Posts Tagged ‘Events’

Fahrplan Sneak

Monday, December 2nd, 2013

The final 30c3 schedule is going to be late, we know… however, please stay tuned, as it’s still work in progress, and we can promise the Fahrplan will be awesome!

We’d like to tell you about some of the security highlights at 30c3. There are three major groups of interest this year:

  1. Cryptography
  2. Hardware & Embedded Device Security
  3. Software & Protocol Reverse Engineering

First, let’s start with a cryptography highlight: Nadia Heninger, Tanja Lange and Daniel J. Bernstein will be presenting “This Year in Crypto”. They will cover stuff that was broken before and continues to be broken again and again. The talk will also cover the coming Cryptopocalyps, backdoors in cryptographic implementations and the authors’ worries and concerns in regard to crypto in general. It’s worth mentioning that they initially recommended that their talk should be part of the Art & Beauty Track, since crypto is beautiful (and finessing crypto is an art).

Another cryptographic highlight this year is a lecture by Dmitry Khovratovich who’s going to talk about White-Box Cryptography. He’s going to explain the differences between White-Box & Public-Key Cryptography and obfuscation. This will include an overview of the white-box crypto concept along with the most common applications and proposed designs.

The Hardware & Embedded Security track will also feature several noteworthy lectures this year. Due to the outstanding quality of the submissions, it’s difficult to mention just a handful of talks. However, we’d like to highlight the following ones:

Console Hacking 2013 – It’s the year of the Wii U. This talk will cover improvements made in the architecture over previous console generations. Still, its security system was completely bypassed, and the authors will show how the Wii U was broken in less than 31 days. You’ll be able to reproduce all of the presented attacks at home – if you bring basic knowledge of embedded systems and CPU architectures.

Staying on the topic of Embedded Security and Embedded Privacy, Martin Herfurt will be presenting his research on Hybrid broadband broadcast TV (HbbTV). This is the new de-facto standard, which is currently being rolled out around the world. This new standard raises several security and privacy concerns. Martin will cover the emerging standard and how to deal with those security & privacy concerns.

Dr. Peter Laackmann will be covering the last 25 years of smartcard hacking (in German). This will be a rather entertaining talk with many crazy IC analysis techniques that you don’t want to miss – even if you’re not that much into technical details of chip-card hacking (or German).

As already mentioned, there is a substantial number of excellent hardware-security related talks this year. To keep the blog post short, here are just a few more that deserve to be mentioned:

  • Ralf P. Weinmann will talk about Hexagon Challenges: Baseband Exploitation in 2013,
  • Dmitry Nedospasov will be presenting his approaches on physical attacks of ICs’ backsides,
  • Adrian Dabrowski is going to introduce you to the RFID Treehouse of Horror, and how to hack city-wide access control systems.

Though it’s difficult to categorize the remaining submissions, they include Software and Protocol Reverse Engineering as well as any remaining software security related topics.

Jan Schejbal and his colleagues reverse engineered one of the implementations of the CHIASMUS cipher, designed by the BSI (Bundesamt für Sicherheit in der Informationstechnik). This work will not only reveal insights on the non-public CHIASMUS-cipher, but also uncover serious implementation issues in the “official” GSTOOL. The implementation issues allow an attacker to crack files that have been encrypted with GSTOOL with very little effort.

Also worth mentioning: Collin Mulliner’s “Dynamic Dalvik instrumentation of Android Applications and the Android framework” as well as Andreas “Bogk’s Bug Class Genocide”. Ilja van Sprundel will try to debunk the greatness of a well known open-source project: the X11 or X.org code.

See you at 30c3!

30c3 Security team

The 30c3 Security-Track

Saturday, November 16th, 2013

German version below.

This year, in order to better align the workload with the actual expertise of the reviewers, several topic-specific teams were formed. (More here.) Security related topics were staffed by a team of three to four core members. Additionally, six reviewers with differing security background were supporting the review.

Since in some cases the content of the actual presentations overlapped with the focus of more than one content team, submissions were shifted back and forth. Most of the overlap occured between Hardware, DiY & Making, and Science & Engineering. Overlaps with Society, Politics & Ethics as well as Art & Beauty were also present, but were far less common.

Altogether, approximately 130 hours were allocated for presentations among the entire content-team of the 30c3. 30 hours from this pool were specifically allocated for the security track and further split into 30 and 60 minute slots. In the end, the security content track received additional timeslots and accumulated 31 hours of content in total. We initially received a collection of around 100 submissions, which is roughly a third of all submissions.

While filtering content, we initially focused on reverse engineering of software and protocols, cryptography, and hardware & embedded security-related topics. Fortunately, a large portion of the submissions fell into these categories so that we were not forced to reconsider this focus. The majority of the submissions covered contemporary IT security related issues and current developments, which have yet to receive sufficient public attention.

In the end, we tried to find a balance between various current and imporant security issues. In cases where multiple submissions covering a particular topic were received, the team made a conscious decision in favor of one particular talk to avoid redundancy. This also involved some difficult decisions pertaining to presentations covering unique, novel, or noteworthy topics.

Ultimately, the available time slots are limited. This resulted in recommending that talks instead be resubmitted at a later date or encouraging that they be presented as a lightning talk. In several cases requiring interaction with the audience or a hands-on approach, a workshop format was proposed instead.

In the coming days, the security track team will continue to publish a number of blog posts to highlight a few outstanding submissions from each of the three topic areas of the upcoming security track. Spoiler alert!

30c3 logo

In diesem Jahr wurden themenspezifische Content-Teams gebildet, um die Arbeitslast besser auf die Expertise mehrerer Reviewer zu verteilen. (Mehr dazu hier.) Das Team, das sich um die Security-Themen kümmerte, bestand im Kern aus drei bis vier Leuten. Dazu gehörte ein sechsköpfiges Reviewer-Team aus unterschiedlichen Fachbereichen.

Da es oftmals Überschneidungen mit den inhaltlichen Schwerpunkten anderer Teams gab, mußten hin und wieder Einreichungen hin- und hergeschoben werden. Die meisten Überschneidungen gab es mit den Teams Hardware, DIY & Making sowie Science & Engineering. Manche unserer Einreichungen wurden am Ende dort plaziert bzw. von anderen Teams entschieden. Weniger Überschneidungen gab es mit den anderen zwei Teams, Society, Politics & Ethics sowie Art & Beauty.

Insgesamt standen dem gesamten Content-Team fast 130 Stunden für die Vergabe von Slots für Vorträge, Entertainment und CCC-Themen zur Verfügung. Der Security-Track erhielt ein Kontingent von dreißig Stunden, die in ein- und halbstündige Slots aufgeteilt wurden. Mit einem “Notsitz” kamen wir schlußendlich auf etwa 31 Stunden. Etwas mehr als einhundert Einreichungen wurden dem Security-Track anfangs zugeordnet. Das entspricht etwa einem Drittel aller Einreichungen.

Thematisch wurde zu Beginn grob vorsortiert und ein Fokus auf die Themen Hardware & Embedded Security, Reverse-Engineering von Software und Protokollen sowie Erhellendes aus der Kryptographie gelegt. Glücklicherweise entsprach das Gros der hundert Einreichungen den gewünschten Schwerpunkten, so daß wir nicht gezwungen waren, an unseren inhaltlichen Erwartungen zu drehen. Der Großteil der Einreichungen deckte sehr zeitgemäße und vor allen Dingen auch aktuelle Entwicklungen ab, die bislang noch nicht oder nicht allzuoft in der Öffentlichkeit thematisiert wurden.

Somit haben wir in einer ersten Vorauswahl nach Ende der Deadline bereits die Einreichungen auf die Seite gelegt, die nicht zu unserem Themenschwerpunkt paßten. Letztlich haben wir versucht, eine Balance zwischen den verschiedenen aktuellen Themen zu finden. Gab es mehrere Einreichungen zu einem ähnlichen Thema, hat das Team darüber debattiert, wer den Zuschlag bekommt und wer nicht. Schwieriger war es am Ende, die Entscheidung über all die Einreichungen zu treffen, die thematisch einmalig waren und wo also jedes Thema aktuell und erwähnenswert ist.

Da die Zeit jedoch begrenzt ist, mußten wir leider viel zu viele Einreicher auf das nächste Jahr vertrösten oder haben sie motiviert, einen Lightning-Talk zu halten. In Fällen, wo eine gewisse Interaktion mit dem Publikum ohnehin angemessen wäre, schlugen wir die Organisation von Workshops vor, die allerdings nicht der Auswahl und der Organisation durch das Content-Team unterliegen.

Das Security-Content-Team wird in den kommenden Tagen eine Reihe von Blogpostings veröffentlichen, in denen jeweils aus einem der drei Themen-Schwerpunkte ein paar Highlights der angenommenen Vorträge präsentiert werden. Spoiler Alert!

On the acceptance and rejections in the 30c3 Society, Politics & Ethics track

Friday, November 15th, 2013

Within the next hours, everyone who submitted a talk or lecture (not: lightning talk or workshop) should receive their notice of acceptance or non-acceptance. Some of you will be disappointed, because talks that you considered important did not make it into the program. We would like to share with you how decisions were made and by which priorities, so everyone can have a better understanding of how the final Society, Politics & Ethics program came into existence.

First, we would like to give you some background on the content team process. In previous years, there was one global content team for all tracks. This year, we had five “track teams”,  each responsible for one track. The track teams consisted of subject matter experts who reviewed the submissions thoroughly. We did this in order to (a) reduce the work load on each content team member and (b) to increase the time for reviewing each submission.

Before we started, the total number of available congress slots was split up between the tracks. The resulting distribution of slots aimed at creating a proper balance between tech/science subjects, IT security questions and politics/society topics, as well as art & beauty and making/crafting. The CCC congress has always lived from its very wide area of subjects and topics, so distributing the available talk slots among different tracks is a good way to get the right mix.

The Society, Politics & Ethics track was assigned 29 hours out of 120 hours total lecture time. This does not include lightning talks, workshops, CCC related talks or evening shows. We received a total of more than 300 submissions to the congress – more than 120 of which were aiming at a slot in the  Society, Politics & Ethics track. Many submissions asked for slots even longer than one hour.

With regards to contents, this track’s goal is to reflect on last year’s important discussions and events in order to bring forward the debate in our community and in society in general and to – and this is just as important – have a number of talks that just widen the horizon and introduce you to fields you haven’t heard or thought about much so far. The overarching goal was of course to help forming connections between different communities in the fight for digital freedoms and to learn from each other’s successes and mistakes.

So, we needed to make some hard decisions.

The track team, after reviewing all submissions, came up with some rules to ensure general fairness between submissions:

  1. Maximum slot length is one hour.
  2. A number of talks has to be condensed to thirty minutes, so we can cover more topics.
  3. No panels – unless we have contrarian, extra-ordinary, kick-ass panel members.
  4. No lectures whose sole purpose is the introduction of a specific project (we humbly ask you to do this in a workshop or lightning talk).
  5. Strong international/European focus, no predominantly US-centric talks.

As a first step, we identified this year’s general topics of interest and clustered submissions into 12 resulting sections. Within each section, submissions were then rank-ordered. Judgements were made strictly based on the talk submission’s contents. As we have emphasized on numerous occasions before the submission deadline: Submitting a weak, hastily written or convoluted description or one that does not convey what you really want to talk about, immensely reduces your chance of acceptance.

After the first round of thorough reviewing and within-section ranking, we ended up with about twice as many talks as we could fit into the available time. This means: For every submission we accepted, we had to drop at least one other submission that we had also agreed to accept. As you can tell, this was when the really tough decisions had to be made.

At this point, there were two types of conflicts:

(a) the intra-subject conflict: When there were two submissions dealing with the same (or very similiar) topics, we had to opt for only one of them, in order to not discriminate other, just as important subjects. This is when we introduced speaker performance as a criterion. We looked at videos of previous talks, read through the rankings collected at previous CCC-events and asked around to hear about audience experiences with the speaker in question at other conferences.

(b) the inter-subject conflict: Even after (roughly) enforcing the one-slot-per-topic directive we had laid upon us, there was still not enough time. The only solution was to shorten submissions down to thirty minutes of length, and – ultimately – dropping them. So we sat down and made these uncomfortable decisions based on which talk might interest the bigger audience, has the higher relevance in the current situation.

In the end, only 35 submissions made it into the final program.

If your submission was accepted, please keep in mind that two other submissions had to be rejected to make space for you, one of which was originally considered indespensable by the track team. We trust that you will not disappoint our faith in you.

If your talk – or one that you feel strongly about – has not made it into the final 30C3 Society, Politics & Ethics track, don’t despair. You all were up against some very serious competition. We could have filled about twice as much time as we had and would still not have weak talks in the program. The other track teams faced similiar problems, just that they had (except for the Security & Hacking track) a far less dramatic submissions to available slots ratio.

To those of you who did not make it into the final round, there is one consolation: Judged by the number of rejected obviously-unrejectable submissions, we’re sure to have compiled a kick-ass program. :)

More information at 30c3? Here: https://events.ccc.de/congress/2013/wiki/Main_Page.

SIGINT 2013: Call for Participation

Thursday, February 21st, 2013

July 5th-7th, KOMED im Mediapark, Cologne, Germany

SIGINT13

sigint.ccc.de/cfp

SIGINT is an annual hacker conference organized by the Chaos Computer Club. It features talks covering both technical and social aspects of our digital society.

VOLUNTEERS For SIGINT to be as great as always, we need your help. First and foremost, we need eager volunteers to help on-site with the intricate details of organizing a conference for hundreds of people. Please register as a volunteer as soon as we have the registration online.

ARTS AND PROJECTS Asides from helping us having everything run smoothly, we’d gladly accept any kind of project that can be built upon our conference infrastructure. Do you have a cool project you want to show off? Great! You’re just dying to have a venue to try out your fancy new art installation? Cool! Drop us a line at sigint-content(at)koeln.ccc.de and we’ll see if we can sort it out.

TALKS As a community-organized conference, we want to offer you the best lectures you can get. For this, we need your talk submissions—we’re offering one-hour slots (including Q&A), and your talk will be recorded and put online after the conference. Unless you opt out, of course.

If you think you have a great talk that other hackers should listen to, great! Just submit it at our talk submission site!

In case you’re undecided on whether your talk is appropriate, here’s a list of things we are interested in:
Anything that is related to these topics or close enough is welcome too!

  • Signals intelligence and surveillance techniques, e.g. digital wiretapping, deep packet inspection, etc.
  • Mobile device hacking and telecommunications security and exploiting weaknesses in mobile app ecosystems
  • Network neutrality, i.e. the ownership, censorship, circumvention and the politics of de facto standards
  • Programming languages, the state of the art and research as well as interesting new or old applications
  • Privacy in the age of big data, ensuring it via policy or technical means, ethical considerations, etc.
  • (Post-)Privacy, conflict between the desires of an individual and the public regarding social networks and public spaces
  • Alternative worlds, communities in the deep web, augmented reality, hackerspaces and other environments
  • Storming the clouds, hacking, breaking, exploiting and securing cloud-based computing and storage ideas
  • Transparency and participation in politics and governance, sousveillance, open data and its applications
  • Physical hacking, making and fabbing, lockpicking, electronics and hardwarde design, artistic expression
  • Painting it green, concepts for reducing the ecological footprint our urban lifestyle has on the planet
  • Automation, labor market, terms of employment and future chances

As mentioned before, the above list is meant as an inspiration, and not a restriction. It is neither exhaustive nor complete.
All talk submissions will be reviewed and a benevolent selection of talks will try to represent the broadest possible spectrum to the best of our abilities.

SUBMISSION GUIDELINES (more…)

Junghackertag

Friday, December 28th, 2012

Education – not our department? Auf dem Junghackertrack am Tag 3 wendet sich der CCC an das junge Publikum. Zwischen 12 und 20 Uhr gibt es jede Menge zu tun: Alarmanlagen basteln, elektronische Käfer (pentabugs) basteln oder lernen, wie Schlösser funktionieren – das “Chaos macht Schule”-Projekt, ein Zusammenschluss mehrerer CCC-Erfas stellt sich und seine Arbeit vor. Während gebastelt wird, gibt es Vorträge zum “Chaos macht Schule”-Projekt, der kreativen Nutzung von Medien und Datenschutz. Außerdem steht das “Chaos macht Schule”-Team in einer Podiumsdiskussion Rede und Antwort.

Der Eintritt für Junghacker (bis 14 Jahre) inkl. einem Elternteil in der Zeit von 11:30 Uhr bis 17 Uhr (Einlaß) ist kostenlos. Die Workshops sind ebenfalls kostenlos, Spenden werden aber gerne entgegengenommen.

Mehr Informationen zum Projekt hier im Wiki.

Alle Workshops starten um 12 Uhr und dauern den ganzen Tag. Pausen sind allerdings möglich. Folgende Workshops werden angeboten:

  • von Schräge Runde/Alwin Weber: Blödsinn mit Lötzinn
  • von der Chaospott-Assembly: Alarmanlagenbau
  • von der C3D2-Assembly: pentabugs
  • von der C3D2-Assembly: pentalight
  • von der Lockpicking Assembly: Lockpicking ab 15 Uhr
  • sowie Vorträge (alle Saal 12)

Vorträge:

  • 12:30 Uhr: Datenschutz
  • 14 Uhr: Lockpicking
  • 15:30 Uhr: Runtergeladen und trotzdem gezahlt
  • 17 Uhr: Vorstellung von Chaos macht Schule
  • danach Diskussionsrunde

Alle Vorträge und Workshops auch nochmal hier: https://events.ccc.de/congress/2012/wiki/Junghackertag.

29C3 – Tickets and Pricing

Tuesday, October 9th, 2012

29C3 will cost us much more than standard tickets priced at 80 EUR will pay. Thus we’ll sell supporter tickets for 100 and 120 EUR. Please consider buying one of these. Help us minimize our losses and support others who can’t afford paying much more! Thanks a lot! :)

(more…)

u23 2012 in Köln

Monday, September 10th, 2012

Pixelrakete

Der Chaos Computer Club Cologne e.V. veranstaltet dieses Jahr bereits zum neunten Mal ein spannendes Projekt aus der Reihe “u23″ für NachwuchshackerInnen unter 23 Jahren.

An sieben Terminen werden wir in die Welt der Mikrocontroller aufbrechen. Die Teilnehmer werden mit einem STM32-Development-Board eine kleine Spielekonsole entwickeln.
Jeder Teilnehmer erhält ein STM32-ARM-Mikroprozessor-Board, ein Expansion Board und einen SNES-Controller. Nach einer Einführung in C werden die Boards von den Teilnehmern in Kleingruppen selbst zusammengelötet (keine SMD-Teile, nur passive DIP-Teile). In den weiteren Terminen gibt es eine Einführung in die vom C4 entwickelte Library zur Spielentwicklung. Danach kann der Kreativität freien Lauf gelassen werden, wenn in Gruppen eigene Spiele für das Board entwickelt werden. Wie immer endet das u23 mit einer Vorstellung der Ergebnisse auf dem November-OpenChaos.

Entwicklungsaufbau

Der Chaos Computer Club Cologne veranstaltet das u23 im nahezu jährlichen Rhythmus seit 2002. In der Vergangenheit behandelten wir beispielsweise die Themen Hardwarebastelei, Softwareentwicklung oder Grundlagen der Netzwerktechnik.

Im Rahmen der sieben Termine vom 20. Oktober bis 29. November 2012 beschäftigen sich die Teilnehmer eingehend mit der Programmierung simpler grafischer Spiele in C für unsere Plattform. Unsere Tutoren helfen den Gruppen die erforderlichen Kenntnisse zu erlernen, vermitteln Wissen und geben Denkanstösse.
Die Arbeit in den Gruppen wird durch die Eigeninitiative der Teilnehmer angetrieben und bietet darüber hinaus die Möglichkeit, außerhalb der Vortragstermine am gemeinsamen Projekt in den Clubräumen des Chaos Computer Club Cologne weiter zu arbeiten.

Alle Informationen und die Möglichkeit zur Anmeldung gibt es unter https://koeln.ccc.de/u23/.

Hey! What about the tickets for 29C3?

Tuesday, August 28th, 2012

As we had a lot of people asking, here some answers:

Q: How much will the tickets cost?
A: Our priority is to keep the price for the tickets as low as in the years before. So we currently assume that it will be around 80 Euros — as it was last year.

Q: What if I can not afford that?
A: There will be a friend’s request address as we had it before. More details coming with the start of the presale.

Q: But what is this friend’s request?
A: At 28C3 we handled it like this. Have a look.

Q: Ah, there will be a presale for tickets?
A: Yes, there will be a presale to buy a ticket in advance.

Q: So I have to set up my presale scripts again?
A: No, the new venue in Hamburg should be really big enough to fit all of us. Your time will be better invested if you start thinking about what you and/or your project/hackerspace/group could do with all that space!

Q: Why do you always say “There will be…”?
A: Please have a look outside — it’s still summer, isn’t it? Nevertheless your congress team is already working hard to make the congress possible again. So please be patient. If you keep an eye on this blog you won’t miss any information on tickets and presale.

Für Einreichungen zu den Datenspuren, bitte hier lang

Saturday, July 21st, 2012

Unter dem Motto “Voll verwanzt” lädt der Chaos Computer Club Dresden (C3D2) zu den diesjährigen Datenspuren am 13. und 14. Oktober 2012 nach Dresden.

Eine von den Beschränkungen von Raum und Zeit befreite Vernetzung der Menschen untereinander ist ein zentraler Aspekt unseres Lebens geworden. Traditionelle Kommunikationswege wie das gesprochene Wort oder schriftliche Ausarbeitungen haben eine jahrhundertealte Entwicklung hinter sich und sind ein fester Bestandteil unserer Sozialisation. Mit den neuen sich rasant ändernden Spielregeln der Kommunikation im Internet müssen wir uns hingegen erst noch vertraut machen:

  • Zentralisierung, Datenschutz und Datensicherheit
  • Dezentrale Systeme nutzen und betreiben
  • Warum wird Cloud-Kritik ignoriert?
  • Was verraten unsere Smartphones?
  • Verschlüsselung nutzen

Das Wissen über Technologien und über deren gesellschaftliche Auswirkungen ist eine Grundvoraussetzung für eine bewußte Teilhabe an der digitalen Lebenswirklichkeit. Das Symposium Datenspuren will dazu beitragen, dieses Wissen zu teilen und lädt alle selbstdenkenden Wesen, Hacker und kompatible Lebensformen ein, ihr Wissen zu mehren und weiterzugeben. Wir suchen noch Vorträge und Workshops rund um die Themen Datenschutz, Datensicherheit und Technikfolgenabschätzung. Dieses Jahr wird es eine Fortsetzung des Junghackertracks geben, Einreichungen für Kinder und Jugendliche sind daher besonders erwünscht.

Einreichungen bitte unter https://cccv.pentabarf.org/submission/DS2012.

Weitere Informationen unter http://datenspuren.de, bei Fragen bitte eine Mail an: datenspuren(at)c3d2.de

Zeit & Ort:

13./14. Oktober 2012

Kulturzentrum Scheune
Alaunstraße 36-40
01099 Dresden-Neustadt

Alles Aktuelle zu den Datenspuren via Twitter @datenspuren.

CfP: Hackover 2012 in Hannover

Tuesday, July 17th, 2012

An dem Wochenende vom 19. bis 21. Oktober 2012 wird das erste Hackover in Hannover stattfinden. Primär soll das Hackover der besseren Vernetzung von Hackerspaces, ChaosTreffs und Erfas in Norddeutschland dienen. Natürlich sind auch Teilnehmer aus anderen Teilen der Welt gerne gesehen.

Auf dem Hackover sollen vorwiegend Talks und Workshops stattfinden, die auf den klassischen CCC-Events aufgrund des größeren Umfangs keinen Platz finden. Zudem soll die Kommunikation und der Austausch bei den Talks nicht zu kurz kommen. Der Chaos Computer Club Hannover wird ausreichend Platz für die Durchführung mehrerer paralleler Tracks bieten. Die Anzahl der Tickets für das Hackover wird auf 250 begrenzt sein.

Ab sofort (bis voraussichtlich zum 31. August 2012) läuft der Call for Participation (CfP). Dort können Talks, Workshops und Projekte für das Hackover eingereicht werden.

Wenn Du also einen Talk, Workshop oder ein Projekt hast, welches Du auf dem Hackover vortragen bzw. vorstellen möchtest, kannst Du dieses jetzt einreichen. Weitere Informationen dazu findest Du auf http://hackover.de.