Some of you may remember the Cold Boot Attack. It’s a general method, how almost all disk encryption schemes on PCs and Laptop can be circumvented.

Usually, when a harddisk or just a partition is encrypted, the encryption software used, needs to store the keys in memory, as long as the filesystem is mounted. Three years ago, it was shown that this key can be extracted, just by removing the RAM module, and dumping it’s content on a second PC using a custom software. Alternatively, the system can be booted from a CD or USB-stick with a custom software, that dumps the content of the RAM. As long …

On Day 3 of 28C3, an absolute crypto highlight will be presented. A Person-In-The-Middle (previously known as Man-In-The-Middle)attack against HDCP-secured links. For those who don’t know, HDCP is a protocol for digital video links like DVI, Display Port and HDMI, that encrypts the content between your PC or Blue-Ray player and your digital TV or display. HDCP was invented so that the encrypted high quality video, as you can find it on a Blue-Ray disc or HD-DVD will never be unencrypted in it’s digital form on the way to the display. If those systems would be secure, this could prevent pirated …

Two Bitcoin related talks will be presented tomorrow. Bitcoin is a decentralized digital currency, and of course uses various cryptographic schemes as building blocks. Because Bitcoins can be exchanged with real money, Bitcoin is more than just an academic playground and real cash could be lost, if an attack on Bitcoin would be found.

The first talk Bitcoin – An Analysis will be presented by Kay Hamacher and Stefan Katzenbeisser. From the abstract:

In this presentation, we show results on network analysis of the money flow, the behavior of individuals, and the overall scalability of …

Side channel attacks are very well known in cryptography. In a nutshell, a side channel information (not the ciphertext or the public key) is used to recover a secret. This can be the time it takes for a cryptographic operation, the power consumption of a device, the variations in the electromagnetic field surrounding a device or just the acoustic noise produced by a device. Secure implementations of cryptographic schemes usually implement countermeasures against these kind of attacks.

In contrast to the cryptography world, side channel attacks are not very well known in the general IT …

Alexander Koch will be presenting the results of his bachelor thesis at 28C3. In his thesis, he implemented a person-in-the-middle-attack (don’t call it man-in-the-middle attack) against a USB chipcard reader for digital signatures. Instead of modifying  the software on the users PC, he implemented a USB hardware device, that can be plugged in between the chip card reader and the host PC. Because the device behaves passively as long as no signature is made, it is hard to detect from any kind of security software from the PC side. When a signature is made, the device can transmit a different …

Julian Wälde and Alexander Klink will be presenting a new attack against Web Application Frameworks (WAF), that can be used to generate HTTP requests, that take several minutes of CPU time to process. Sending many of these requests in parallel can be used as an effective Denial of Service attack against many websites. Even one cannot spot any relation to cryptography from the abstract, I have been informed that this talk will also cover many cryptography related aspects.

See the talk, Day 2, 14:00, Saal 1

Author: Erik Tews

A group of enthusiast interpreters at the congress are organizing simultaneous translation into English for a small selection of German talks. We are aiming for the “fun” events that have been translated for a few years, and for the first time this year, we are trying our hand at some “content” talks as well.

The provisional list of translated events is:

• “Hacker Jeopardy – number guessing for geeks“, Day 2, Midnight – This will be on DECT, streamed to “Saal 3” on the Internet and archived.
• “Data fairy or fair game – what is the value of tracking data?”, Day 3, 18:30 – An overview about web …

We, Sebastian and Julian, are part of last year’s core team of live interpreters. In the past we have translated at several Chaos Communication Congresses, together with Volty who cannot be there this year and many others.
We want to continue this tradition of translating important talks such as the Fnord News Show and the Hacker Jeopardy, but also others, depending on our resources.
If you are interested in helping out, please meet us on Day 1, December 27th, at 21:00 in the angel area down in the basement. You may also contact us via e-mail at Sebastian.Lisken _at_ gmx.net or julian _at_ …

The first cryptography related talk at 28C3 is about data mining in encrypted data. One may assume, that encrypting your data with a good encryption scheme prevents other people from learning about it. However, this is not true, specially for network protocols, that often leak information, like who is communicating with who, and when how much data is transferred. An attacker can use these information to make assumptions about the content of the transmission.

From the abstract: Voice over IP (VoIP) has experienced a tremendous growth over the last few years and is now widely used among the …

Heads up everyone, voicebarf is up and running! Voicebarf provides you with the latest information about the 28c3 schedule. Even when the internet is down. Use your DECT or GSM compatible phone to dial the number 7666 (SOON), and voicebarf will tell you which talks are up next. You can even request a reminder, and voicebarf will call you back fifteen minutes before your favourite talk starts. Dial 8255 (TALK) to get the currently running talks. Dial TALK (8255) when a talk is just finished to rate that talk. Talk ratings’ importance for the content team can not be overestimated. The content …

Es ist eine tolle Idee seine Kinder auf den 28c3 mitzubringen. Nicht nur, dass sie kostenfreien Eintritt haben, wenn sie elf oder jünger sind. Sondern auch das Chaos macht Schule-Projekt bietet vier Stände an, die sich speziell um die Junghacker kümmern werden.

Ein Stand wird sich speziell um sichere Kommunikation in Computernetzwerken kümmern und für alle kniffligen Fragen um das Thema Antworten parat halten.

Die anderen Stände bieten Basteltrainings um dem Nachwuchs zu helfen, auf den Grund der technischen Spielereien zu gelangen: Von Miniroboter, über elektronischem Haustier, bis zur …

When packing for 28C3, don’t forget to bring your r0ket! (and a micro-USB cable!)

Among other things there will be a multiplayer tetris game on an LED wall you can play with your r0ket and new m0duls to boost your r0ket into new heights.

To access all new features of your r0ket have a look at http://r0ket.badge.events.ccc.de/init

The update contains an improved mesh network, l0dables for interactive installations and support for the next flame generation.

Good news for those who didn’t get one on camp – or want more: Team r0ket will be selling new, slightly improved r0kets for 30 Euros and RGB …