28C3: Behind enemy lines (2011)

#35C3 Memory Lane: Das erste Türchen

35c3-kalender 1

Das erste Türchen.

2011 war das letzte Jahr, in dem der Chaos Communication Congress im Berliner bcc gastierte. Passend zum damaligen Motto „Behind enemy lines“ kommentierte der Schriftsteller und Journalist Cory Doctorow in seinem Vortrag „The coming war on general computation“ vor vollem Haus die Copyright Wars.

Recordings of 28C3 talks available


The 28th Chaos Communication Congress ended yesterday and most of the talks are already available for download.


Credit goes to the FEM, who did a really tremendous job streaming the talks during the conference and who still continue their hard work by publishing the Official Releases of the last talks.

Did you really love certain events? Weren’t so excited about others? Let us know! You can leave feedback via the Fahrplan. Find the events you’d like to leave your thoughts on and click on the green “Give Feedback” link in the lower right …

Crypto talk at 28C3: Sovereign Keys – A proposal for fixing attacks on CAs and DNSSEC, Day 3, 23:00, Saal 3

Crypto talk at 28C3: Sovereign Keys – A proposal for fixing attacks on CAs and DNSSEC, Day 3, 23:00, Saal 3


After many attacks on X.509 and the internet PKI infrastructure, it became clear, that the current state does not meet the requirements for the upcoming challenges for secure internet communication in the future. CAs have been completely compromised, and weak cryptography used by PKIs has been broken in practice to issue rouge certificates. So there is a need for an alternative how to establish a binding between your public key and your identity. The EFF will present their proposal to improve the security of SSL/TLS connections this evening at the congress.

See the talk, Day 3, 23:00, Saal 3. …

“Neue Leichtigkeit”


Tonight the young Swiss music group “Europa” is bringing “new airiness” to the 28C3 in the form of a Gala. The main goal is to put in question the practice of the entertainment industry and alienate its conventions by overdriving them. It’s going to be an experiment you can become part of as spectators. Please watch the following teaser. [The teaser has been removed since the server hosting it was a temporary one located at 28c3. Check the vimeo link below or download the recording of the actual talk]

Video: http://vimeo.com/34302758
Link 28C3 Fahrplan: …

Crypto talk at 28C3: TRESOR: Festplatten sicher verschlüsseln, Day 3, 14:30, Saal 2


Some of you may remember the Cold Boot Attack. It’s a general method, how almost all disk encryption schemes on PCs and Laptop can be circumvented.

Usually, when a harddisk or just a partition is encrypted, the encryption software used, needs to store the keys in memory, as long as the filesystem is mounted. Three years ago, it was shown that this key can be extracted, just by removing the RAM module, and dumping it’s content on a second PC using a custom software. Alternatively, the system can be booted from a CD or USB-stick with a custom software, that dumps the content of the RAM. As long …

Crypto talk at 28C3: Implementation of MITM Attack on HDCP-Secured Links, Day 3, 18:30, Saal 1


On Day 3 of 28C3, an absolute crypto highlight will be presented. A Person-In-The-Middle (previously known as Man-In-The-Middle)attack against HDCP-secured links. For those who don’t know, HDCP is a protocol for digital video links like DVI, Display Port and HDMI, that encrypts the content between your PC or Blue-Ray player and your digital TV or display. HDCP was invented so that the encrypted high quality video, as you can find it on a Blue-Ray disc or HD-DVD will never be unencrypted in it’s digital form on the way to the display. If those systems would be secure, this could prevent pirated …

Crypto talk at 28C3: Bitcoin


Two Bitcoin related talks will be presented tomorrow. Bitcoin is a decentralized digital currency, and of course uses various cryptographic schemes as building blocks. Because Bitcoins can be exchanged with real money, Bitcoin is more than just an academic playground and real cash could be lost, if an attack on Bitcoin would be found.

The first talk Bitcoin – An Analysis will be presented by Kay Hamacher and Stefan Katzenbeisser. From the abstract:

In this presentation, we show results on network analysis of the money flow, the behavior of individuals, and the overall scalability of …

Crypto talk at 28C3: Time is on my Side – Exploiting Timing Side Channel Vulnerabilities on the Web, Day 2, 18:30, Saal 2


Side channel attacks are very well known in cryptography. In a nutshell, a side channel information (not the ciphertext or the public key) is used to recover a secret. This can be the time it takes for a cryptographic operation, the power consumption of a device, the variations in the electromagnetic field surrounding a device or just the acoustic noise produced by a device. Secure implementations of cryptographic schemes usually implement countermeasures against these kind of attacks.

In contrast to the cryptography world, side channel attacks are not very well known in the general IT …

Crypto Talk at 28C3: Ein Mittelsmannangriff auf ein digitales Signiergerät, Day 2, 18:30, Saal 3


Alexander Koch will be presenting the results of his bachelor thesis at 28C3. In his thesis, he implemented a person-in-the-middle-attack (don’t call it man-in-the-middle attack) against a USB chipcard reader for digital signatures. Instead of modifying  the software on the users PC, he implemented a USB hardware device, that can be plugged in between the chip card reader and the host PC. Because the device behaves passively as long as no signature is made, it is hard to detect from any kind of security software from the PC side. When a signature is made, the device can transmit a different …

Crypto Talk at 28C3: Effective Denial of Service attacks against web application platforms, Day 2, 14:00, Saal 1


Julian Wälde and Alexander Klink will be presenting a new attack against Web Application Frameworks (WAF), that can be used to generate HTTP requests, that take several minutes of CPU time to process. Sending many of these requests in parallel can be used as an effective Denial of Service attack against many websites. Even one cannot spot any relation to cryptography from the abstract, I have been informed that this talk will also cover many cryptography related aspects.

See the talk, Day 2, 14:00, Saal 1

Author: Erik Tews

Live translation into English at 28C3


A group of enthusiast interpreters at the congress are organizing simultaneous translation into English for a small selection of German talks. We are aiming for the “fun” events that have been translated for a few years, and for the first time this year, we are trying our hand at some “content” talks as well.

The provisional list of translated events is:

Call for live interpreters at 28C3


We, Sebastian and Julian, are part of last year’s core team of live interpreters. In the past we have translated at several Chaos Communication Congresses, together with Volty who cannot be there this year and many others.
We want to continue this tradition of translating important talks such as the Fnord News Show and the Hacker Jeopardy, but also others, depending on our resources.
If you are interested in helping out, please meet us on Day 1, December 27th, at 21:00 in the angel area down in the basement. You may also contact us via e-mail at Sebastian.Lisken _at_ gmx.net or julian _at_ …