Honeypots are a well known and deployed technique to gather information about new and unknown attack vectors. While there are many different types of honeypots used on server side to detect threats or spamming activities for example, there isn’t very much out there to deal with client harassment. Microsoft has recently started a new research initiative to actively detect those client-side threats on a larger scale by having a computer or a virtual PC that actively mimics the actions of a user surfing the web.

In their lecture Honeymonkeys – Chasing hackers with a bunch of monkeys Krisztian …

Last year the workshop room was just a smaller lecture hall where not workshops but lectures took place. This year we would like to see real hands-on-workshops hold by you instead. There will be a table under the windows in the roof of room A08 at the end of the Hackcenter. At this table fit about 23 people and there will be no digital projector or other kind of presentation device. So, can you think of its use? Right! It’s the workshop area!
As the congress is a quite dynamic environment we just set up a page in the congress-wiki where you can reserve some time at this table to do any …

We have opened the 22C3 Public Wiki. It’s late, but it’s here. We are still filling it. Please use it and contribute. If you miss something or have any other general question that you think should be covered by the wiki, place your question in the FAQ.

Note that you can access the Wiki via http and https. We recommend using https for security reasons. You might want to install our CCCV-CA certificate to get around the browser warnings regarding unknown certificates. Mac OS X users can install this systemwide, other platforms might use the certificate in the browser.

Have you ever written an ode to your favorite Window Manager or a haiku about biometric passports? If so, share your works with us! If not, it’s time to get started, since the dead line of the 22c3 lyrics contest Lyrical I is upcoming! All contributions should reach lyrical_iATccc.de by December, 4th.
What are we looking forward to?

• lovely poetry
• fun
• new and unconventional approaches to topics
• original signatures and fortune cookies for all :-)

The best contributions (in German or English) will be awarded prizes sponsored by foebud and read aloud during the awarding ceremony at the …

Information on vulnerabilities and information security threads is very valuable. And, in fact, there is a big market, but it’s neither structured nor liquid. Seriously thinking about this fact leads to a couple of questions: Would we live in a more secure world if every geek could go and sell his exploit at the market price? How could this market eventually be organised? What are the incentives of market participants and where are dangers for conflicts of interest?

Rainer Böhme holds a degree in communication science, economics and computer science. He is researcher in the privacy and …

It seems like this blog on the preparations for 22C3 already filled a gap: Several blogs commented on our efforts, most of them in German. This brings us to the question why we write this blog in English (or rather: broken English) while the majority of all participants at the Congress will be German or from German-speaking countries.

Almost from the beginning in the 1980s, the Chaos Communication Congress used the sub-title “The European Hacker Party”. What this meant in reality was that among all the German hackers you’d find the occasional guy or girl from Austria, Switzerland or the …

Without powerful spam filters nothing goes nowadays. This is no new insight for most of us, since the amount of unsolicited commercial e-mail gets more and more each day. But filtering communication always has unwanted side effects. Peter Eisentraut, developer, IT consultant and author of a book regarding spam and virus fighting with Open Source tools, will talk about consequences for the overall stability, performance and usability of the email system in general. He has been involved in some large installations for German companies and government agencies, so he made some very interesting …

Antenne has posted a 22C3 wallpaper (desktop pictures) in various sizes. Consider this being the first move in rolling out our 22C3 design. We put it all in a single place once we have set up the 22C3 Public Wiki (coming soon).

2005 was the year where some of our biggest privacy related nightmares became true. 4 years after 9/11 and a couple of months after the bombings of London everything seems possible in the name of public safety. Some decisions were made without any democratic legitimation like passports with biometric characteristics and RFID or area-wide deployment of video surveillance. Beside that the European ministers of Justice and the European Commission want to keep all telephone and internet traffic as well as the telephone positioning data of all 450 million Europeans. A numerous amount of supporting …

Another important technology which isn’t brand new but implies a big impact here and now is RFID. RFID is used for automatic identification and detection and is i.e. used for logistic purposes to keep track of products on their way from manufacturers to customers. But this technique also has privacy concerns since it’s used in modern passports or even in tickets for the Soccer World Championships in Germany next year, which isn’t funny at all. So it’s important to understand how it works and what exactly can be done with it. The main problem by now is, that a detailed knowledge of the …

Not only since the acquisition of Skype by eBay this year Voice-over-IP is a hot topic. VoIP uses packet-swichted networks for data flow instead of traditional dedicated, circuit-switched voice transmission lines, so it has some of the usual security implications plus a few more and it also rises the usual longings from governments to intercept this traffic. Although the different techniques and implementations are more or less well known by now, there are still many things to look after.

First of all we’ll have an overview over the intentions of regulating VoIP and NGN (Next Generation …

In the last week we informed all the people who submitted a talk for the 22nd Chaos Communication Congress about the decisions of the program committee. Just in case: If you submitted a lecture to the 22nd Chaos Communication Congress and got no email from the program committee about our decision please write an email to 22c3-content _at_ cccv.de and let us know. We are quite sure we forgot no one, but thanks to the Verpeilungsfaktor we never know.

As you can read for example

here, here and here some speakers are quite exited to hold a talk at the congress. As every year we refused some talks …