28C3: Behind enemy lines (2011)

#35C3 Memory Lane: Das erste Türchen

35c3-kalender 1

Das erste Türchen.

2011 war das letzte Jahr, in dem der Chaos Communication Congress im Berliner bcc gastierte. Passend zum damaligen Motto „Behind enemy lines“ kommentierte der Schriftsteller und Journalist Cory Doctorow in seinem Vortrag „The coming war on general computation“ vor vollem Haus die Copyright Wars.

Recordings of 28C3 talks available


The 28th Chaos Communication Congress ended yesterday and most of the talks are already available for download.


Credit goes to the FEM, who did a really tremendous job streaming the talks during the conference and who still continue their hard work by publishing the Official Releases of the last talks.

Did you really love certain events? Weren’t so excited about others? Let us know! You can leave feedback via the Fahrplan. Find the events you’d like to leave your thoughts on and click on the green “Give Feedback” link in the lower right …

Crypto talk at 28C3: Sovereign Keys – A proposal for fixing attacks on CAs and DNSSEC, Day 3, 23:00, Saal 3

Crypto talk at 28C3: Sovereign Keys – A proposal for fixing attacks on CAs and DNSSEC, Day 3, 23:00, Saal 3


After many attacks on X.509 and the internet PKI infrastructure, it became clear, that the current state does not meet the requirements for the upcoming challenges for secure internet communication in the future. CAs have been completely compromised, and weak cryptography used by PKIs has been broken in practice to issue rouge certificates. So there is a need for an alternative how to establish a binding between your public key and your identity. The EFF will present their proposal to improve the security of SSL/TLS connections this evening at the congress.

See the talk, Day 3, 23:00, Saal 3. …

“Neue Leichtigkeit”


Tonight the young Swiss music group “Europa” is bringing “new airiness” to the 28C3 in the form of a Gala. The main goal is to put in question the practice of the entertainment industry and alienate its conventions by overdriving them. It’s going to be an experiment you can become part of as spectators. Please watch the following teaser. [The teaser has been removed since the server hosting it was a temporary one located at 28c3. Check the vimeo link below or download the recording of the actual talk]

Video: http://vimeo.com/34302758
Link 28C3 Fahrplan: …

Crypto talk at 28C3: TRESOR: Festplatten sicher verschlüsseln, Day 3, 14:30, Saal 2


Some of you may remember the Cold Boot Attack. It’s a general method, how almost all disk encryption schemes on PCs and Laptop can be circumvented.

Usually, when a harddisk or just a partition is encrypted, the encryption software used, needs to store the keys in memory, as long as the filesystem is mounted. Three years ago, it was shown that this key can be extracted, just by removing the RAM module, and dumping it’s content on a second PC using a custom software. Alternatively, the system can be booted from a CD or USB-stick with a custom software, that dumps the content of the RAM. As long …

Crypto talk at 28C3: Implementation of MITM Attack on HDCP-Secured Links, Day 3, 18:30, Saal 1


On Day 3 of 28C3, an absolute crypto highlight will be presented. A Person-In-The-Middle (previously known as Man-In-The-Middle)attack against HDCP-secured links. For those who don’t know, HDCP is a protocol for digital video links like DVI, Display Port and HDMI, that encrypts the content between your PC or Blue-Ray player and your digital TV or display. HDCP was invented so that the encrypted high quality video, as you can find it on a Blue-Ray disc or HD-DVD will never be unencrypted in it’s digital form on the way to the display. If those systems would be secure, this could prevent pirated …

Crypto talk at 28C3: Bitcoin


Two Bitcoin related talks will be presented tomorrow. Bitcoin is a decentralized digital currency, and of course uses various cryptographic schemes as building blocks. Because Bitcoins can be exchanged with real money, Bitcoin is more than just an academic playground and real cash could be lost, if an attack on Bitcoin would be found.

The first talk Bitcoin – An Analysis will be presented by Kay Hamacher and Stefan Katzenbeisser. From the abstract:

In this presentation, we show results on network analysis of the money flow, the behavior of individuals, and the overall scalability of …

Crypto talk at 28C3: Time is on my Side – Exploiting Timing Side Channel Vulnerabilities on the Web, Day 2, 18:30, Saal 2


Side channel attacks are very well known in cryptography. In a nutshell, a side channel information (not the ciphertext or the public key) is used to recover a secret. This can be the time it takes for a cryptographic operation, the power consumption of a device, the variations in the electromagnetic field surrounding a device or just the acoustic noise produced by a device. Secure implementations of cryptographic schemes usually implement countermeasures against these kind of attacks.

In contrast to the cryptography world, side channel attacks are not very well known in the general IT …

Crypto Talk at 28C3: Ein Mittelsmannangriff auf ein digitales Signiergerät, Day 2, 18:30, Saal 3


Alexander Koch will be presenting the results of his bachelor thesis at 28C3. In his thesis, he implemented a person-in-the-middle-attack (don’t call it man-in-the-middle attack) against a USB chipcard reader for digital signatures. Instead of modifying  the software on the users PC, he implemented a USB hardware device, that can be plugged in between the chip card reader and the host PC. Because the device behaves passively as long as no signature is made, it is hard to detect from any kind of security software from the PC side. When a signature is made, the device can transmit a different …

Crypto Talk at 28C3: Effective Denial of Service attacks against web application platforms, Day 2, 14:00, Saal 1


Julian Wälde and Alexander Klink will be presenting a new attack against Web Application Frameworks (WAF), that can be used to generate HTTP requests, that take several minutes of CPU time to process. Sending many of these requests in parallel can be used as an effective Denial of Service attack against many websites. Even one cannot spot any relation to cryptography from the abstract, I have been informed that this talk will also cover many cryptography related aspects.

See the talk, Day 2, 14:00, Saal 1

Author: Erik Tews

Live translation into English at 28C3


A group of enthusiast interpreters at the congress are organizing simultaneous translation into English for a small selection of German talks. We are aiming for the “fun” events that have been translated for a few years, and for the first time this year, we are trying our hand at some “content” talks as well.

The provisional list of translated events is:

Call for live interpreters at 28C3


We, Sebastian and Julian, are part of last year’s core team of live interpreters. In the past we have translated at several Chaos Communication Congresses, together with Volty who cannot be there this year and many others.
We want to continue this tradition of translating important talks such as the Fnord News Show and the Hacker Jeopardy, but also others, depending on our resources.
If you are interested in helping out, please meet us on Day 1, December 27th, at 21:00 in the angel area down in the basement. You may also contact us via e-mail at Sebastian.Lisken _at_ gmx.net or julian _at_ …

Crypto Talk at 28C3: Datamining for Hackers – Encrypted Traffic Mining, Day 1, 14:00, Saal 1


The first cryptography related talk at 28C3 is about data mining in encrypted data. One may assume, that encrypting your data with a good encryption scheme prevents other people from learning about it. However, this is not true, specially for network protocols, that often leak information, like who is communicating with who, and when how much data is transferred. An attacker can use these information to make assumptions about the content of the transmission.

From the abstract: Voice over IP (VoIP) has experienced a tremendous growth over the last few years and is now widely used among the …

Dial 7666 for upcoming 28c3 talks


Heads up everyone, voicebarf is up and running! Voicebarf provides you with the latest information about the 28c3 schedule. Even when the internet is down. Use your DECT or GSM compatible phone to dial the number 7666 (SOON), and voicebarf will tell you which talks are up next. You can even request a reminder, and voicebarf will call you back fifteen minutes before your favourite talk starts. Dial 8255 (TALK) to get the currently running talks. Dial TALK (8255) when a talk is just finished to rate that talk. Talk ratings’ importance for the content team can not be overestimated. The content …

Kids are welcome on the 28c3


Es ist eine tolle Idee seine Kinder auf den 28c3 mitzubringen. Nicht nur, dass sie kostenfreien Eintritt haben, wenn sie elf oder jünger sind. Sondern auch das Chaos macht Schule-Projekt bietet vier Stände an, die sich speziell um die Junghacker kümmern werden.

Ein Stand wird sich speziell um sichere Kommunikation in Computernetzwerken kümmern und für alle kniffligen Fragen um das Thema Antworten parat halten.

Die anderen Stände bieten Basteltrainings um dem Nachwuchs zu helfen, auf den Grund der technischen Spielereien zu gelangen: Von Miniroboter, über elektronischem Haustier, bis zur …

28C3 – Bring your r0ket


When packing for 28C3, don’t forget to bring your r0ket! (and a micro-USB cable!)

Among other things there will be a multiplayer tetris game on an LED wall you can play with your r0ket and new m0duls to boost your r0ket into new heights.

To access all new features of your r0ket have a look at http://r0ket.badge.events.ccc.de/init

The update contains an improved mesh network, l0dables for interactive installations and support for the next flame generation.

Good news for those who didn’t get one on camp – or want more: Team r0ket will be selling new, slightly improved r0kets for 30 Euros and RGB …

28C3 – Can’t Afford to Pay the Full Price?


Since we forgot to mention it in the first place: Yes, we do have a 28c3-friends request address for people who can’t afford to pay the full ticket price. We’ve added information to http://events.ccc.de/congress/2011/wiki/Tickets:

If you or someone you know can’t afford to pay the full price for a ticket, send a mail to 28c3-friends@cccv.de. Please tell us, why this person can’t pay the full price and why he or she should take part in 28C3 nevertheless. Usually we agree on some affordable price. But please keep in mind that tickets are already very cheap and that we can handle only a limited …

Mit der Bahn ab 89,- Euro zum 28c3


Die Deutsche Bahn für den Congress ein begrenztes Kontingent an verbilligten Fahrkarten zur Verfügung gestellt, welche von euch günstig erworben werden können. Der Preis ist dabei im Vergleich zum letzten Jahr sogar um 10 Euro gesunken.

Im Gegensatz zu letztem Jahr und zum Camp gibt es nicht nur zwei, sondern vier Fahrkartentypen: zuggebundene Fahrkarten (bei der Buchung muss sich für einen Zug entschieden werden) und zugungebundene Fahrkarten (Einsteigen, losfahren), das Ganze jeweils in der ersten oder zweiten Klasse, online und telefonisch buchbar.


    1. Klasse, zuggebunden: 89,00 Euro …

28C3 Tickets


Wir halten uns kurz.


  • Sonntag, 06. November, 22:00 Uhr MEZ (UTC+1) (½ aller Tickets)
  • Montag, 14. November, 16:00 Uhr MEZ (UTC+1) (¼ aller Tickets)
  • Dienstag, 29. November, 10:00 Uhr MEZ (UTC+1) (¼ aller Tickets)


Standard EUR 80,–
Mitglieder CCC e.V. EUR 50,–
Up-and-Coming Hackers EUR 25,– (geboren nach dem 26.12.1993)
Supporters EUR 140,-
Business EUR 280,- zzgl MwSt.



28C3: CFP for 28th Chaos Communication Congress


Call for Participation for 28th Chaos Communication Congress

27|28|29|30 December 2011, bcc, Berlin, Germany

The Event

The Chaos Communication Congress the annual four-day conference organized by the Chaos Computer Club (CCC) in Berlin, Germany. First held in 1984, it has since established itself as “The European Hacker Conference” attracting a diverse audience of thousands of hackers, scientists, artists, and utopists from all around the world.


In general, lectures, workshops, and projects dealing with technology, ethics, science, security, art, philosophy, politics, and culture are …