and organizational support to open communities in shared physical spaces who use innovative methods and technology in hands-on education. We'll speak to the global community about the progress in America. Hacker and maker spaces are where people go to teach and learn their passions. Even as each space typically shares a common set of values – transparency, hands-on, collaboration – they are all tremendously different in terms of structure, funding sources, and sustainability. While a huge movement to create new hacker and maker spaces has been catalyzed in the United States, in part because of the Hackerspace Design Patterns release from the 2007 CCCamp, the sustainability of these spaces and the movement they represent is far from certain. The School Factory, a non-profit organization that formed an early American hackerspace/makerspace called Bucketworks in 2002, has been extrapolating the models and values of these spaces into programming that helps communities understand and take advantage of potential in the maker and hacker movements. Banding together, four established spaces have launched the Space Federation, which provides a sharing of best practices and fiscal infrastructure amongst each other and to interested communities. By linking our resources we are able to help other facilitators launch and sustain their own spaces. Resources take the form of fiscal sponsorship, a governance and taxation support model for donations that gives these spaces non-profit status without the overhead and delays of supporting their own legal status. Guidelines and programming that help spaces build healthy community by connecting their members on a personal level are also a focus. This is not a franchising of spaces but a celebration of individuation while ensuring the administrivia which often kills spaces is taken care of efficiently and effectively. We are a segue from the current culture into a new world of self-empowerment, involved communities, and free sharing of knowledge. But these ideals must exist in the current paradigm until they become the norm. In short, we still have to figure out how to pay rent. In the meantime, American schools and libraries are failing. Conservative government officials are eliminating teachers and setting standards which the current educational system cannot meet. Schools are decreasingly preparing students for work within a global economy, and struggle to stay apace with the technological and social advances brought about by the dedicated volunteer work of the open source community. Similarly, public libraries in America struggle to retain relevance when books are available online, and rules require silence. The community-building purpose of a library, and the free access to knowledge it represents, is an idea at risk in a modern political culture of conservatism. Low income and smaller communities will pay the price of lost innovation and learning for their citizens. Globally, countries wildly differ in terms of their legal structures and cultural support for hackerspaces and makerspaces. Education systems are equally variable, in some nations still biased towards certain genders, age groups, and skill domains. We believe that hackerspaces and their relatives are primordial seeds in a new system of global learning and education that spans generations, interests, and political fashions. These communities represent a low-cost, highly effective alternative to overly burdensome systems of public learning and the public distribution of knowledge and potential. It may take many generations for these environments to have a lasting impact on civilization. If we start good conversations with governments, communities, and businesses today - along with amongst ourselves - we can ensure that every possible value these spaces can contribute to global society is developed for the longer term. Challenges Faced by the Hackerspace and Makerspace Movement Clique-ish social communities Financial challenges Difficult to insure Unsympathetic landlords Challenging infrastructure requirements Not well understood by general public Dis-integrative structures Zoning and classification “but they’ll see the big board” - the perceived threat of transparency Inconsistent cultural norms Informal environments create barriers to entry Questions we would like to discuss with the CCC community: How does the hackerspace/makerspace movement look globally? In America? What has changed since 2007? Since 2002? What spaces are in the Space Federation? What are their experiences? What is the Space Federation? What is the School Factory? What is the Space Kit? How is it related to the Hackerspace Design Patterns presentation? What do we have in the Space Kit so far? - we have the steps but need a way to take people through it. It includes more of things like how to assess a neighborhood and local government, less of what tools you should have. What does it still need? Why is this important? (not just in USA but globally) What does having global concept of spaces like these mean for future humanity? What has been working? What hasn’t been working? What do we need help with? Conclusion: We would like to engage the CCC community in an open discussion on these questions, and facilitate a separate co-working session to further develop tools and models that will extend the potential of the hackerspace and makerspace movement across the globe. There will be LEGOs.

Tags:  space hackerspace federation james-carlson america united-states chaos-communication-camp fiscal-sponsorship space-federation  

Authors: Frank Rieger Rop Gonggrijp
Tags: network
Event: Chaos Communication Camp 2011
Abstract: We'll need to come to grips with the challenges that declining oil production and increasing temperatures present. This talk explores positive future scenarios for the world of networking and communications past the great global energy free-for-all. "Business-as-usual" and "surely-they'll-think-of-something" scenarios are increasingly for dreamers. The time of perpetual growth is over and the cracks are beginning to show everywhere. But let's get past doom and gloom: there's a growing movement that acts to prepare themselves and their communities for "energy descent": cold turkey while kicking the oil habit. Too many are stuck thinking the future is either going to be apocalyptic or very much like today. (Both futures conveniently have in common that you don't have to do all that much.) In so-called Transition Towns, groups of inhabitants are working together to rethink the future of agriculture and land-use to effectively re-localize food, goods and services. All over the place, people are thinking, acting and (importantly) having a good time doing so. This talk will explore a number of future scenarios and try to assess the impact on the world of computers, networking and telecommunications. Most people in this transition movement are inspired (but not blinded) by technologies and methods from a time past. Modern communications technology has no set pre-industrial state to fall back on. But it would still be very nice if any future still featured a phone to call the fire brigade, not to mention as much of this internet thing as we can carry. So which technologies are resilient and which are brittle? What can we keep and what do we leave behind as energy consumption of everything becomes a design criterium, business models change, whole economies collapse and some central structures crumble? How do we best prepare for a variety of possible futures? And can we maybe have (even) more meaningful and fulfilling lives in the present by doing so? Needless to say our community has a defining role to play in figuring out the answers to these and other big questions in this field.

Tags:  energy transition time frank-rieger chaos-communication-camp modern-communications-technology doom-and-gloom  

Authors: Marius Ciepluch
Tags: radio
Event: Chaos Communication Camp 2011
Abstract: Software Defined Radio defines a new approach to analyze signals with software. With the flexibility of software SDR literally opened a new spectrum of hacking. However the internals of Digital Signal Processing, especially from the perspective of informatics and computer science, are hard to explore. The lecture delivers a case-study on how to analyze 802.15.4 (alias Zigbee, as an easy protocol) with USRPs (modular popular hardware for SDR) on a real-time protocol (for send time verification, sniffing etc.). Furthermore internals on DSP will be explained - as simple as possible. The intent is to also give a non-academic start point and to seed motivation to explore more advanced projects (like osmocom*). So practically the lecture explains what a Software Spectrum Analyzer or a Software Oscilloscope does: from a Hacker's perspective. It gives insight into a USRP(2) internals and goes into programming C++ and Python with GNU Radio. All demo-analysis will remain within the ISM band. - No GSM/Tetra will be captured. It's about the SDR technology and its use-cases - for a clear and constructive adaption by the Hacker's community to assist interesting making projects (of home-automation devices using 802.15.4 e.g.). In many media articles - especially from last Chaos Congress - a misunderstanding can arise to reduce SDR to (GSM) attack scenarios while this is not the only/general use-case. The lecture however clearly aims to assist any intended understanding how the osmocom* implementations work - for example.

Tags:  radio sdr Software marius-ciepluch chaos-communication-camp home-automation-devices chaos-congress  

Authors: Marius Ciepluch
Tags: radio
Event: Chaos Communication Camp 2011
Abstract: Software Defined Radio defines a new approach to analyze signals with software. With the flexibility of software SDR literally opened a new spectrum of hacking. However the internals of Digital Signal Processing, especially from the perspective of informatics and computer science, are hard to explore. The lecture delivers a case-study on how to analyze 802.15.4 (alias Zigbee, as an easy protocol) with USRPs (modular popular hardware for SDR) on a real-time protocol (for send time verification, sniffing etc.). Furthermore internals on DSP will be explained - as simple as possible. The intent is to also give a non-academic start point and to seed motivation to explore more advanced projects (like osmocom*). So practically the lecture explains what a Software Spectrum Analyzer or a Software Oscilloscope does: from a Hacker's perspective. It gives insight into a USRP(2) internals and goes into programming C++ and Python with GNU Radio. All demo-analysis will remain within the ISM band. - No GSM/Tetra will be captured. It's about the SDR technology and its use-cases - for a clear and constructive adaption by the Hacker's community to assist interesting making projects (of home-automation devices using 802.15.4 e.g.). In many media articles - especially from last Chaos Congress - a misunderstanding can arise to reduce SDR to (GSM) attack scenarios while this is not the only/general use-case. The lecture however clearly aims to assist any intended understanding how the osmocom* implementations work - for example.

Tags:  chaos-communication-camp home-automation-devices chaos-congress  

Tags: phone
Event: Chaos Communication Camp 2011
Abstract: The most ubiquitous device on the planet is arguably the mobile phone. Tragically, it is also a device built under some of the worst living and working conditions in the world. This is the story of a mission - To build the world's first ethical phone. The most ubiquitous device on the planet is arguably the mobile phone. We use them, we need them, we get new ones every few years. Our old phones are either in a drawer, a landfill, or in the hands of those people in places like China and Brazil where old electronics are broken down or repurposed. Meanwhile in many parts of one of the most troubled nations in the world, the minerals that make are new phones are being mined under some very questionable circumstances. From some of the worst labor conditions in the world comes the cobalt and other essential minerals that will one day be your iphone. -- Is this how it simply has to be? -- A group in the Netherlands has embarked on an ambitious, risky, and little known quest - To build the world's first ethical phone. Are where did they start? In the Congo of course...

Tags:  world device phone china the-netherlands congo brazil chaos-communication-camp gadget-world essential-minerals  

Authors: Irmi Meister
Tags: satellite
Event: Chaos Communication Camp 2011
Abstract: In this lecture, I'll cover some satellite communication basics like pros and cons of different orbits, the characteristics of a satellite communications link and the difficulties regarding noise and attenuation when handling high frequency satellite communication systems. After a brief introduction to the history and development of satellites in general, we'll talk about different orbits and their characteristics regarding space conditions. After that, we'll have a look at a typical satellite communications link including channel characteristics, communications equipment and frequency considerations, before moving on to access techniques. If there's still time, there might be a short part about satellite navigation, too. And yes, to meet our need for pretty pictures, thematically related postage stamps (partly from a private collection) will be used to illustrate the topic.

Tags:  communication introduction satellite chaos-communication-camp satellite-communication-systems satellite-event  

Authors: Irmi Meister
Tags: satellite
Event: Chaos Communication Camp 2011
Abstract: In this lecture, I'll cover some satellite communication basics like pros and cons of different orbits, the characteristics of a satellite communications link and the difficulties regarding noise and attenuation when handling high frequency satellite communication systems. After a brief introduction to the history and development of satellites in general, we'll talk about different orbits and their characteristics regarding space conditions. After that, we'll have a look at a typical satellite communications link including channel characteristics, communications equipment and frequency considerations, before moving on to access techniques. If there's still time, there might be a short part about satellite navigation, too. And yes, to meet our need for pretty pictures, thematically related postage stamps (partly from a private collection) will be used to illustrate the topic.

Tags:  communication introduction satellite chaos-communication-camp satellite-communication-systems satellite-event  

Tags: privacy
Event: Chaos Communication Camp 2011
Abstract: This talk will introduce the next phase of the OpenLeaks project. We will present a more detailed insight into the project and take you on a tour around the different OL subprojects. We will also announce the activities we are planning for this years camp. This talk will introduce the next phase of the OpenLeaks project. Where last years congress was still too early, we would like to take the chance to present a more detailed insight into the project and its technicalities, and take you on a tour around the different subprojects OL is comprised of. We will also announce the activities we are planning for this years camp, including some workshops and a special surprise.

Tags:  chaos-communication-camp privacy-event technicalities  

Authors: Torbjörn Lofterud
Tags: credit card PCI DSS compliance
Event: Chaos Communication Camp 2011
Abstract: The PCI DSS standard require strong cryptography or secure hashing as ways to protect cardholder information. But one important factor is missing; detailed instructions for how to correctly apply cryptography to credit card numbers. The primary objective of the Payment Card Industry Data Protection Standard (PCI DSS) is to safeguard cardholder information such as the Primary Account Number (PAN) and the sensitive authentication data (CVV2, Track 1 and 2). Chapter 3.4 deals with the details regarding encryption and key management. > 3.4 Render PAN unreadable anywhere it is stored (including on portable digital media, > backup media, and in logs) by using any of the following approaches: > * One-way hashes based on strong cryptography > * Truncation > * Index tokens and pads > * Strong cryptography with associated key-management processes and procedures What constitutes strong cryptography is further detailed in the glossary and in the PCI SSC FAQ documents as well as in periodic communication to security assessors. But one important factor is missing from the communication; the modes of operation for the cryptographic primitives. The PCI DSS glossary specifically mentions AES, 3DES, RSA, ECC, Elgamal and SHA1 as “industry-tested and accepted standards and algorithms for encryption” but fails to address important issues such as RSA padding and cipher block chaining for 3DES and AES. The requirements are quite clear on the fact that encryption and hashing needs to be implemented properly, but gives little guidance to developers or assessors as to what strong cryptography actually means. There are at least three different scenarios where cardholder information appears to be protected in compliance with the standard but remains vulnerable if disclosed. This presentation describes attacks for common failure scenarios when encrypting credit card information.

Tags:  cryptography card information chaos-communication-camp failure-scenarios cryptographic-primitives  

Authors: Torbjörn Lofterud
Tags: credit card PCI DSS compliance
Event: Chaos Communication Camp 2011
Abstract: The PCI DSS standard require strong cryptography or secure hashing as ways to protect cardholder information. But one important factor is missing; detailed instructions for how to correctly apply cryptography to credit card numbers. The primary objective of the Payment Card Industry Data Protection Standard (PCI DSS) is to safeguard cardholder information such as the Primary Account Number (PAN) and the sensitive authentication data (CVV2, Track 1 and 2). Chapter 3.4 deals with the details regarding encryption and key management. > 3.4 Render PAN unreadable anywhere it is stored (including on portable digital media, > backup media, and in logs) by using any of the following approaches: > * One-way hashes based on strong cryptography > * Truncation > * Index tokens and pads > * Strong cryptography with associated key-management processes and procedures What constitutes strong cryptography is further detailed in the glossary and in the PCI SSC FAQ documents as well as in periodic communication to security assessors. But one important factor is missing from the communication; the modes of operation for the cryptographic primitives. The PCI DSS glossary specifically mentions AES, 3DES, RSA, ECC, Elgamal and SHA1 as “industry-tested and accepted standards and algorithms for encryption” but fails to address important issues such as RSA padding and cipher block chaining for 3DES and AES. The requirements are quite clear on the fact that encryption and hashing needs to be implemented properly, but gives little guidance to developers or assessors as to what strong cryptography actually means. There are at least three different scenarios where cardholder information appears to be protected in compliance with the standard but remains vulnerable if disclosed. This presentation describes attacks for common failure scenarios when encrypting credit card information.

Tags:  chaos-communication-camp failure-scenarios cryptographic-primitives  

Authors: Torbjörn Lofterud
Tags: credit card PCI DSS compliance
Event: Chaos Communication Camp 2011
Abstract: The PCI DSS standard require strong cryptography or secure hashing as ways to protect cardholder information. But one important factor is missing; detailed instructions for how to correctly apply cryptography to credit card numbers. The primary objective of the Payment Card Industry Data Protection Standard (PCI DSS) is to safeguard cardholder information such as the Primary Account Number (PAN) and the sensitive authentication data (CVV2, Track 1 and 2). Chapter 3.4 deals with the details regarding encryption and key management. > 3.4 Render PAN unreadable anywhere it is stored (including on portable digital media, > backup media, and in logs) by using any of the following approaches: > * One-way hashes based on strong cryptography > * Truncation > * Index tokens and pads > * Strong cryptography with associated key-management processes and procedures What constitutes strong cryptography is further detailed in the glossary and in the PCI SSC FAQ documents as well as in periodic communication to security assessors. But one important factor is missing from the communication; the modes of operation for the cryptographic primitives. The PCI DSS glossary specifically mentions AES, 3DES, RSA, ECC, Elgamal and SHA1 as “industry-tested and accepted standards and algorithms for encryption” but fails to address important issues such as RSA padding and cipher block chaining for 3DES and AES. The requirements are quite clear on the fact that encryption and hashing needs to be implemented properly, but gives little guidance to developers or assessors as to what strong cryptography actually means. There are at least three different scenarios where cardholder information appears to be protected in compliance with the standard but remains vulnerable if disclosed. This presentation describes attacks for common failure scenarios when encrypting credit card information.

Tags:  cryptography card information chaos-communication-camp failure-scenarios cryptographic-primitives  

Tags: science
Event: Chaos Communication Camp 2011
Abstract: We will discuss the basic principles of thermochemical engines and their application for rocket propulsion. The three main types of chemical rocket engines, i.e. solid, liquid, and hybrid, will be presented and compared. The main subsystem of every space flight system is the propulsion system also called the rocket engine. The present paradigm is the thermochemical engine that produces thrust by expanding hot gas produced by an exothermic reaction through a nozzle. Present rocket engine designs can be categorized in three classes dependent on the state of the propellant(s), i.e. solid, liquid or hybrid. We will sketch the underlying physical processes present in all engine designs necessary to get a basic understanding of the different approaches and compare their specific advantages and drawbacks.

Tags:  engine rocket propulsion chaos-communication-camp rocket-propulsion propulsion-system