- Lightning Talks are short lectures (almost) any congress participant may give!
- Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick!
The Lightning Talks at the 30c3 were the best yet! We need your help to make them even better next year. Please e-mail firstname.lastname@example.org to get in touch with the coordinators who put together next year's session.
- Pad with timestamps: https://c3notes.grus.uberspace.de/doc/lt-day2
|01:58||Be a Chaos Mentor||Nick Farr||EN||A quick discussion about the awesome Chaos Mentor program!||Chaospatinnen on the Wiki||Slides|
|Hacking With Care||Emily||EN|| Hacking (with) care is a versatile, collaborative initiative which purpose is to bring balance, embodiment, body & soul awareness and care to the hackers' communities, living by the shared ethics of goodness for all, joyful creativity, freedom and sharing of knowledge.
||Hacking with Care, Hacking (with) care, 30c3 LQSN Assembly||Slide|
|Wir werden alle überwacht. Und nun?||Mspro||DE|| Der Fall ist eingetreten, mit dem viele von uns gerechnet haben. Wir werden ständig und allumfassend überwacht und es sieht nicht so aus, als könnten uns Crypto oder Politiker davor bewahren.
Diese Tatsache hat auch schwerwiegende Auswirkungen auf den Aktivismus gegen Überwachung. Wie können wir gegen Überwachung kämpfen, wenn eh alle wissen, dass sie überwacht werden? Werden sich die Menschen zum Beispiel trotz NSA noch gegen die Vorratsdatenspeicherung mobilisieren lassen?
Die Überwachungsdebatte tritt in eine neue Phase ein, in der es nicht mehr um das Bit "überwacht/nicht überwacht" gehen kann, sondern wo Überwachung differenziert betrachtet und qualitativ eingeordnet werden muss. Dazu will ich ein paar Vorschläge machen.
|Snake: a privacy-aware online social network providing anonymity of data at rest||Aleclm||EN||An end-to-end encrypted social network that is easy to use and protects your privacy from evil hackers, storage providers and overly curious government agencies.||Website Fundraising campaign Full design document||Slides|
|Secure eMail Storage with qpsmtpd + GPG||Byterazor||EN||Because of the current actions against secure eMail providers in the USA (for example Lavabit) eMail security gets more and more important in the world. The current implementations of MTAs, POP3 and IMAP Servers do not provide a secure eMail storage. Adding such a secure storage is not trivial, because the encryption keys have to be stored at the eMail provider, enabling organizations to get hold of this key and decrypt the eMail. To prevent this, an asymmetric encryption standard has to be used. The eMail provider encrypts incoming eMail with the recipients public key and the recipient, after downloading the eMail, decrypts it with his private key. This talk presents a plugin for the QPSMTPD SMTP server, which does exactly this. Every incoming email is encrypted with the recipients PGP public key in the PGP-Mime standard, if this key is locally available and trusted. After encryption the eMail is forwarded by SMTP to the backend Mailserver. This method can easily be adapted to any other queuing plugin for the QPSMTPD daemon.||QPSMTPD GPG Plugin||Slides|
|Online Footprint - An experiment in privacy||Hiromipaw||EN|| While social media are increasingly opening up new possibilities for users to share and interact with people and content online, it has also become apparent that, as networking systems evolve and online interactions become more frequent and complex, it is always more difficult to retain control over our online footprint.
This work is hence concerned with the modelling the user online footprint as a result of the aggregate activity collected across different services online, calculating the risk that a user can be subjected to a particular attack, hence profiling known attacks, and finally helping the user to maintain a desired online footprint by adopting certain privacy enhancing techniques.
|Web 3.0 - reconquest of freedom on the Internet - a social movement?||Klaus Wallenstein||DE|| The protest against the total surveillance on the Internet fizzles been ineffective. Still, data are skimmed off by intelligence agencies and Internet companies masse.
Why it has not yet come to political progress? What should change in the future so that society and politics finally respond appropriately to the problem?
|Getting more out of Java Stacktraces||Snakebyte||EN||This talk presents a database which allows to use Java stacktraces for web application and framework version fingerprinting||TBA||Slides|
|Investor-to-state Dispute Settlement: A Threat To Democracy||Ante||EN||Investor-to-state dispute settlement (ISDS) gives multinationals the right to sue states before special tribunals if changes in law may lead to lower profits than expected. Multinationals can challenge environmental policies, health policies and reform of copyright and patent law. A growing number of civil society groups see ISDS as a threat to democracy.||ISDS Project Page||Slides|
|hPDB - the fastest Protein Databank parser is written in Haskell||Miga||EN||hPDB is a parallel Protein Databank parser written in a lazy functional language Haskell. According to current benchmarks it is among the top three parser when used on a single core, and outclasses other parsers when used on quad-core. Is it sign of a new future for both Haskell, and parsing?||GitHub, biohaskell.org, BioHacking Assembly||Slides|
|DIY Bookscanner everywhere||Benjamin||EN|| I will present the DIY Bookscanner of Dan Reetz, along with the book scanning communities of the world.
We will show how the machine works, why you should build your own, how you can spread knowledge and culture all over the world Come to La Quadrature du Net's tea house for a demonstration, and to scan your own books !
|30c3 BookScanner Project, diybookscanner.org (en), bookscanner.fr (fr)||Slides|
|How to organize a (traveling) conference||Yana, Krokodilerian||EN||How to organize a traveling conference in a small country (Bulgaria) on IT/hacking topics, with a very low budget, with the idea to educate the people, to show new things, to give them something to research and advance their own projects. Everything was recorded and streamed in real time.||, , , , ||Slides|
|Holy $417! Watch these ordinary people encrypt their emails.||Kinko||EN|| Kinko provides email encryption
Kinko believes: What is in your email concerns only you and the persons you write to. Period. Even in times of NSA and Tempora surveillance programs strong crypto still works - whenever we use it. Let's build the tools to make it a breeze to use -- for everyone!
|kinko.me, Kinko Project Page||Slides|
|Take action on digital human rights!||Amnesty||EN||This is (as far as we know) the first time Amnesty International is present at the Chaos Communication Congress. In the past, Amnesty has been a bit hesitant to approach the issue of human rights in the digital world in a consistent manner. We at Digital@Amnesty, an evolving new task force, would like to finally change that and use the opportunity of being here to briefly introduce the concept of our work. At the same time, we want to get in touch with all those of you who feel a need to take action, and call upon other NGO's active in this field to join forces with us.||Day 3 Talk, Amnesty International, Amnesty International - Take Action on Digital Human rights||Slides|
|Light Painting with LED Stripes||Bigalex||EN||Light painting with LED stripes is fun! This talk presents a light painting tool based on the LightScythe by The Mechatronics Guy. Some improvements were added to provide easier setup and handling in the field, e.g. a web interface to control settings with mobile devices and on-device image preprocessing. The intention of this talk is to lure some photographers into a light painting session outside the CCH.||Self Organized Session, GitHub Page||Slides|
|Bitford, a streaming BitTorrent client for Chrome||Astro||EN||This talk will present Bitford, a BitTorrent client with novel features. Piggybacked on Chrome, it runs on many OS platforms. Because browsers feature A/V playback capabilities, it turns BitTorrent into a true YouTube killer by allowing playback while still downloading.||GitHub, Bitford on Chrome Web Store||N/A|
|palava: Encrypted P2P conferences on the web||Farao||EN|| palava is a complete free & open source software stack for video and audio conferences with an instance running on
palava.tv - for everybody to use and hack on!
|palava.tv, Blog github||Slides|
|ScreenInvader. Social TV.||Kallaballa||EN||Ever wished you could play media content from your laptop or smart phone on a TV set, screen or projector in just an instant? This is what ScreenInvader helps you do: browse the web, watch videos or flip through images together with your friends on a big screen with just a few simple clicks.||Github, Main Site||Slides|
|KittenGroomer: The agnostic USB sanitizer||Rafiot||EN||This project aims to be used by someone receiving a USB key from an untrusted source and who want to see the content you do not know what is on it without opening the original and potentially malicious files.||KittenGroomer, GitHub, Project Page||Slides|
|A/I kaos translation! it.de||Hlg||EN||The italian tech collective and media activism group A/I has written down its history in a book. We are about to translate the book straight into german language. The talk presents the translation project and woos further contributors.||Main Site||Slides|
|Why is anything the way it is?||Srinivas||EN||Before we change how our societies work, shouldn't we first understand how they actually work? Those who benefit from the structure of the present system seek to limit public comprehension of the social system. Let's use the tools we used to understand physical systems to understand, and then to change how our social systems work.||srinivas.gs||Slides|
|GNU Naming System Key Exchange Party @ 30C3||Docmalloc||EN||GNS, the GNU Naming System, is a decentralized, censorship resistant and secure naming system. Every user manages his own namespace and can access other users name using a delegation system. In the context of the "Youbroketheinternet" workshop and the panel discussion about secure naming systems we provide the possibility to directly get to know GNS. We organize a GNS key exchange party at 30C3 where users can get business cards containing their GNS information and exchange with other GNS users.||GNS project page, You broke the internet!||Slides|
- Pad with timestamps: https://c3notes.grus.uberspace.de/doc/lt-day3
|HOPE X in NYC||mlc||EN||Why you should come to HOPE X in New York City July 18-20||Website||Slides|
|uProxy||Keroserene||EN|| uProxy is an experiment allowing users to easily and securely proxy through or for their friends. Available as a browser extension and eventually on mobile devices, uProxy seeks to improve the current state of proxies via trust, scalability, and most importantly, usability. The project was seeded by Google Ideas and currently in development. It will be open source.
|cctvmap - mapping the surveillance||Dp||EN||Let's build a wiki map for people to collect with an android app the surveillance in your neighborhood||Alpha map version, cctvmap.org, coming soon, Cctvmap||Slides|
|rpi smartMetering - how raspberry pis and nerds will save the world||Docjoe||EN||I bought an raspberry pi at 29c3 and built my own smart meter. I learned that my house consumes too much energy when doing nothing. And I learned, that now everybody can check how many slices I toast in the morning (reality). All of this inspired me to cook up my own homegrown micro-powerplant (just an idea yet). Then I started thinking about a simple need driven decentralized electric prower grid. Then I thought about a new world currency coupled to energy rather than gold and now I'd like to talk about it before someone silences me...||Ahoj Senn||Slides|
|r0ket-based wireless keyboard sniffing||Sec||EN||Playing around with the nrf24l01p, the rf chip of the r0ket which is also used by the MS wireless keyboard.||r0ket.de, r0ket GitHub||Slides|
|How can regulators and hackers cooperate to strengthen Internet privacy?||Achim||EN||Data protection authorities, other regulators and legislators invest considerably in defining and interpreting legal rules for the protection of individuals’ fundamental rights of personal data protection and privacy. At the same time, developers of internet tools and applications unaware of the risks to privacy and data. If these two trends continue to diverge, there is an increased risk that the actual privacy of individuals will become substantially less protected. This talk is meant as an invitation to developers to discuss how this separation can be overcome.||European Data Protection Supervisor Homepage||Slides|
|Hacker Culture Noise Cancellation||Stitch||EN||Dare to look at yourself differently, this can be fun, confronting and educational.||Slides|
|Firebird/interbase database engine hacks or RTFM||Gifts||EN||Couple techniques to exploit remote command execution in Firebird with exposed port||Slides|
|So I discovered that my HP laptop…broadcasts||Shinji||EN||We took a look at some HP Elitebooks||Slides|
|Einigkeit für Recht und Freiheit - Für eine gemeinsame Bewegung gegen Überwachung||Ramses||DE||Seit Edward Snowden seine Enthüllungen begonnen hat, gibt es auch in Deutschland eine breite Front von Organisationen, Initiativen und Einzelpersonen, die sich gegen die zunehmende Überwachung wenden. Dieser breite Protest ist jedoch sehr zersplittert. Es gibt viele Einzelinitiativen, die zu großen Teilen nicht zusammenarbeiten. Vielmehr gibt es sogar erhebliche Differenzen zwischen den Gruppierungen, obwohl die Ziele oft nahezu deckungsgleich sind. Aktionen der anderen werden kritisiert, man streitet über unwesentliche Details. In diesem Lightning Talk Rant möchte ich aufzeigen, dass das anders werden muss und die verschiedenen Initiativen und Organisationen vereint auftreten müssen, wenn wir das erreichen wollen, worum es uns letztlich allen geht: Recht und Freiheit.||Einigkeit fuer Recht und Freiheit!, StopWatchingUs Heidelberg||Slides|
|Open Source Redaktion||Pingunine||DE||Anforderungen an ein modernes Open Source Redaktionssystem||Slides|
|3D printer & Art: More Than Just a Tool||Obelix||EN||Some ideas and examples on how to make art with a 3D printer/scanner where the printer/scanner is more than a simple tool for creating objects. Because of the unique possibilities and characteristics the 3d printer becomes itself part of the artwork it is creating.||Example project: Exhibition in Moscow||Slides|
|Fenrir: Transport, Encryption & Authentication||Luker||EN||Fenrir is a UDP-based transport protocol which combines ideas from SCTP, QUIC and other protocols, adds encryption (not based on SSL), uses DNSSEC for trust and pubkey management, implements federated authentication and much more.||fenrirproject.org||Slides|
|Unboxing the Fairphone||Henk||EN||We will unbox one of the first fairphones, a seriously cool smartphone that puts social values first, based on open design principles/fairtech.||fairphone.com||Slides|
|Maximizing the speed of time based SQL injection data retrival||Arnim||EN||This talk features several new ideas on how to speed up data retrieval using time based blind SQL injection (SQLi). It's important to realize the difference between boolean based SQLi and time base SQLi. and why the later has more in common with “What's My Line?” aka “Heiteres Beruferaten” than binary search. Just applying this knowledge to sqlmap resulted in a speed increase of 20% with a patch of 10 lines of code. Password hashes can be retrieved even faster by narrowing down to hex-digits.||(Some presented ideas will go into sqlmap.org)||Slides|
|pribook.com: The most easiest way to encrypted communication||Finn||EN||Most people fail to establish secure communications. Therefore pribook.com is an approach to gain asymmetric encryption from user to user, without the need for installing a program or store keys. It is a social network service with build-in RSA encryption which is executed in the web browser. In this lightning talk I will give a brief summit to gain attraction for our self-organized-session. We are looking forward to find some people who want to join us, to start this idea as a non-profit open-source project.||pribook.com, Self Organized Assembly||Slides|
|DetecTor.IO||Kaie||EN||DetecTor is an open source project to implement client side SSL/TLS MITM detection, compromised CA detection and server impersonation detection, by making use of the Tor network.||detector.io||Slides|
|"Yeah, it looks nice... but why are you doing this?" or "Why Demo Coding?"||SvOlli||EN||Showing a friend of mine a demo I was working on, I got the question: "Yeah, it looks nice... but why are you doing this?". I'll try to find at least three different answers in five minutes.||Atari 2600 VCS Hacking||Slides|
|PHDays Labyrinth: The Hacker Disneyland||Yuri Goltsev||EN||The Labyrinth at Positive Hack Days is a real life hacking attraction. During only one hour the participants of the competition are to get over the laser field and motion detectors, pick some locks, clear the room of bugs, defeat artificial intelligence, and disarm the bomb. To get through the Labyrinth, you will need some skills in dumpster diving, lock picking, application vulnerabilities detection, social engineering, and of course, there is no way without mother wit and physical fitness.||PHDays III on YouTube||Available afterwards|
|Associated Whistle-Blowing Press: First release of files||Hieroph4nt||EN||AWP's first release of sensitive materials providing evidence of corruption and malpractice.||Associated Whistle-Blowing Press||Available afterwards|
- Pad with timestamps: https://c3notes.grus.uberspace.de/doc/lt-day4
|DHCXSSP||Momorientes||EN||I'll show you how to break webinterfaces of multiple (enterprise) access points using dhcp as my only tool.||Pwnage||Slides|
|Email encryption for the masses||Ciphersheep||EN||Encrypted email has been around for ages, but most people still don't use it. One problem is that Google, Microsoft, Yahoo, and others want to keep mining your inbox for juicy data, and are thus not interested in pushing proper email encryption. Another important problem is that current solutions are difficult to use. We will look at how get email encryption ready for the masses.||TU Darmstadt Staff Page||Slides (final)|
|180 SECOND EXPRESS ROUND BEGIN!|
|The Free Software Song||Mquintus||EN||Abstract: Join us now and share the software; You’ll be free, hackers, you’ll be free. Join us now and share the software; You’ll be free, hackers, you’ll be free.||Free Software Song Session, YouTube Link, gnu.org||Slides|
|BalCCon 2k14||Jelena||EN||BalCCon 2k14 - : Balkan Computer Congress has been conceptualized as a two day gathering of the international hacker community in the organization of LUGoNS – Linux users of Novi Sad. The first part of the program has been envisaged to be a set of presentations, workshops and lectures on the current topics regarding privacy, technology, software development, free software & socio-political issues. Our goal is to gather all the communities from the region, continent and the World in an effort to hack, play, learn, pass knowledge and exchange experience.||balccon.org||Slides|
|The freedom of total control?||Nakaha||EN||Never before in history surveillance of public and private space and thoughts was so comprehensive like nowadays but oddly enough never before people cared less about being surveilled. I want to introduce a provocative idea that might explain this observation: total control leads to total freedom. I hope that further discussion may result in a better understanding of public ignorance and in better ways to mobilize people against their surveillance.||Slides|
|Octoprint: An RPi printserver for 3D printers||Obelix||EN||Octoprint gives you a web-based control and monitor interface for your 3d printer. You're sitting on the couch too lazy to get up? Use Octoprint with a mobile device over WiFi...||octoprint.org||Slides|
|How to Write an Open Textbook over a Weekend||JoonasD6||EN||A group of Finnish mathematics enthuasiasts hooked together a year ago write a Creative Commons high school textbook over a weekend. The concept was a success and has since extended into a charming project where we've begun to set our sights into writing all the necessary school books - freely available for everyone to use, modify and distribute. Wanna know how it worked? Wanna duplicate our textbook hackathon in your country? Here's how.||Creative Commons Blog, oppikirjamaraton on Facebook, Finnish Link||Slides|
|MSH (MPI-Shell)||SreeTotakura||EN||MSH is a project for providing remote access between nodes of high performance computing systems where SSH is often unavailable or restricted by the administrators.||MSH Documentation,||Slides|
|Foundation of the European Pirate Party (PPEU)||Zombb||EN||Purpose, agenda and foundation process of the PPEU||ppeu.net||Slides|
|cape: Component Architecture for Python Environments||Riot||EN||A flashtalk about Hackerfleet's cape project, which is an opensource, component-based and flow oriented architecture for Python programmers.||IRC, Trac||Slides|
|$417 Appens||Johnjohndoe||EN||The $417 Appens project aims to track the state of restrooms. Our goal is to instantly see which toilet is used, and which is free. Is the toilet paper nearly gone? Send a push message to the responsible person. Three toilets - which toilet is the most visited toilet? What is the average toilet time? How much cost a toilet visit? Any many more statistics.||github||Slides|
|Hacking your car dashboard LCD||Derpston||EN||Taking control of the general purpose LCD on your car dashboard - reverse engineering, decoding existing data, generating new data, tidying it up into a reusable package for others.||Audi radio DIS reader github, Linux RPI Audi DIS github||Slides|
|Fairnopoly: The online marketplace for all.||Tschakki||DE|| As a social enterprise Fairnopoly want a fair alternative to the existing major online marketplaces offer. Our Marketplace virtually any kind of articles and services offered be. Fairnopoly is organized as a cooperative and is characterized thanks to three core elements:
||Marketplace, Blog, github, Current crowdfunding campaign||Slides|
|Hvernig gengur Islandi Tvo (What's the status Iceland 2)||W03||EN||It's been one year since we last looked at the situation in Iceland, some things have changed some things have gotten better, some worse, come hear the truth or a close approximation to it.||Slides|
|Source: Internet? There must be a better way||Leena Simon||EN||Imagine you could take an image licensed under an open license such as Creative Commons, insert it into your work, and have attribution and license information be automatically included in your work. This would save you from having to keep track of this information yourself, to make using openly licensed works as easy as publishing them.||Commons Machinery||Slides|
|Easy PGP Key Sharing||Bnvk||EN||The sharing of public keys is hard, verifying them is even harder- especially for average people. The goal is to make the process as easy exchanging business cards or sending a friend requests on Facebook. Utilizing PGP fingerprints and QR codes we may propose a simple and elegant solution!||mailpile.is||Slides|
|So you want to write a Tor pluggable transport||N/A||EN||How to get started writing censorship-resistant transports for Tor.||Pluggable transports home page, Tor wiki page||Slides|
|Umweltzone / Low emission zone||Johnjohndoe||EN||The Umweltzone app for Android allows to look up the actual position and path of the low emission zone for individual cities. The open source project uses data published by the government as well as crowdsourced OpenStreetMap data. The app is published in German in the current version 1.1.0 but will be localized soon.||Umweltzone||Slides|
|CONFidence Introduction||Jabss||EN||An introduction and invitation to a CONFidence Conference held annually in Krakow.||CONFidence||Slides|
|180 SECOND EXPRESS ROUND END!|
|Awesome Retro: Retrogaming Community and your Donations||Stitch||EN||Looking what the Awesome Retro community does and how you can help.||Awesome Retro Dot Com||Slides|
|P.O.S.T.: Physical Objects Sneaker Transport||Inj4n||EN||I will present an ongoing project to establish digital support for crowd-based transportation of physical objects on co-presence networks. The project applies communication network protocols to the world of physical objects, essentially creating anonymous, hard to censor transportation.||P.O.S.T. Project||Slides|
|Iteratees in C||Pesco||EN|| "Iteratee I/O" is a concept for structuring the processing of data streams in a fashion that makes it modular, cleanly composable, and amenable to reasoning while not significantly impacting. As such it helps program robustness and security.
A successful full-scale implementation would open the technique to a wide range of security-critical code.
|tor2tcp||Mzeltner||EN||or … <erno> hm. I've lost a machine.. literally _lost_. it responds to ping, it works completely, I just can't figure out where in my apartment it is.||poum.niij.org||Slides|
|Bitcoinproof: Digital notary, secured by the bitcoin network||Vog||EN||Bitcoinproof creates a forgery-proof timestamp for your data, secured by the bitcoin network. This enables you to prove that a certain event happened before a certain point in time, without trusting any central authority. So you can use the bitcoin network as a digital notary service!||Bitcoinproof demo page||Slides|
|Teckids: Why children need an open source community||Natureshadow||EN||Community projects settled around free standards, privacy and security have been taking rapid movement throughout the last years. But why is it also important to bring this movement to kids and teenagers?||teckids.org, Teckids||Slides|
|bettercrypto.org: The definitive guide to applied crypto hardening||MacLemon||EN||Deploying good crypto correctly is complex. This guide gives you all the details you want and the config to copy/paste. It's creation process is completely transparent and the the contents are heavily peer reviewed by experts in the field.||bettercrypto.org, 30c3 Project Page||Slides|
|NSA-like Surveillance by a Third World Country||Musalbas||EN||A look into how the Tunisian government surveilled the social media and email accounts of its citizens during the Tunisian revolution of 2011.||Pastebin Remove Tunisian government phishing scripts||Slides|
|sharingsecrets: a tool for sharing and distributing passwords||someName||EN||A call for paticipation for further development of a passwordmanager, which allows to share and distribute passwords||Website||Slides|
|ddserver: A server-side dynamic DNS service||Major||EN||ddserver is a server-side application for dynamic DNS management. It allows you to specify hostnames (subdomains) inside a dynamic DNS zone, and to update the IP address of those hostnames using a dynamic update protocol (no-ip protocol). This enables you to access hosts with dynamic IP addresses by a static domain name, even if the IP address changes.||ddserver||Slides|
|The Legislative Process: How It Is Failing Everyone But the Rich||Valkyrie||EN||After a dramatic event that shook the hacker community in January, I began a quest to change draconian computer laws. In our effort to bring the bring the hacker community together, I encountered surprising obstacles. In this talk, I will cover the obstacles that we encountered and will briefly cover ideas that we've put together to address some of these obstacles.||forkthelaw.org||Slides|