BEGIN:VCALENDAR VERSION:2.0 CALSCALE:GREGORIAN PRODID:-//Pentabarf//Schedule//EN BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 1 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4816.en.html DTSTART;TZID=Europe/Berlin:20111228T230000 UID:4816@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:In 2004 I started a weekly podcast on international under-repor ted news based on a feeling that this was something I enjoy doing and I cou ld be good at. SUMMARY:7 years\, 400+ podcasts\, and a whole lot of Frequent Flyer Miles - Lessons learned from producing a weekly independent podcast on internation al conflicts and concerns. STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 1 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4766.en.html DTSTART;TZID=Europe/Berlin:20111227T183000 UID:4766@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:New to 2011\, Packet-in-Packet exploits allow for injection of raw radio frames into remote wireless networks. In these exploits\, an atta cker crafts a string that when transmitted over the air creates the symbols of a complete and valid radio packet. When radio interference damages the beginning of the outer packet\, the receiver is tricked into seeing only th e inner packet\, allowing a frame to be remotely injected. The attacker req uires no radio\, and injection occurs without a software or hardware bug. SUMMARY:802.11 Packets in Packets - A Standard-Compliant Exploit of Layer 1 STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT0H30M LOCATION:Saal 2 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4826.en.html DTSTART;TZID=Europe/Berlin:20111228T143000 UID:4826@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:This whistlestop re-telling of world economic history squeezes 12\,000 years of history into 18 slides. Its focus is the changing nature o f money and the rise of the monied class in US and Europe. SUMMARY:A Brief History of Plutocracy STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 2 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4913.en.html DTSTART;TZID=Europe/Berlin:20111227T171500 UID:4913@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Die Erstellung von Personenprofilen aus DNA und ihre Speicherun g in polizeilichen Datenbanken erfreut sich allgemeiner Akzeptanz. Die Anna hme ist weitverbreitet\, es ginge dabei allein um die Aufklärung von Mord u nd Totschlag. Tatsächlich speichert das Bundeskriminalamt hier aber Datensä tze auf Vorrat und zwar aus immer geringfügigeren Anlässen und in immer grö ßerer Zahl. Zudem werden die DNA-Datenbanken der europäischen Polizeien der zeit miteinander vernetzt. Das ist umso beunruhigender\, als wir alle bestä ndig DNA hinterlassen\, ob nun in Haaren\, Hautabrieb oder Speichel. SUMMARY:Almighty DNA? - Was die Tatort-Wahrheitsmaschine mit Überwachung zu tun hat STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT0H30M LOCATION:Saal 2 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4828.en.html DTSTART;TZID=Europe/Berlin:20111230T124500 UID:4828@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Antiforensik ist ein noch eher neues Thema und bekommt zunehmen d mehr Bedeutung. IT-Forensik als Mittel zur Aufklärung von Sachverhalten k ann vor Gericht aber auch in internen Ermittlungen maßgeblich für Freisprüc he oder Schuldsprüche sorgen. Daher ist es besonders schlimm\, wenn die daz u verwendeten Programme nicht korrekt arbeiten und sogar mit präparierten a ntiforensischen Aktionen angegriffen werden können. Der Vortrag zeigt eine bisher unbekannte und dennoch technisch einfache Sicherheitslücke in mindes tens einer weltweit verwendeten Forensik-Suite und wie diese ausgenutzt wer den kann: Hinzufügen von Ermittlungsergebnissen\, Löschen/Verändern von Erm ittlungsergebnissen\, Infektion des Auswertesystems mit Malware. SUMMARY:Antiforensik - Einführung in das Thema Antiforensik am Beispiel ein es neuen Angriffsvektors STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 1 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4676.en.html DTSTART;TZID=Europe/Berlin:20111228T214500 UID:4676@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:We will discuss the two different approaches Apple and Google t ake for theclient platforms iPad and Chromebook\, how they are similar and how they are not. SUMMARY:Apple vs. Google Client Platforms - How you end up being the Victim . STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 3 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4764.en.html DTSTART;TZID=Europe/Berlin:20111227T171500 UID:4764@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:You write software. You test software. You know how to tell if the software is working. Automate your software testing sufficiently and yo u can let the computer do the writing for you! "Genetic Programming"\, espe cially "Cartesian Genetic Programming" (CGP)\, is a powerful tool for creat ing software and designing physical objects. See how to do CGP as we invent image filters for the Part Time Scientists' 3D cameras. Danger: Actual cod e will be shown! SUMMARY:Automatic Algorithm Invention with a GPU - Hell Yeah\, it's rocket science STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 3 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4814.en.html DTSTART;TZID=Europe/Berlin:20111229T214500 UID:4814@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:C64 "demos" were the root of the whole demo-scene-thing and the y are still the main force keeping the C64 alive today. Audiovisual pleasur e\, still pushing hardware limits\, still exploring different ways of expre ssion. But what is typically happening inside the machine when you watch a demo? What effort is needed to entertain the audience? This talk will give you an inside look at the steps taken for the award winning demo "Error 23" given first hand by one of its main programmers. SUMMARY:Behind the scenes of a C64 demo STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 2 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4669.en.html DTSTART;TZID=Europe/Berlin:20111228T171500 UID:4669@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:In many social situations being hearing impaired is a serious h andicap\, not only for elderly people. Today's hearing aids are tiny comput ers that do a decent job in signal processing. During the last years\, the progress in this technology was significant\, amongst other things by switc hing from analog to digital devices. Since this field becomes more and more related to computer technology\, there is even more improvement to be expe cted. In particular\, it turns into a more and more interesting playground for hackers. SUMMARY:Bionic Ears - Introduction into State-of-the-Art Hearing Aid Techno logy STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 1 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4746.en.html DTSTART;TZID=Europe/Berlin:20111229T140000 UID:4746@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Bitcoin is the first distributed\, digital currency.It received a lot of attention recently as it questionsthe state monopoly to issue leg al tender. It relieson distributed proof-of-work concepts to ensure money-l ike characteristics. SUMMARY:Bitcoin - An Analysis STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 1 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4930.en.html DTSTART;TZID=Europe/Berlin:20111227T230000 UID:4930@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Black Ops of TCP/IP 2011\, a cleanup of the BH USA talk. SUMMARY:Black Ops of TCP/IP 2011 STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 3 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4916.en.html DTSTART;TZID=Europe/Berlin:20111227T203000 UID:4916@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:BuggedPlanet.Info is a small Wiki that tries to list and track down the activities of the surveillance industry in the fields of "Lawful I nterception"\, Signals Intelligence (SIGINT)\, Communications Intelligence (COMINT) and related fields to gain access to data from telecommunication s ystems. In this talk I want to explain the idea behind the project and also discuss some observations made between industrial activites and government al actings. SUMMARY:BuggedPlanet - Surveillance Industry & Country's Actings STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 2 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4699.en.html DTSTART;TZID=Europe/Berlin:20111228T214500 UID:4699@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:As proposed by Nick Farr et al at CCCamp11\, we - the hacker co mmunity - are in desperate need for our own communication infrastructure. So here we are\, answering the call for the Hacker Space Program with our p roposal of a distributed satellite communications ground station network. An affordable way to bring satellite communications to a hackerspace near y ou.We're proposing a multi-step approach to work towards this goal by setti ng up a distributed network of ground stations which will ensure a 24/7 com munication window - first tracking\, then communicating with satellites.The current state of a proof of concept implementation will be presented. SUMMARY:Building a Distributed Satellite Ground Station Network - A Call To Arms - Hackers need satellites. Hackers need internet over satellites. S atellites require ground stations. Let's build them! STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT0H30M LOCATION:Saal 2 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4587.en.html DTSTART;TZID=Europe/Berlin:20111230T131500 UID:4587@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:bup is short for "backup". bup uses the file format of the dist ributed version control system Git. It solves Git's problems with big files . Deduplication is used to make backups space efficent (about five times sm aller than rsnapshot's backups). Data is deduplicated globally across files and backups. If a small part of a big file is changed only little addition al space is needed. SUMMARY:bup: Git for backups STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 3 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4799.en.html DTSTART;TZID=Europe/Berlin:20111227T140000 UID:4799@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Warum sind Züge sicher unterwegs? Wie werden Zusammenstöße trot z der Gefahr eines menschlichen Fehlverhaltens vermieden? Und was hat das a lles mit IT-Sicherheit zu tun? SUMMARY:Can trains be hacked? - Die Technik der Eisenbahnsicherungsanlagen STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 2 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4932.en.html DTSTART;TZID=Europe/Berlin:20111229T230000 UID:4932@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:All of us who did attend are still dreaming. All of us who did not attend are still weeping. The CCCamp 2011. This film recapitulates all the great moments that took place during summer this year. All the great mo ments. Really. All of them.English and German with English subs (still impr ovable\, though). SUMMARY:CCC Camp 2011 Video Impressions - Reviving a nice summer dream STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 1 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4663.en.html DTSTART;TZID=Europe/Berlin:20111229T171500 UID:4663@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Almost everyone uses the packet oriented transmission modes of cellular networks. However\, unlike TCP/IP\, Ethernet and Wifi\, not many m embers of the hacker commnunity are familiar with the actual protocol stack for those services. SUMMARY:Cellular protocol stacks for Internet - GPRS\, EDGE\, UMTS\, HSPA d emystified STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 2 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4903.en.html DTSTART;TZID=Europe/Berlin:20111230T171500 UID:4903@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION: SUMMARY:Changing techno-optimists by shaking up the bureaucrats STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT0H30M LOCATION:Saal 2 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4760.en.html DTSTART;TZID=Europe/Berlin:20111230T140000 UID:4760@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:The object of the lecture is to present and discuss the chokepo intproject. How it (will) attempt(s) to aggregate and visualize near-realti me global internetwork data and augment this visualisation with legislative \, commercial(ownership) and circumvention information. SUMMARY:ChokePointProject - Quis custodiet ipsos custodes? - Aggregating an d Visualizing (lack of) Transparancy Data in near-realtime STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT0H30M LOCATION:Saal 1 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4899.en.html DTSTART;TZID=Europe/Berlin:20111230T183000 UID:4899@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION: SUMMARY:Closing Event STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 3 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4755.en.html DTSTART;TZID=Europe/Berlin:20111228T171500 UID:4755@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Return of experience about opposing #censorship #ACTA #censilia #copywrongand promoting #openness and #netneutrality to the EU institution s.Strategic and tactical perspectives by two old and tired activists. SUMMARY:Counterlobbying EU institutions - How to attempt to counter the inf luence of industry lobbyists and political forces aiming towards increasing control over the Internet STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 3 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4730.en.html DTSTART;TZID=Europe/Berlin:20111228T230000 UID:4730@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:It was only a couple of years ago that generating genetic infor mation about individuals was expensive and laborious work. Modern technique s have drastically cut cost and time needed to get an insight into one's ge nome and have ultimately led to the formation of personal genetics companie s – like 23andMe\, deCODEme and others – that now offer direct-to-customer genetic testing. With a price tag of those tests starting at about 100 €\, the number of people that do such tests is on the rise. By now\, 23andMe al one has over 100.000 paying customers\, with over 60.000 of them willing to donate their genetic data and to actively participate in research projects by filling out surveys\, e.g. on their medical histories. This has resulte d in a high-quality dataset with genetic information of 60.000 individuals. The best part: The data has already been paid for by the participants in t he research. Who would not love to get their hands on data like this? Unfor tunately\, the data sits locked away in corporate vaults\, inaccessible to interested (citizen) scientists. But what if we could change this? We've cr eated openSNP\, a central\, open source\, free-to-use repository which lets customers of genotyping companies upload their genotyping data and annotat e them with phenotypes. OpenSNP provides its users with the latest scientif ic research on their genotypes and lets scientists download annotated genot ypes to make science more open. SUMMARY:Crowdsourcing Genome Wide Association Studies - Freeing Genetic Dat a from Corporate Vaults STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 1 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4732.en.html DTSTART;TZID=Europe/Berlin:20111227T140000 UID:4732@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:This talk presents Traffic Mining (TM) particularly in regard t o VoiP applications such as Skype. TM is a method to digest and understand large quantities of data. SUMMARY:Datamining for Hackers - Encrypted Traffic Mining STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT0H30M LOCATION:Saal 2 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4652.en.html DTSTART;TZID=Europe/Berlin:20111228T124500 UID:4652@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:The entire Israeli civil registry database has been leaked to t he internet several times over the past decade.In this talk\, we examine in teresting data that can be mined and extracted from such database.Additiona lly\, we will review the implications of such data being publicly available in light of the upcoming biometric database. SUMMARY:Data Mining the Israeli Census - Insights into a publicly available registry STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 3 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4788.en.html DTSTART;TZID=Europe/Berlin:20111229T183000 UID:4788@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Eine nüchterne Untersuchung der Verfahren zum Nutzertracking un d des wirtschaftlichen Wertes von Tracking- und Userdaten. SUMMARY:Datenvieh oder Daten-Fee - Welchen Wert haben Trackingdaten? STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 3 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4723.en.html DTSTART;TZID=Europe/Berlin:20111230T160000 UID:4723@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:The idea of Dining Cryptographers-Networks (DC) offers a much b etter anonymity compared to MIX-Networks: Defined anonymity sets\, no need to trust in a central service\, no possible attack for data retention. SUMMARY:DC+\, The Protocol - Technical defense against data retention law STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 3 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4781.en.html DTSTART;TZID=Europe/Berlin:20111229T160000 UID:4781@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Stylometry is the art of detecting authorship of a document bas ed on the linguistic style present in the text. As authorship recognition m ethods based on machine learning have improved\, they have also presented a threat to privacy and anonymity. We have developed two open-source tools\, Stylo and Anonymouth\, which we will release at 28C3 and introduce in this talk. Anonymouth aids individuals in obfuscating documents to protect iden tity from authorship analysis. Stylo is a machine-learning based authorship detection research tool that provides the basis for Anonymouth's decision making. We will also review the problem of stylometry and the privacy impli cations and present new research related to detecting writing style decepti on\, threats to anonymity in short message services like Twitter\, examine the implications for languages other than English\, and release a large adv ersarial stylometry corpus for linguistic and privacy research purposes. SUMMARY:Deceiving Authorship Detection - Tools to Maintain Anonymity Throug h Writing Style & Current Trends in Adversarial Stylometry STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 1 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4736.en.html DTSTART;TZID=Europe/Berlin:20111227T214500 UID:4736@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Cell phone users face an increasing frequency and depth of priv acy intruding attacks. Defense knowledge has not scaled at the same speed a s attack capabilities. This talk intends to revert this imbalance. SUMMARY:Defending mobile phones STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 3 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4910.en.html DTSTART;TZID=Europe/Berlin:20111227T160000 UID:4910@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Alles begann im Vorfeld des 13. Februar 2010. Nachdem sich der sogenannte rechte Trauermarsch am Jahrestag der Bombardierung Dresdens inne rhalb weniger Jahre zum größten Naziaufmarsch Europas entwickelt hatte\, gr ündete sich 2009 ein bundesweites Bündnis aus Antifa-Gruppen\, Parteien und Zivilgesellschaft mit dem Ziel\, diesen zu blockieren.Soviel Engagement ge gen Rechts war den sächsischen Behörden jedoch von Anfang ein Dorn im Auge\ , so dass die Oberstaatsanwaltschaft Dresden bereits im Januar 2009 den Vor wurf des „Aufrufs zu Straftaten“ konstruierte\, um Räumlichkeiten des Bündn isses zu durchsuchen\, Plakate zu beschlagnahmen und so die Mobilisierung n ach Dresden zu unterbinden. Die Taktik ging nicht auf: Am 13. Februar 2010 belagerten mehr als 10.000 Menschen den Aufmarschort\, woraufhin der Naziau fmarsch nicht stattfand.Eine solche Schlappe wollten LKA und Staatsanwaltsc haft nicht noch einmal hinnehmen. SUMMARY:Demokratie auf Sächsisch STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT2H15M LOCATION:Saal 1 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4901.en.html DTSTART;TZID=Europe/Berlin:20111227T160000 UID:4901@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:0zapftis wird aus Sicht der Technik und unter juristischen Gesi chtspunkten analysiert. SUMMARY:Der Staatstrojaner - Vom braunen Briefumschlag bis zur Publikation STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 1 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4675.en.html DTSTART;TZID=Europe/Berlin:20111228T203000 UID:4675@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Aktuelle politische Texte (Reden\, Interviews) werden auf Leerf ormeln\, Füllsel und Übertreibungen untersucht\, die den Text entlarven\, s elbst wenn der Autor versucht\, die Hörer bzw. Leser einzulullen\, bestimmt e sprachliche Mittel verraten\, welche eigentlichen Meinungen sich im Text verstecken. Auf diese Weise wird in den Texten sichtbar\, was Wilson und Sh ea als „Fnord“ bezeichnen. SUMMARY:„Die Koalition setzt sich aber aktiv und ernsthaft dafür ein“ - Spr achlicher Nebel in der Politik STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 2 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4749.en.html DTSTART;TZID=Europe/Berlin:20111227T183000 UID:4749@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Do you remember those days when hackers were “real men?” When h acking was not yet a crime and the cyberspace an undiscovered land? Just be fore anti-hacking laws were introduced in Germany? Back in these days\, the famous founding father of the CCC made the Bundespost (Germany's Federal M ail Service) meet its Waterloo\, when they hacked Bildschirmtext (Btx)—the epitome of both technological utopias and dystopias at that time. But soon\ , hackers suffered a setback: new laws criminalized hacking in the name of fighting white-collar crimes. Simultaneously to the laws\, things were gett ing rougher in the media and the public opinion. While being seen as a weir d vanguard of technology before\, hackers soon became pranksters and outlaw s. Apparently hacktivism\, the portmanteau word for hacking activism\, had failed to shape the policies in the dawning information society. However\, there are evidences that hacktivism had an impact on the new computer crime legislation—not in terms of having more\, but less restrictions implemente d in the law. SUMMARY:Does Hacktivism Matter? - How the Btx hack changed computer law-mak ing in Germany STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT0H30M LOCATION:Saal 2 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4770.en.html DTSTART;TZID=Europe/Berlin:20111228T131500 UID:4770@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:For years\, we tried to identify vulnerable systems in company networks by getting all the companies netblocks / ip addresses and scanning them for vulnerable services. Then with the growing importance of web appl ications and of course search engines\, a new way of identifying vulnerable systems was introduced: "Google hacking". However this approach of identif ying and scanning companies ip addresses as well as doing some Google hacki ng for the (known) URLs of the company doesn't take all aspects into accoun t and has some limitations. At first we just check the systems which are ob vious\, the ones that are in the companies netblocks\, the IP addresses tha t were provided by the company and the URLs that are known or can be resolv ed using reverse DNS. However how about URLs and systems that aren't obviou s? Systems maybe even the company in focus forgot? Second\, the current tec hniques are pretty technical. They don't take the business view into accoun t at any point.Therefore we developed a new technique as well as framework to identify companies’ web pages based on a scored keyword list. In other w ords: From zero to owning all of a company’s existing web pages\, even the pages not hosted by the company itself\, with just a scored keyword list as input. SUMMARY:Don't scan\, just ask - A new approach of identifying vulnerable we b applications STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 2 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4768.en.html DTSTART;TZID=Europe/Berlin:20111228T113000 UID:4768@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Over the last few years hackers have begun to take a larger int erest in food\, gastronomy and agriculture. For many in the community the ability to create DIY molecular gastronomy hardware and recipes is an obvio us entry point. This talk extends some of these early investigations beyon d the kitchen and the chemical properties of food by looking at specific cu ltivars\, food technology organizations\, and connections between food syst ems\, ecosystems and planetary change.Part 1 of the talk explores some of t he more bizarre and interesting biotechnologies and genomes that make up th e human food system on planet earth\, including Chinese Space Potatoes\, Mu tagenic Grapefruits and Glowing Sushi. Pat 2 of the talk presents ideas of food system redesign particularly relevant to hackers and food explorers: utopian cuisines\, resilient biotechnologies and eaters as agents of select ion.In Part 3 we provide access to resources and propose interesting projec ts for black hat food hackers\, DIY BIO foodies\, and prospective food secu rity researchers\, such as mining the IAEA's database of radiation breeding \, eating things that weren't meant to be eaten and defending agricultural biodiversity.By introducing less known stories from the history of food and technology\, and providing access to resources we hope to get more hackers curious about exploring\, questioning and redesigning our human food syste ms.BIO: Zack Denfeld & Cathrine Kramer run the Center for Genomic Gastronom y an independent research institute that studies the genomes and biotechnol ogies that make up the human food systems on the planet. They are currentl y in residence at Art Science Bangalore and a curating a show on the future of food at the Science Gallery in Dublin Ireland. SUMMARY:Eating in the Anthropocene - Transgenic Fish\, Mutagenic Grapefruit s and Space Potatoes STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 1 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4738.en.html DTSTART;TZID=Europe/Berlin:20111228T124500 UID:4738@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Anfang 2012 startet "Echtes Netz"\, die Kampagne für Netzneutra lität\, die vom Digitale Gesellschaft e.V. initiert und von der stiftung br idge gefördert wird. Die Kampagne macht sich zur Aufgabe\, das Bewusstsein für den Wert eines echten Netzes zu steigern und mit Offline- und Onlineakt ionen für eine gesetzliche Verankerung der Netzneutralität zu werben.Der Vo rtrag gibt einen Überblick auf die Debatte rund um die Netzneutralität in D eutschland und der EU und einen einen Ausblick auf die Kampagne. SUMMARY:Echtes Netz - Kampagne für Netzneutralität STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 1 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4680.en.html DTSTART;TZID=Europe/Berlin:20111228T140000 UID:4680@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:This talk will show how a common flaw in the implementation of most of the popular webprogramming languages and platforms (including PHP\, ASP.NET\, Java\, etc.) canbe (ab)used to force web application servers to use 99% of CPU for severalminutes to hours for a single HTTP request.This a ttack is mostly independent of the underlying web application and justrelie s on a common fact of how web application servers typically work. SUMMARY:Effective Denial of Service attacks against web application platfor ms - We are the 99% (CPU usage) STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 3 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4758.en.html DTSTART;TZID=Europe/Berlin:20111228T183000 UID:4758@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:In dieser Arbeit wird gezeigt\, wie unter Ausnutzung einer unge sicherten Verbindungzwischen einer sicheren Signaturerstellungseinheit und einem Anwender-PCeine qualifizierte elektronische Signatur gefälscht werden kann. SUMMARY:Ein Mittelsmannangriff auf ein digitales Signiergerät - Bachelorarb eit Informatik Uni Kiel SS 2011 STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 3 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4668.en.html DTSTART;TZID=Europe/Berlin:20111229T171500 UID:4668@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:The proposed talk provides a definition of the problem of creat ing e-money and after a review of the state of the art points out possible solutions and proposes questions for discussion for the properties of elect ronic money system. SUMMARY:Electronic money: The road to Bitcoin and a glimpse forward - How t he e-money systems can be made better STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 2 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4844.en.html DTSTART;TZID=Europe/Berlin:20111227T214500 UID:4844@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Derzeit arbeitet die EU-Kommission an der Modernisierung der Da tenschutzrichtlinie. Dieser Beitrag informiert über den Stand der Dinge. SUMMARY:EU-Datenschutz und das Internet der Dinge STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 2 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4935.en.html DTSTART;TZID=Europe/Berlin:20111227T214500 UID:4935@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Derzeit arbeitet die EU-Kommission an der Modernisierung der Da tenschutzrichtlinie. Dieser Beitrag informiert über den Stand der Dinge. SUMMARY:EU-Datenschutz und das Internet der Dinge (english translation) STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 3 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4818.en.html DTSTART;TZID=Europe/Berlin:20111230T171500 UID:4818@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Even after years of committee review\, communication protocols can certainly be hacked\, sometimes highly entertainingly. What about creat ing a protocol the opposite way? Start with all the hacks that can be done and search for a protocol that gets around them all. Is it even possible? Part Time Scientists has used a GPU to help design our moon mission protoc ols and we'll show you the what and how. Danger: Real code will be shown! SUMMARY:Evolving custom communication protocols - Hell Yeah\, it's rocket s cience STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 1 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4866.en.html DTSTART;TZID=Europe/Berlin:20111229T230000 UID:4866@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Auch dieses Jahr werden wir euch wieder mit den Fnords des Jahr es zu unterhalten suchen. SUMMARY:Fnord-Jahresrückblick - von Atomendlager bis Zensus STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT0H30M LOCATION:Saal 2 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4740.en.html DTSTART;TZID=Europe/Berlin:20111229T140000 UID:4740@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:FragDenStaat.de startete am 1. August 2011 als Plattform zum St ellen von Anfragen nach dem Informationsfreiheitsgesetz und veröffentlicht dort die Korrespondenz mit den Behörden nach dem Vorbild von whatdotheyknow .com and befreite-dokumente.de. Der Vortrag wird die Plattform vorstellen\, zeigen wie die Seite Antragssteller bei ihrem Recht auf Akteneinsicht unte rstützt und die interessantesten Vorfälle genauer beleuchten. SUMMARY:Frag den Staat - Praktische Informationsfreiheit STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 1 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4742.en.html DTSTART;TZID=Europe/Berlin:20111230T124500 UID:4742@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:This talk is about:- Information freedom and the issues for the citizens- RWB ressources: a “human network” - RWB needs: Get involved! SUMMARY:From Press Freedom to the Freedom of information - Why every citize n should be concerned STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT2H00M LOCATION:Saal 1 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4775.en.html DTSTART;TZID=Europe/Berlin:20111229T001500 UID:4775@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:The Hacker Jeopardy is a quiz show. SUMMARY:Hacker Jeopardy - Number guessing for geeks STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H45M LOCATION:Saal 3 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4934.en.html DTSTART;TZID=Europe/Berlin:20111229T001500 UID:4934@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION: SUMMARY:Hacker Jeopardy Translation STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 1 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4871.en.html DTSTART;TZID=Europe/Berlin:20111228T171500 UID:4871@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:We have decided to continue our research onto PostScript realms - an old\, very powerful and nicely designed programming language\, where (as a coincidence or not\, given it's numerous security flaws) Adobe owns m ost PostScript interpreters instances.This time we demonstrate that PostScr ipt language\, given it's power\, elegance and Turing-completeness\, can be used more than just for drawing dots\, lines and circles - and to a certai n extent it can be a hacker's sweet delight if fully mastered.We will be pr esenting a real-life implementation of unusual PostScript APIs (along with it's dissection and reconstructed documentation) that interact with various levels of OS and HW\, implementation we have found in a TOP10 printer vend or product line.Also\, we will investigate whether a PostScript-based (henc e platform-independent) virus (18+ years after first proposals of such theo ry) can be acomplished\, thus giving theoretical hints and few building blo cks in this direction.We will also present some very constructive uses of t he PostScript language in the creative (i.e. non-destructive) hacking direc tion.In the end\, we will try to summarize our conclusions and possible sol ution for all parties involved (vendors\, users\, sysadmins\, security expe rts).With this research we hope we can prove that entire printer industry ( devices\, printing software/drivers/subsystems\, publishing and managed ser vices) have to be rethought security-wise\, so that it can withstand in the long run the current security landscape and threats. SUMMARY:Hacking MFPs - Part2 - PostScript: Um\, you've been hacked STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 1 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4800.en.html DTSTART;TZID=Europe/Berlin:20111228T183000 UID:4800@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Iran blocked Tor handshakes using Deep Packet Inspection (DPI) in January2011 and September 2011. Bluecoat tested out a Tor handshake filt er inSyria in June 2011. China has been harvesting and blocking IP addresse sfor both public Tor relays and private Tor bridges for years. SUMMARY:How governments have tried to block Tor STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 1 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4686.en.html DTSTART;TZID=Europe/Berlin:20111229T183000 UID:4686@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:A man-in-the-middle attack on HDCP-secured video links is demon strated. The attack is implemented on an embedded Linux platform\, with the help of a Spartan-6 FPGA\, and is capable of operating real-time on HD vid eo links. It utilizes the HDCP master key to derive the corresponding priva te keys of the video source and sink through observation and computation up on the exchanged public keys. The man-in-the-middle then genlocks its raste r and cipher state to the incoming video stream\, enabling it to do pixel b y pixel swapping of encrypted data. Since the link does no CRC or hash veri fication of the data\, one is able to forge video using this method. SUMMARY:Implementation of MITM Attack on HDCP-Secured Links - A non-copyrig ht circumventing application of the HDCP master key STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 3 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4688.en.html DTSTART;TZID=Europe/Berlin:20111229T203000 UID:4688@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:The latest member of the Osmocom-family projects\, osmo-gmr foc uses on the GMR-1 (GEO Mobile Radio) air interface used in some satellite P hones. This talk will shortly present the GMR protocol\, the Thuraya networ k that uses this protocol in the Eurasian/African and Australian continents and finally details how you can capture samples and process them for analy sis using osmo-gmr. SUMMARY:Introducing Osmo-GMR - Building a sniffer for the GMR satphones STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT2H15M LOCATION:Saal 1 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4908.en.html DTSTART;TZID=Europe/Berlin:20111229T113000 UID:4908@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Kaum hat es begonnen\, da ist es auch schon wieder vorbei – das Jahr 2011. Also ist es wieder an der Zeit für den Rückblick auf Technikfor schung und Nerd-Lobbyismus mit Hackerperspektive\, der natürlich nie ohne A usblick ist. SUMMARY:Jahresrückblick STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 1 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4928.en.html DTSTART;TZID=Europe/Berlin:20111229T151500 UID:4928@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:This project investigates techniques to track the 6DOF position of handheld depth sensing cameras\, such as Kinect\, as they move through space and perform high quality 3D surface reconstructions for interaction. SUMMARY:KinectFusion - Real-time 3D Reconstruction and Interaction Using a Moving Depth Camera STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT2H15M LOCATION:Saal 3 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4905.en.html DTSTART;TZID=Europe/Berlin:20111228T124500 UID:4905@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION: SUMMARY:Lightning Talks Day 2 STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT2H15M LOCATION:Saal 3 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4906.en.html DTSTART;TZID=Europe/Berlin:20111229T124500 UID:4906@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION: SUMMARY:Lightning Talks Day 3 - Pecha Kucha Round! STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT2H15M LOCATION:Saal 3 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4907.en.html DTSTART;TZID=Europe/Berlin:20111230T124500 UID:4907@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION: SUMMARY:Lightning Talks Day 4 STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 3 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4813.en.html DTSTART;TZID=Europe/Berlin:20111227T214500 UID:4813@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:As governments increase their data collection capabilities soft ware developers are stepping up to both utilize and augment surveillance ca pabilities. DNA databases\, facial recognition\, behavioral patterning\, an d geographic profiling are all in use today. Police are crowdsourcing ident ification of suspects and citizens are willingly participating. This talk w ill cover real technologies in place today as well as educated speculation of what is coming next. SUMMARY:Macro dragnets: Why trawl the river when you can do the whole ocean - What happens when data collection goes awry in the 21st century STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 1 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4897.en.html DTSTART;TZID=Europe/Berlin:20111227T113000 UID:4897@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:While it's old news that authoritarian regimes regularly rely o n censorship and surveillance technology supplied to them by Western compan ies\, 2011 was a year (thanks\, in part\, to the Arab Spring) when it becam e a hot issue in the public debate. While politicians on both sides of the Atlantic have recently committed to ban the sale of such technologies to di ctators\, it's not clear whether such measures would prove effective (or me rely drive the sale of such technologies underground) or simply stimulate t he growth of Chinese\, Russian and Indian companies. More disturbingly\, th ere is still very little awareness – at least among the general public – th at many of the tools that are currently exported to authoritarian states ha ve been designed to help fight "The Global War On Terror" and are thus inex tricably linked to domestic policies of Western states. SUMMARY:Marriage From Hell: On the Secret Love Affair Between Dictators and Western Technology Companies STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H30M LOCATION:Saal 1 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4832.en.html DTSTART;TZID=Europe/Berlin:20111230T001500 UID:4832@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Despite the vast new possibilities new medias offer to artists\ , musicians and composers\, regulation authorities and governments are trim ming creative minds in their freedom\, introducing new laws\, filters and l imitations. On the example of "Europa: Neue Leichtigkeit" the immanence of unconditional artistic freedom in creativity is brought to the audience. SUMMARY:"Neue Leichtigkeit" - when unconditional artistic freedom happens STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 1 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4761.en.html DTSTART;TZID=Europe/Berlin:20111229T214500 UID:4761@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Writing secure code is hard.  Even when people do it basically right there are sometimes edge cases that can be exploited. Most the time w riting code that works isn’t even the hard part\,  it’s keeping up with the changing attack techniques while still keeping an eye on all the old issue s that can come back to bite you\, straddling the ancient world of the 90’s RFCs and 2010’s HTML5 compatible browsers.  A lot like how Indiana Jones b ridges the ancient and the modern...  Except for Indiana Jones 4. Let’s nev er talk about that again. Ever. Take Facebook\, Office 365\, Wordpress\, Ex change\, and Live. These are applications that had decent mitigations to st andard threats\, but they all had edge cases. Using a mix of old and new in gredients\, we’ll provide a sampler plate of clickjacking protection bypass es\, CSRF mitigation bypasses\, "non-exploitable" XSS attacks that are sudd enly exploitable and XML attacks where you can actually get a shell\; and w e'll talk about how to defend against these attacks. SUMMARY:New Ways I'm Going to Hack Your Web App STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT0H30M LOCATION:Saal 2 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4927.en.html DTSTART;TZID=Europe/Berlin:20111230T143000 UID:4927@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:A review about the camp and the congress network. Network layou t\, planning\, setup\, operation and finally the teardown. SUMMARY:NOC Review - NOC Review about the Camp 2011 and 28C3 STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 2 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4821.en.html DTSTART;TZID=Europe/Berlin:20111229T113000 UID:4821@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:We got a new rover and it's much more awesome than last year!Ok \, there's a bit more to it :-)The basics\, we are team of part-time scient ists and engineers who want to send a rover to the moon before the end of t he year 2013.There is a lot to be done towards this first private moon land ing and we want to take the chance to explore what we want to do and show w hat we already accomplished in the past 12 months. The talk will feature im portant technical milestone like our very first R3 rover prototype and grea t events like the CCCamp11. There is also be a live demonstration of the ve ry first R3A rover right in the presentation. SUMMARY:Not your Grandfathers moon landing - Hell yeah\, it's Rocket Scienc e 3.1415926535897932384626! STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 2 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4722.en.html DTSTART;TZID=Europe/Berlin:20111229T001500 UID:4722@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Hier geht es um die Gretchenfrage: „Welches Tool ist das beste? “ Dabei treten zwei Teams gegeneinander an und müssen live verschiedene $RA NDOM\_NERD\_TASK auf ihren eigenen Rechnern lösen. Wer dabei zeigt\, dass s ein Tool das schnellere\, schlankere\, mächtigere\, längere\, größere^w^w^w ^wist\, gewinnt. Durch das Programm führen Jan „git-zsh-keynote-firefox“ Wu lfes und Benjamin „bzr-fish-latexbeamer-chrome“ Kellermann. SUMMARY:NPC - Nerds’ Pissing Contest - Mein Ruby ist besser als dein urxvt! STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT0H30M LOCATION:Saal 2 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4656.en.html DTSTART;TZID=Europe/Berlin:20111229T160000 UID:4656@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:This talk is cautionary tale about developers forgetting to rem ove debug interfaces from finished products and the need of repetitive syst em reviews. A midrange PBX systems (non web) configuration interface is use d as an example of what flaws you can actually find in commercial systems. SUMMARY:Ooops I hacked my PBX - Why auditing proprietary protocols matters STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT0H30M LOCATION:Saal 2 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4759.en.html DTSTART;TZID=Europe/Berlin:20111229T163000 UID:4759@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Tracking is so 1990s. Nowadays MP3 and other similar formats a reoverwhelmingly more popular. But is this really a step forward? A(very) brief history of computer music\, where we are at now\, and why Ithink peo ple are headed in the wrong direction. And what we can doabout it. SUMMARY:Open source music: Tracking 2.0 STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 1 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4721.en.html DTSTART;TZID=Europe/Berlin:20111228T001500 UID:4721@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:The Penta News Game Show rehashes a collection of absurd\, day- to-daynews items of 2011 to entertain the audience\, let the Net participat e\,and make it's winners heroes. SUMMARY:Pentanews Game Show 2k11/3 - 42 new questions\, new jokers\, same c oncept\, more fun than last year! STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 1 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4804.en.html DTSTART;TZID=Europe/Berlin:20111228T113000 UID:4804@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Klassischer Protest\, konventionelle Demos\, Online-Petitionen und Bürgerinitiativen werden seit einiger Zeit durch neue Instrumente der p olitischen Partizipation ergänzt. Deren Stärke liegt in dezentraler Organis ation\, Kommunikationsguerilla-Aktionen\, diskursiver Intervention und koll aborativer Spontaneität. Der Vortrag stellt anhand von Beispielen ein Tools et an Möglichkeiten des regelverletzenden und gewaltfreien Mitmischens und Einmischens in Politik vor. SUMMARY:Politik hacken - Kleine Anleitung zur Nutzung von Sicherheitslücken gesellschaftlicher und politischer Kommunikation STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 3 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4660.en.html DTSTART;TZID=Europe/Berlin:20111228T214500 UID:4660@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Pmcma is a tool aimed at automating the most time consuming tas kes ofexploitation. It for instance determine why an application is trigger inga segmentention fault\, evaluate if the faulting instruction can be used to write to memory or execute arbitrary code\, and list all the functionpoi nters potentially called from a given point in time by an application.Pmcma is a totally new kind of debugger\, which allows for easyexperimentation w ith a process in memory by forcing it to fork. Theexact replicas of the pro cess created in memory can then be intrumentedwhile keeping the properties (eg: state of variables\, ASLR\,permissions...) of the original process.Pmc ma is an easily extensible framework available under the Apache 2.0license from http://www.pmcma.org/ . SUMMARY:Post Memory Corruption Memory Analysis - Automating exploitation of invalid memory writes STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 2 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4706.en.html DTSTART;TZID=Europe/Berlin:20111228T160000 UID:4706@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:This talk\, consisting of five distinct parts\, is intended to show the audience how to get electricity without needing a grid connection. It will give information on* Which energy sources to use* What to power wit h them* What equipment to get* How to wire it up* And some wishful thinking Participants should be able to assemble their own small-scale energy-genera ting systems after listening. SUMMARY:Power gadgets with your own electricity - escape the basement and m ake the sun work for you STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 2 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4780.en.html DTSTART;TZID=Europe/Berlin:20111229T183000 UID:4780@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Network printers are ubiquitous fixtures within the modern IT i nfrastructure. Residing within sensitive networks and lacking in security\, these devices represent high-value targets that can theoretically be used not only to manipulate and exfiltrate the sensitive information such as net work credentials and sensitive documents\, but also as fully functional gen eral-purpose bot-nodes which give attackers a stealthy\, persistent foothol d inside the victim network for further recognizance\, exploitation and exf iltration. SUMMARY:Print Me If You Dare - Firmware Modification Attacks and the Rise o f Printer Malware STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 3 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4712.en.html DTSTART;TZID=Europe/Berlin:20111228T160000 UID:4712@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:A practical discussion of how potentially revolutionary\, yet e thically questionable data---such as that from facebook---is currently bein g handled in academia. SUMMARY:Privacy Invasion or Innovative Science? - Academia\, social media d ata\, and privacy STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 2 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4756.en.html DTSTART;TZID=Europe/Berlin:20111228T230000 UID:4756@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Hacking Mind and Body – self knowledge through numbers and ment al reprogrammingSince ancient times humans were trying to improve themselve s. Today we have open-source computer technology that helps us. SUMMARY:Quantified-Self and OpenBCI Neurofeedback Mind-Hacking - Transhuman ism\, Self-Optimization and Neurofeedback for post-modern hackers STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 1 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4648.en.html DTSTART;TZID=Europe/Berlin:20111230T160000 UID:4648@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Quantum systems can have very different properties from their c lassical analogues which allows them to have states that are not only corre lated but entangled. This allows for quantum computers running algorithms m ore powerful than those on classical computers (represented by Turing machi nes) and for quantum cryptography whose safety is (in principle) guaranteed by the laws of nature. SUMMARY:Quantum of Science - How quantum information differs from classical STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 2 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4777.en.html DTSTART;TZID=Europe/Berlin:20111227T140000 UID:4777@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Now you've got that r0ket thing. What to do with it? SUMMARY:r0ket++ - The CCC-Badge STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 2 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4741.en.html DTSTART;TZID=Europe/Berlin:20111230T113000 UID:4741@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:In his now (in)famous pamphlet "Conspiracy as Governance" Julia n Assange (JA) argues about the need for leaking as an efficient way to des troy "unjust" groups as the neo-feudalistic ones - luring the conspiracy th eory leaning hacker community into his belief system. Eventually\, JA used a biologistic argument on the benefits and drawbacks that uncontrolled leak ing might pose for "just" and "unjust" systems\, arriving at the conclusion that "unjust" systems are hurt more and thus will be less viable\, essenti ally being destroyed by more "just" systems. While an innovative proposal\, the underlying assumptions on complexity\, network theory\, and especially the evolutionary perspectives were never critically assessed. Some blogs a nd media raised questions on details and potential threats to innocent byst anders. Still\, fundamental problems with the philosophy were never address ed.This paper argues against the general validity of such theories. In part icular\, we will refute some of the biologistic arguments. Theoretical biol ogy has long ago pointed out the hidden complexity in evolutionary processe s and as such the envisioned "leaking revolution" might be a limited artifa ct: there might even arise situations where the leaking envisioned and enco uraged by Wikileaks and the like can actually strengthen some "conspiracies ". In this paper I will describe some research questions\, that should be a nswered before given the “leaking philosophy” an unconditioned “thumbs-up”. Empirically\, for example\, a potential strengthening is illustrated by th e rise of a 'neo-feudalistic economy'\, which is linked closely to the para digm of "intellectual property" as it is to the security-financial-politica l complex. The players have effectively created a closed network or a "cons piracy" and might be resilient towards Wikileaks-like attacks. The paper co ncludes with an alternative to that proposal\; in particular\, a way to dea l with the 'conspiracy' that might be coined the rise of the neo-feudalisti c society (which in itself is a self-sustainable\, self-amplifying feedback loop\, not necessarily a conscious conspiracy). SUMMARY:Resilience Towards Leaking or Why Julian Assange Might Be Wrong Aft er All STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 3 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4735.en.html DTSTART;TZID=Europe/Berlin:20111228T203000 UID:4735@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Despite their wide presence in our lives\, baseband chips are s till nowadayspoorly known and understood from a system point of view. Some presentationshave hilighted vulnerabilities in GSM stacks across various mo dels ofbasebands (cf. 27c3: _All your baseband are belong to us_ by R-P. W einmann).However none of them actually focused on the details of how a base bandoperating system really works. This is the focus of our presentation. Fromthe study of a simple 3G USB stick equipped with a Qualcomm baseband\, we willdiscuss how to dump the volatile memory\, reverse-engineer the propr ietaryRTOS\, and ultimately execute and debug code while trying to preserve thereal-time system constraints. SUMMARY:Reverse-engineering a Qualcomm baseband STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT0H30M LOCATION:Saal 2 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4847.en.html DTSTART;TZID=Europe/Berlin:20111228T140000 UID:4847@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:While USB devices often use standard device classes\, some do n ot. This talk is about reverse engineering the protocols some of these devi ces use\, how the underlying USB protocol gives us some help\, and some int eresting patterns to look for. I'll also detail the thought processes that went into reverse engineering the Kinect's audio protocol. SUMMARY:Reverse Engineering USB Devices STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 2 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4811.en.html DTSTART;TZID=Europe/Berlin:20111228T203000 UID:4811@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:XSS bugs are the most widely known and commonly occurring Web v ulnerability\,but their impact has often been limited to cookie theft and/o r simple actions\,such as setting malicious email filters\, stealing some d ata\, orself-propagation via an XSS worm. In this work\, I discuss practica l approachesfor exploiting XSS and other client-side script injection attac ks\, and introducenovel techniques for maintaining and escalating access wi thin the victim'sbrowser. In particular\, I introduce the concept of _resid ent XSS_ whereattacker-supplied code is running in the context of an affect ed user's mainapplication window and describe its consequences. I also draw analogies betweensuch persistent Web threats and the traditional rootkit m odel\, includingsimilarities in the areas of embedding malicious code\, mai ntaining access\,stealthy communication with a C&C server\, and the difficu lty of detecting andremoving attacker-supplied code. SUMMARY:Rootkits in your Web application - Achieving a permanent stealthy c ompromise of user accounts with XSS and JS injection attacks. STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 1 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4876.en.html DTSTART;TZID=Europe/Berlin:20111227T124500 UID:4876@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Die Meldungen aus Sachsen in diesem Jahr wirkten für alle\, die nicht dort wohnen\, ein bisschen\, als kämen sie von einem sehr weit entfe rnten Stern. In regelmäßigen Abständen werden Dinge bekannt\, die jeweils e inzeln früher zum Rücktritt von Ministern geführt hätten. Funkzellenabfrage \, §129-Verfahren\, die Durchsuchung eines Pfarrers\, Aberkennung der Immun ität eines Fraktionsvorsitzenden wegen Rädelführerschaft: umfassende Krimin alisierung von Protesten gegen Nazis\, und zwar weit bis in die "Mitte der Gesellschaft". Offline-Überwachung und -Drangsalierung sind in Sachsen Allt ag. Der Talk gibt einen Überblick über den Stand der Dinge und warnt davor\ , sich (außerhalb Sachsens) gemütlich schaudernd zurückzulehnen. Denn: Wenn Sachsen damit durchkommt\, setzt das Maßstäbe für andere Bundesländer. SUMMARY:Sachsen dreht frei - On- und Offline-Überwachung: Weil sie es könne n STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 2 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4661.en.html DTSTART;TZID=Europe/Berlin:20111227T160000 UID:4661@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Many prisons and jails use SCADA systems with PLCs to open and close doors. Using original and publically available exploits along with ev aluating vulnerabilities in electronic and physical security designs\, Newm an\, Rad and Strauchs have discovered significant vulnerabilities in PLCs u sed in correctional facilities by being able to remotely flip the switches to “open” or “locked closed” on cell doors and gates. This talk will evalua te and demo SCADA systems and PLC vulnerabilities in correctional and gover nment secured facilities while recommending solutions. SUMMARY:SCADA and PLC Vulnerabilities in Correctional Facilities - Tiffany Rad\, Teague Newman\, John Strauchs STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT0H30M LOCATION:Saal 2 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4767.en.html DTSTART;TZID=Europe/Berlin:20111229T131500 UID:4767@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:This brief session focuses on the visualization of actual secur ity incidents\, network forensics and counter surveillance of covert crimin al communications utilizing large data sets from various security logs and a very brief introduction to correlation engine logic. Visually displaying security or network issues can express the risk or urgency in a way a set o f dry logs or other methods might not be able to. Additionally\, many organ izations rely on a more singular approach and react to security events\, ma ny times from a high false positive rate source such as isolated intrusion prevention or firewall alerts\, or relying only on anti-virus alerts. Utili zing a correlation engine (especially open source) or similar applications could offer a method of discovering or in some cases proactively detecting issues. The research discussed involves analysis and interrogation of fire wall\, intrusion detection and prevention systems\, web proxy logs and avai lable security research. What does a compromised server infected with spam malware look like or cyber warfare? SUMMARY:Security Log Visualization with a Correlation Engine - What's insid e your network? STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 1 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4898.en.html DTSTART;TZID=Europe/Berlin:20111230T171500 UID:4898@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION: SUMMARY:Security Nightmares STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 2 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4754.en.html DTSTART;TZID=Europe/Berlin:20111230T160000 UID:4754@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Advanced metering devices (aka smart meters) are nowadays being installed throughout electric networks in Germany\, in other parts of Euro pe and in the United States. Due to a recent amendment especially in German y they become more and more popular and are obligatory for new and refurbis hed buildings. SUMMARY:Smart Hacking For Privacy STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 3 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4798.en.html DTSTART;TZID=Europe/Berlin:20111229T230000 UID:4798@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:This talk will describe the Sovereign Key system\, an EFF propo sal for improving the security of SSL/TLS connections against attacks that involve Certificate Authorities (CAs) or portions of the DNSSEC hierarchy. SUMMARY:Sovereign Keys - A proposal for fixing attacks on CAs and DNSSEC STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 3 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4817.en.html DTSTART;TZID=Europe/Berlin:20111227T230000 UID:4817@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:The protection landscape is changing and exploits are getting m ore and more sophisticated. Exploit generation toolkits can be used to cons truct exploits for specific applications using well-defined algorithms. We present such an algorithm for leveraging format strings and introduce strin g oriented programming. SUMMARY:String Oriented Programming - Circumventing ASLR\, DEP\, and Other Guards STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H15M LOCATION:Saal 3 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4581.en.html DTSTART;TZID=Europe/Berlin:20111229T113000 UID:4581@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:This talk deals with weaknesses identified in the TOR network p rotocol and cryptography implementation. We manage to take control over use rs using this network and to access all your information and data exchanged despite cryptography. SUMMARY:Taking control over the Tor network STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 3 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4711.en.html DTSTART;TZID=Europe/Berlin:20111227T124500 UID:4711@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Going more retro than the Commodore C=64: The Atari 2600 VCS wa s the breakthrough for video games in your own living room. This lecture wi ll cover a bit of the history on how it came to live\, describes the hardwa re used and shows how to write your own code for it. SUMMARY:The Atari 2600 Video Computer System: The Ultimate Talk - The histo ry\, the hardware and how to write programs STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 2 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4748.en.html DTSTART;TZID=Europe/Berlin:20111229T171500 UID:4748@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:The Best of the oXcars!OXcars is fun. oXcars is empowering the people.Presentation and screening of the best of the oXcars 2011\, 2010\, 2 009\, 2008.Because their business is not our business.Every year\, in Barce lona 1500 people gather for the biggest free/libre culture Show of all time s \;-).Artists and performers from all areas of Spanish and international c ulture take part in a "Gala"\;-) in which artists say "Not in my name" to t he commercialisation of culture\, "Not in my name" to limiting the potentia l of digital media and to criminalization of the Internet. Civil society de mands the 'lost profits' of all the knowledge that is being withheld and st olen from public use in the name of private profits.http://oxcars11.whois-- x.net/en/http://oxcars10.whois--x.net/en/http://oxcars09.whois--x.net/en/ht tp://whois--x.net/proyectos/oxcars-08 SUMMARY:The best of The oXcars - the greatest free/Libre culture show of al l times STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 1 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4848.en.html DTSTART;TZID=Europe/Berlin:20111227T203000 UID:4848@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:The last 20 years of Internet policy have been dominated by the copyright war\, but the war turns out only to have been a skirmish. The co ming century will be dominated by war against the general purpose computer\ , and the stakes are the freedom\, fortune and privacy of the entire human race. SUMMARY:The coming war on general computation - The copyright war was just the beginning STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 1 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4856.en.html DTSTART;TZID=Europe/Berlin:20111230T140000 UID:4856@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:All the talks i saw about SE so far just showed which good SE's the speakers are. I try to do another approach\, what if i get in and don' t know what to do then. The talk is about the reconn. before the assessment \, the different approaches of SE. Which techniques can one use\, how to do a proper intel. and what is useful. How things work and more important why . Which skill set should one have before entering a engagement. And last bu t not least how do one counter a SE attack. SUMMARY:The engineering part of social engineering - Why just lying your wa y in won't get you anywhere STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 2 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4710.en.html DTSTART;TZID=Europe/Berlin:20111229T203000 UID:4710@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:The lessons and best practices of the titanic will be extracted . Are we ready?This will be a co-presentation (Jean-Jacques Quisquater / Da vid Samyde) and occasional friendly exchange\, with point and counter-point of different contrasting views on the impact of solving integer factorizat ion and some other difficult problem in cryptography.The idea is to perform a provocative comparison between the 'unbreakable' RSA algorithm and the u nsinkable Titanic.Receiving his RSA Conference Lifetime Achievement Award\, Rivest said that it has not been demonstrated mathematically that factoriz ation into primes is difficult. So “Factoring could turn out to be easy\,” and according to him “maybe someone here will find the method”.Since 1994 a nd Shor's algorithm\, the danger of quantum computer is known: breaking RSA in polynomial time. Factoring large numbers is conjectured to be computati onally infeasible on classic non quantum computers. No efficient algorithm is known and the research in the last 30 years did not show enormous progre ss.Iceberg existence is predicted but not shown yet.According to Rivest a v ariety of alternative schemes have been developed in the decades since RSA was published\, and a new system could probably be adopted quickly.This rel ies on solving factorization only\, but several other cases can be consider ed\, in some of them the action to replace RSA with a new algorithm could r equire more work than initially planned (solution to discrete logarithm).Ma naging the risk and the threat of the resolution of any major problem used in cryptography is crucial. This presentation challenges the conventional t hinking using lessons learned from history.RSA users are everywhere so what could be the consequences of a break in the real world? What were the erro rs made on the Titanic? Can the best practices used be improved or just tra nslated into a new scheme? What would be the impact of solving the RSA assu mption on cryptography?The outline is:History of factorizationTitanic prime s and RSA keysComplexity\, classes of algorithms and practical costsRisk an alysis and Threat managementProbability estimation and proactive monitoring From best to worst caseBest methods and lessons learnedMultiple scenari(Im) possibility of accurate predictionWhat to expect and how to be readyConclus ionAndrew Grove\, former CEO of Intel said "Only the paranoid survive". For ecasting the presence of a strategic inflection point is hard. What to expe ct at the time of the next major cryptanalysis breakthrough? What history t eaches? What remains to be done? Are we ready? SUMMARY:The future of cryptology: which 3 letters algorithm(s) could be our Titanic? - RMS Olympic\, RMS Titanic\, HMHS Britannic vs Discrete Logarit hm\, Integer factorization\, Conjectured hard problems STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 1 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4751.en.html DTSTART;TZID=Europe/Berlin:20111229T203000 UID:4751@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Though hackers prefer being indivualists\, a strong relationshi p towards Culture industry makes hacker culture a source and product at the same time. While you can laugh about most Hollywood movies presenting ster eotypical hackers\, you shouldn't ignore the influence they have. "And with the 1983 release of the hacker-thriller movie War Games\, the scene explod ed. It seemed that every kid in America had demanded and gotten a modem for Christmas"\, Bruce Sterling wrote in "The Hacker Crackdown". SUMMARY:The Hack will not be televised? - Hacker in Movies STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 3 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4753.en.html DTSTART;TZID=Europe/Berlin:20111227T183000 UID:4753@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:We are members of Alternatif Bilişim Derneği (Alternative Infor matics Association)**\, one of many organizations that oppose the ongoing e fforts for state-controlled Internet in Turkey. We see that the problems wi th media control in Turkey and in Europe are increasingly becoming part of a global problem. The governments are working on their own view of a 'secur e' Internet\, and we have to articulate and suggest an alternative.In our t alk we want to give an account of our anti-censorship movement and the chal lenges we face in Turkey. We will first provide an overview of the politica l events\; sanctions\, censorship regulations and attempts of resistance in the country. Then\, we will point out the main problems we face in making use of laws and technology against state control. We would also like to use our presentation as an opportunity to meet people at the CCC with similar affinities and to learn from their experience. We see a great need to creat e global networks and communities to articulate an alternative message\; th e Internet as the peoples’ media. SUMMARY:The movements against state-controlled Internet in Turkey - A short account of its history and future challenges STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 1 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4763.en.html DTSTART;TZID=Europe/Berlin:20111228T160000 UID:4763@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Why is the overwhelming majority of common networked software s till not secure\, despite all effort to the contrary? Why is it almost cert ain to get exploited so long as attackers can craft its inputs? Why is it t he case that no amount of effort seems to be enough to fix software that mu st speak certain protocols? SUMMARY:The Science of Insecurity STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 2 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4640.en.html DTSTART;TZID=Europe/Berlin:20111228T183000 UID:4640@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Timing side channel attacks are non-intrusive attacks that are still widely ignored in day-to-day penetration testing\, although they allo w attackers to breach the confidentiality of sensitive information. The rea son for this is\, that timing attacks are still widely considered to be the oretical. In this talk\, I present a toolkit for performing practical timin g side channel attacks and showcase several timing attacks against real-wor ld systems. SUMMARY:Time is on my Side - Exploiting Timing Side Channel Vulnerabilities on the Web STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 2 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4802.en.html DTSTART;TZID=Europe/Berlin:20111229T214500 UID:4802@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:The "European Great Firewall" was the way that European civil r ights organizations has addressed the proposal to create a "single European cyberspace". Surely other lectures will describe the technicalities of the proposal. This lecture will go beyond that\, describing a vulnerability th at the proposal reveals in the power structures of the European and world g overnance\, that could be exploited by the hackerdom if the war is understo od as a value to be avoided. SUMMARY:Towards a Single Secure European Cyberspace? - What the European Un ion wants. What the hackerdom can do.. STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT0H30M LOCATION:Saal 2 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4869.en.html DTSTART;TZID=Europe/Berlin:20111229T143000 UID:4869@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Herkömmliche Festplattenverschlüsselungen legen notwendige Schl üssel im RAM ab. Dadurch sind sie schutzlos Angriffen wie Cold-Boot Attacke n ausgeliefert\, die auf den Arbeitsspeicher abzielen. TRESOR bietet Schutz gegen solche Angriffe. SUMMARY:TRESOR: Festplatten sicher verschlüsseln STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 2 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4713.en.html DTSTART;TZID=Europe/Berlin:20111227T203000 UID:4713@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Starting with the history of birth-registration an overview on the historical regimes of naming and identifying people from the 15th to th e 20th century is given. the talk will show examples of the different ident ity media through time and their standardization with the rise of the Westp halian nation state and the subsequent developments after the French Revolu tion and during the 20th century. The goal of the talk is to show the compl exity of the phenomenon of personal names and their media and the need for an informed debate on who and how naming and identification in the digital age is achieved. SUMMARY:What is in a name? - Identity-Regimes from 1500 to the 2000s STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 2 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4700.en.html DTSTART;TZID=Europe/Berlin:20111227T124500 UID:4700@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:This talk will be about the WhiteIT project\, initiated by Mr S chünemann\, German Minister of Interior in the state of Lower Saxony.The Wh iteIT project is concerned with combating the online-distribution of child abuse material. WhiteIT tries to develop tools and processes to cooperative ly suppress the disemination and (re-)distribution of said material.During the Talk the lecturer will try to encourage some open source intelligence. So please consider bringing a laptop\, netbook or tablet with you to help g ather and collect certain informations right away. SUMMARY:What is WhiteIT and what does it aim for? - Why you probably want t o be concerned about it and similiar alliances. STATUS:CONFIRMED END:VEVENT BEGIN:VEVENT DURATION:PT1H00M LOCATION:Saal 3 SEQUENCE:0 URL:http://events.ccc.de/congress/2011/Fahrplan/events/4707.en.html DTSTART;TZID=Europe/Berlin:20111230T113000 UID:4707@28C3@pentabarf.org DTSTAMP:20120107T203730 CATEGORIES:Lecture DESCRIPTION:Software is becoming more and more important in organizing resp onse to all kinds of crises\, whether that means activists responding to an unjust government or aid workers helping with the aftermath of a disaster. Security often isn't the first thing people think about in these situatio ns -- they have work to get done\, just like the rest of us\, and many of t hese tools are built in the heat of the moment. In a crisis\, a lack of se curity can make a small disaster into a big one. In this talk\, we'll look at real world experiences of the security and privacy problems in the fiel d\, and how to fix them\, at both large and small levels. SUMMARY:Your Disaster/Crisis/Revolution just got Pwned - Telecomix and Geek s without Bounds on Security and Crisis Response STATUS:CONFIRMED END:VEVENT END:VCALENDAR