2.0 -//Pentabarf//Schedule 1.4.2.3//EN 25C3 Schedule Release 1.4.2.3 25C3 Schedule PUBLISH 2807@25C3@pentabarf.org 2807 erich_muehsam Erich Mühsams Tagebücher in der Festungshaft Ein Idylle aus der Analogsteinzeit der Überwachung German de 20081227T183000 20081227T193000 01H00M00S

Erich Mühsams Tagebücher in der Festungshaft- Ein Idylle aus der Analogsteinzeit der Überwachung

Während seiner Festungshaft (1920-1924) wurden dem Dichter und Anarchisten Erich Mühsam mehrfach die Tagebücher konfisziert, ausgewertet und (teils öffentlich) gegen ihn verwendet. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2807.en.html Saal 3 Johannes Ullmaier PUBLISH 2997@25C3@pentabarf.org 2997 locating_almost_any_mobile_phone_using_ss7 Locating Mobile Phones using SS7 English en 20081227T214500 20081227T224500 01H00M00S

Locating Mobile Phones using SS7

You are used to your mobile phone number following you around the globe. But the same functionality that makes you reachable worldwide can also be used to track your whereabouts down to city-level – without you ever knowing about it. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2997.en.html Saal 2 Tobias Engel PUBLISH 2806@25C3@pentabarf.org 2806 building_hackerspaces Building an international movement: hackerspaces.org What we did so far. What will happen in the future. English en 20081227T160000 20081227T170000 01H00M00S

Building an international movement: hackerspaces.org- What we did so far. What will happen in the future.

We live in interesting times to build hacker spaces: physical spaces where hackers make things, inspired by European models, pop up everywhere. Whether you need inspiration to build your own hacker space or want an update on what happened in places like New York City, Washington D.C., San Francisco, or Vienna since last year: This international panel will provide you with insight. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2806.en.html Saal 1 Nick Farr Jens Ohlig Bre Jacob Appelbaum Enki Philippe Langlois PUBLISH 2970@25C3@pentabarf.org 2970 coreboot coreboot: Beyond The Final Frontier Open source BIOS replacement with a radical approach to boot. English en 20081227T230000 20081228T000000 01H00M00S

coreboot: Beyond The Final Frontier- Open source BIOS replacement with a radical approach to boot.

The BIOS and it's successor EFI are considered by many to be the final frontier for open source software in commodity PCs. This talk describes the BIOS replacement coreboot (formerly LinuxBIOS) and the projects surrounding it. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2970.en.html Saal 2 Peter Stuge PUBLISH 2922@25C3@pentabarf.org 2922 cold_boot_attacks Advanced memory forensics: The Cold Boot Attacks Recovering keys and other secrets after power off English en 20081227T214500 20081227T224500 01H00M00S

Advanced memory forensics: The Cold Boot Attacks- Recovering keys and other secrets after power off

Contrary to popular assumption, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at operating temperatures and even if removed from a motherboard. Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufficiently for malicious (or forensic) acquisition of usable full-system memory images. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2922.en.html Saal 1 Jacob Appelbaum PUBLISH 2906@25C3@pentabarf.org 2906 why_were_we_so_vulnerable_to_the_dns_vulnerability Why were we so vulnerable to the DNS vulnerability? English en 20081227T230000 20081228T000000 01H00M00S

Why were we so vulnerable to the DNS vulnerability?

SSL wasn't enough. Encryption is nonexistent. Autoupdaters are horribly broken. Why is all this the case? PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2906.en.html Saal 1 Dan Kaminsky PUBLISH 2988@25C3@pentabarf.org 2988 global_scale_incident_response_and_responders Just Estonia and Georgia? Global-scale Incident Response and Responders English en 20081227T171500 20081227T181500 01H00M00S

Just Estonia and Georgia?- Global-scale Incident Response and Responders

Estonia and Georgia are just two examples of where global scale cooperation is required for handling security incidents on the Internet. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2988.en.html Saal 3 Gadi Evron PUBLISH 3050@25C3@pentabarf.org 3050 kurt_goedel Kurt Gödel – I do not fit into this century Ein audiovisuelles Live-Feature German de 20081228T000000 20081228T010000 01H00M00S

Kurt Gödel – I do not fit into this century- Ein audiovisuelles Live-Feature

Manche bezeichnen ihn als größten Logiker seit Aristoteles: Der 1906 geborene Wiener Mathematiker Kurt Gödel rührte ab 1930 mit seinen Unvollständigkeitssätzen an den Grundfesten der Mathematik. Er wies nach, daß es in jedem formalen logischen System Fragen gibt, die unentscheidbar sind. Sein Arbeitsleben verbrachte der Wissenschaftler, der wie viele Kollegen aus Europa fliehen mußte, am berühmten Institute for Advanced Study in Princeton – dem Mekka der modernen Mathematik. Der introvertierte Mensch Kurt Gödel schwankte dabei Zeit seines Lebens zwischen Genie und Wahnsinn, hatte zahlreiche Neurosen und eine ausgeprägte Paranoia. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/3050.en.html Saal 1 Constanze Kurz Marcus Richter Ina Kwasniewski Kai Kittler PUBLISH 2896@25C3@pentabarf.org 2896 chip_reverse_engineering Chip Reverse Engineering English en 20081227T183000 20081227T193000 01H00M00S

Chip Reverse Engineering

Cryptographic algorithms are often kept secret in the false belief that this provides security. To find and analyze these algorithms, we reverse-engineering the silicon chips that implement them. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2896.en.html Saal 2 Karsten Nohl starbug PUBLISH 3028@25C3@pentabarf.org 3028 hackerparagraph_202c Der Hackerparagraph 202c StGB Bestandsaufnahme und Auswirkungen German de 20081227T140000 20081227T150000 01H00M00S

Der Hackerparagraph 202c StGB- Bestandsaufnahme und Auswirkungen

Es wird Zeit, dass wir mal über die Dinge sprechen, die wir seit dem Inkrafttreten des Hackerparagraphen nicht mehr machen können. Und die Dinge, bei denen wir uns nicht sicher sind, ob wir sie machen können, und daher lieber sein lassen. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/3028.en.html Saal 1 Felix von Leitner lexi Jan Münther Jürgen Schmidt PUBLISH 2839@25C3@pentabarf.org 2839 cracking_msp430_bl Cracking the MSP430 BSL Part Two English en 20081227T203000 20081227T213000 01H00M00S

Cracking the MSP430 BSL- Part Two

The Texas Instruments MSP430 low-power microcontroller is used in many medical, industrial, and consumer devices. When its JTAG fuse is blown, the device's firmware is kept private only a serial bootstrap loader (BSL), certain revisions of which are vulnerable to a side-channel timing analysis attack. This talk continues that from Black Hat USA by describing the speaker's adventures in creating a hardware device for exploiting this vulnerability. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2839.en.html Saal 3 Travis Goodspeed PUBLISH 2814@25C3@pentabarf.org 2814 datenpannen Datenpannen Forderungen nach dem Jahr der Datenverbrechen German de 20081227T113000 20081227T123000 01H00M00S

Datenpannen- Forderungen nach dem Jahr der Datenverbrechen

Wer nichts zu verbergen hat, hat nichts zu befürchten? Die zuständigen Mitarbeiter halten sich strikt an das Gesetz? Überwachung hat für die Betroffenen keine negativen Folgen? Im Jahr 2008 sind diese Irrtümer so häufig widerlegt worden wie noch nie: Datenskandale bei LIDL, Telekom und dutzenden anderen, per Internet zugängliche Meldedaten, Massenverkauf von Bank- und Telefondaten – eine Liste ohne Ende im Datenskandaljahr 2008. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2814.en.html Saal 1 Constanze Kurz Patrick Breyer PUBLISH 2923@25C3@pentabarf.org 2923 das_grundrecht_auf_digitale_intimsphaere Das Grundrecht auf digitale Intimsphäre Festplattenbeschlagnahme in neuem Licht German de 20081227T183000 20081227T193000 01H00M00S

Das Grundrecht auf digitale Intimsphäre- Festplattenbeschlagnahme in neuem Licht

Das Bundesverfassungsgericht hat uns anläßlich der Verfassungsbeschwerde gegen das nordrhein-westfälische Verfassungsschutzgesetz ein neues Grundrecht auf Gewährleistung der Vertraulichkeit und Integrität von informationstechnischen Systemen geschenkt. Damit wurden für den Einsatz des geplanten Bundestrojaners zwar genaue Regelungen getroffen, aber was ist eigentlich mit den tausenden Festplatten, die jedes Jahr in Deutschland beschlagnahmt werden? PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2923.en.html Saal 1 Ulf Buermeyer Constanze Kurz PUBLISH 2892@25C3@pentabarf.org 2892 cyborgs_and_gargoyles About Cyborgs and Gargoyles State of the Art in Wearable Computing English en 20081227T160000 20081227T170000 01H00M00S

About Cyborgs and Gargoyles- State of the Art in Wearable Computing

In this talk I present the current state of wearable computing, computing as common and useful as clothes, focusing on activity recognition (the inference of the users current actions) using on-body sensors (accelerometers, gyroscopes and other modalities), explaining possibilities, dealing with challenges and limitations and presenting some perils. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2892.en.html Saal 2 Kai Kunze PUBLISH 2976@25C3@pentabarf.org 2976 hacking_the_iphone Hacking the iPhone Pwning Apple's Mobile Internet Device English en 20081227T203000 20081227T213000 01H00M00S

Hacking the iPhone- Pwning Apple's Mobile Internet Device

Apple's iPhone has made a tremendous impact on the smartphone market and the public consciousness, but it has also highlighted their desire to carefully control the device with draconian restrictions. These restrictions prevent users from choosing to run third-party applications unauthorized by Apple and using the devices on carriers not approved by Apple. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2976.en.html Saal 1 pytey MuscleNerd planetbeing PUBLISH 2669@25C3@pentabarf.org 2669 greater_security_critical_behavior_in_europe Collapsing the European security architecture More security-critical behaviour in Europe! English en 20081227T214500 20081227T224500 01H00M00S

Collapsing the European security architecture- More security-critical behaviour in Europe!

At the latest since 9/11, the EU took severe changes in their home affairs policy. New agreements and institutions were created to facilitate police networking (Europol, Frontex, CEPOL, new databases and their shared access). The european "cross border crime fighting" has become an EU framework. Providing that this should help to win a "war on terrorism", lots of the changes follow the US model of "Homeland Security". Risks" should be minimized by taking more and more "proactive" measures and foresee possible "threats". PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2669.en.html Saal 3 Gipfelsoli PUBLISH 3030@25C3@pentabarf.org 3030 remote_keyless_entry_system Messing Around with Garage Doors Breaking Remote Keyless Entry Systems with Power Analysis English en 20081227T230000 20081228T000000 01H00M00S

Messing Around with Garage Doors- Breaking Remote Keyless Entry Systems with Power Analysis

We demonstrate a complete break of the KeeLoq crypto-system. Thanks to Power Analysis, even non-specialists can gain access to objects secured by a KeeLoq access control system. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/3030.en.html Saal 3 Timo Kasper Thomas Eisenbarth PUBLISH 3025@25C3@pentabarf.org 3025 keynote_nothing_to_hide Opening and Keynote "Nothing to hide" English en 20081227T100000 20081227T110000 01H00M00S

Opening and Keynote "Nothing to hide"

PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/3025.en.html Saal 1 John Gilmore Sandro Gaycken PUBLISH 2904@25C3@pentabarf.org 2904 solar_powering_your_geek_gear Solar-powering your Geek Gear Alternative and mobile power for all your little toys English en 20081227T140000 20081227T150000 01H00M00S

Solar-powering your Geek Gear- Alternative and mobile power for all your little toys

This talk will show you how to solar-power your laptop, PDA, cell phone, portable fridge or almost any other small device. Topics discussed include choosing the right solar panel, using (or not using) a voltage regulator, buffering the energy, some real applications as well as instructions on how to build a small and simple device to measure your power and energy savings. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2904.en.html Saal 2 script PUBLISH 2665@25C3@pentabarf.org 2665 the_trust_situation The Trust Situation Why the idea of data protection slowly turns out to be defective English en 20081227T124500 20081227T134500 01H00M00S

The Trust Situation- Why the idea of data protection slowly turns out to be defective

In many social situations, people start to adjust their behaviour due to surveillance. Inspired by more and more cases of breaches of data protection regulations, an erosion of trust into these regulations and those who forfeit them can be seen. The consequences of this are grim. Either we abolish surveillance technologies or the idea of "informational self-determination". PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2665.en.html Saal 1 Sandro Gaycken PUBLISH 2815@25C3@pentabarf.org 2815 beyong_asimov Beyond Asimov - Laws for Robots Developing rules for autonomous systems English en 20081227T203000 20081227T213000 01H00M00S

Beyond Asimov - Laws for Robots- Developing rules for autonomous systems

Robotic systems become more and more autonomous, and telepresence develops very rapidly. But what happens if things go wrong? Who is responsible for that autonomous cleaning car murdering tourists? How can you identify the owner of that spy-drone filming you naked at the pool? This talk outlines some ideas to trigger a debate on how to deal with these problems, without stifling innovation and fun. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2815.en.html Saal 2 Frank Rieger PUBLISH 2901@25C3@pentabarf.org 2901 faifa_oensource_plc_tool FAIFA: A first open source PLC tool PowerLineCommunications has now their open source tool English en 20081227T124500 20081227T134500 01H00M00S

FAIFA: A first open source PLC tool- PowerLineCommunications has now their open source tool

PLC (PowerLineCommunications) had been widely used currently for the in-home LANs and for Internet access over PowerLineCommunications based on the market standard called HomePlug. Electricity is a great medium to transport data over existing cables in-home and outdoor but gives the network an old-school flavor of the behaviour of the hub where all stations share the medium. In this lecture, we present the freshly released FAIFA open source software that can be used to audit the security of PLC networks and script some flawnesses of the PLC devices. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2901.en.html Saal 3 Florian Xavier Carcelle PUBLISH 2845@25C3@pentabarf.org 2845 hacking_and_fingerprinting_rfid RF fingerprinting of RFID English en 20081227T160000 20081227T170000 01H00M00S

RF fingerprinting of RFID

In the lecture portion of this workshop we will present an overview of existing and our own novel methods for hacking electronic passports and driver's licenses including novel radio frequency fingerprinting techniques. In the the hands-on section we will show participants entering with basic radio experience how to conduct experiments with RFID and reverse engineer proprietary protocols. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2845.en.html Saal 3 Boris Danev cryptocrat PUBLISH 2827@25C3@pentabarf.org 2827 u23_the_hackerspaces_junior_academy U23 The Hackerspace's Junior Academy German de 20081227T124500 20081227T134500 01H00M00S

U23- The Hackerspace's Junior Academy

Organize and operate a workshop for young people. Show them how your hackerspace works. Gain their attraction in having fun with hardware, electronics, microprocessors, software or hacking. Become known to new persons. Create networks of brains for new, cool projects. Let them experience the amazing power of teamwork! PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2827.en.html Saal 2 fd0 Lars Weiler PUBLISH 2991@25C3@pentabarf.org 2991 terrorist_all_stars Terrorist All-Stars Some cases of terrorism around the world that are not terrorist at all English en 20081227T171500 20081227T181500 01H00M00S

Terrorist All-Stars- Some cases of terrorism around the world that are not terrorist at all

After more than a year of mostly dealing with the terrorism investigation against my partner Andrej Holm, and the resulting total surveillance directed at him and our family, it has become more quiet lately for us. The investigation is *still* going on though. In the course of my new preoccupation 'terrorism' I keep hearing about similarly absurd cases of such investigations. All different, but all with analogies. All hard to bear for those who are subjected tot them. The talk will introduce some cases and search for patterns in cases against 'terrorists' who are clearly not terrorists. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2991.en.html Saal 1 Anne Roth PUBLISH 2953@25C3@pentabarf.org 2953 security_failures_in_smart_card_payment_systems Security Failures in Smart Card Payment Systems Tampering the Tamper-Proof English en 20081227T140000 20081227T150000 01H00M00S

Security Failures in Smart Card Payment Systems- Tampering the Tamper-Proof

PIN entry devices (PED) are used in the Chip & PIN (EMV) system to process customers' card details and PINs in stores world-wide. Because of the highly sensitive information they handle, PEDs are subject to an extensive security evaluation procedure. We have demonstrated that the tamper protection of two popular PEDs can be easily circumvented with a paperclip, some basic technical skills, and off-the-shelf electronics. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2953.en.html Saal 3 Steven J. Murdoch PUBLISH 2893@25C3@pentabarf.org 2893 attacking_rich_internet_applications Attacking Rich Internet Applications Not your mother's XSS bugs English en 20081228T140000 20081228T150000 01H00M00S

Attacking Rich Internet Applications- Not your mother's XSS bugs

This presentation will examine the largely underresearched topic of rich internet applications (RIAs) security in the hopes of illustrating how the complex interactions with their executing environment, and general bad security practices, can lead to exploitable applications. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2893.en.html Saal 1 kuza55 Stefano Di Paola PUBLISH 3020@25C3@pentabarf.org 3020 banking_malware_101 Banking Malware 101 Overview of Current Keylogger Threats English en 20081228T203000 20081228T213000 01H00M00S

Banking Malware 101- Overview of Current Keylogger Threats

In the recent years, we observed a growing sophistication how credentials are stolen from compromised machines: the attackers use sophisticated keyloggers to control the victim's machine and use different techniques to steal the actual credentials. In this talk, we present an overview of this threat and empirical measurement results. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/3020.en.html Saal 3 Thorsten Holz PUBLISH 2832@25C3@pentabarf.org 2832 exploiting_symbian Exploiting Symbian Symbian Exploit and Shellcode Development English en 20081228T140000 20081228T150000 01H00M00S

Exploiting Symbian- Symbian Exploit and Shellcode Development

SymbianOS is one of the major smart phone operating system and has been around for many years still exploitation has not been researched yet. The lack of proper exploitation techniques is mostly due to the fact that until the recent introduction of PIPS/OpenC (a POSIX API port) SymbianOS did not have the means for programmers to EASILY write insecure code. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2832.en.html Saal 3 Collin Mulliner PUBLISH 2863@25C3@pentabarf.org 2863 climate_change Climate Change - State of the Science English en 20081228T124500 20081228T134500 01H00M00S

Climate Change - State of the Science

We are in the midst of a major global warming, as witnessed not just by temperature measurements, but also for example by the record loss of Arctic sea ice in 2007 and 2008. This year, both the Northwest Passage and the Northeast Passage in the Arctic were open for ships to pass through for the first time in living memory. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2863.en.html Saal 2 Rahmstorf PUBLISH 3044@25C3@pentabarf.org 3044 all_your_base_are_belong_to_us All your base(s) are belong to us Dawn of the high-throughput DNA sequencing era English en 20081228T203000 20081228T213000 01H00M00S

All your base(s) are belong to us- Dawn of the high-throughput DNA sequencing era

New DNA genotyping and sequencing technologies have recently advanced the possibilities for both mass and individual genomics by several orders of magnitude. The personal genome on DVD, genetic analysis of entire populations, and government DNA databases are but a few of the results of this process. The field is still accelerating, and the related computational challenges are enormous. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/3044.en.html Saal 2 Magnus Manske PUBLISH 2799@25C3@pentabarf.org 2799 console_hacking_2008 Console Hacking 2008: Wii Fail Is implementation the enemy of design? English en 20081228T214500 20081228T224500 01H00M00S

Console Hacking 2008: Wii Fail- Is implementation the enemy of design?

The Nintendo Wii game console has been one of the most popular of all time, selling almost as many units as all of its competitors combined. Despite being cheaper than the PS3 and Xbox360, it contains a sophisticated security architecture that withstood over a year of concerted effort to hack the device. The design itself is impressive; unfortunately, flaws in the implementation (both subtle and severe) render the device easily hacked, with little chance of recovery. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2799.en.html Saal 2 bushing marcan PUBLISH 2992@25C3@pentabarf.org 2992 tricks_makes_you_smile Tricks: makes you smile A clever or ingenious device or expedient; adroit technique: the tricks of the trade. English en 20081228T214500 20081228T224500 01H00M00S

Tricks: makes you smile- A clever or ingenious device or expedient; adroit technique: the tricks of the trade.

A collection of engaging techniques, some unreleased and some perhaps forgotten, to make pentesting fun again. From layer 3 attacks that still work, to user interaction based exploits that aren't 'clickjacking', to local root privilege escalation without exploits and uncommon web application exploitation techniques. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2992.en.html Saal 3 Francesco `ascii` Ongaro PUBLISH 3008@25C3@pentabarf.org 3008 anatomy_of_smartphone_hardware Anatomy of smartphone hardware Dissecting contemporary cellphone hardware English en 20081228T171500 20081228T181500 01H00M00S

Anatomy of smartphone hardware- Dissecting contemporary cellphone hardware

Do you know the architecture of contemporary mobile phone hardware? This presentation will explain about the individual major building blocks and overall architecture of contemporary GSM and UMTS smartphones. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/3008.en.html Saal 1 Harald Welte PUBLISH 2812@25C3@pentabarf.org 2812 fnord_news_show Fnord News Show Wir helfen Euch, die Fnords zu sehen German de 20081228T230000 20081229T000000 01H00M00S

Fnord News Show- Wir helfen Euch, die Fnords zu sehen

Das wird dieses Jahr ein apokalyptischer Fnord-Rückblick inklusive Georgien-Krieg und Finanzkrise. Wir versuchen, die Geschehnisse in eine Art Mega-Verschwörungstheorie zu weben, sodass eine Gruppe (oder vielleicht zwei oder drei) an allem schuld sind. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2812.en.html Saal 1 Felix von Leitner Frank Rieger PUBLISH 2979@25C3@pentabarf.org 2979 embracing_post_privacy Embracing Post-Privacy Optimism towards a future where there is "Nothing to hide" English en 20081228T113000 20081228T123000 01H00M00S

Embracing Post-Privacy- Optimism towards a future where there is "Nothing to hide"

The breaking away of privacy in the digital world is often understood as something dangerous, and for good reasons. But could there be opportunities in it, too? Do the current cultural and technological trends only dissolve the protected area of privacy, or could they dissolve as well the pressures that privacy is supposed to liberate us from? What if we witness a transformation of civilization so profound that terms like "private" and "public" lose their meaning altogether? Maybe we won't need "privacy" at all in the future because we will value other, new liberties more strongly? PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2979.en.html Saal 3 Christian Heller / plomlompom PUBLISH 2678@25C3@pentabarf.org 2678 vulnerability_discovery_in_encrypted_closed_source_php_applications Vulnerability discovery in encrypted closed source PHP applications English en 20081228T160000 20081228T170000 01H00M00S

Vulnerability discovery in encrypted closed source PHP applications

Security audits of PHP applications are usually performed on a source code basis. However sometimes vendors protect their source code by encrypting their applications with runtime (bytecode-)encryptors. When these tools are used source code analysis is no longer possible and because these tools change how PHP works internally, several greybox security scanning/fuzzing techniques relying on hooks fail, too. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2678.en.html Saal 1 Stefan Esser PUBLISH 2773@25C3@pentabarf.org 2773 soviet_untergersdorf Soviet Unterzoegersdorf A Nation In Transit English en 20081229T000000 20081229T010000 01H00M00S

Soviet Unterzoegersdorf- A Nation In Transit

Join a glorious gala presentation with his Excellency and a battalion of members of the Soviet Unterzoegersdorf Military Enforcement Community. We will present the envious "First World" with the fruits of our techno-labor. Among other triumphs on display will be the second part of an ongoing series of so-called "Computer Games" or "Virtual Hyper-Rooms" glorifying the struggles of the Motherland, Soviet Unterzoegersdorf: Sector II. We promise not to mention the SALT II agreement. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2773.en.html Saal 1 monochrom PUBLISH 3024@25C3@pentabarf.org 3024 jahresrueckblick_2008 Jahresrückblick Die Themen des CCC im Jahr 2008 German de 20081228T113000 20081228T134500 02H15M00S

Jahresrückblick- Die Themen des CCC im Jahr 2008

Es war mal wieder ein bewegtes Jahr für den CCC. Was alles passiert ist, werden wir in der gebotenen Kürze berichten. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/3024.en.html Saal 1 Constanze Kurz Andy Müller-Maguhn Frank Rieger Frank Rosengart Erdgeist PUBLISH 2980@25C3@pentabarf.org 2980 the_infinite_library The Infinite Library Storage and Access of Pornographic Information English en 20081228T214500 20081228T224500 01H00M00S

The Infinite Library- Storage and Access of Pornographic Information

Decades ago, Jorge Luis Borges wrote about infinite libraries and perfect memory with the slightly sad air of someone who'd seen those things and knew their faults. Today we work toward infinite libraries and perfect memory with little heed for the possible consequences. How could it be bad to have everything possible stored? To remember everything? I don't know that it will be bad, but I do know that it will be different from our current lives of loss and forgetting. Right now, storing pornography causes problems even for people who have nothing especially perverted to hide: A collection of pornography gets to the heart of what it means to be a private individual. As we move from mass media to individually produced media, from edited collections of porn (magazines, commercially produced films) to individual snapshots and youtube clips and stored bittorrents, the particularity of a collection of porn will be testimony to its owner's private set of tastes. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2980.en.html Saal 1 Rose White PUBLISH 2940@25C3@pentabarf.org 2940 flying_for_free Flying for free Exploiting the weather with unpowered aircraft English en 20081228T140000 20081228T150000 01H00M00S

Flying for free- Exploiting the weather with unpowered aircraft

Birds, glider pilots, and recently UAVs can exploit a variety of weather effects in order to gain altitude, remain airborne and travel long distances all with no power input – effectively, hacking the atmosphere to fly for free. This talk will explain the aircraft, techniques, meteorology, hardware and software that we use to achieve this. In the process I will show why the sport of gliding may be of interest to hackers, and explain how you too can get involved in this highly rewarding and low-cost form of flying. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2940.en.html Saal 2 Martin Ling PUBLISH 2882@25C3@pentabarf.org 2882 full_disk_encryption_internals Full-Disk-Encryption Crash-Course Everything to hide English en 20081228T124500 20081228T134500 01H00M00S

Full-Disk-Encryption Crash-Course- Everything to hide

This is not a hacking presentation, no vulnerabilities are presented. It's a crash-course in full-disk-encryption ("FDE") concepts, products and implementation aspects. An overview of both commercial and open-source offerings for Windows, Linux, and MacOSX is given. A (programmer's) look at the open-source solutions concludes the presentation. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2882.en.html Saal 3 Juergen Pabel PUBLISH 2843@25C3@pentabarf.org 2843 algorithmic_music_in_a_box Algorithmic Music in a Box Doing music with microcontrollers English en 20081228T183000 20081228T193000 01H00M00S

Algorithmic Music in a Box- Doing music with microcontrollers

Small devices like microcontrollers, coupled to a few buttons, knobs, encoders and LEDs, allow for a host of interesting and creative musical applications. Solder a few bits together, program a few lines, and you can build a deep device to support your musical exploration. This lecture will show you quickly how the hardware and code works, and then focus on a few interesting applications: controllers, sequencers, sound generators. The workshop will allow you to build your own crazy ideas. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2843.en.html Saal 2 wesen PUBLISH 2934@25C3@pentabarf.org 2934 blinkenlights_stereoscope Blinkenlights Stereoscope Behind the scenes of the new light installation English en 20081228T160000 20081228T170000 01H00M00S

Blinkenlights Stereoscope- Behind the scenes of the new light installation

Blinkenlights Stereoscope is the new light installation of Project Blinkenlights, a group that originated form the Chaos Computer Club in 2001. Stereoscope targeted the City Hall in Toronto, Canada and was the biggest and most interactive installation of the group so far. The talk provides insight into how it worked and what technology had been developed to make it all happen. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2934.en.html Saal 2 Tim Pritlove PUBLISH 3016@25C3@pentabarf.org 3016 life_is_a_holodeck Life is a Holodeck! An overview of holographic techniques English en 20081228T230000 20081229T000000 01H00M00S

Life is a Holodeck!- An overview of holographic techniques

This talk will give you an overview of the different techniques for spacial representation and show you how they work. Starting with a brief history on the invention of stereoscopy and lenticular representation we will quickly get into history and invention of holography, the basic principles and milestones during development through to the latest available applications and technologies. Different types of Holograms will be shown and explained. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/3016.en.html Saal 2 Claus "HoloClaus" Cohnen PUBLISH 2890@25C3@pentabarf.org 2890 scalable_swarm_robotics Scalable Swarm Robotics Formica: a cheap, open research platform English en 20081228T183000 20081228T193000 01H00M00S

Scalable Swarm Robotics- Formica: a cheap, open research platform

The topic of swarm robotics will be introduced, including the current state of the art and some current research platforms. The problems of scalability in robot swarms will be discussed, particularly of programming and maintaining a large group of robots. The Formica platform represents a novel, very low cost approach to swarm robotics. Its design and implementation will be described, and the lecture will culminate in a live demonstration of a swarm of 25 robots cooperating on a task. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2890.en.html Saal 3 Jeff Gough PUBLISH 2909@25C3@pentabarf.org 2909 tcp_denial_of_service_vulnerabilities TCP Denial of Service Vulnerabilities Accepting the Partial Disclosure Challenge English en 20081228T171500 20081228T181500 01H00M00S

TCP Denial of Service Vulnerabilities- Accepting the Partial Disclosure Challenge

The Transmission Control Protocol (TCP) is one of the fundamental protocols used in today's communication networks. Recently, there has been an increased discussion on possible Denial of Service attacks against TCP-based services, which has largely been triggered by the partial disclosure of several vulnerabilities by the security company Outpost24. This talk will present several TCP vulnerabilities in an attempt to find out just what they found. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2909.en.html Saal 3 Fabian Yamaguchi PUBLISH 2963@25C3@pentabarf.org 2963 hacking_handcuffs Handschellen hacken Essentielles Grundwissen für alle, die nichts zu verbergen hatten German de 20081228T160000 20081228T170000 01H00M00S

Handschellen hacken- Essentielles Grundwissen für alle, die nichts zu verbergen hatten

Jeder kann auf Youtube ansehen, wie man normale Handschellen mit einer Büroklammer öffnet. Aber es gibt verschiedenste Hochsicherheitsmodelle mit deutlich komplizierteren Schlössern, die nur darauf warten, vom Sperrsport entdeckt zu werden... PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2963.en.html Saal 3 Ray PUBLISH 2734@25C3@pentabarf.org 2734 short_attention_span_security Short Attention Span Security A little of everything English en 20081228T183000 20081228T193000 01H00M00S

Short Attention Span Security- A little of everything

Working as a security consultant means that you get to see everyone's dirty laundry. However, it also means a hectic schedule and restrictive confidentiality agreements. Without violating my NDA, here's a set of turbo-talks looking at some new tricks for some new technologies and a look at some lucrative new attack surfaces that will become much more prevalent in the coming year. Topics will include: Script Injection in Flex, EFI Rootkits, static analysis with Dehydra, and pattern-matching hex editors. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2734.en.html Saal 1 Ben Kurtz PUBLISH 3056@25C3@pentabarf.org 3056 fnord_news_show_en Fnord News Show (English interpretation) We help in seeing teh Fnords English en 20081228T230000 20081229T000000 01H00M00S

Fnord News Show (English interpretation)- We help in seeing teh Fnords

English Interpretation and video transmission of the event in Saal 1 This year's apocalyptic Fnord-review will include the war in Georgia and the financial-crisis. We try to web the events into a kind of mega-conspiracy, so that only one group (or probably two or three) are guilty. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/3056.en.html Saal 3 Frank Rieger Felix von Leitner PUBLISH 3048@25C3@pentabarf.org 3048 lightning_talks_1 Lightning Talks Day2 4 minutes of fame English en 20081228T113000 20081228T123000 01H00M00S

Lightning Talks Day2- 4 minutes of fame

4 minutes for every speaker. Learn about the good, the bad, and the ugly - in software, hardware, projects, and more. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/3048.en.html Saal 2 Sven Guckes Oliver Pritzkow PUBLISH 3015@25C3@pentabarf.org 3015 rapid_prototype_your_life Rapid Prototype Your Life The time is now to make anything you can imagine English en 20081228T203000 20081228T213000 01H00M00S

Rapid Prototype Your Life- The time is now to make anything you can imagine

The tools are at hand to free you from the bonds of consumer slavery. No longer must you rely on distant and faceless factories or bow down before the false idols of mass produced consumer manufactured items. Never again look into the aisles of oblivion filled with mass produced products. Take rapid prototype manufacturing into your life and return to a time before corporations robbed you of our individualism. A cottage industry paradise awaits those with the digital skills and the means to acquire or build the machines that can actualize the items that exist now only in your imagination. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/3015.en.html Saal 1 Bre PUBLISH 2831@25C3@pentabarf.org 2831 security_of_mica_based_wireless_sensor_networks Security of MICA*-based wireless sensor networks English en 20081228T171500 20081228T181500 01H00M00S

Security of MICA*-based wireless sensor networks

Firstly, we mention an initial qualitative risk assessment, carried out by interviewing the operating manager of a large suspension bridge and a contractor responsible for part of a large subway tunnel network who want to use wireless sensor networks. The core of the talk deals with assessing the practical security of the particular COTS system adopted by our team, the Crossbow MICAz motes running TinyOS or XMesh, together with the Stargate gateway: we designed and implemented a variety of attacks on this system and we discuss the security problems we found, together with appropriate fixes where possible. While some of our attacks exploit generally known vulnerabilities, others like selective jamming and power exhaustion through routing table manipulation are original and interesting in their own right. In section we also demonstrate how an attacker can undetectably alter messages in an IEEE 802.15.4 radio environment. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2831.en.html Saal 2 Dan Cvrcek PUBLISH 2875@25C3@pentabarf.org 2875 introduction_to_new_stream_cipher_designs An introduction to new stream cipher designs Turning data into line noise and back English en 20081229T140000 20081229T150000 01H00M00S

An introduction to new stream cipher designs- Turning data into line noise and back

Even with "nothing to hide", we want to protect the privacy of our bits and bytes. Encryption is an important tool for this, and stream ciphers are a major class of symmetric-key encryption schemes. Algorithms such as RC4 (used in WEP/WPA, bittorrent, SSL), A5/1 (GSM telephony), E0 (bluetooth), as well as AES in counter (CTR) mode, are important examples of stream ciphers used in everyday applications. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2875.en.html Saal 3 Tor E. Bjørstad PUBLISH 2596@25C3@pentabarf.org 2596 swf_and_the_malware_tragedy SWF and the Malware Tragedy Hide and Seek in A. Flash English en 20081229T183000 20081229T193000 01H00M00S

SWF and the Malware Tragedy- Hide and Seek in A. Flash

This talk rounds up possible web-based attacks using Flash with a particular focus on obfuscation, de-obfuscation and the generic detection of malicious SWF. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2596.en.html Saal 3 BeF fukami PUBLISH 2816@25C3@pentabarf.org 2816 cisco_ios_attack_and_defense Cisco IOS attack and defense The State of the Art English en 20081229T214500 20081229T224500 01H00M00S

Cisco IOS attack and defense- The State of the Art

The talk will cover the past, present and future of Cisco IOS hacking, defense and forensics. Starting from the historic attacks that still work on less well managed parts of the Internet, the powerful common bugs, the classes of binary vulnerabilities and how to exploit them down to the latest methods and techniques, this session will try to give everything in one bag. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2816.en.html Saal 1 FX of Phenoelit PUBLISH 2895@25C3@pentabarf.org 2895 biometrie_epa Der elektronische Personalausweis Endlich wird jeder zum "Trusted Citizen" German de 20081229T203000 20081229T213000 01H00M00S

Der elektronische Personalausweis- Endlich wird jeder zum "Trusted Citizen"

Die Einführung von Fingerabdrücken und biometrischen Gesichtsbildern in den geplanten elektronischen Personalausweis (ePA) ist 2008 beschlossen worden. Versprochen wird uns die sichere Identitätskontrolle, geliefert vom Dienstleister des Vertrauens, der Bundesdruckerei GmbH. Konzeptionelle Fehler aus dem Paßgesetz werden jedoch im neuen Scheckkartenformat des ePA wiederholt. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2895.en.html Saal 2 Constanze Kurz starbug PUBLISH 3007@25C3@pentabarf.org 3007 running_your_own_gsm_network Running your own GSM network English en 20081229T113000 20081229T123000 01H00M00S

Running your own GSM network

This presentation will mark the first public release of a new GPL licensed Free Software project implementing the GSM fixed network, including the various minimal necessary functionality of BSC, MSC, HLR. It will introduce the respective standards and protocols, as well as a short demonstration of an actual phone call between two mobile phones registered to the base station. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/3007.en.html Saal 1 Harald Welte Dieter Spaar PUBLISH 2639@25C3@pentabarf.org 2639 attacking_nfc_mobile_phones Attacking NFC mobile phones First look at the security of NFC mobile phones English en 20081229T183000 20081229T193000 01H00M00S

Attacking NFC mobile phones- First look at the security of NFC mobile phones

Near Field Communication (NFC) based services and mobile phones are starting to appear in the field, therefore it is time to take a look at the security of the services and especially the NFC mobile phones themselves. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2639.en.html Saal 1 Collin Mulliner PUBLISH 2860@25C3@pentabarf.org 2860 neusprech Neusprech im Überwachungsstaat Politikersprache zwischen Orwell und Online German de 20081229T140000 20081229T150000 01H00M00S

Neusprech im Überwachungsstaat- Politikersprache zwischen Orwell und Online

Politiker wollen ihre Überwachungspläne schmackhaft machen. Neben der inhaltlichen Verharmlosung von Vorratsdatenspeicherung, Onlinedurchsuchung, Videoüberwachung usw. nutzen sie sprachliche Mittel, um ihre Maßnahmen durchzusetzen. Negativ besetzte Wörter werden durch positive ersetzt und rhetorische Muster werden verwendet, um negative Aspekte auszublenden. Der Vortrag beleuchtet Merkmale der Politikersprache, die in Anlehnung an George Orwell als Neusprech bezeichnet werden kann. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2860.en.html Saal 1 maha/Martin Haase PUBLISH 2938@25C3@pentabarf.org 2938 methods_for_understanding_targeted_attacks_with_office_documents Methods for Understanding Targeted Attacks with Office Documents English en 20081229T203000 20081229T213000 01H00M00S

Methods for Understanding Targeted Attacks with Office Documents

As more security features and anti-exploitation mechanisms are added to modern operating systems, attackers are changing their targets to higher-level applications. In the last few years, we have seen increasing targeted attacks using malicious Office documents against both government and non-government entities. These attacks are well publicized in the media; unfortunately, there is not much public information on attack details or exploitation mechanisms employed in the attacks themselves. This presentation aims to fill the gap by offering: PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2938.en.html Saal 1 Bruce Dang PUBLISH 2681@25C3@pentabarf.org 2681 repurposing_the_ti_ez430u Repurposing the TI EZ430U with msp430static, solder, and syringe English en 20081229T124500 20081229T134500 01H00M00S

Repurposing the TI EZ430U- with msp430static, solder, and syringe

USB devices are sometimes composed of little more than a microcontroller and a USB device controller. This lecture describes how to reprogram one such device, greatly expanding its potential. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2681.en.html Saal 2 Travis Goodspeed PUBLISH 3041@25C3@pentabarf.org 3041 evoting_after_nedap eVoting after Nedap and Digital Pen Why cryptography might not fix the issue of transparent elections English en 20081229T124500 20081229T134500 01H00M00S

eVoting after Nedap and Digital Pen- Why cryptography might not fix the issue of transparent elections

Cryptographic methods have been suggested as a solution of the transparency and auditability issues in electronic voting. This talk introduces some of the suggested approaches and explains why such methods replace one issue with another, rather than fixing it. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/3041.en.html Saal 1 Ulrich Wiesner PUBLISH 2958@25C3@pentabarf.org 2958 hacker_jeopardy Hacker Jeopardy Die ultimative Hacker-Quizshow German de 20081229T230000 20081230T010000 02H00M00S

Hacker Jeopardy- Die ultimative Hacker-Quizshow

Das bekannte Quizformat - aber natürlich mit Themen, die man im Fernsehen nie zu sehen bekäme. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2958.en.html Saal 1 Stefan 'Sec' Zehl Ray PUBLISH 2874@25C3@pentabarf.org 2874 the_ultimate_commodore_64_talk The Ultimate Commodore 64 Talk Everything about the C64 in 64 Minutes English en 20081229T160000 20081229T170000 01H00M00S

The Ultimate Commodore 64 Talk- Everything about the C64 in 64 Minutes

Retrocomputing is cool as never before. People play C64 games in emulators and listen to SID music, but few people know much about the C64 architecture. This talk attempts to communicate "everything about the C64" to the listener, including its internals and quirks, as well as the tricks that have been used in the demoscene, trying to revive the spirit of times when programmers counted clock cycles and hardware limitations were seen as a challenge. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2874.en.html Saal 2 Michael Steil PUBLISH 2975@25C3@pentabarf.org 2975 zehn_big_brother_awards_in_at Zehn Big Brother Awards in .at Rückblick über eine bewegte Zeit German de 20081229T124500 20081229T134500 01H00M00S

Zehn Big Brother Awards in .at- Rückblick über eine bewegte Zeit

Als erster Big-Brother-Awards-Veranstalter schaffte es Österreich, dieses Jahr die Preise bereits zum zehnten mal zu vergeben. Und obwohl es sich nur um eine Zehnerpotenz handelt, und nicht um eine zur Basis 2, ist es Zeit für einen Rückblick – und einen kleinen Ausblick. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2975.en.html Saal 3 Adrian Dabrowski PUBLISH 2977@25C3@pentabarf.org 2977 security_and_anonymity_vulnerabilities_in_tor Security and anonymity vulnerabilities in Tor Past, present, and future English en 20081229T171500 20081229T181500 01H00M00S

Security and anonymity vulnerabilities in Tor- Past, present, and future

There have been a number of exciting bugs and design flaws in Tor over the years, with effects ranging from complete anonymity compromise to remote code execution. Some of them are our fault, and some are the fault of components (libraries, browsers, operating systems) that we trusted. Further, the academic research community has been coming up with increasingly esoteric – and increasingly effective! – attacks against all anonymity designs, including Tor. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2977.en.html Saal 2 Roger Dingledine PUBLISH 2828@25C3@pentabarf.org 2828 onioncat_tor_based_anonymous_vpn OnionCat – A Tor-based Anonymous VPN Building an anonymous Internet within the Internet English en 20081229T183000 20081229T193000 01H00M00S

OnionCat – A Tor-based Anonymous VPN- Building an anonymous Internet within the Internet

OnionCat manages to build a complete IP transparent VPN based on Tor's hidden services, provides a simple well-known interface and has the potential to create an anonymous global network which could evolve to a feature- and information-rich network like we know the plain Internet today. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2828.en.html Saal 2 Bernhard Fischer Daniel Haslinger PUBLISH 3052@25C3@pentabarf.org 3052 rebel_at_work Weizenbaum Rebel at work German de 20081229T214500 20081229T224500 01H00M00S

Weizenbaum- Rebel at work

Gezeigt wird ein Dokumentarfilm von Silvia Holzinger und Peter Haas über den Deutsch-Amerikaner Joseph Weizenbaum – eine Kultfigur in der Informatik. Bekannt wurde er in den 70er Jahren als scharfzüngiger Wissenschafts- und Gesellschaftskritiker. Sein Buch "Die Macht der Computer und die Ohnmacht der Vernunft" ist zum Klassiker geworden, sowohl unter Philosophen als auch unter Informatiker. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/3052.en.html Saal 3 Silvia Holzinger Peter Haas PUBLISH 3032@25C3@pentabarf.org 3032 mifare_2008 Analyzing RFID Security English en 20081229T160000 20081229T170000 01H00M00S

Analyzing RFID Security

Many RFID tags have weaknesses, but the security level of different tags varies widely. Using the Mifare Classic cards as an example, we illustrate the complexity of RFID systems and discuss different attack vectors. To empower further analysis of RFID cards, we release an open-source, software-controlled, and extensible RFID reader with support for most common standards. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/3032.en.html Saal 1 Karsten Nohl Henryk Plötz PUBLISH 3047@25C3@pentabarf.org 3047 lightning_talks_2 Lightning Talks Day3 - Morning 4 minutes of fame English en 20081229T113000 20081229T123000 01H00M00S

Lightning Talks Day3 - Morning- 4 minutes of fame

4 minutes for every speaker. Learn about the good, the bad, and the ugly - in software, hardware, projects, and more. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/3047.en.html Saal 2 Sven Guckes Oliver Pritzkow PUBLISH 3002@25C3@pentabarf.org 3002 squeezing_attack_traces Squeezing Attack Traces How to get useable information out of your honeypot English en 20081229T160000 20081229T163000 00H30M00S

Squeezing Attack Traces- How to get useable information out of your honeypot

This talk will give an overview about how modern attack analysis tools (dynamic honeypots, an automated shellcode analyzer, and an intrusion signature generator) can be used to get a deep understanding about what attacks do and how they work. A live demo will be given to demonstrate the usage of those tools. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/3002.en.html Saal 3 Tillmann Werner Markus Kötter PUBLISH 3057@25C3@pentabarf.org 3057 hacker_jeopardy_en Hacker Jeopardy (English interpretation) The ultimative Hacker-Quizshow English en 20081229T230000 20081230T010000 02H00M00S

Hacker Jeopardy (English interpretation)- The ultimative Hacker-Quizshow

English Interpretation and video transmission of the event in Saal 1 The famous quiz – of course with topics you will never see in TV. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/3057.en.html Saal 3 Ray Stefan 'Sec' Zehl PUBLISH 3053@25C3@pentabarf.org 3053 lightning_talks_2_2 Lightning Talks Day3 - Evening 4 minutes of fame English en 20081229T203000 20081229T213000 01H00M00S

Lightning Talks Day3 - Evening- 4 minutes of fame

4 minutes for every speaker. Learn about the good, the bad, and the ugly - in software, hardware, projects, and more. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/3053.en.html Saal 3 Sven Guckes Oliver Pritzkow PUBLISH 3000@25C3@pentabarf.org 3000 hacking_into_botnets Stormfucker: Owning the Storm Botnet English en 20081229T164500 20081229T181500 01H30M00S

Stormfucker: Owning the Storm Botnet

In the talk we will demonstrate how to own the storm botnet (live demo included). PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/3000.en.html Saal 3 Felix Leder Mark Schlösser Georg 'oxff' Wicherski Tillmann Werner PUBLISH 2781@25C3@pentabarf.org 2781 objects_as_software Objects as Software: The Coming Revolution How RepRap and physical compilers will change the world as we know it (and already have) English en 20081229T214500 20081229T224500 01H00M00S

Objects as Software: The Coming Revolution- How RepRap and physical compilers will change the world as we know it (and already have)

How physical compilers (CNC machines, laser cutters, 3D printers, etc) are changing the way we make things, how we think about the nature of objects. This talk will focus on the future of digital manufacturing, and how self-replicating machines will make this technology accessible to everyone: ushering in a new era of technological advance. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2781.en.html Saal 2 Zach Hoeken PUBLISH 2872@25C3@pentabarf.org 2872 the_privacy_workshop_project The Privacy Workshop Project Enhancing the value of privacy in todays students view English en 20081229T113000 20081229T123000 01H00M00S

The Privacy Workshop Project- Enhancing the value of privacy in todays students view

The lecture intends to give an overview of the Privacy Workshop project started in Siegen (NRW, Germany) and to animate listeners to participate in the project. Update 2008-12-30: we finally put the slides online, but there are still some cc-license tags that need to be fixed for the last pictures. The flickr-links are ok though, so please don't moan and stay tuned :) PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2872.en.html Saal 3 Christoph Brüning Kai Schubert PUBLISH 2873@25C3@pentabarf.org 2873 privacy_in_the_social_semantic_web Privacy in the social semantic web Social networks based on XMPP English en 20081229T140000 20081229T150000 01H00M00S

Privacy in the social semantic web- Social networks based on XMPP

[[ Thank you all for your feedback. I currently register some hacking space on berlios.de so we can have a mailing list and maybe a wiki! please contact me at: jan.heuer <<ät<< uni-muenster.de ]] In the last years the static web has moved towards an interactive web – often referred to as the web2.0. People collaboratively write articles in online encyclopedias like Wikipedia or self-portray themselves with profiles in social networks like Myspace. Delicious allows people to tag their bookmarks and share them with friends. Twitter is a short status message service to tell friends what you're doing right now. The diversity of applications attracts a huge amount of users and the application can be used from any computer. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2873.en.html Saal 2 Jan Torben PUBLISH 2937@25C3@pentabarf.org 2937 dect DECT The Digital Enhanced Cordless Telecommunications standard English en 20081229T171500 20081229T181500 01H00M00S

DECT- The Digital Enhanced Cordless Telecommunications standard

Digital Enhanced Cordless Telecommunications (DECT) is a synonym for cordless phones today. Although DECT can be found nearly everywhere, only little is known about the security of DECT. Most parts of the DECT standard are public, but all cryptographic algorithms used in DECT (authentication and encryption) are secret and not known to the public. Nevertheless we decided to investigate the security of DECT closer ... PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2937.en.html Saal 1 Erik Tews Andreas Schuler Ralf-Philipp Weinmann PUBLISH 2995@25C3@pentabarf.org 2995 predictable_rng_debian Predictable RNG in the vulnerable Debian OpenSSL package the What and the How English en 20081230T124500 20081230T134500 01H00M00S

Predictable RNG in the vulnerable Debian OpenSSL package- the What and the How

Recently, the Debian project announced an OpenSSL package vulnerability which they had been distributing for the last two years. This bug makes the PRNG predictable, affecting the keys generated by openssl and every other system that uses libssl (eg. openssh, openvpn). PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2995.en.html Saal 3 Luciano Bello Maximiliano Bertacchini PUBLISH 2999@25C3@pentabarf.org 2999 closing_ceremony Closing Ceremony English en 20081230T181500 20081230T191500 01H00M00S

Closing Ceremony

PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2999.en.html Saal 1 Sandro Gaycken PUBLISH 2952@25C3@pentabarf.org 2952 pflanzenhacken Pflanzenhacken Züchten 2.0 German de 20081230T151500 20081230T161500 01H00M00S

Pflanzenhacken- Züchten 2.0

Ob Tomaten, Zitronen oder Cannabis: Nutzpflanzen werden längst nicht mehr konventionell in Erde gezüchtet. Von der Auswahl des Saat- und Erbguts bis zur Ernte ist der Anbau von Pflanzen aller Art ein schwieriges, aber spannendes Thema. Die von der Industrie angestellte Forschung hilft auch dem Hobbyzüchter: Pflanzen, die ohne Erde kultiviert und wenige Wochen nach der "Aussaat" erntereif sind, gehören längst nicht mehr in Science-Fiction-Filme, sondern in den Keller des geneigten Bastlers. Dieser Vortrag soll aufzeigen, dass nicht nur bei Bits'n'Bytes, sondern auch bei Obst und Gemüse durchaus hackbares Potential besteht. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2952.en.html Saal 3 Paul Asmuth PUBLISH 2899@25C3@pentabarf.org 2899 mining_social_contacts_with_active_rfid Mining social contacts with active RFID English en 20081230T151500 20081230T161500 01H00M00S

Mining social contacts with active RFID

We describe the implementation of a distributed proximity detection firmware for the OpenBeacon RFID platform. We report on experiments performed during conference gatherings, where the new feature of proximity detection was used to mine and expose patterns of social contact. We discuss some properties of the networks of social contact, and show how these networks can be analyzed, visualized, and used to infer the underlying social structure. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2899.en.html Saal 2 Ciro Cattuto Milosch Meriac aestetix PUBLISH 2791@25C3@pentabarf.org 2791 la_quadrature_du_net La Quadrature du Net - Campaigning on Telecoms Package Pan-european activism for patching a "pirated" law English en 20081230T124500 20081230T134500 01H00M00S

La Quadrature du Net - Campaigning on Telecoms Package- Pan-european activism for patching a "pirated" law

La Quadrature du Net (Squaring the Net) is a citizen group informing about legislative projects menacing civil liberties as well as economic and social development in the digital age. Supported by international NGOs (EFF, OSI, ORG, Internautas, Netzwerk Freies Wissen, April, etc.), it aims at providing infrastructure for pan-European activism about such topics as network neutrality, privacy, "graduated response", etc. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2791.en.html Saal 2 Jérémie Zimmermann Markus Beckedahl PUBLISH 3023@25C3@pentabarf.org 3023 md5_considered_harmful_today MD5 considered harmful today Creating a rogue CA Certificate English en 20081230T151500 20081230T161500 01H00M00S

MD5 considered harmful today- Creating a rogue CA Certificate

PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/3023.en.html Saal 1 Jacob Appelbaum Alexander Sotirov Benne de Weger Arjen Lenstra Marc Stevens David Molnar Dag Arne Osvik PUBLISH 2916@25C3@pentabarf.org 2916 wikileaks Wikileaks Wikileaks vs. the World English en 20081230T140000 20081230T150000 01H00M00S

Wikileaks- Wikileaks vs. the World

Wikileaks is developing an uncensorable Wikipedia for untraceable mass document leaking and analysis. In the past year, Wikileaks has publicly revealed more sensitive military documents than the entire world's press combined. Its mission has been quite successful after the launch, spawning reportage worldwide and effectively helping to bring about reform on important matters based on factual information. As of now the effort has spawned thousands of press references in major newspapers like The NY Times, The Guardian and the BBC, and tens of thousands in blog posts. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2916.en.html Saal 1 wikileaks PUBLISH 3021@25C3@pentabarf.org 3021 security_nightmares Security Nightmares 2009 Oder: worüber wir nächstes Jahr lachen werden German de 20081230T163000 20081230T180000 01H30M00S

Security Nightmares 2009- Oder: worüber wir nächstes Jahr lachen werden

Security Nightmares - der jährliche Rückblick auf die IT-Sicherheit und der Security-Glaskugelblick für's nächste Jahr. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/3021.en.html Saal 1 Ron Frank Rieger PUBLISH 2777@25C3@pentabarf.org 2777 crafting_and_hacking_separated_at_birth Crafting and Hacking: Separated at Birth English en 20081230T140000 20081230T150000 01H00M00S

Crafting and Hacking: Separated at Birth

What do hackers have in common with crafters? Lots. While crafting is more often about string and glue than bits and electrons, crafters often feel the same need to create things and manipulate materials into something new. The roots of computing are intertwined with craft around the invention of the Jaquard punchcard loom. We'll look at where the two scenes have gone since then, and what we can gain by reconnecting the hacker world with its softer, more decorative cousin. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2777.en.html Saal 3 Kellbot PUBLISH 2680@25C3@pentabarf.org 2680 not_soy_fast Not Soy Fast: Genetically Modified, Resource Greedy, and coming to a Supermarket Near You The silent march of the multinational GMO soy industry and its growing power in South America, the EU, and around the World. English en 20081230T124500 20081230T134500 01H00M00S

Not Soy Fast: Genetically Modified, Resource Greedy, and coming to a Supermarket Near You- The silent march of the multinational GMO soy industry and its growing power in South America, the EU, and around the World.

Soy is the magic ingredient that we often look to for our alternative, healthier, and more responsible diets. Yet the soy industry, with its boom in profits and global reach, behaves the exact opposite way. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2680.en.html Saal 1 Bicyclemark PUBLISH 3058@25C3@pentabarf.org 3058 security_nightmares_en Security Nightmares 2009 (English interpretation) Or: about what we will laugh next year English en 20081230T163000 20081230T180000 01H30M00S

Security Nightmares 2009 (English interpretation)- Or: about what we will laugh next year

English Interpretation and video transmission of the event in Saal 1 Security Nightmares – the yearly review on IT-Security and a look into the crystal ball for next year. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/3058.en.html Saal 3 Frank Rieger Ron PUBLISH 2973@25C3@pentabarf.org 2973 lightning_talks_3 Lightning Talks Day4 4 minutes of fame English en 20081230T113000 20081230T123000 01H00M00S

Lightning Talks Day4- 4 minutes of fame

4 minutes for every speaker. Learn about the good, the bad, and the ugly - in software, hardware, projects, and more. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2973.en.html Saal 2 Sven Guckes Oliver Pritzkow PUBLISH 3004@25C3@pentabarf.org 3004 why_technology_sucks Why technology sucks If technology is the solution, politicians are the problem English en 20081230T113000 20081230T123000 01H00M00S

Why technology sucks- If technology is the solution, politicians are the problem

More and more technology is seen as the ultimate solution for many problems. Lack of understanding and bending rules towards the technology show that politicians and managers have an established level of incompetence. Of course this poses a problem. We tend to forget that hacking also means is having fun with things. Let's ride the incompetence and use technology 'concepts' for the things we want. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/3004.en.html Saal 1 Walter van Host PUBLISH 2942@25C3@pentabarf.org 2942 vertex_hacking Vertex Hacking Reverse Engineering von 3D-Dateiformaten German de 20081230T140000 20081230T150000 01H00M00S

Vertex Hacking- Reverse Engineering von 3D-Dateiformaten

Es geht um die Methoden beim Umgang mit unbekannten Dateiformaten, speziell im Bereich der 3D-Modelle. Vorgestellt werden sollen die Werkzeuge, die Vorgehensweise, ein paar mögliche Fallstricke, interessante Implementierungsdetails und schlussendlich auch das Ergebnis in Form der Bibliothek libg3d. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2008/Fahrplan/events/2942.en.html Saal 2 Markus Dahms