27C3: We come in peace (2010)

We Came in Peace: Event Recordings Available!


It’s only been a few days since the close of the 27c3, but much of the conference is ready to download. Credit goes in no small part to the FEM, who did a really tremendous job during the conference and continue their hard work getting Official Releases of the talks ready to go.

If you enjoyed the streams and the recordings of the talks, consider supporting their efforts to purchase updated equipment to improve the image quality and transmission path for future events.

Did you really love certain events? Weren’t so excited about others? Let us know! You can leave feedback via the Fahrplan. …

Crypto Talk at 27C3: New Key Recovery Attacks on RC4/WEP, Day 4, 17:15, Saal 2


The RC4 Stream Cipher could be the most common stream cipher used on the Internet. RC4 is the only Stream Cipher which is standardized for the SSL/TLS protocol, it is also used for WEP and WPA protected wireless networks. Initially, RC4 was designed to be a closed source commercial product, with the core algorithm kept secret. In 1994, the source code for RC4 was posted on the internet and the algorithm could be analyzed.

The first attack on RC4 was published by Fluhrer, Mantin, and Shamir in 2001. The attack is very effective, but can only be used against certain keys starting with a special …

Hackcenter project: Django


Django is a high-level Python Web Framework that encourages Rapid Development and clean, pragmatic design. It is known for it’s extensive documentation. Django is Open Source Software (BSD license).

As a Full Stack Framework it gives you the option to define your data models as Python classes and access them via a powerful ORM. The automatic admin interface makes it easy to …

Hackcenter project: i3


i3 is a tiling window manager, that means it configures your windows to use the whole available screen space. It was written from scratch with focus on clear and well-documented code. Additionally, a lot of documentation like the User’s Guide or a Hacking Howto is available. i3 is fast, easy to use and configure, features full unicode and decent multi-monitor support.

Two of the core developers are traditionally attending the Chaos Communication Congress and are in the hackcenter (the 4-person table in the middle of the hackcenter, watch out for the i3 poster), ready to answer your questions, …

Crypto Talk at 27C3: FrozenCache – Mitigating cold-boot attacks for Full-Disk-Encryption software, Day 3, 23:00, Saal 2


Cold BootsAs a general attack against encryption software on a computer, the cold boot attack was presented at 25C3. To encrypt data on a PC, many programs store the encryption key in RAM. The key is usually derived from a password or loaded from the hard disk where it is protected by a password too. The key resists as least as long as the encryption operation take in RAM. For many applications like Full-Disk-Encryption or Email Signatures, it is convenient to keep the key permanently in RAM, once it has been loaded, so that the user doesn’t need to enter his password again and again.

To protect the key …

Speaking of: Intercensor – Internet Censorship Game


In the past years there was a lot of discussion about internet censorship. To get an actual impression of how censorship may be implemented and what methods of circumvention are possible, we created the Intercensor Project. Your task is to bring your laptop, connect it to our special switch and choose a challenge to solve. We provide several levels of difficulty and various methods of censorship, so that you can play around with many ways of circumvention.

We invite you to visit our table at the Hackcenter (in the back, near the elevator), try the game and give us feedback.

Let’s encrypt and authenticate the whole internet.


An average internet user who has to deal with cryptography: big problem. An average programmer who has to secure his protocol with cryptography: a much bigger problem. Practically, because not every programmer cares much about cryptography. Theoretically, because it is sort of a bad design if everyone implements it in their own piece of software.

Last year, fefe and erdgeist showed impressively how hard it is for a programmer to create a socket, let alone open a connection to another machine on the Internet. Today, as a programmer, you also have to encrypt your connection; you have to …

Crypto Talk at 27C3: High-speed high-security cryptography: encrypting and authenticating the whole Internet, Day 2, 20:30, Saal 1


High SpeedAs many of us know, the whole internet should be regarded as an insecure place. At every place where your internet traffic passes by, it can be modified, suppressed or recorded. Daniel J. Bernstein will show us how you can prevent this from happening:

This talk will present a different approach to high-security Internet cryptography. This approach is easy for users, easy for system administrators, and, perhaps most importantly, easy for programmers. The main reason that the approach has not been tried before is that it seems to involve very slow cryptographic operations; this talk will show …

Today at 18:30: The concert in Saal 1.



This morning, a concert grand (see photo) was delivered to the stage of Saal one for a special event today: Starting at 18:30 hrs, Corey Cerovsek, Alex Antener and Julien Quentin will be giving a classical concert.

They will be playing pieces from many different composers, including Lennon, Bernstein (Leonard probably; Dan Bernstein can be heard one hour later in the same Saal ;-), Mozart, Liszt and Paganini, to name a few. But there’s more:

In this very concert copyright and public domain issues will be discussed—and a (musical) answer will be given: what would classical music sound like if …

Crypto Talk at 27C3: Is the SSLiverse a safe place? Day 2, 16:00, Saal 2


SSL/TLS is the standard when it comes to securing HTTP traffic on the internet. The authenticity of a web server is usually secured using a X.509 certificate digitally signed by a trusted certification authority (CA). All major web browsers come with a list of CAs preinstalled they assume as trustworthy. Every website can be signed by any of these CAs, so no web browser would show a warning, if www.dod.gov would be signed by a Chinese certification authority or the Deutsche Telekom.

ObservatoryTo examine the usage of X.509 certificates for SSL/TLS, the EFF installed a SSL Observatory:

The SSL …

Update on Hash Tags for Peace Missions


To relay a question to the Mission Angels in each talk, use the following Twitter hash tags without dashes:


If you’d like to help, you can sign yourself up for Mission Angel shifts in the Engelsystem. Be sure to check in at the Angel Heaven on the C level for your briefing sheet.

Crypto Talk at 27C3: Die gesamte Technik ist sicher, Day 1, 21:45, Saal 1


NPAThe new national id card Neuer Personalausweis (NPA) was one of the biggest IT projects in the German government in the last years. Compared to the old id card, the new id card is a RFID smart card, which can also be used on the internet to prove your identify to a remote party (Ebay, Paypal, or Amazon for example) and to sign binding contracts. For example, you can use the card to buy a new house or car, or open up a bank account or apply for a credit.

When using the card over the internet, the card is connected to a reader, which is connected to a (potentially insecure) PC, which is …

Mission Angels: How to Connect to the 27c3


Day0 - II

Thanks to the Mission Angels, you’ll be able to interact with the talks going on at the 27c3 and more! While you watch the streams from one of many Peace Missions throughout the world, Mission Angels will be monitoring IRC and Twitter for questions to be asked in selected events during the 27c3.

To ask a question in a session on IRC join #27c3-Saal-1, #27c3-Saal-2, #27c3-Saal-3 on Freenode or use the corresponding terms as a Twitter hashtag to put your question to the session.

If you’re in a Peace Mission, you can even sign up to give a Lightning Talk!

See the Peace Missions entry on the 27c3 …

Crypto Talk at 27C3: Automatic Identification of Cryptographic Primitives in Software, Day1, 16:00, Saal 3


FingerprintMany applications, including closed source applications like malware or DRM-enabled multimedia players (you might consider them as malware too) use cryptography. When analyzing these applications, a first step is the identification and localization of the cryptographic building blocks (cryptographic primitives, for example AES, DES, RSA…) in the applications. When these blocks have been localized, the input and output of the cryptographic primitives and the key management can be observed and the application can be analyzed further. Fortunately, many cryptographic algorithms use special …

Day 0 Dinner Meetup!


Who: You! And lots of Hackers in Berlin!
What: Day 0 Dinner Meetup
When: Today! (26 Dec.) 6pm-11pm (18-23h)
Where: Vapiano Berlin 3 — Mittelstrasse 51, 10117 Berlin
Why: Interesting conversation, good food and great people!
How: Register Here! (Registration requested, not required)

Following the success of last year’s meetup, we’ve arranged another relaxing dinner to celebrate the start of the 27c3 and the other events happening in Berlin between Christmas and New Year’s.  Whatever your plans for the 27th on, stop by tonight for some nice food and great company! Vapiano has dishes for all …

Travel Information by 27C3


If you try to get to the congress but get stuck in traffic, don’t know the status of the road in front of you or sit a platform caused by a cancelled train, you can call us beginning from Sunday 10am. We set up a number where we will help you to find a possibility to get to the congress or just answer questions about your trip. This is quite handy for situations when you don’t have internet access or if every other hotline is overcrowded.

Travel Information: +49 30 809 400 22 2324

Have a safe journey. Slow down the speed if the road forces you to do so. Keep in mind: this year you don’t have …

Change of Plan — Video Streams For Peace Missions


In one of our last posts we’ve invited all peace missions to register their IP addresses by mail. Registered IP addresses will be granted access to a dedicated video streaming relay.

We’ve received mails from lots of people, who’d like to set up a peace mission and gave us their IP address. So far, so good – it’s cool to see so much interest. Unfortunately, now you’ve invested time for sending us an email, we do change the registration procedure.

There will be a web site, where peace missions can register. After we’ve acknowledged a registration you may add or change your IP address on the …

The fairydust has landed at the 27c3

The fairydust has landed at the 27c3


We wish you a very merry festival of fixing the WiFi at your family’s home!

Over the past few days, the 27c3 team has been hard at work with the initial preparations for the 27c3.  At the bcc, several tons of networking hardware have arrived, the network backbone is up and running and the hackcenter decor is taking shape.  In far away lands, many new Peace Missions have been announced and there’s always room for more.

Peaceful journeys!  We’ll see you on the 27th!

Bring Your DVB-T receivers


At 27C3 all lectures will be broadcast via DVB-T and reception will be possible in and around the bcc. Visitors can watch via TV if they want avoid overcrowded lecture rooms.

To receive the signal any PC with DVB-T-USB-Stick, TV set with DVB-T tuner or cellphone with DVB-T-function will work. We will publish all needed configuration files and a list of working and non-working receivers in the wiki.

The Bundesnetzagentur (German regulation body) has allocated channel 22 (482MHz) for us, where we will transmit with 6 watts ERP.

The last time DVB-T was available on Chaos Congress was at 24C3 …

What’s up next? — Ask VoiceBarf.


Voicebarf Illustration

Which talks are up next? What’s currently going on in Saal 1 – why is it so crowded? How could I possibly forget to attend “53 more things to do in zero gravity”?

If you’ve ever asked yourself one of these questions or a similar one, then pray do try out voicebarf (src). Simply get your DECT phone and dial TALK (8255) for the currently running talks or SOON (7666) for the upcoming talks. To counter your verpeiltheit, you can also request to be called back before a particular talk starts – you’ll never miss a single one again!

Even better: thanks to Harald and the OpenBSC crew you will be able …

Downloadable tickets are available in your presale-account


Downloadable tickets are available in your presale-account. NOW.

As you already may have noticed, the availability of your tickets has been delayed.. ahem.. just a little bit. But here’s the good news:

Your 27C3-tickets are available for download now!
Please log in to https://presale.events.ccc.de , download the pdf, print it out, and make sure to bring it with you to the cash desk.

We wish you a lot of fun at the 27C3!

24 Hour Hardware Hacking Returns to 27c3

24 Hour Hardware Hacking Returns to 27c3


Hackers of all ages can (learn how to) make things at the Hardware Hacking Area of the 27c3!

The HHA is open to everyone and open the entire congress! Hackers of all ages and skill levels are welcome! Round-the-clock hands on workshops will be led by lots of experienced teachers like Mitch Altman, Jimmie P. Rodgers, fbz, Wim Vandeputte and…you!

Learn to solder, then help teach others! Make cool things with electronics, design and print 3D models on the Makerbot, break RFID, or give your own workshop on the projects you’ve been hacking on this year. Last year there was a Cantenna workshop, a …

Have you set up your Peace Mission yet?

Have you set up your Peace Mission yet?


We want you to come together in Peace Missions all over the world!

Following the success of the dragons everywhere experiment from the 26c3, hackers all over the world are organizing events to bring the 27c3 closer to home. They’re gathering to create their own Hack Center experience, watch the streams, participate via twitter or chats, drink Tschunk, cook and have a good time.

Following your suggestions from last year, the Herald Angels are hard at work exploring ways you can participate live in the events! Heralds will be in #behindenemylines on Freenode during selected talks to help you ask …

Lightning Talks at the 27c3

Lightning Talks at the 27c3


Want four minutes on stage at the 27c3? You can have it! Registration is now open for the Lightning Talk sessions at the 27c3.

Taking place at 12:45 in Saal 3 on Days 2, 3 and 4, these fast paced sessions are perfect for pitching new software or hardware projects, exploits, creative pranks or strange ideas you need to share with the world.

Lightning talks are also good for getting publicity for your workshop at the 27c3, or for recruiting people to join in on things like a high calorie flash mob.

In order to maximize the available time, registrations will be granted to presenters who submit …

All-Day-Tickets sold out


On Saturday the last batch of 27C3 tickets were sold. There are no all-day-passes left.
We will make the actual tickets available to you via your presale account on December, 13th shortly. The tickets will contain all relevant billing data and can be used as invoice.

Please print your ticket and bring it to the cashdesk.

Those who did not get a ticket during presale, please do not travel to the congress. There are no all-day-passes available at the cashdesk. Our door policy is strict: Only visitors with valid ticket codes will be granted entrance.

As of day 2 (2010-12-28) a few day-passes will …

Yes, you can still get a ticket to the 27C3


If you don’t have a ticket to the 27c3, but want one:

  1. Create an account on the presale system NOW.
  2. Come back on Saturday, December 4 at 16:00 CET (That’s 10 AM Eastern USA/7 AM Pacific USA).
  3. Reserve and purchase one of the tickets that will (likely) be released at that time.

If you’re a member of the press corps who wishes to purchase a press ticket, e-mail presse (at) ccc.de with the details of your assignment and coverage plans. Press people also have to pay for their tickets.

(More information in German here)

Willkommen im Kindergarten!


Um auch Eltern einen möglichst stressfreien Kongressbesuch zu ermöglichen, wird es auch dieses Jahr wieder einen Kindergarten geben, in dem die Kleinsten bespaßt und betreut werden können. Neu in diesem Jahr: Die Betreuung wird von einer professionellen Agentur durchgeführt, und es wird einen eigenen Raum im Haus des Lehrers geben.

Der Kindergarten wird von Tag 1 bis Tag 4 von 10 bis 20 Uhr zur Verfügung stehen. Er befindet sich wahrscheinlich im HdL und ist somit gleich um die Ecke. Es können Kinder bis 14 Jahren betreut werden.

Da nur begrenzt Plätze zur Verfügung stehen, ist eine Anmeldung …



During all the years there were really great workshops at the Chaos Communication Congress. Unfortunately they were a bit hard to find, because we only announced them in the wiki and some workshops weren’t in there either. So it is clear, that the lack of attendees in some workshops was surely not because of uninteresting topics but merely because of our laziness to make them easier to find.

Our approach to that problem is to ask all visitors who want to give a workshop at 27C3 to hand it in before the conference so we can release an official schedule for workshops before day 1 of the …

Drittes Ticket-Kontingent und Eintrittsregelungen für Pressevertreter


Am 11. November lief der Verkauf des zweiten Kontingentes der Tickets für den 27C3 über unser Presale-System an. Außer einem kurzen Datenbankschluckauf und einer Verwirrung beim Zahlungsabschluß der Kreditkartenkunden gingen für rund zwei Stunden die 2.000 Karten problemlos über die Theke, der weitaus größte Teil innerhalb der ersten vier Minuten.

Wie angekündigt halten wir zum Dämpfen des Schwarzmarkts bis drei Wochen vor dem Congress ein Kontingent Tickets zurück. Dies wird in der letzten Runde des Vorverkaufs am Samstag, den 4. Dezember 2010, um 16 Uhr nachmittags freigegeben. Wieviele …

Problems with payment via credit card.


Unfortunately, if you chose payment by credit card an error was shown (“no content available”).
This is because the presale system does not deliver any content to the payment provider.
But don’t worry. The payment will be transferred but we have to manually add it to our database.

If a “payment confirmed” message is not shown in your account within 2 days, please don’t hesitate to contact 27c3-presale@cccv.de.

We apologize for any inconvenience.

Content Meetings are over: Fahrplan released


This past Sunday, we concluded the second and final Content Meeting for 27C3. We’ve looked at all 223 submissions for talks and presentations and selected what we feel are the best 98 of them. We’d like to thank all submitters for the many interesting proposals that lightened up our work.

A lot of Pentacards

One card for each talk that was accepted for 27C3

But now, the schedule for the 27th Chaos Communication Congress is mostly done. So today …

The main presale for 27C3 is beginning


Dear attendants in spe,

as announced earlier, the second batch of tickets for 27C3 will be available accompanying the initial Fahrplan release.

At Thursday, November 11th at 9 p.m. CET (that is 8 p.m. UTC), we will release the largest of our three allotments with 2,000 tickets. Log into our presale system. While the first batch was designated to hackers with rather long journeys to allow booking flights and hotels early, most tickets were sold to Germans. We have to rethink the policy for 28C3.

Please watch out for the booby traps below, so you won’t be left unhappy without a ticket:

  • To …

No more group orders available


We already got requests for 403 group tickets in 38 different orders. The majority are groups from foreign countries which want to visit the 27C3. We are really pleased to welcome you to the Congress!

On the other hand these group orders decrease the number of available tickets for individual visitors. Thus we concluded to end the group orders now. All group orders that have been requested by now can still buy their tickets, but we won’t raise the ticket limit for any more accounts. Thanks for your understanding.

Welcome to Heaven!


A lot of helping hands make the congress what it is: an unforgettable experience. Our volunteers are called ‘Angels’, because that is what they are. Without the help of the Angels the congress wouldn’t be possible. They are managing the preparation, network, recordings, first aid, security, entrance, ticket desk, information centre and lots more.

Do not consume, participate!

We’re always looking for volunteers to help us manage everyday tasks at the congress. If you want to help making the 27C3 a huge success, contact us at 27c3-himmel@lists.ccc.de or visit the “Heaven” (“Himmel”) at the …

Different payment options for 27C3 tickets


As announced, there are many different possibilities to pay for your congress-tickets this year.

You cannot only pay by bank transfer, from today you can also choose to:

  • pay in cash at your local Erfa
    Please remember, that not all Erfas offer this service – and that the guy who takes your payments isn’t available all the time. Please find a worldwide list of all cashdesks at /wiki/Cashdesks.
  • pay with your creditcard
    With an additional charge of 5% you can also use your creditcard. Please log into the presale-system in order to find your unique payment-link.

Arrival by train, starting at 99,- Euro to 27c3


Special 27C3-Offer

Booking starts Thursday, 21.10.2010!

DB is offering you a special ticket for your travel from “Any DB-Station” > Berlin > “Any DB-Station”. You can book it by calling +49 (0)1805 / 31 11 53 and stating the Code “27C3” or “Chaos Communication Congress”. The Hotline is available Monday to Saturday 08:00-21:00 o’clock and cost you 0,14Euro/minute from german Telecom landline (T-Com) - from german cellphone network max. 0,42Euro/minute.

You will need to tell the guy on the phone your creditcard or german …

Performance test successfully survived!


As expected, the pre-sale-system has survived the performance check immediately to the release time.

The rush for the Pre-sale is still enormously. The tickets from the first Quota will be sold out in no time.

But: No Panic.

As announced, there will be a second, much larger, quota at the beginning of November. So anyone who had no luck this time get a new chance at the second quota.

The created accounts are also valid in the second quota.

The quota for our volunteers (Angels) from last year, dubbed ‘the golden token’, will be independent of the other “normal” quota.

For all risks and side …

How to survive the pre-sale


In order to avoid any confusion, here is the short and sweet version of everything there is to know about the 27C3 ticket presale.

  • The System will be available by today (10.10.10) at exactly 10:10am Berlin Time (08:10 UTC) via https://presale.events.ccc.de/ – if this doesn’t work, try instead.
  • The first batch of 800 Tickets will be accessible by then. The second (and biggest) batch will start after we released the first version of the schedule (the Fahrplan) in the beginning of November. More batches will be announced after those. Everyone who did not get one of the …

Heads up, Pre-Sale Begins


You’ve probably waited most of two weeks for this: The pre-sale for the 27th Chaos Communication Congress tickets will start this weekend. To be precise: We will open our server ports tomorrow morning, Sunday (October 10th), at 10:10 Berlin time (08:10 UTC).

Category Price
Standard EUR 70
Nachwuchs (below the age of 18) EUR 25
Members of the CCC e. V. EUR 45

For more details, e. g. business tickets, see our wiki and the FAQ.

This will be the first batch of three, offering 800 tickets. The second and largest batch will be available two days after we’ve published the …

ICE 2342 to 27c3 will be delayed by a few days.


As may you have noticed, the start of ticket sales for the 27th Chaos Communication Congress is still delayed.

We understand your annoyance. Rest assured, it annoys us just as much.

Anyone of you ever involved in a project knows: Something always comes amiss, there is always some unexpected problem pushing the release date back into the future. Project “27c3” unfortunately is not an exception to this. Especially since all the work – including the presale system – is being done by volunteers, most of them with a regular day job.

Behind the scenes our coding and hacking mill is spinning, while …

27C3 presale delayed


The ticket presale for the 27th Chaos Communication Congress scheduled for today will be delayed. We hope to begin selling tickets sometime this week. The presale system isn’t functioning correctly so far.

We’ll keep you informed.

Reminder: CfP 27C3 – Deadline October 9!


Just a friendly reminder that the submission deadline for proposed talks and workshops is fast approaching. You still have a whole month – until October 9 – to think about what you’d like to contribute, and as always, we welcome your input. Please read the whole CfP here:
27C3 We Come In Peace Call for Papers

Spread the word, submit a talk – see you in December!

Tickets for the 27th Chaos Communication Congress


While the Call of Participation for the 27. Chaos Communication Congress (27C3) “We come in peace” lasts until 9th October 2010, we would like to make the travel scheduling for the willing people a bit easier. This year a Presale will be available.

Like it was impressively shown last year, the fluctuations in the rush on the Congress aren’t measurable in any way.
The bcc was completely packed, and all tickets sold. The principle of hope didn’t work out, and the displeasure by the people which traveled far and got rejected, or didn’t get a clear announcement relating to the …

Reminder: CfP 27C3 – Deadline October 9!


Just a friendly reminder that the submission deadline for proposed talks and workshops is fast approaching. You still have a whole month – until October 9 – to think about what you’d like to contribute, and as always, we welcome your input. Please read the whole CfP here:
27C3 We Come In Peace Call for Papers

Spread the word, submit a talk – see you in December!

27C3: We come in peace – Call for Participation


We come in peace

We come in peace

We come in peace, said the conquerors of the New World.
We come in peace, says the government, when it comes to colonise, regulate, and militarise the new digital world.
We come in peace, say the nation-state sized companies that have set out to monetise the net and chain the users to their shiny new devices.
We come in peace, we say as hackers, geeks and nerds, when we set out towards the real world and try to change it, because it has intruded into our natural …