Event

Camp 2011: Ticket Shop Opened

EN

We’re selling tickets for the Camp now. For more information, please read the Tickets page in our wiki.

Although the advance sale will be available until July 20th 2011, please order your tickets early. That helps us, because it tells us something about the number of participants and thus enables us to scale infrastructure to your needs.

Demoszene – Digitale Kultur in Echtzeit

DE

Die Revision 2011 ist gerade erst vorbei, doch das Thema Demoszene ist noch lange nicht erschöpft.

Das backup_festival 2011 in Weimar ist ein Kurzfilmfestival mit Schwerpunkt auf Experimentalfilmen. Der Demoszene wird dieses Jahr ein Sonderprogramm gewidmet, um sie einem interessierten Publikum außerhalb der Szene vorzustellen.

Die Demoszene steht für eine der schillerndsten Facetten digitaler Kultur. Musiker, Graphiker und Programmierer finden sich in Gruppen zusammen und arbeiten an einem Demo in Form eines Computerprogramms, einer möglichst eindrucksvollen Demonstration des eigenen …

GPN11: Call for Participation

DE

4 Tage. Du. Wir. Zeug. Auf der 11. Gulaschprogrammiernacht vom 23. bis 26. Juni in Karlsruhe — wie immer mit Hack­center, Abend­programm, Programmier­spiel, Lock­picking, Party, Lasern, Arcade, Beats, Kunst, interessanten Leuten und Tschunk.

Du machst die GPN: Wir haben viel Platz für deine Ideen, Projekte, Workshops und Vorträge. Auch längere Coding- und Bastelprojekte sind dank langem Wochenende möglich. Melde dich per Mail an gpn-content@entropia.de.

Auf https://entropia.de/gulasch/ kannst du dich freiwillig unverbindlich anmelden und uns damit bei der Planung helfen. Dort kannst du auch …

May 7th: Camp 2011 – Field Day

EN

We invite everybody to join us for a public visit to the location of the Chaos Communication Camp 2011 at Luftfahrtmuseum Finowfurt 1. Everybody who wants to do a project, put up a really big tent, build a village or do anything special in one way or the other should come.

The visit takes places at Saturday, May 7th, 2011 at 14:00h CEST. We will spend around two to three hours at the site depending on interest. Be careful to be on time as we won’t explain things twice.

If you plan to come, please drop your name in the wiki [2]. There you will also find driving instructions, aerial photographs …

Camp 2011 Needs Your Help

EN

Preparations for this year’s Chaos Communication Camp have started.

If you don’t know about the Camp in general have a look at the 2007, 2003, and 1999 web sites. You should also watch these great videos in order to get a first impression: Camp 2007 and Camp 2003

Actually, we’ve been working on Chaos Communication Camp 2011 – Project Flow Control – for quite some time, but finally there is a web site now. Since we’re a bit late already, we really need your support.

First and foremost we need your help in distributing the Call for Participation and the Call for a Space Program of the Hacker …

Camp 2011 will happen

EN

After receiving some concerned inquiries we want to state again:

Yes, the Chaos Communication Camp 2011 will take place. It will be from August 10th thru August 14th 2011 in Finowfurt near Berlin. There will be enough tickets for everybody. You may start your travel preparations by booking flights, applying for visas, charging your transcontinental teleporter’s capacitors, etc. We will be there.

Crypto Talk at 27C3: New Key Recovery Attacks on RC4/WEP, Day 4, 17:15, Saal 2

EN

The RC4 Stream Cipher could be the most common stream cipher used on the Internet. RC4 is the only Stream Cipher which is standardized for the SSL/TLS protocol, it is also used for WEP and WPA protected wireless networks. Initially, RC4 was designed to be a closed source commercial product, with the core algorithm kept secret. In 1994, the source code for RC4 was posted on the internet and the algorithm could be analyzed.

The first attack on RC4 was published by Fluhrer, Mantin, and Shamir in 2001. The attack is very effective, but can only be used against certain keys starting with a special …

Crypto Talk at 27C3: FrozenCache – Mitigating cold-boot attacks for Full-Disk-Encryption software, Day 3, 23:00, Saal 2

EN

Cold BootsAs a general attack against encryption software on a computer, the cold boot attack was presented at 25C3. To encrypt data on a PC, many programs store the encryption key in RAM. The key is usually derived from a password or loaded from the hard disk where it is protected by a password too. The key resists as least as long as the encryption operation take in RAM. For many applications like Full-Disk-Encryption or Email Signatures, it is convenient to keep the key permanently in RAM, once it has been loaded, so that the user doesn’t need to enter his password again and again.

To protect the key …

Crypto Talk at 27C3: Is the SSLiverse a safe place? Day 2, 16:00, Saal 2

EN

SSL/TLS is the standard when it comes to securing HTTP traffic on the internet. The authenticity of a web server is usually secured using a X.509 certificate digitally signed by a trusted certification authority (CA). All major web browsers come with a list of CAs preinstalled they assume as trustworthy. Every website can be signed by any of these CAs, so no web browser would show a warning, if www.dod.gov would be signed by a Chinese certification authority or the Deutsche Telekom.

ObservatoryTo examine the usage of X.509 certificates for SSL/TLS, the EFF installed a SSL Observatory:

The SSL …

Crypto Talk at 27C3: Die gesamte Technik ist sicher, Day 1, 21:45, Saal 1

EN

NPAThe new national id card Neuer Personalausweis (NPA) was one of the biggest IT projects in the German government in the last years. Compared to the old id card, the new id card is a RFID smart card, which can also be used on the internet to prove your identify to a remote party (Ebay, Paypal, or Amazon for example) and to sign binding contracts. For example, you can use the card to buy a new house or car, or open up a bank account or apply for a credit.

When using the card over the internet, the card is connected to a reader, which is connected to a (potentially insecure) PC, which is …

Mission Angels: How to Connect to the 27c3

EN

Day0 - II

Thanks to the Mission Angels, you’ll be able to interact with the talks going on at the 27c3 and more! While you watch the streams from one of many Peace Missions throughout the world, Mission Angels will be monitoring IRC and Twitter for questions to be asked in selected events during the 27c3.

To ask a question in a session on IRC join #27c3-Saal-1, #27c3-Saal-2, #27c3-Saal-3 on Freenode or use the corresponding terms as a Twitter hashtag to put your question to the session.

If you’re in a Peace Mission, you can even sign up to give a Lightning Talk!

See the Peace Missions entry on the 27c3 …

Crypto Talk at 27C3: Automatic Identification of Cryptographic Primitives in Software, Day1, 16:00, Saal 3

EN

FingerprintMany applications, including closed source applications like malware or DRM-enabled multimedia players (you might consider them as malware too) use cryptography. When analyzing these applications, a first step is the identification and localization of the cryptographic building blocks (cryptographic primitives, for example AES, DES, RSA…) in the applications. When these blocks have been localized, the input and output of the cryptographic primitives and the key management can be observed and the application can be analyzed further. Fortunately, many cryptographic algorithms use special …