2.0 -//Pentabarf//Schedule #<Conference_release::Row:0x2d214a9169a8>//EN 28C3 Schedule Release #<Conference_release::Row:0x2d214a9169a8> 28C3 Schedule PUBLISH 4816@28C3@pentabarf.org 4816 7_years_400_podcasts_and_lots_of_frequent_flyer_miles 7 years, 400+ podcasts, and a whole lot of Frequent Flyer Miles Lessons learned from producing a weekly independent podcast on international conflicts and concerns. English en 20111228T230000 20111229T000000 01H00M00S 7 years, 400+ podcasts, and a whole lot of Frequent Flyer Miles- Lessons learned from producing a weekly independent podcast on international conflicts and concerns. In 2004 I started a weekly podcast on international under-reported news based on a feeling that this was something I enjoy doing and I could be good at. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4816.en.html Saal 1 Bicyclemark PUBLISH 4766@28C3@pentabarf.org 4766 802_11_packets_in_packets 802.11 Packets in Packets A Standard-Compliant Exploit of Layer 1 English en 20111227T183000 20111227T193000 01H00M00S 802.11 Packets in Packets- A Standard-Compliant Exploit of Layer 1 New to 2011, Packet-in-Packet exploits allow for injection of raw radio frames into remote wireless networks. In these exploits, an attacker crafts a string that when transmitted over the air creates the symbols of a complete and valid radio packet. When radio interference damages the beginning of the outer packet, the receiver is tricked into seeing only the inner packet, allowing a frame to be remotely injected. The attacker requires no radio, and injection occurs without a software or hardware bug. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4766.en.html Saal 1 Travis Goodspeed PUBLISH 4826@28C3@pentabarf.org 4826 a_brief_history_of_plutocracy A Brief History of Plutocracy English en 20111228T143000 20111228T150000 00H30M00S A Brief History of Plutocracy This whistlestop re-telling of world economic history squeezes 12,000 years of history into 18 slides. Its focus is the changing nature of money and the rise of the monied class in US and Europe. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4826.en.html Saal 2 Robin Upton PUBLISH 4913@28C3@pentabarf.org 4913 almighty_dna_and_beyond Almighty DNA? Was die Tatort-Wahrheitsmaschine mit Überwachung zu tun hat German de 20111227T171500 20111227T181500 01H00M00S Almighty DNA?- Was die Tatort-Wahrheitsmaschine mit Überwachung zu tun hat Die Erstellung von Personenprofilen aus DNA und ihre Speicherung in polizeilichen Datenbanken erfreut sich allgemeiner Akzeptanz. Die Annahme ist weitverbreitet, es ginge dabei allein um die Aufklärung von Mord und Totschlag. Tatsächlich speichert das Bundeskriminalamt hier aber Datensätze auf Vorrat und zwar aus immer geringfügigeren Anlässen und in immer größerer Zahl. Zudem werden die DNA-Datenbanken der europäischen Polizeien derzeit miteinander vernetzt. Das ist umso beunruhigender, als wir alle beständig DNA hinterlassen, ob nun in Haaren, Hautabrieb oder Speichel. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4913.en.html Saal 2 Susanne Schultz Uta Wagenmann PUBLISH 4828@28C3@pentabarf.org 4828 antiforensik Antiforensik Einführung in das Thema Antiforensik am Beispiel eines neuen Angriffsvektors German de 20111230T124500 20111230T131500 00H30M00S Antiforensik- Einführung in das Thema Antiforensik am Beispiel eines neuen Angriffsvektors Antiforensik ist ein noch eher neues Thema und bekommt zunehmend mehr Bedeutung. IT-Forensik als Mittel zur Aufklärung von Sachverhalten kann vor Gericht aber auch in internen Ermittlungen maßgeblich für Freisprüche oder Schuldsprüche sorgen. Daher ist es besonders schlimm, wenn die dazu verwendeten Programme nicht korrekt arbeiten und sogar mit präparierten antiforensischen Aktionen angegriffen werden können. Der Vortrag zeigt eine bisher unbekannte und dennoch technisch einfache Sicherheitslücke in mindestens einer weltweit verwendeten Forensik-Suite und wie diese ausgenutzt werden kann: Hinzufügen von Ermittlungsergebnissen, Löschen/Verändern von Ermittlungsergebnissen, Infektion des Auswertesystems mit Malware. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4828.en.html Saal 2 Martin Wundram PUBLISH 4676@28C3@pentabarf.org 4676 apple_vs_google_client_platforms Apple vs. Google Client Platforms How you end up being the Victim. English en 20111228T214500 20111228T224500 01H00M00S Apple vs. Google Client Platforms- How you end up being the Victim. We will discuss the two different approaches Apple and Google take for the client platforms iPad and Chromebook, how they are similar and how they are not. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4676.en.html Saal 1 Bruhns FX of Phenoelit greg PUBLISH 4764@28C3@pentabarf.org 4764 automatic_algorithm_invention_with_a_gpu Automatic Algorithm Invention with a GPU Hell Yeah, it's rocket science English en 20111227T171500 20111227T181500 01H00M00S Automatic Algorithm Invention with a GPU- Hell Yeah, it's rocket science You write software. You test software. You know how to tell if the software is working. Automate your software testing sufficiently and you can let the computer do the writing for you! "Genetic Programming", especially "Cartesian Genetic Programming" (CGP), is a powerful tool for creating software and designing physical objects. See how to do CGP as we invent image filters for the Part Time Scientists' 3D cameras. Danger: Actual code will be shown! PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4764.en.html Saal 3 Wes Faler PUBLISH 4814@28C3@pentabarf.org 4814 behind_the_scenes_of_a_c64_demo Behind the scenes of a C64 demo English en 20111229T214500 20111229T224500 01H00M00S Behind the scenes of a C64 demo C64 "demos" were the root of the whole demo-scene-thing and they are still the main force keeping the C64 alive today. Audiovisual pleasure, still pushing hardware limits, still exploring different ways of expression. But what is typically happening inside the machine when you watch a demo? What effort is needed to entertain the audience? This talk will give you an inside look at the steps taken for the award winning demo "Error 23" given first hand by one of its main programmers. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4814.en.html Saal 3 Ninja / The Dreams PUBLISH 4669@28C3@pentabarf.org 4669 bionic_ears Bionic Ears Introduction into State-of-the-Art Hearing Aid Technology English en 20111228T171500 20111228T181500 01H00M00S Bionic Ears- Introduction into State-of-the-Art Hearing Aid Technology In many social situations being hearing impaired is a serious handicap, not only for elderly people. Today's hearing aids are tiny computers that do a decent job in signal processing. During the last years, the progress in this technology was significant, amongst other things by switching from analog to digital devices. Since this field becomes more and more related to computer technology, there is even more improvement to be expected. In particular, it turns into a more and more interesting playground for hackers. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4669.en.html Saal 2 Helga Velroyen PUBLISH 4746@28C3@pentabarf.org 4746 bitcoin_an_analysis Bitcoin - An Analysis English en 20111229T140000 20111229T150000 01H00M00S Bitcoin - An Analysis Bitcoin is the first distributed, digital currency. It received a lot of attention recently as it questions the state monopoly to issue legal tender. It relies on distributed proof-of-work concepts to ensure money-like characteristics. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4746.en.html Saal 1 Kay Hamacher Stefan Katzenbeisser PUBLISH 4930@28C3@pentabarf.org 4930 black_ops_of_tcpip_2011 Black Ops of TCP/IP 2011 English en 20111227T230000 20111228T000000 01H00M00S Black Ops of TCP/IP 2011 Black Ops of TCP/IP 2011, a cleanup of the BH USA talk. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4930.en.html Saal 1 Dan Kaminsky PUBLISH 4916@28C3@pentabarf.org 4916 buggedplanet BuggedPlanet Surveillance Industry & Country's Actings English en 20111227T203000 20111227T213000 01H00M00S BuggedPlanet- Surveillance Industry & Country's Actings BuggedPlanet.Info is a small Wiki that tries to list and track down the activities of the surveillance industry in the fields of "Lawful Interception", Signals Intelligence (SIGINT), Communications Intelligence (COMINT) and related fields to gain access to data from telecommunication systems. In this talk I want to explain the idea behind the project and also discuss some observations made between industrial activites and governmental actings. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4916.en.html Saal 3 Andy Müller-Maguhn PUBLISH 4699@28C3@pentabarf.org 4699 building_a_distributed_satellite_ground_station_network Building a Distributed Satellite Ground Station Network - A Call To Arms Hackers need satellites. Hackers need internet over satellites. Satellites require ground stations. Let's build them! English en 20111228T214500 20111228T224500 01H00M00S Building a Distributed Satellite Ground Station Network - A Call To Arms- Hackers need satellites. Hackers need internet over satellites. Satellites require ground stations. Let's build them! As proposed by Nick Farr et al at CCCamp11, we - the hacker community - are in desperate need for our own communication infrastructure. So here we are, answering the call for the Hacker Space Program with our proposal of a distributed satellite communications ground station network. An affordable way to bring satellite communications to a hackerspace near you. We're proposing a multi-step approach to work towards this goal by setting up a distributed network of ground stations which will ensure a 24/7 communication window - first tracking, then communicating with satellites. The current state of a proof of concept implementation will be presented. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4699.en.html Saal 2 Andreas -horn- Hornig hadez PUBLISH 4587@28C3@pentabarf.org 4587 bup_git_for_backups bup: Git for backups English en 20111230T131500 20111230T134500 00H30M00S bup: Git for backups bup is short for "backup". bup uses the file format of the distributed version control system Git. It solves Git's problems with big files. Deduplication is used to make backups space efficent (about five times smaller than rsnapshot's backups). Data is deduplicated globally across files and backups. If a small part of a big file is changed only little additional space is needed. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4587.en.html Saal 2 Zoran Zaric PUBLISH 4799@28C3@pentabarf.org 4799 can_trains_be_hacked Can trains be hacked? Die Technik der Eisenbahnsicherungsanlagen German de 20111227T140000 20111227T150000 01H00M00S Can trains be hacked?- Die Technik der Eisenbahnsicherungsanlagen Warum sind Züge sicher unterwegs? Wie werden Zusammenstöße trotz der Gefahr eines menschlichen Fehlverhaltens vermieden? Und was hat das alles mit IT-Sicherheit zu tun? PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4799.en.html Saal 3 Stefan Katzenbeisser PUBLISH 4932@28C3@pentabarf.org 4932 camp_review_2011 CCC Camp 2011 Video Impressions Reviving a nice summer dream English en 20111229T230000 20111230T000000 01H00M00S CCC Camp 2011 Video Impressions- Reviving a nice summer dream All of us who did attend are still dreaming. All of us who did not attend are still weeping. The CCCamp 2011. This film recapitulates all the great moments that took place during summer this year. All the great moments. Really. All of them. English and German with English subs (still improvable, though). PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4932.en.html Saal 2 PUBLISH 4663@28C3@pentabarf.org 4663 cellular_protocol_stacks_for_internet Cellular protocol stacks for Internet GPRS, EDGE, UMTS, HSPA demystified English en 20111229T171500 20111229T181500 01H00M00S Cellular protocol stacks for Internet- GPRS, EDGE, UMTS, HSPA demystified Almost everyone uses the packet oriented transmission modes of cellular networks. However, unlike TCP/IP, Ethernet and Wifi, not many members of the hacker commnunity are familiar with the actual protocol stack for those services. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4663.en.html Saal 1 Harald Welte PUBLISH 4903@28C3@pentabarf.org 4903 changing_techno_optimists_by_shaking_up_the_bureaucrats Changing techno-optimists by shaking up the bureaucrats English en 20111230T171500 20111230T181500 01H00M00S Changing techno-optimists by shaking up the bureaucrats PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4903.en.html Saal 2 Brenno de Winter PUBLISH 4760@28C3@pentabarf.org 4760 chokepointproject ChokePointProject - Quis custodiet ipsos custodes? Aggregating and Visualizing (lack of) Transparancy Data in near-realtime English en 20111230T140000 20111230T143000 00H30M00S ChokePointProject - Quis custodiet ipsos custodes?- Aggregating and Visualizing (lack of) Transparancy Data in near-realtime The object of the lecture is to present and discuss the chokepointproject. How it (will) attempt(s) to aggregate and visualize near-realtime global internetwork data and augment this visualisation with legislative, commercial(ownership) and circumvention information. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4760.en.html Saal 2 Ruben Bloemgarten PUBLISH 4899@28C3@pentabarf.org 4899 closing_event Closing Event English en 20111230T183000 20111230T190000 00H30M00S Closing Event PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4899.en.html Saal 1 Frank Rieger PUBLISH 4755@28C3@pentabarf.org 4755 counterlobbying_eu_institutions Counterlobbying EU institutions How to attempt to counter the influence of industry lobbyists and political forces aiming towards increasing control over the Internet English en 20111228T171500 20111228T181500 01H00M00S Counterlobbying EU institutions- How to attempt to counter the influence of industry lobbyists and political forces aiming towards increasing control over the Internet Return of experience about opposing #censorship #ACTA #censilia #copywrong and promoting #openness and #netneutrality to the EU institutions. Strategic and tactical perspectives by two old and tired activists. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4755.en.html Saal 3 Christian Bahls - MOGiS e.V. Jérémie Zimmermann PUBLISH 4730@28C3@pentabarf.org 4730 crowdsourcing_genome_wide_association_studies Crowdsourcing Genome Wide Association Studies Freeing Genetic Data from Corporate Vaults English en 20111228T230000 20111229T000000 01H00M00S Crowdsourcing Genome Wide Association Studies- Freeing Genetic Data from Corporate Vaults It was only a couple of years ago that generating genetic information about individuals was expensive and laborious work. Modern techniques have drastically cut cost and time needed to get an insight into one's genome and have ultimately led to the formation of personal genetics companies – like 23andMe, deCODEme and others – that now offer direct-to-customer genetic testing. With a price tag of those tests starting at about 100 €, the number of people that do such tests is on the rise. By now, 23andMe alone has over 100.000 paying customers, with over 60.000 of them willing to donate their genetic data and to actively participate in research projects by filling out surveys, e.g. on their medical histories. This has resulted in a high-quality dataset with genetic information of 60.000 individuals. The best part: The data has already been paid for by the participants in the research. Who would not love to get their hands on data like this? Unfortunately, the data sits locked away in corporate vaults, inaccessible to interested (citizen) scientists. But what if we could change this? We've created openSNP, a central, open source, free-to-use repository which lets customers of genotyping companies upload their genotyping data and annotate them with phenotypes. OpenSNP provides its users with the latest scientific research on their genotypes and lets scientists download annotated genotypes to make science more open. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4730.en.html Saal 3 Bastian Greshake Philipp Bayer PUBLISH 4732@28C3@pentabarf.org 4732 datamining_for_hackers Datamining for Hackers Encrypted Traffic Mining English en 20111227T140000 20111227T150000 01H00M00S Datamining for Hackers- Encrypted Traffic Mining This talk presents Traffic Mining (TM) particularly in regard to VoiP applications such as Skype. TM is a method to digest and understand large quantities of data. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4732.en.html Saal 1 Stefan Burschka PUBLISH 4652@28C3@pentabarf.org 4652 data_mining_the_israeli_census Data Mining the Israeli Census Insights into a publicly available registry English en 20111228T124500 20111228T131500 00H30M00S Data Mining the Israeli Census- Insights into a publicly available registry The entire Israeli civil registry database has been leaked to the internet several times over the past decade. In this talk, we examine interesting data that can be mined and extracted from such database. Additionally, we will review the implications of such data being publicly available in light of the upcoming biometric database. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4652.en.html Saal 2 Yuval Adam PUBLISH 4788@28C3@pentabarf.org 4788 datenvieh_oder_daten_fee Datenvieh oder Daten-Fee Welchen Wert haben Trackingdaten? German de 20111229T183000 20111229T193000 01H00M00S Datenvieh oder Daten-Fee- Welchen Wert haben Trackingdaten? Eine nüchterne Untersuchung der Verfahren zum Nutzertracking und des wirtschaftlichen Wertes von Tracking- und Userdaten. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4788.en.html Saal 3 Rene Meissner PUBLISH 4723@28C3@pentabarf.org 4723 dc_plus_the_protocol DC+, The Protocol Technical defense against data retention law English en 20111230T160000 20111230T170000 01H00M00S DC+, The Protocol- Technical defense against data retention law The idea of Dining Cryptographers-Networks (DC) offers a much better anonymity compared to MIX-Networks: Defined anonymity sets, no need to trust in a central service, no possible attack for data retention. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4723.en.html Saal 3 klobs PUBLISH 4781@28C3@pentabarf.org 4781 deceiving_authorship_detection Deceiving Authorship Detection Tools to Maintain Anonymity Through Writing Style & Current Trends in Adversarial Stylometry English en 20111229T160000 20111229T170000 01H00M00S Deceiving Authorship Detection- Tools to Maintain Anonymity Through Writing Style & Current Trends in Adversarial Stylometry Stylometry is the art of detecting authorship of a document based on the linguistic style present in the text. As authorship recognition methods based on machine learning have improved, they have also presented a threat to privacy and anonymity. We have developed two open-source tools, Stylo and Anonymouth, which we will release at 28C3 and introduce in this talk. Anonymouth aids individuals in obfuscating documents to protect identity from authorship analysis. Stylo is a machine-learning based authorship detection research tool that provides the basis for Anonymouth's decision making. We will also review the problem of stylometry and the privacy implications and present new research related to detecting writing style deception, threats to anonymity in short message services like Twitter, examine the implications for languages other than English, and release a large adversarial stylometry corpus for linguistic and privacy research purposes. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4781.en.html Saal 3 Michael Brennan Rachel Greenstadt PUBLISH 4736@28C3@pentabarf.org 4736 defending_mobile_phones Defending mobile phones English en 20111227T214500 20111227T224500 01H00M00S Defending mobile phones Cell phone users face an increasing frequency and depth of privacy intruding attacks. Defense knowledge has not scaled at the same speed as attack capabilities. This talk intends to revert this imbalance. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4736.en.html Saal 1 Karsten Nohl Luca Melette PUBLISH 4910@28C3@pentabarf.org 4910 demokratie_auf_saechsisch Demokratie auf Sächsisch German de 20111227T160000 20111227T170000 01H00M00S Demokratie auf Sächsisch Alles begann im Vorfeld des 13. Februar 2010. Nachdem sich der sogenannte rechte Trauermarsch am Jahrestag der Bombardierung Dresdens innerhalb weniger Jahre zum größten Naziaufmarsch Europas entwickelt hatte, gründete sich 2009 ein bundesweites Bündnis aus Antifa-Gruppen, Parteien und Zivilgesellschaft mit dem Ziel, diesen zu blockieren. Soviel Engagement gegen Rechts war den sächsischen Behörden jedoch von Anfang ein Dorn im Auge, so dass die Oberstaatsanwaltschaft Dresden bereits im Januar 2009 den Vorwurf des „Aufrufs zu Straftaten“ konstruierte, um Räumlichkeiten des Bündnisses zu durchsuchen, Plakate zu beschlagnahmen und so die Mobilisierung nach Dresden zu unterbinden. Die Taktik ging nicht auf: Am 13. Februar 2010 belagerten mehr als 10.000 Menschen den Aufmarschort, woraufhin der Naziaufmarsch nicht stattfand. Eine solche Schlappe wollten LKA und Staatsanwaltschaft nicht noch einmal hinnehmen. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4910.en.html Saal 3 Josephine Fischer Tobias Naumann PUBLISH 4901@28C3@pentabarf.org 4901 der_staatstrojaner_aus_sicht_der_technik Der Staatstrojaner Vom braunen Briefumschlag bis zur Publikation German de 20111227T160000 20111227T181500 02H15M00S Der Staatstrojaner- Vom braunen Briefumschlag bis zur Publikation 0zapftis wird aus Sicht der Technik und unter juristischen Gesichtspunkten analysiert. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4901.en.html Saal 1 0zapfths Constanze Kurz Frank Rieger Ulf Buermeyer PUBLISH 4675@28C3@pentabarf.org 4675 politik_neusprech_2011 „Die Koalition setzt sich aber aktiv und ernsthaft dafür ein“ Sprachlicher Nebel in der Politik German de 20111228T203000 20111228T213000 01H00M00S „Die Koalition setzt sich aber aktiv und ernsthaft dafür ein“- Sprachlicher Nebel in der Politik Aktuelle politische Texte (Reden, Interviews) werden auf Leerformeln, Füllsel und Übertreibungen untersucht, die den Text entlarven, selbst wenn der Autor versucht, die Hörer bzw. Leser einzulullen, bestimmte sprachliche Mittel verraten, welche eigentlichen Meinungen sich im Text verstecken. Auf diese Weise wird in den Texten sichtbar, was Wilson und Shea als „Fnord“ bezeichnen. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4675.en.html Saal 1 maha/Martin Haase PUBLISH 4749@28C3@pentabarf.org 4749 does_hacktivism_matter Does Hacktivism Matter? How the Btx hack changed computer law-making in Germany English en 20111227T183000 20111227T193000 01H00M00S Does Hacktivism Matter?- How the Btx hack changed computer law-making in Germany Do you remember those days when hackers were “real men?” When hacking was not yet a crime and the cyberspace an undiscovered land? Just before anti-hacking laws were introduced in Germany? Back in these days, the famous founding father of the CCC made the Bundespost (Germany's Federal Mail Service) meet its Waterloo, when they hacked Bildschirmtext (Btx)—the epitome of both technological utopias and dystopias at that time. But soon, hackers suffered a setback: new laws criminalized hacking in the name of fighting white-collar crimes. Simultaneously to the laws, things were getting rougher in the media and the public opinion. While being seen as a weird vanguard of technology before, hackers soon became pranksters and outlaws. Apparently hacktivism, the portmanteau word for hacking activism, had failed to shape the policies in the dawning information society. However, there are evidences that hacktivism had an impact on the new computer crime legislation—not in terms of having more, but less restrictions implemented in the law. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4749.en.html Saal 2 Kai Denker PUBLISH 4770@28C3@pentabarf.org 4770 dont_scan_just_ask Don't scan, just ask A new approach of identifying vulnerable web applications English en 20111228T131500 20111228T134500 00H30M00S Don't scan, just ask- A new approach of identifying vulnerable web applications For years, we tried to identify vulnerable systems in company networks by getting all the companies netblocks / ip addresses and scanning them for vulnerable services. Then with the growing importance of web applications and of course search engines, a new way of identifying vulnerable systems was introduced: "Google hacking". However this approach of identifying and scanning companies ip addresses as well as doing some Google hacking for the (known) URLs of the company doesn't take all aspects into account and has some limitations. At first we just check the systems which are obvious, the ones that are in the companies netblocks, the IP addresses that were provided by the company and the URLs that are known or can be resolved using reverse DNS. However how about URLs and systems that aren't obvious? Systems maybe even the company in focus forgot? Second, the current techniques are pretty technical. They don't take the business view into account at any point. Therefore we developed a new technique as well as framework to identify companies’ web pages based on a scored keyword list. In other words: From zero to owning all of a company’s existing web pages, even the pages not hosted by the company itself, with just a scored keyword list as input. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4770.en.html Saal 2 Fabian Mihailowitsch PUBLISH 4768@28C3@pentabarf.org 4768 eating_in_the_anthropocene Eating in the Anthropocene Transgenic Fish, Mutagenic Grapefruits and Space Potatoes English en 20111228T113000 20111228T123000 01H00M00S Eating in the Anthropocene- Transgenic Fish, Mutagenic Grapefruits and Space Potatoes Over the last few years hackers have begun to take a larger interest in food, gastronomy and agriculture. For many in the community the ability to create DIY molecular gastronomy hardware and recipes is an obvious entry point. This talk extends some of these early investigations beyond the kitchen and the chemical properties of food by looking at specific cultivars, food technology organizations, and connections between food systems, ecosystems and planetary change. Part 1 of the talk explores some of the more bizarre and interesting biotechnologies and genomes that make up the human food system on planet earth, including Chinese Space Potatoes, Mutagenic Grapefruits and Glowing Sushi. Pat 2 of the talk presents ideas of food system redesign particularly relevant to hackers and food explorers: utopian cuisines, resilient biotechnologies and eaters as agents of selection. In Part 3 we provide access to resources and propose interesting projects for black hat food hackers, DIY BIO foodies, and prospective food security researchers, such as mining the IAEA's database of radiation breeding, eating things that weren't meant to be eaten and defending agricultural biodiversity. By introducing less known stories from the history of food and technology, and providing access to resources we hope to get more hackers curious about exploring, questioning and redesigning our human food systems. BIO: Zack Denfeld & Cathrine Kramer run the Center for Genomic Gastronomy an independent research institute that studies the genomes and biotechnologies that make up the human food systems on the planet. They are currently in residence at Art Science Bangalore and a curating a show on the future of food at the Science Gallery in Dublin Ireland. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4768.en.html Saal 2 Cathrine Kramer Zack Denfeld PUBLISH 4738@28C3@pentabarf.org 4738 echtes_netz Echtes Netz Kampagne für Netzneutralität German de 20111228T124500 20111228T134500 01H00M00S Echtes Netz - Kampagne für Netzneutralität Anfang 2012 startet "Echtes Netz", die Kampagne für Netzneutralität, die vom Digitale Gesellschaft e.V. initiert und von der stiftung bridge gefördert wird. Die Kampagne macht sich zur Aufgabe, das Bewusstsein für den Wert eines echten Netzes zu steigern und mit Offline- und Onlineaktionen für eine gesetzliche Verankerung der Netzneutralität zu werben. Der Vortrag gibt einen Überblick auf die Debatte rund um die Netzneutralität in Deutschland und der EU und einen einen Ausblick auf die Kampagne. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4738.en.html Saal 1 Falk Lüke Markus Beckedahl PUBLISH 4680@28C3@pentabarf.org 4680 effective_dos_attacks_against_web_application_platforms Effective Denial of Service attacks against web application platforms We are the 99% (CPU usage) English en 20111228T140000 20111228T150000 01H00M00S Effective Denial of Service attacks against web application platforms- We are the 99% (CPU usage) This talk will show how a common flaw in the implementation of most of the popular web programming languages and platforms (including PHP, ASP.NET, Java, etc.) can be (ab)used to force web application servers to use 99% of CPU for several minutes to hours for a single HTTP request. This attack is mostly independent of the underlying web application and just relies on a common fact of how web application servers typically work. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4680.en.html Saal 1 Alexander ‘alech’ Klink Julian | zeri PUBLISH 4758@28C3@pentabarf.org 4758 ein_mittelsmannangriff_auf_ein_digitales_signiergeraet Ein Mittelsmannangriff auf ein digitales Signiergerät Bachelorarbeit Informatik Uni Kiel SS 2011 German de 20111228T183000 20111228T193000 01H00M00S Ein Mittelsmannangriff auf ein digitales Signiergerät- Bachelorarbeit Informatik Uni Kiel SS 2011 In dieser Arbeit wird gezeigt, wie unter Ausnutzung einer ungesicherten Verbindung zwischen einer sicheren Signaturerstellungseinheit und einem Anwender-PC eine qualifizierte elektronische Signatur gefälscht werden kann. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4758.en.html Saal 3 Alexander Koch PUBLISH 4668@28C3@pentabarf.org 4668 electronic_money Electronic money: The road to Bitcoin and a glimpse forward How the e-money systems can be made better English en 20111229T171500 20111229T181500 01H00M00S Electronic money: The road to Bitcoin and a glimpse forward- How the e-money systems can be made better The proposed talk provides a definition of the problem of creating e-money and after a review of the state of the art points out possible solutions and proposes questions for discussion for the properties of electronic money system. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4668.en.html Saal 3 Peio Popov PUBLISH 4844@28C3@pentabarf.org 4844 eu_datenschutz_internet_der_dinge EU-Datenschutz und das Internet der Dinge German de 20111227T214500 20111227T224500 01H00M00S EU-Datenschutz und das Internet der Dinge Derzeit arbeitet die EU-Kommission an der Modernisierung der Datenschutzrichtlinie. Dieser Beitrag informiert über den Stand der Dinge. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4844.en.html Saal 2 Andreas Krisch PUBLISH 4935@28C3@pentabarf.org 4935 eu_datenschutz_internet_der_dinge_en EU-Datenschutz und das Internet der Dinge (english translation) German de 20111227T214500 20111227T224500 01H00M00S EU-Datenschutz und das Internet der Dinge (english translation) Derzeit arbeitet die EU-Kommission an der Modernisierung der Datenschutzrichtlinie. Dieser Beitrag informiert über den Stand der Dinge. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4935.en.html Saal 2 Andreas Krisch PUBLISH 4818@28C3@pentabarf.org 4818 evolving_custom_communication_protocols Evolving custom communication protocols Hell Yeah, it's rocket science English en 20111230T171500 20111230T181500 01H00M00S Evolving custom communication protocols- Hell Yeah, it's rocket science Even after years of committee review, communication protocols can certainly be hacked, sometimes highly entertainingly. What about creating a protocol the opposite way? Start with all the hacks that can be done and search for a protocol that gets around them all. Is it even possible? Part Time Scientists has used a GPU to help design our moon mission protocols and we'll show you the what and how. Danger: Real code will be shown! PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4818.en.html Saal 3 Wes Faler PUBLISH 4866@28C3@pentabarf.org 4866 fnord_jahresrueckblick Fnord-Jahresrückblick von Atomendlager bis Zensus German de 20111229T230000 20111230T000000 01H00M00S Fnord-Jahresrückblick- von Atomendlager bis Zensus Auch dieses Jahr werden wir euch wieder mit den Fnords des Jahres zu unterhalten suchen. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4866.en.html Saal 1 Felix von Leitner Frank Rieger PUBLISH 4740@28C3@pentabarf.org 4740 frag_den_staat Frag den Staat Praktische Informationsfreiheit German de 20111229T140000 20111229T143000 00H30M00S Frag den Staat- Praktische Informationsfreiheit FragDenStaat.de startete am 1. August 2011 als Plattform zum Stellen von Anfragen nach dem Informationsfreiheitsgesetz und veröffentlicht dort die Korrespondenz mit den Behörden nach dem Vorbild von whatdotheyknow.com and befreite-dokumente.de. Der Vortrag wird die Plattform vorstellen, zeigen wie die Seite Antragssteller bei ihrem Recht auf Akteneinsicht unterstützt und die interessantesten Vorfälle genauer beleuchten. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4740.en.html Saal 2 Stefan Wehrmeyer PUBLISH 4742@28C3@pentabarf.org 4742 from_press_freedom_to_the_freedom_of_information From Press Freedom to the Freedom of information Why every citizen should be concerned English en 20111230T124500 20111230T134500 01H00M00S From Press Freedom to the Freedom of information- Why every citizen should be concerned This talk is about: - Information freedom and the issues for the citizens - RWB ressources: a “human network” - RWB needs: Get involved! PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4742.en.html Saal 1 Reporters Without Borders PUBLISH 4775@28C3@pentabarf.org 4775 hacker_jeopardy Hacker Jeopardy Number guessing for geeks German de 20111229T001500 20111229T021500 02H00M00S Hacker Jeopardy- Number guessing for geeks The Hacker Jeopardy is a quiz show. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4775.en.html Saal 1 Ray Stefan 'Sec' Zehl PUBLISH 4934@28C3@pentabarf.org 4934 hacker_jeopardy_translation Hacker Jeopardy Translation English en 20111229T001500 20111229T020000 01H45M00S Hacker Jeopardy Translation PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4934.en.html Saal 3 PUBLISH 4871@28C3@pentabarf.org 4871 hacking_mfps Hacking MFPs Part2 - PostScript: Um, you've been hacked English en 20111228T171500 20111228T181500 01H00M00S Hacking MFPs- Part2 - PostScript: Um, you've been hacked We have decided to continue our research onto PostScript realms - an old, very powerful and nicely designed programming language, where (as a coincidence or not, given it's numerous security flaws) Adobe owns most PostScript interpreters instances. This time we demonstrate that PostScript language, given it's power, elegance and Turing-completeness, can be used more than just for drawing dots, lines and circles - and to a certain extent it can be a hacker's sweet delight if fully mastered. We will be presenting a real-life implementation of unusual PostScript APIs (along with it's dissection and reconstructed documentation) that interact with various levels of OS and HW, implementation we have found in a TOP10 printer vendor product line. Also, we will investigate whether a PostScript-based (hence platform-independent) virus (18+ years after first proposals of such theory) can be acomplished, thus giving theoretical hints and few building blocks in this direction. We will also present some very constructive uses of the PostScript language in the creative (i.e. non-destructive) hacking direction. In the end, we will try to summarize our conclusions and possible solution for all parties involved (vendors, users, sysadmins, security experts). With this research we hope we can prove that entire printer industry (devices, printing software/drivers/subsystems, publishing and managed services) have to be rethought security-wise, so that it can withstand in the long run the current security landscape and threats. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4871.en.html Saal 1 Andrei Costin PUBLISH 4800@28C3@pentabarf.org 4800 how_governments_have_tried_to_block_tor How governments have tried to block Tor English en 20111228T183000 20111228T193000 01H00M00S How governments have tried to block Tor Iran blocked Tor handshakes using Deep Packet Inspection (DPI) in January 2011 and September 2011. Bluecoat tested out a Tor handshake filter in Syria in June 2011. China has been harvesting and blocking IP addresses for both public Tor relays and private Tor bridges for years. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4800.en.html Saal 1 Jacob Appelbaum Roger Dingledine PUBLISH 4686@28C3@pentabarf.org 4686 implementation_of_mitm_attack_on_hdcp_secured_links Implementation of MITM Attack on HDCP-Secured Links A non-copyright circumventing application of the HDCP master key English en 20111229T183000 20111229T193000 01H00M00S Implementation of MITM Attack on HDCP-Secured Links- A non-copyright circumventing application of the HDCP master key A man-in-the-middle attack on HDCP-secured video links is demonstrated. The attack is implemented on an embedded Linux platform, with the help of a Spartan-6 FPGA, and is capable of operating real-time on HD video links. It utilizes the HDCP master key to derive the corresponding private keys of the video source and sink through observation and computation upon the exchanged public keys. The man-in-the-middle then genlocks its raster and cipher state to the incoming video stream, enabling it to do pixel by pixel swapping of encrypted data. Since the link does no CRC or hash verification of the data, one is able to forge video using this method. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4686.en.html Saal 1 bunnie PUBLISH 4688@28C3@pentabarf.org 4688 introducing_osmo_gmr Introducing Osmo-GMR Building a sniffer for the GMR satphones English en 20111229T203000 20111229T213000 01H00M00S Introducing Osmo-GMR- Building a sniffer for the GMR satphones The latest member of the Osmocom-family projects, osmo-gmr focuses on the GMR-1 (GEO Mobile Radio) air interface used in some satellite Phones. This talk will shortly present the GMR protocol, the Thuraya network that uses this protocol in the Eurasian/African and Australian continents and finally details how you can capture samples and process them for analysis using osmo-gmr. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4688.en.html Saal 3 Sylvain Munaut PUBLISH 4908@28C3@pentabarf.org 4908 jahresrueckblick_2011 Jahresrückblick German de 20111229T113000 20111229T134500 02H15M00S Jahresrückblick Kaum hat es begonnen, da ist es auch schon wieder vorbei – das Jahr 2011. Also ist es wieder an der Zeit für den Rückblick auf Technikforschung und Nerd-Lobbyismus mit Hackerperspektive, der natürlich nie ohne Ausblick ist. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4908.en.html Saal 1 Andreas Bogk Constanze Kurz Erdgeist Frank Rieger PUBLISH 4928@28C3@pentabarf.org 4928 kinectfusion KinectFusion Real-time 3D Reconstruction and Interaction Using a Moving Depth Camera English en 20111229T151500 20111229T161500 01H00M00S KinectFusion- Real-time 3D Reconstruction and Interaction Using a Moving Depth Camera This project investigates techniques to track the 6DOF position of handheld depth sensing cameras, such as Kinect, as they move through space and perform high quality 3D surface reconstructions for interaction. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4928.en.html Saal 1 David Kim PUBLISH 4905@28C3@pentabarf.org 4905 lightning_talks_day_2 Lightning Talks Day 2 English en 20111228T124500 20111228T150000 02H15M00S Lightning Talks Day 2 PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4905.en.html Saal 3 Nick Farr PUBLISH 4906@28C3@pentabarf.org 4906 lightning_talks_day_3_pecha_kucha Lightning Talks Day 3 Pecha Kucha Round! English en 20111229T124500 20111229T150000 02H15M00S Lightning Talks Day 3- Pecha Kucha Round! PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4906.en.html Saal 3 Nick Farr PUBLISH 4907@28C3@pentabarf.org 4907 lightning_talks_day_4 Lightning Talks Day 4 English en 20111230T124500 20111230T150000 02H15M00S Lightning Talks Day 4 PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4907.en.html Saal 3 Nick Farr PUBLISH 4813@28C3@pentabarf.org 4813 macro_dragnets Macro dragnets: Why trawl the river when you can do the whole ocean What happens when data collection goes awry in the 21st century English en 20111227T214500 20111227T224500 01H00M00S Macro dragnets: Why trawl the river when you can do the whole ocean- What happens when data collection goes awry in the 21st century As governments increase their data collection capabilities software developers are stepping up to both utilize and augment surveillance capabilities. DNA databases, facial recognition, behavioral patterning, and geographic profiling are all in use today. Police are crowdsourcing identification of suspects and citizens are willingly participating. This talk will cover real technologies in place today as well as educated speculation of what is coming next. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4813.en.html Saal 3 Redbeard PUBLISH 4897@28C3@pentabarf.org 4897 keynote Marriage From Hell: On the Secret Love Affair Between Dictators and Western Technology Companies English en 20111227T113000 20111227T123000 01H00M00S Marriage From Hell: On the Secret Love Affair Between Dictators and Western Technology Companies While it's old news that authoritarian regimes regularly rely on censorship and surveillance technology supplied to them by Western companies, 2011 was a year (thanks, in part, to the Arab Spring) when it became a hot issue in the public debate. While politicians on both sides of the Atlantic have recently committed to ban the sale of such technologies to dictators, it's not clear whether such measures would prove effective (or merely drive the sale of such technologies underground) or simply stimulate the growth of Chinese, Russian and Indian companies. More disturbingly, there is still very little awareness – at least among the general public – that many of the tools that are currently exported to authoritarian states have been designed to help fight "The Global War On Terror" and are thus inextricably linked to domestic policies of Western states. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4897.en.html Saal 1 Evgeny Morozov PUBLISH 4832@28C3@pentabarf.org 4832 neue_leichtigkeit "Neue Leichtigkeit" when unconditional artistic freedom happens German de 20111230T001500 20111230T014500 01H30M00S "Neue Leichtigkeit"- when unconditional artistic freedom happens Despite the vast new possibilities new medias offer to artists, musicians and composers, regulation authorities and governments are trimming creative minds in their freedom, introducing new laws, filters and limitations. On the example of "Europa: Neue Leichtigkeit" the immanence of unconditional artistic freedom in creativity is brought to the audience. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4832.en.html Saal 1 Alex Antener Amelie Boehm Andrin Uetz Jonas Bischof ruedi tobler Samuel Weniger PUBLISH 4761@28C3@pentabarf.org 4761 new_ways_im_going_to_hack_your_web_app New Ways I'm Going to Hack Your Web App English en 20111229T214500 20111229T224500 01H00M00S New Ways I'm Going to Hack Your Web App Writing secure code is hard.  Even when people do it basically right there are sometimes edge cases that can be exploited. Most the time writing code that works isn’t even the hard part,  it’s keeping up with the changing attack techniques while still keeping an eye on all the old issues that can come back to bite you, straddling the ancient world of the 90’s RFCs and 2010’s HTML5 compatible browsers.  A lot like how Indiana Jones bridges the ancient and the modern...  Except for Indiana Jones 4. Let’s never talk about that again. Ever.   Take Facebook, Office 365, Wordpress, Exchange, and Live. These are applications that had decent mitigations to standard threats, but they all had edge cases. Using a mix of old and new ingredients, we’ll provide a sampler plate of clickjacking protection bypasses, CSRF mitigation bypasses, "non-exploitable" XSS attacks that are suddenly exploitable and XML attacks where you can actually get a shell; and we'll talk about how to defend against these attacks. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4761.en.html Saal 1 Jesse Ou Rich PUBLISH 4927@28C3@pentabarf.org 4927 noc_review_28c3_camp NOC Review NOC Review about the Camp 2011 and 28C3 English en 20111230T143000 20111230T150000 00H30M00S NOC Review- NOC Review about the Camp 2011 and 28C3 A review about the camp and the congress network. Network layout, planning, setup, operation and finally the teardown. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4927.en.html Saal 2 Kay Will Hargrave PUBLISH 4821@28C3@pentabarf.org 4821 not_your_grandfathers_moon_landing Not your Grandfathers moon landing Hell yeah, it's Rocket Science 3.1415926535897932384626! English en 20111229T113000 20111229T123000 01H00M00S Not your Grandfathers moon landing- Hell yeah, it's Rocket Science 3.1415926535897932384626! We got a new rover and it's much more awesome than last year! Ok, there's a bit more to it :-) The basics, we are team of part-time scientists and engineers who want to send a rover to the moon before the end of the year 2013. There is a lot to be done towards this first private moon landing and we want to take the chance to explore what we want to do and show what we already accomplished in the past 12 months. The talk will feature important technical milestone like our very first R3 rover prototype and great events like the CCCamp11. There is also be a live demonstration of the very first R3A rover right in the presentation. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4821.en.html Saal 2 Karsten Becker Robert Böhme PUBLISH 4722@28C3@pentabarf.org 4722 dick_size_war_for_nerds NPC - Nerds’ Pissing Contest Mein Ruby ist besser als dein urxvt! German de 20111229T001500 20111229T011500 01H00M00S NPC - Nerds’ Pissing Contest- Mein Ruby ist besser als dein urxvt! Hier geht es um die Gretchenfrage: „Welches Tool ist das beste?“ Dabei treten zwei Teams gegeneinander an und müssen live verschiedene $RANDOM\_NERD\_TASK auf ihren eigenen Rechnern lösen. Wer dabei zeigt, dass sein Tool das schnellere, schlankere, mächtigere, längere, größere^w^w^w^wist, gewinnt. Durch das Programm führen Jan „git-zsh-keynote-firefox“ Wulfes und Benjamin „bzr-fish-latexbeamer-chrome“ Kellermann. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4722.en.html Saal 2 Benjamin Kellermann klobs PUBLISH 4656@28C3@pentabarf.org 4656 ooops_i_hacked_my_pbx Ooops I hacked my PBX Why auditing proprietary protocols matters English en 20111229T160000 20111229T163000 00H30M00S Ooops I hacked my PBX- Why auditing proprietary protocols matters This talk is cautionary tale about developers forgetting to remove debug interfaces from finished products and the need of repetitive system reviews. A midrange PBX systems (non web) configuration interface is used as an example of what flaws you can actually find in commercial systems. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4656.en.html Saal 2 pt PUBLISH 4759@28C3@pentabarf.org 4759 open_source_music_tracking_2_0 Open source music: Tracking 2.0 English en 20111229T163000 20111229T170000 00H30M00S Open source music: Tracking 2.0 Tracking is so 1990s. Nowadays MP3 and other similar formats are overwhelmingly more popular. But is this really a step forward? A (very) brief history of computer music, where we are at now, and why I think people are headed in the wrong direction. And what we can do about it. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4759.en.html Saal 2 Tom Hargreaves PUBLISH 4721@28C3@pentabarf.org 4721 pentanews_game_show_2k11 Pentanews Game Show 2k11/3 42 new questions, new jokers, same concept, more fun than last year! English en 20111228T001500 20111228T011500 01H00M00S Pentanews Game Show 2k11/3- 42 new questions, new jokers, same concept, more fun than last year! The Penta News Game Show rehashes a collection of absurd, day-to-day news items of 2011 to entertain the audience, let the Net participate, and make it's winners heroes. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4721.en.html Saal 1 Alien8 _john klobs PUBLISH 4804@28C3@pentabarf.org 4804 politik_hacken Politik hacken Kleine Anleitung zur Nutzung von Sicherheitslücken gesellschaftlicher und politischer Kommunikation German de 20111228T113000 20111228T123000 01H00M00S Politik hacken- Kleine Anleitung zur Nutzung von Sicherheitslücken gesellschaftlicher und politischer Kommunikation Klassischer Protest, konventionelle Demos, Online-Petitionen und Bürgerinitiativen werden seit einiger Zeit durch neue Instrumente der politischen Partizipation ergänzt. Deren Stärke liegt in dezentraler Organisation, Kommunikationsguerilla-Aktionen, diskursiver Intervention und kollaborativer Spontaneität. Der Vortrag stellt anhand von Beispielen ein Toolset an Möglichkeiten des regelverletzenden und gewaltfreien Mitmischens und Einmischens in Politik vor. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4804.en.html Saal 1 Alexander Müller Bärwulf Kannitschreiber Montserrat Graupenschläger PUBLISH 4660@28C3@pentabarf.org 4660 post_memory_corruption_memory_analysis Post Memory Corruption Memory Analysis Automating exploitation of invalid memory writes English en 20111228T214500 20111228T224500 01H00M00S Post Memory Corruption Memory Analysis- Automating exploitation of invalid memory writes Pmcma is a tool aimed at automating the most time consuming taskes of exploitation. It for instance determine why an application is triggering a segmentention fault, evaluate if the faulting instruction can be used to write to memory or execute arbitrary code, and list all the function pointers potentially called from a given point in time by an application. Pmcma is a totally new kind of debugger, which allows for easy experimentation with a process in memory by forcing it to fork. The exact replicas of the process created in memory can then be intrumented while keeping the properties (eg: state of variables, ASLR, permissions...) of the original process. Pmcma is an easily extensible framework available under the Apache 2.0 license from http://www.pmcma.org/ . PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4660.en.html Saal 3 endrazine PUBLISH 4706@28C3@pentabarf.org 4706 power_gadgets_with_your_own_electricity Power gadgets with your own electricity escape the basement and make the sun work for you English en 20111228T160000 20111228T170000 01H00M00S Power gadgets with your own electricity- escape the basement and make the sun work for you This talk, consisting of five distinct parts, is intended to show the audience how to get electricity without needing a grid connection. It will give information on * Which energy sources to use * What to power with them * What equipment to get * How to wire it up * And some wishful thinking Participants should be able to assemble their own small-scale energy-generating systems after listening. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4706.en.html Saal 2 Gunnar Thöle Jörg Dürre PUBLISH 4780@28C3@pentabarf.org 4780 print_me_if_you_dare Print Me If You Dare Firmware Modification Attacks and the Rise of Printer Malware English en 20111229T183000 20111229T193000 01H00M00S Print Me If You Dare- Firmware Modification Attacks and the Rise of Printer Malware Network printers are ubiquitous fixtures within the modern IT infrastructure. Residing within sensitive networks and lacking in security, these devices represent high-value targets that can theoretically be used not only to manipulate and exfiltrate the sensitive information such as network credentials and sensitive documents, but also as fully functional general-purpose bot-nodes which give attackers a stealthy, persistent foothold inside the victim network for further recognizance, exploitation and exfiltration. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4780.en.html Saal 2 Ang Cui Jonathan Voris PUBLISH 4712@28C3@pentabarf.org 4712 mining_your_geotags Privacy Invasion or Innovative Science? Academia, social media data, and privacy English en 20111228T160000 20111228T170000 01H00M00S Privacy Invasion or Innovative Science?- Academia, social media data, and privacy A practical discussion of how potentially revolutionary, yet ethically questionable data---such as that from facebook---is currently being handled in academia. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4712.en.html Saal 3 Conrad Lee PUBLISH 4756@28C3@pentabarf.org 4756 quantified_self_and_neurofeedback_mind_hacking Quantified-Self and OpenBCI Neurofeedback Mind-Hacking Transhumanism, Self-Optimization and Neurofeedback for post-modern hackers English en 20111228T230000 20111229T000000 01H00M00S Quantified-Self and OpenBCI Neurofeedback Mind-Hacking- Transhumanism, Self-Optimization and Neurofeedback for post-modern hackers Hacking Mind and Body – self knowledge through numbers and mental reprogramming Since ancient times humans were trying to improve themselves. Today we have open-source computer technology that helps us. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4756.en.html Saal 2 Christian Kleineidam MetaMind Evolution PUBLISH 4648@28C3@pentabarf.org 4648 quantum_of_science Quantum of Science How quantum information differs from classical English en 20111230T160000 20111230T170000 01H00M00S Quantum of Science- How quantum information differs from classical Quantum systems can have very different properties from their classical analogues which allows them to have states that are not only correlated but entangled. This allows for quantum computers running algorithms more powerful than those on classical computers (represented by Turing machines) and for quantum cryptography whose safety is (in principle) guaranteed by the laws of nature. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4648.en.html Saal 1 Robert Helling PUBLISH 4777@28C3@pentabarf.org 4777 r0ket r0ket++ The CCC-Badge English en 20111227T140000 20111227T150000 01H00M00S r0ket++- The CCC-Badge Now you've got that r0ket thing. What to do with it? PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4777.en.html Saal 2 lilafisch Stefan 'Sec' Zehl PUBLISH 4741@28C3@pentabarf.org 4741 neo_feudalism_or_why_julian_assange_might_be_wrong_after_all Resilience Towards Leaking or Why Julian Assange Might Be Wrong After All English en 20111230T113000 20111230T123000 01H00M00S Resilience Towards Leaking or Why Julian Assange Might Be Wrong After All In his now (in)famous pamphlet "Conspiracy as Governance" Julian Assange (JA) argues about the need for leaking as an efficient way to destroy "unjust" groups as the neo-feudalistic ones - luring the conspiracy theory leaning hacker community into his belief system. Eventually, JA used a biologistic argument on the benefits and drawbacks that uncontrolled leaking might pose for "just" and "unjust" systems, arriving at the conclusion that "unjust" systems are hurt more and thus will be less viable, essentially being destroyed by more "just" systems. While an innovative proposal, the underlying assumptions on complexity, network theory, and especially the evolutionary perspectives were never critically assessed. Some blogs and media raised questions on details and potential threats to innocent bystanders. Still, fundamental problems with the philosophy were never addressed. This paper argues against the general validity of such theories. In particular, we will refute some of the biologistic arguments. Theoretical biology has long ago pointed out the hidden complexity in evolutionary processes and as such the envisioned "leaking revolution" might be a limited artifact: there might even arise situations where the leaking envisioned and encouraged by Wikileaks and the like can actually strengthen some "conspiracies". In this paper I will describe some research questions, that should be answered before given the “leaking philosophy” an unconditioned “thumbs-up”. Empirically, for example, a potential strengthening is illustrated by the rise of a 'neo-feudalistic economy', which is linked closely to the paradigm of "intellectual property" as it is to the security-financial-political complex. The players have effectively created a closed network or a "conspiracy" and might be resilient towards Wikileaks-like attacks. The paper concludes with an alternative to that proposal; in particular, a way to deal with the 'conspiracy' that might be coined the rise of the neo-feudalistic society (which in itself is a self-sustainable, self-amplifying feedback loop, not necessarily a conscious conspiracy). PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4741.en.html Saal 2 Kay Hamacher PUBLISH 4735@28C3@pentabarf.org 4735 reverse_engineering_a_qualcomm_baseband Reverse-engineering a Qualcomm baseband English en 20111228T203000 20111228T213000 01H00M00S Reverse-engineering a Qualcomm baseband Despite their wide presence in our lives, baseband chips are still nowadays poorly known and understood from a system point of view. Some presentations have hilighted vulnerabilities in GSM stacks across various models of basebands (cf. 27c3: _All your baseband are belong to us_ by R-P. Weinmann). However none of them actually focused on the details of how a baseband operating system really works. This is the focus of our presentation. From the study of a simple 3G USB stick equipped with a Qualcomm baseband, we will discuss how to dump the volatile memory, reverse-engineer the proprietary RTOS, and ultimately execute and debug code while trying to preserve the real-time system constraints. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4735.en.html Saal 3 Guillaume Delugré PUBLISH 4847@28C3@pentabarf.org 4847 reverse_engineering_usb_devices Reverse Engineering USB Devices English en 20111228T140000 20111228T143000 00H30M00S Reverse Engineering USB Devices While USB devices often use standard device classes, some do not. This talk is about reverse engineering the protocols some of these devices use, how the underlying USB protocol gives us some help, and some interesting patterns to look for. I'll also detail the thought processes that went into reverse engineering the Kinect's audio protocol. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4847.en.html Saal 2 Drew Fisher PUBLISH 4811@28C3@pentabarf.org 4811 rootkits_in_your_web_application Rootkits in your Web application Achieving a permanent stealthy compromise of user accounts with XSS and JS injection attacks. English en 20111228T203000 20111228T213000 01H00M00S Rootkits in your Web application- Achieving a permanent stealthy compromise of user accounts with XSS and JS injection attacks. XSS bugs are the most widely known and commonly occurring Web vulnerability, but their impact has often been limited to cookie theft and/or simple actions, such as setting malicious email filters, stealing some data, or self-propagation via an XSS worm. In this work, I discuss practical approaches for exploiting XSS and other client-side script injection attacks, and introduce novel techniques for maintaining and escalating access within the victim's browser. In particular, I introduce the concept of _resident XSS_ where attacker-supplied code is running in the context of an affected user's main application window and describe its consequences. I also draw analogies between such persistent Web threats and the traditional rootkit model, including similarities in the areas of embedding malicious code, maintaining access, stealthy communication with a C&C server, and the difficulty of detecting and removing attacker-supplied code. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4811.en.html Saal 2 Artur Janc PUBLISH 4876@28C3@pentabarf.org 4876 die_spinnen_die_sachsen Sachsen dreht frei On- und Offline-Überwachung: Weil sie es können German de 20111227T124500 20111227T134500 01H00M00S Sachsen dreht frei- On- und Offline-Überwachung: Weil sie es können Die Meldungen aus Sachsen in diesem Jahr wirkten für alle, die nicht dort wohnen, ein bisschen, als kämen sie von einem sehr weit entfernten Stern. In regelmäßigen Abständen werden Dinge bekannt, die jeweils einzeln früher zum Rücktritt von Ministern geführt hätten. Funkzellenabfrage, §129-Verfahren, die Durchsuchung eines Pfarrers, Aberkennung der Immunität eines Fraktionsvorsitzenden wegen Rädelführerschaft: umfassende Kriminalisierung von Protesten gegen Nazis, und zwar weit bis in die "Mitte der Gesellschaft". Offline-Überwachung und -Drangsalierung sind in Sachsen Alltag. Der Talk gibt einen Überblick über den Stand der Dinge und warnt davor, sich (außerhalb Sachsens) gemütlich schaudernd zurückzulehnen. Denn: Wenn Sachsen damit durchkommt, setzt das Maßstäbe für andere Bundesländer. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4876.en.html Saal 1 Anne Roth PUBLISH 4661@28C3@pentabarf.org 4661 scade_and_plc_vulnerabilities_in_correctional_facilities SCADA and PLC Vulnerabilities in Correctional Facilities Tiffany Rad, Teague Newman, John Strauchs English en 20111227T160000 20111227T170000 01H00M00S SCADA and PLC Vulnerabilities in Correctional Facilities- Tiffany Rad, Teague Newman, John Strauchs Many prisons and jails use SCADA systems with PLCs to open and close doors. Using original and publically available exploits along with evaluating vulnerabilities in electronic and physical security designs, Newman, Rad and Strauchs have discovered significant vulnerabilities in PLCs used in correctional facilities by being able to remotely flip the switches to “open” or “locked closed” on cell doors and gates. This talk will evaluate and demo SCADA systems and PLC vulnerabilities in correctional and government secured facilities while recommending solutions. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4661.en.html Saal 2 Teague Tiffany Rad PUBLISH 4767@28C3@pentabarf.org 4767 security_log_visualization_with_a_correlation_engine Security Log Visualization with a Correlation Engine What's inside your network? English en 20111229T131500 20111229T134500 00H30M00S Security Log Visualization with a Correlation Engine- What's inside your network? This brief session focuses on the visualization of actual security incidents, network forensics and counter surveillance of covert criminal communications utilizing large data sets from various security logs and a very brief introduction to correlation engine logic. Visually displaying security or network issues can express the risk or urgency in a way a set of dry logs or other methods might not be able to. Additionally, many organizations rely on a more singular approach and react to security events, many times from a high false positive rate source such as isolated intrusion prevention or firewall alerts, or relying only on anti-virus alerts. Utilizing a correlation engine (especially open source) or similar applications could offer a method of discovering or in some cases proactively detecting issues. The research discussed involves analysis and interrogation of firewall, intrusion detection and prevention systems, web proxy logs and available security research. What does a compromised server infected with spam malware look like or cyber warfare? PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4767.en.html Saal 2 Chris Kubecka PUBLISH 4898@28C3@pentabarf.org 4898 security_nightmares Security Nightmares German de 20111230T171500 20111230T181500 01H00M00S Security Nightmares PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4898.en.html Saal 1 Frank Rieger Ron PUBLISH 4754@28C3@pentabarf.org 4754 smart_hacking_for_privacy Smart Hacking For Privacy English en 20111230T160000 20111230T170000 01H00M00S Smart Hacking For Privacy Advanced metering devices (aka smart meters) are nowadays being installed throughout electric networks in Germany, in other parts of Europe and in the United States. Due to a recent amendment especially in Germany they become more and more popular and are obligatory for new and refurbished buildings. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4754.en.html Saal 2 Dario Carluccio Stephan Brinkhaus PUBLISH 4798@28C3@pentabarf.org 4798 sovereign_keys Sovereign Keys A proposal for fixing attacks on CAs and DNSSEC English en 20111229T230000 20111230T000000 01H00M00S Sovereign Keys- A proposal for fixing attacks on CAs and DNSSEC This talk will describe the Sovereign Key system, an EFF proposal for improving the security of SSL/TLS connections against attacks that involve Certificate Authorities (CAs) or portions of the DNSSEC hierarchy. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4798.en.html Saal 3 Peter Eckersley PUBLISH 4817@28C3@pentabarf.org 4817 string_oriented_programming String Oriented Programming Circumventing ASLR, DEP, and Other Guards English en 20111227T230000 20111228T000000 01H00M00S String Oriented Programming- Circumventing ASLR, DEP, and Other Guards The protection landscape is changing and exploits are getting more and more sophisticated. Exploit generation toolkits can be used to construct exploits for specific applications using well-defined algorithms. We present such an algorithm for leveraging format strings and introduce string oriented programming. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4817.en.html Saal 3 Mathias Payer PUBLISH 4581@28C3@pentabarf.org 4581 taking_control_over_the_tor_network Taking control over the Tor network English en 20111229T113000 20111229T124500 01H15M00S Taking control over the Tor network This talk deals with weaknesses identified in the TOR network protocol and cryptography implementation. We manage to take control over users using this network and to access all your information and data exchanged despite cryptography. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4581.en.html Saal 3 Eric Filiol Seun Omosowon PUBLISH 4711@28C3@pentabarf.org 4711 the_atari_2600_video_computer_system_the_ultimate_talk The Atari 2600 Video Computer System: The Ultimate Talk The history, the hardware and how to write programs English en 20111227T124500 20111227T134500 01H00M00S The Atari 2600 Video Computer System: The Ultimate Talk- The history, the hardware and how to write programs Going more retro than the Commodore C=64: The Atari 2600 VCS was the breakthrough for video games in your own living room. This lecture will cover a bit of the history on how it came to live, describes the hardware used and shows how to write your own code for it. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4711.en.html Saal 3 Sven Oliver ('SvOlli') Moll PUBLISH 4748@28C3@pentabarf.org 4748 the_best_of_the_oxcars The best of The oXcars the greatest free/Libre culture show of all times English en 20111229T171500 20111229T181500 01H00M00S The best of The oXcars- the greatest free/Libre culture show of all times The Best of the oXcars! OXcars is fun. oXcars is empowering the people. Presentation and screening of the best of the oXcars 2011, 2010, 2009, 2008. Because their business is not our business. Every year, in Barcelona 1500 people gather for the biggest free/libre culture Show of all times ;-). Artists and performers from all areas of Spanish and international culture take part in a "Gala";-) in which artists say "Not in my name" to the commercialisation of culture, "Not in my name" to limiting the potential of digital media and to criminalization of the Internet. Civil society demands the 'lost profits' of all the knowledge that is being withheld and stolen from public use in the name of private profits. http://oxcars11.whois--x.net/en/ http://oxcars10.whois--x.net/en/ http://oxcars09.whois--x.net/en/ http://whois--x.net/proyectos/oxcars-08 PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4748.en.html Saal 2 Simona Xnet PUBLISH 4848@28C3@pentabarf.org 4848 the_coming_war_on_general_computation The coming war on general computation The copyright war was just the beginning English en 20111227T203000 20111227T213000 01H00M00S The coming war on general computation- The copyright war was just the beginning The last 20 years of Internet policy have been dominated by the copyright war, but the war turns out only to have been a skirmish. The coming century will be dominated by war against the general purpose computer, and the stakes are the freedom, fortune and privacy of the entire human race. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4848.en.html Saal 1 Cory Doctorow PUBLISH 4856@28C3@pentabarf.org 4856 the_engineering_part_of_social_engineering The engineering part of social engineering Why just lying your way in won't get you anywhere English en 20111230T140000 20111230T150000 01H00M00S The engineering part of social engineering- Why just lying your way in won't get you anywhere All the talks i saw about SE so far just showed which good SE's the speakers are. I try to do another approach, what if i get in and don't know what to do then. The talk is about the reconn. before the assessment, the different approaches of SE. Which techniques can one use, how to do a proper intel. and what is useful. How things work and more important why. Which skill set should one have before entering a engagement. And last but not least how do one counter a SE attack. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4856.en.html Saal 1 Aluc PUBLISH 4710@28C3@pentabarf.org 4710 the_future_of_cryptology The future of cryptology: which 3 letters algorithm(s) could be our Titanic? RMS Olympic, RMS Titanic, HMHS Britannic vs Discrete Logarithm, Integer factorization, Conjectured hard problems English en 20111229T203000 20111229T213000 01H00M00S The future of cryptology: which 3 letters algorithm(s) could be our Titanic?- RMS Olympic, RMS Titanic, HMHS Britannic vs Discrete Logarithm, Integer factorization, Conjectured hard problems The lessons and best practices of the titanic will be extracted. Are we ready? This will be a co-presentation (Jean-Jacques Quisquater / David Samyde) and occasional friendly exchange, with point and counter-point of different contrasting views on the impact of solving integer factorization and some other difficult problem in cryptography. The idea is to perform a provocative comparison between the 'unbreakable' RSA algorithm and the unsinkable Titanic. Receiving his RSA Conference Lifetime Achievement Award, Rivest said that it has not been demonstrated mathematically that factorization into primes is difficult. So “Factoring could turn out to be easy,” and according to him “maybe someone here will find the method”. Since 1994 and Shor's algorithm, the danger of quantum computer is known: breaking RSA in polynomial time. Factoring large numbers is conjectured to be computationally infeasible on classic non quantum computers. No efficient algorithm is known and the research in the last 30 years did not show enormous progress. Iceberg existence is predicted but not shown yet. According to Rivest a variety of alternative schemes have been developed in the decades since RSA was published, and a new system could probably be adopted quickly. This relies on solving factorization only, but several other cases can be considered, in some of them the action to replace RSA with a new algorithm could require more work than initially planned (solution to discrete logarithm). Managing the risk and the threat of the resolution of any major problem used in cryptography is crucial. This presentation challenges the conventional thinking using lessons learned from history. RSA users are everywhere so what could be the consequences of a break in the real world? What were the errors made on the Titanic? Can the best practices used be improved or just translated into a new scheme? What would be the impact of solving the RSA assumption on cryptography? The outline is: History of factorization Titanic primes and RSA keys Complexity, classes of algorithms and practical costs Risk analysis and Threat management Probability estimation and proactive monitoring From best to worst case Best methods and lessons learned Multiple scenari (Im)possibility of accurate prediction What to expect and how to be ready Conclusion Andrew Grove, former CEO of Intel said "Only the paranoid survive". Forecasting the presence of a strategic inflection point is hard. What to expect at the time of the next major cryptanalysis breakthrough? What history teaches? What remains to be done? Are we ready? PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4710.en.html Saal 2 Jean-Jacques Quisquater Renaud Devaliere PUBLISH 4751@28C3@pentabarf.org 4751 the_hack_will_not_be_televised The Hack will not be televised? Hacker in Movies English en 20111229T203000 20111229T213000 01H00M00S The Hack will not be televised?- Hacker in Movies Though hackers prefer being indivualists, a strong relationship towards Culture industry makes hacker culture a source and product at the same time. While you can laugh about most Hollywood movies presenting stereotypical hackers, you shouldn't ignore the influence they have. "And with the 1983 release of the hacker-thriller movie War Games, the scene exploded. It seemed that every kid in America had demanded and gotten a modem for Christmas", Bruce Sterling wrote in "The Hacker Crackdown". PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4751.en.html Saal 1 Caspar Clemens Mierau PUBLISH 4753@28C3@pentabarf.org 4753 the_movement_against_state_controlled_internet_in_turkey The movements against state-controlled Internet in Turkey A short account of its history and future challenges English en 20111227T183000 20111227T193000 01H00M00S The movements against state-controlled Internet in Turkey- A short account of its history and future challenges We are members of Alternatif Bilişim Derneği (Alternative Informatics Association)**, one of many organizations that oppose the ongoing efforts for state-controlled Internet in Turkey. We see that the problems with media control in Turkey and in Europe are increasingly becoming part of a global problem. The governments are working on their own view of a 'secure' Internet, and we have to articulate and suggest an alternative. In our talk we want to give an account of our anti-censorship movement and the challenges we face in Turkey. We will first provide an overview of the political events; sanctions, censorship regulations and attempts of resistance in the country. Then, we will point out the main problems we face in making use of laws and technology against state control. We would also like to use our presentation as an opportunity to meet people at the CCC with similar affinities and to learn from their experience. We see a great need to create global networks and communities to articulate an alternative message; the Internet as the peoples’ media. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4753.en.html Saal 3 Barış seda PUBLISH 4763@28C3@pentabarf.org 4763 the_science_of_insecurity The Science of Insecurity English en 20111228T160000 20111228T170000 01H00M00S The Science of Insecurity Why is the overwhelming majority of common networked software still not secure, despite all effort to the contrary? Why is it almost certain to get exploited so long as attackers can craft its inputs? Why is it the case that no amount of effort seems to be enough to fix software that must speak certain protocols? PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4763.en.html Saal 1 Meredith L. Patterson Sergey PUBLISH 4640@28C3@pentabarf.org 4640 time_is_on_my_side Time is on my Side Exploiting Timing Side Channel Vulnerabilities on the Web English en 20111228T183000 20111228T193000 01H00M00S Time is on my Side- Exploiting Timing Side Channel Vulnerabilities on the Web Timing side channel attacks are non-intrusive attacks that are still widely ignored in day-to-day penetration testing, although they allow attackers to breach the confidentiality of sensitive information. The reason for this is, that timing attacks are still widely considered to be theoretical. In this talk, I present a toolkit for performing practical timing side channel attacks and showcase several timing attacks against real-world systems. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4640.en.html Saal 2 Sebastian Schinzel PUBLISH 4802@28C3@pentabarf.org 4802 towards_a_single_secure_european_cyberspace Towards a Single Secure European Cyberspace? What the European Union wants. What the hackerdom can do.. English en 20111229T214500 20111229T224500 01H00M00S Towards a Single Secure European Cyberspace?- What the European Union wants. What the hackerdom can do.. The "European Great Firewall" was the way that European civil rights organizations has addressed the proposal to create a "single European cyberspace". Surely other lectures will describe the technicalities of the proposal. This lecture will go beyond that, describing a vulnerability that the proposal reveals in the power structures of the European and world governance, that could be exploited by the hackerdom if the war is understood as a value to be avoided. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4802.en.html Saal 2 Suso Baleato PUBLISH 4869@28C3@pentabarf.org 4869 tresor TRESOR: Festplatten sicher verschlüsseln German de 20111229T143000 20111229T150000 00H30M00S TRESOR: Festplatten sicher verschlüsseln Herkömmliche Festplattenverschlüsselungen legen notwendige Schlüssel im RAM ab. Dadurch sind sie schutzlos Angriffen wie Cold-Boot Attacken ausgeliefert, die auf den Arbeitsspeicher abzielen. TRESOR bietet Schutz gegen solche Angriffe. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4869.en.html Saal 2 tilo PUBLISH 4713@28C3@pentabarf.org 4713 what_is_in_a_name What is in a name? Identity-Regimes from 1500 to the 2000s English en 20111227T203000 20111227T213000 01H00M00S What is in a name?- Identity-Regimes from 1500 to the 2000s Starting with the history of birth-registration an overview on the historical regimes of naming and identifying people from the 15th to the 20th century is given. the talk will show examples of the different identity media through time and their standardization with the rise of the Westphalian nation state and the subsequent developments after the French Revolution and during the 20th century. The goal of the talk is to show the complexity of the phenomenon of personal names and their media and the need for an informed debate on who and how naming and identification in the digital age is achieved. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4713.en.html Saal 2 Christoph Engemann PUBLISH 4700@28C3@pentabarf.org 4700 what_is_whiteit What is WhiteIT and what does it aim for? Why you probably want to be concerned about it and similiar alliances. English en 20111227T124500 20111227T134500 01H00M00S What is WhiteIT and what does it aim for?- Why you probably want to be concerned about it and similiar alliances. This talk will be about the WhiteIT project, initiated by Mr Schünemann, German Minister of Interior in the state of Lower Saxony. The WhiteIT project is concerned with combating the online-distribution of child abuse material. WhiteIT tries to develop tools and processes to cooperatively suppress the disemination and (re-)distribution of said material. During the Talk the lecturer will try to encourage some open source intelligence. So please consider bringing a laptop, netbook or tablet with you to help gather and collect certain informations right away. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4700.en.html Saal 2 Christian Bahls -- MOGiS e.V. - Eine Stimme der Vernunft PUBLISH 4707@28C3@pentabarf.org 4707 your_disaster_crisis_revolution_just_got_pwned Your Disaster/Crisis/Revolution just got Pwned Telecomix and Geeks without Bounds on Security and Crisis Response English en 20111230T113000 20111230T123000 01H00M00S Your Disaster/Crisis/Revolution just got Pwned- Telecomix and Geeks without Bounds on Security and Crisis Response Software is becoming more and more important in organizing response to all kinds of crises, whether that means activists responding to an unjust government or aid workers helping with the aftermath of a disaster. Security often isn't the first thing people think about in these situations -- they have work to get done, just like the rest of us, and many of these tools are built in the heat of the moment. In a crisis, a lack of security can make a small disaster into a big one. In this talk, we'll look at real world experiences of the security and privacy problems in the field, and how to fix them, at both large and small levels. PUBLIC CONFIRMED Lecture http://events.ccc.de/congress/2011/Fahrplan/events/4707.en.html Saal 3 Herr Urbach willowbl00