Тут контент, связанный с исследованиями веб-безопасности. Комменты пишу для себя. Буду обновлять время от времени:
Код:
https://jameskettle.com/#inspiration
https://ejj.io/blog
https://www.reddit.com/r/websecurityresearch/
https://kuza55.blogspot.com/
https://epub.sub.uni-hamburg.de/epub/volltexte/2010/4541/pdf/24C3_proceedings.pdf # Меня лично тут интересуют страницы 173 - 187
https://github.com/albinowax/ActiveScanPlusPlus #Нужно чекнуть ЦВЕшки и понять почему он именно их добавил.
http://**************************************************************/b/3yF3Vfm7dNV4jcN3djKFmL - #The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws 2nd Edition
Код:
Tag 1 - Saal 1
Tim Pritlove
Opening Event
Saal 1 en lecture Community
Welcome to the Congress!
2007-12-27 10:30
Welcome Keynote
SkyTee, Jens Ohlig, Ingo Schwitters, Sebastian Velke
Steam-Powered Telegraphy
Saal 1 en lecture Making
We have built and modified a steam-powered Telex machine and connected it to the new-fangled invention for modern telegraphy known as "the
Internet". We will present this steampunkish invention in form of a lecture, thus hoping to enlighten interested ladies and gentlemen on the principles of
steam engine physics, 5-bit Baudot encoding, and historic telegraphy in general.
2007-12-27 11:30
Wherein a League of Telextraordinary Gentlemen present the marvel of Telex on the global Internet -- driven by a steam engine
Constanze Kurz, Andreas Bogk
Der Bundestrojaner
Saal 1 de lecture Society
Der Bundestrojaner wird von der politischer, juristischer und technischer Seite beleuchtet.
2007-12-27 12:45
Die Wahrheit haben wir auch nicht, aber gute Mythen
Julius Mittenzwei, Erdgeist
TOR
2007-12-27 14:00 Saal 1 de lecture Society
Rop Gonggrijp
It was a bad idea anyway...
Saal 1 en lecture Society
2007 has been yet another a turbulent year in The Netherlands with regard to electronic voting. If you remember the presentation at 23c3, 2006 saw the
emergence of a campaign against the use of non-auditable voting systems.
2007-12-27 16:00
The demise of electronic voting in The Netherlands
Frank Rieger, Constanze Kurz
NEDAP-Wahlcomputer in Deutschland
Saal 1 de lecture Society
Wir bringen Euch auf den neuesten Stand,
was den Einsatz der NEDAP-Wahlcomputer in Deutschland betrifft.
2007-12-27 17:15
Anna H.
Was ist eigentlich Terrorismus?
2007-12-27 18:30 Saal 1 de lecture Society
Und wer terrorisiert hier eigentlich wen?
ladyada
Design Noir
Saal 1 en Culture
http://www.ladyada.net/make/wavebubble/
http://www.ladyada.net/make/tvbgone/
http://www.ladyada.net/pub/research.html
In contemporary Western society, electronic devices are becoming so prevalent that many people find themselves surrounded by technologies they find
frustrating or annoying. The electronics industry has little incentive to address this complaint; I designed two counter-technologies to help people defend
their personal space from unwanted electronic intrusion. Both devices were designed and prototyped with reference to the culture-jamming "Design Noir";
philosophy. The first is a pair of glasses that darken whenever a television is in view. The second is low-power RF jammer capable of preventing cell phones
or similarly intrusive wireless devices from operating within a user's personal space. By building functional prototypes that reflect equal consideration
Ilja
A collection of random things
Saal 1 en lecture Hacking
random things I'll cover - using oob data to bypass ids - /dev/[k]mem race conditions in suids- tcp fuzzer that goes beyond the 3-way handshake- ...
2007-12-27 23:00
look what I found under the carpet
Johannes Grenzfurthner
"I can count every star in the heavens above
Saal 1 en lecture Culture
A talk (with examples) by monochrom, presented by Johannes Grenzfurthner
2007-12-27 00:30
Computers as a thankful subject in pop music
Tag 1 - Saal 2
Rose White
The Role of Brilliant Deviants in the Liberalization of Society
Saal 2 en lecture Community
I'm planning to look at how hackers and other "folks like us" get the "real world" to let us be crazy deviants, and continue to pay us anyway. Clearly not
everyone is able to do this -- hence the sort of person who says, "I'd love to [go to Burning Man] [blow things up] [dress eccentrically]" but never does
any of it. But some of us *are* able to get the world to play along, and I am looking at that from a sociological point of view.
2007-12-27 11:30
How People Like Us Make People Like Them Accept Us
Antoine Drouin, martinmm
Paparazzi - The Free Autopilot
Saal 2 en lecture Making
http://paparazzi.nongnu.org/ Paparazzi Project Page
Autonomous unmanned aerial vehicles are becoming more and more popular as suitable electronics and sensors are available and affordable. This talk will
describe Paparazzi, a complete system enabling you to build and control your own UAV.
2007-12-27 12:45
Build your own UAV
Leon Hempel
Verteilte Sicherheit
Saal 2 de lecture Science
Die Integration visueller Überwachungssysteme sowie die Verknüpfung militärischer und nicht-militärischer Verwendungen der Technologien verläuft
schleichend, aber stetig.
2007-12-27 16:00
Zur Ordnung der Überwachung
Victor Muñoz
AES: side-channel attacks for the masses
Saal 2 en lecture Hacking
http://www.ingenieria-inversa.cl/AES02.pdf AES: side-channel attacks for the masses
AES (Rijndael) has been proven very secure and resistant to cryptanalysis, there are not known weakness on AES yet. But there are practical ways to break
weak security systems that rely on AES.
2007-12-27 17:15
Cristian Yxen, Erdgeist, Denis Ahrens
Trecker fahrn
Saal 2 de lecture Hacking
http://opentracker.blogs.h3q.com/ Das opentracker Blog
http://erdgeist.org/arts/software/opentracker Opentracker Projektseite
Bittorrent aus der Sicht derer, die die Infrastruktur machen und natürlich auch selber nutzen.
2007-12-27 18:30
Vom Gefühl, einen offenen Bittorrent Tracker zu fahren
24. Chaos Communication Congress
Volldampf voraus! 175
Maarten Van Horenbeeck
Crouching Powerpoint, Hidden Trojan
Saal 2 en lecture Hacking
http://www.daemon.be/maarten/targetedattacks.html A brief introduction to targeted attacks
Targeted trojan attacks first attracted attention in early 2005, when the UK NISCC warned of their wide spread use in attacks on UK national
infrastructure. Incidents such as "Titan Rain" and the compromise of US Department of State computer systems have increased their profile in the last two
years. This presentation will consist of hard, technical information on attacks in the form of a case study of an actual attack ongoing since 2005. It covers
exploitation techniques, draws general conclusions on attack methodologies and focuses on how to defend against the dark arts.
2007-12-27 20:30
An analysis of targeted attacks from 2005 to 2007
Daniel Otte, Sören Heisrath
AnonAccess
Saal 2 de lecture Hacking
http://www.das-labor.org/wiki/AnonAccess AnonAccess im Labor wiki
AnonAccess ist ein elektronisches System, welches anonymen Zugang nicht nur zu Hackerspaces ermöglicht.
2007-12-27 21:45
Ein anonymes Zugangskontrollsystem
Jeroen Massar
IPv6: Everywhere they don't want it
Saal 2 en lecture Hacking
http://www.sixxs.net/tools/aiccu/ AICCU - Automatic IPv6 Connectivity Client Utility
http://www.sixxs.net/tools/ayiya/ AYIYA - Anything In Anything
http://www.sixxs.net/ SixXS - IPv6 Tunnel Broker and IPv6 Deployment
http://unfix.org/jeroen/ Jeroen Massar's homepage
This talk will discuss a new feature in AICCU which allows one to have IPv6 virtually everywhere, including most places where a lot of network operators will
not want to have it.
2007-12-27 23:00
Global connectivity even in the places that you are not supposed to have it
Tag 1- Saal 3
Gregers Petersen
Freifunkerei
Saal 3 en lecture Society
The term Freifunk Firmware has found a place on the shelf's in the life of numerous people. It has become an immense knot of activities, not just sitting
silently like a dusty heirloom. "Freifunkerei"; has become an example of how DIY-cultures can act and re-create alternatives in a world which seems both
confronted and abandoned by the state.
2007-12-27 11:30
And a Do-It-Yourself society against the state.
Mark Vogelsberger
Simulating the Universe on Supercomputers
Saal 3 en lecture Science
http://www.mpa-garching.mpg.de/galform/presse/ Millennium Simulation done by the MPI for Astrophysics
http://www.ucolick.org/diemand/vl/ A recent NASA's Supercomputers Simulation
http://de.wikipedia.org/wiki/Millennium-Simulation Wikipedia entry for the Millennium Simulation
The evolution of structure in the Universe is one of the hottest topics in Cosmology and Astrophysics. In the last years the so-called $\Lambda$-CDM-model
could be established also with great help of very large computer simulations. This model describes a Universe that consists mainly of dark components:
96% are made of dark energy and dark matter.
2007-12-27 12:45
The evolution of cosmic structure
Lars Weiler, Jens Ohlig
Building a Hacker Space
Saal 3 en lecture Community
With the help of Design Patterns we will show you how to set up your own Hacker Space. The Design Patterns are based on more than 10 years of
experience with setting up and running a Hacker Space.
2007-12-27 14:00
A Hacker Space Design Pattern Catalogue
27. - 30. Dezember 2007, Berlin
176 24C3
Arien Vijn
10GE monitoring live!
Saal 3 en Hacking
There are many open source tools available to do packet capturing and analysis. Virtually all networkers use these tools. However millions of packets per
seconds are just too much for general-purpose hardware. This is a problem as 10 Gigabit networks allow for millions of packets per second. The obvious
solution for that issue is to lower the data rates by filtering out 'uninteresting' data out before it gets processed by the general purpose computer
hardware.
2007-12-27 16:00
How to find that special one out of millions
Nils Magnus
Desperate House-Hackers
Saal 3 de lecture Hacking
Wie funktionieren eigentlich diese Pfandflaschenrücknahmeautomaten? Wir finden es heraus.
2007-12-27 17:15
How to Hack the Pfandsystem
Mitch
Make Cool Things with Microcontrollers
Saal 3 en workshop Making
http://www.tvbgone.com/cfe_mfaire.php Documentation for Projects
http://makezine.com/10/brainwave/ Brainwave Machine in MAKE
Learn how to make cool things with microcontrollers by actually making fun projects at the Congress -- blink lights, hack your brain, move objects, turn off
TVs in public places -- microcontrollers can do it all. Ongoing workshops each day of the Congress.
2007-12-27 18:30
Hacking with Microcontrollers
Thorsten Holz
Cybercrime 2.0
Saal 3 en lecture Hacking
http://honeynet.org/papers/ff/ Fast-Flux Service Networks
http://honeyblog.org my blog
Not only the Web has reached level 2.0, also attacks against computer systems have advanced in the last few months: Storm Worm, a peer-to-peer based
botnet, is presumably one of the best examples of this progress. Instead of a central command & control infrastructure, Storm uses a distributed
communication channel based on Kademlia / Overnet. Furthermore, the botherders use fast-flux service networks (FFSNs) to host some of the content.
FFSNs use fast-changing DNS entries to build a reliable hosting infrastructure on top of compromised machines. Besides using the botnet for DDoS attacks,
the attackers also send lots of spam - most often stock spam, i.e., spam messages that advertize stocks. This talk presents more information about Storm
Worm and the other aspects of modern cybercrime.
2007-12-27 20:30
Storm Worm
Meike Richter
How to Reach Digital Sustainability
Saal 3 en lecture Society
http://www.commonspage.net/ Blog of Meike Richter
Happy digital world: Everything is information, and it grows by sharing. Scarcity seems to be a problem of the "meatspace". On the internet, there is space
for everybody, for every activity and for every opinion. Really? This lectures explores the power of intellectual property rights and their impact on
everyday (digital) life. The net as we know it is in danger. What is needed to make it stay a resource which is valuable, open and free for everybody? How
could a concept of digital sustainability look like?
2007-12-27 21:45
The Impact of Intellectual Property Rights
SkyOut
VX
Saal 3 en lecture Culture
http://vx.netlux.org/ Virus database http://vxchaos.official.ws/ VX File Server
http://www.smash-the-stack.net Smash-The-Stack http://www.freewebs.com/purgatory-vx/ Purgatory Virus Team
http://www.eof-project.net/ EOF-Project http://vx.eof-project.net/
http://vx.netlux.org/ VX http://www.29a.net/ 29A Labs
http://www.rrlf.de.vu/ Ready Rangers Liberation Front http://vxchaos.official.ws/ VX CHAOS File Server
http://www.doomriderz.co.nr/ Doomriderz VX Team
The listeners will be introduced in the world of virus coding. They will understand how this can be seen as a way of expressing yourself and why it is a way
of hacking. Furthermore they will get to know, which important groups, authors and viruses have been there in the last years and which are still active
nowadays. Important technical terms will be explained as well as trends of the last years and the future. And more.
2007-12-27 23:00
The Virus Underground
24. Chaos Communication Congress
Volldampf voraus! 177
Tag 2 - Saal 1
Erik Josefsson
Data Retention and EURODAC
Saal 1 en lecture Society
New EU legislation emphasises and in some cases creates new crimes of consumer infringement of intellectual property laws. Consumer Warnings about
consumers' requirements to respect copyright could become mandatory; worse, such infringement cases could move from civil cases to criminal ones across
the EU. But nowhere is there legislation either clarifying or defending consumers' rights under IP law, in our changing digital environment.
2007-12-28 12:45
The Brussels Workshop
Christian Kurtsiefer, Ilja Gerhardt, Antia Lamas
Quantum Cryptography and Possible Attacks
Saal 1 en lecture Science
http://arXiv.org/abs/0702152 A. Acin, N. Brunner, N. Gisin, S. Massar, S. Pironio, and V. Scarani, Physical Review Letters 98, 230501 (2007)
http://arxiv.org/abs/quant-ph/0606072 I. Marcikic, A. Lamas-Linares, and C. Kurtsiefer, Applied Physics Letters 89, 101122 (pages 3) (2006)
http://arxiv.org/abs/0704.3297 A. Lamas-Linares and C. Kurtsiefer, Optics Express 15, 9388 (2007)
http://quantumlah.org/ Center for Quantum Technologies, National University of Singapore
Quantum cryptography is the oldest and best developed application of the field of quantum information science. Although it is frequently perceived as an
encryption method, it is really a scheme to securely distribute correlated random numbers between the communicating parties and thus better described
as quantum key distribution (QKD). Any attempt at eavesdropping from a third party is guarantied to be detected by the laws of physics (quantum
mechanics) and shows up as an increased error rate in the transmission (the QBER).
2007-12-28 14:00
Michael Steil
Why Silicon-Based Security is still that hard: Deconstructing Xbox 360 Security
Saal 1 en lecture Hacking
http://www.free60.org/ Free60 Project
The Xbox 360 probably is the video game console with the most sophisticated security system to date. Nevertheless, is has been hacked, and now Linux can
be run on it. This presentation consists of two parts.
2007-12-28 16:00
Console Hacking 2007
Constanze Kurz, Frank Rosengart, Andreas Lehner
Chaos Jahresrückblick
Saal 1 de lecture Community
Wir stellen die Aktivitäten des und Geschehnisse im Chaos Computer Club im abgelaufenen Jahr vor. Hierunter fallen sowohl die Kampagnen des CCC, die
Lobbyarbeit sowie Berichte und Anekdoten von Veranstaltungen innerhalb des CCC als auch Vorträge und Konferenzen, an denen CCC-Vertreter
teilgenommen haben.
2007-12-28 17:15
Ein Überblick über die Aktivitäten des Clubs 2007
FX of Phenoelit, fabs
Port Scanning improved
Saal 1 en lecture Hacking
http://www.recurity-labs.com Who we are
Port-Scanning large networks can take ages. Asking yourself how muchof this time is really necessary and how much you can blame on theport-scanner,
you may find yourself integrating your own scanner intothe linux-kernel. Or at least we did.
2007-12-28 21:45
New ideas for old practices
Bre
DIY Survival
Saal 1 en lecture Making
The apocalypse could happen any day. You're going to need things to survive and your going have to make them yourself.
2007-12-28 23:00
How to survive the apocalypse or a robot uprising
Andreas Bogk, tina, Erdgeist, nibbler
Rule 34 Contest
Saal 1 en contest Culture
Rule 34 says: there is porn of it. This contest will challenge the best and brightest to prove the rule under adverse circumstances in a race against the
clock.
2007-12-28 00:00
There is porn of it.
27. - 30. Dezember 2007, Berlin
178 24C3
Tag 1 - Saal 2
Anoushirvan Dehghani
Absurde Mathematik
Saal 2 de lecture Science
Ein kleiner Streifzug durch die Abgründe der Mathematik. Eigentlich ist der Mensch mit einer recht gut funktionierenden Intuition ausgerüstet. Dennoch
gibt es Paradoxa, welche mathematisch vollkommen korrekt und beweisbar sind, jedoch unserer Intuition widersprechen. Der Vortrag bietet einen
Streifzug durch einige dieser Paradoxa, die kurz und anschaulich erklärt werden.
2007-12-28 12:45
Paradoxa wider die mathematische Intuition
Vladsharp
After C: D, libd and the Slate project
Saal 2 en lecture Community
http://www.slate-project.org/res/os_2_0_talk.pdf Slides
We present libd, a high-level runtime for the D programming language and the Slate project, an attempt at a high-level OS and environment built upon
libd, as the next major step in improving the state of programming environments and operating systems. With high-level abstractions, and sensible
design, the state of implementation of open-source OSes can improve. We leverage existing kernels when implementing Slate, and put an extensive
(abstraction-oriented) architecture above the kernel to present the user (or programmer) with a system they can use by having to do less to perform a
specific function. Our virtual machine approach also allows for security verification on a level not seen in *nix OSes before.
2007-12-28 14:00
A clean slate for operating systems
Martin ‘maha” Haase
Linguistic Hacking
Saal 2 en lecture Science
It is sometimes necessary to know what a text is about, even it is written in a language you don't know. This can be quite problematic, if you do not even
know in what language it is written. This talk will show how it is possible to identify the language of a written text and get at least some information
about the contents, in order to decide whether a specialist and which specialist is needed to know more.
2007-12-28 16:00
How to know what a text in an unknown language is about?
Jens Kubieziel
To be or I2P
Saal 2 en lecture Hacking
http://www.i2p.net/ I2P website
I2P is a message-based anonymizing network. It builds a virtual network between the communcation endpoints. This talk will introduce the technical
details of I2P and show some exemplary applications.
2007-12-28 17:15
An introduction into anonymous communication with I2P
Hannes
Automatic memory management
Saal 2 en lecture Science
http://www.cs.kent.ac.uk/people/staff/rej/gc.html Richard jones GC page
http://www.ravenbrook.com/project/mps/ Memory Pool System
http://www.hpl.hp.com/personal/Hans_Boehm/gc/ Boehm GC
http://www.research.ibm.com/people/d/dfb/papers/Vechev05Derivation.pdf Derivation and Evaluation of Concurrent Collectors
http://www.acmqueue.org/modules.php?name=Content&pa=showpage&pid=454 Realtime Garbage Collection
http://www.memorymanagement.org/ The Memory Management Reference
Since Java is widespread, automatic memory management is a commonly used technology. There are several approaches to memory management,
realtime, parallel, probabilistic algorithms. The lecture will give an overview of different algorithms and current research topics.
2007-12-28 18:30
Why should I care about something that a computer could handle better, anyway?
Rainer Fromm, Frank Rosengart
Spiel, Freude, Eierkuchen?
Saal 2 de podium Society
http://www.zdf.de/ZDFde/inhalt/26/0,1872,2285338,00.html ZDF Frontal21: Gewalt ohne Grenzen
Der Journalist Rainer Fromm berichtet über seine Erfahrungen mit der Gamerszene, mit Filmbeispielen und anschließender Diskussion.
2007-12-28 20:30
DIe Gamerszene und ihre Reaktion auf kritische Berichterstattung
24. Chaos Communication Congress
Volldampf voraus! 179
lucy
Inside the Mac OS X Kernel
Saal 2 en lecture Hacking
Many buzzwords are associated with Mac OS X: Mach kernel, microkernel, FreeBSD kernel, C++, 64 bit, UNIX... and while all of these apply in some way,
"XNU", the Mac OS X kernel is neither Mach, nor FreeBSD-based, it's not a microkernel, it's not written in C++ and it's not 64 bit - but it is UNIX... but just
since recently.
2007-12-28 21:45
Debunking Mac OS Myths
Ralph Kusserow, Christine Ketzer, Yvette Krause
Das Panoptische Prinzip - Filme über die Zeit nach der Privatsphäre
Saal 2 de movie Society
http://www.panoptisches-prinzip.de/ Das panoptische Prinzip
In den letzten Jahrennicht zuletzt seit dem 11. Septemberist es zu einem Abbau von Bürgerrechten und einer immer umfassender werdenden Überwachung
seitens des Staates, aber auch der Wirtschaft gekommen. Erkennungsdienstliche Verfahren wie z. B. die Abnahme von Fingerabdrücken oder andere
biometrische Verfahren, treffen zunehmend auch Normalbürger. Das rechtsstaatlich garantierte Paradigma der Unschuldsvermutung wird demontiert:
Jeder ist potenziell verdächtig.
2007-12-28 23:00
Ergebnisse des Minutenfilmwettbewerbs des C4 und des Kölner Filmhauses
Tag 2 - Saal 3
Bianca Drefahl
Computersimulationen als Prognose- und Planungsinstrumente
Saal 3 de lecture Science
Mit den computertechnologischen Entwicklungen seit Mitte des 20. Jahrhunderts rückte ein alter Traum der Menschheit in greifbare Reichweite:
kalkulierbare Zukünfte. Die stetige Steigerung an Rechnergeschwindigkeit, Speicherplatz und Verarbeitungspotential erlaubt es, am Computer
Experimente virtuell mit quasi-empirischen Charakter ablaufen zu lassen und visuell eindrucksvoll zu inszenieren.
2007-12-28 11:30
Grenzen und Möglichkeiten kalkulierbarer Zukünfte und dynamischer Planspiele
Stefan Strigler, BeF
Konzeptionelle Einführung in Erlang
Saal 3 de lecture Hacking
A jump-start into the world of concurrent programming
2007-12-28 12:45
Simon Wunderlich, Marek
Wireless Kernel Tweaking
Saal 3 en lecture Hacking
http://www.open-mesh.net www.open-mesh.net
Kernel hacking definitely is the queen of coding but in order to bring mesh routing that one vital step further we had to conquer this, for us, unchartered
territory. Working in the kernel itself is a tough and difficult task to manage, but the results and effectivity to be gained justify the long and hard road
to success. We took on the mission to go down that road and the result is B.A.T.M.A.N. advanced which is a kernel land implementation of the B.A.T.M.A.N.
mesh routing protocol specifically designed to manage Wireless MANs.
2007-12-28 14:00
or how B.A.T.M.A.N. learned to fly
Markus Beckedahl
23 ways to fight for your rights
Saal 3 de lecture Society
http://www.netzpolitik.org netzpolitik.org
Bürgerrechtsabbau steht auf der Tagesordnung. Bei der Vielzahl an Vorhaben und Gesetzesinitiativen haben viele mittlerweile das Gefühl, dass sich
politisches Engagieren nicht mehr lohnt.
2007-12-28 16:00
Wie man sich selbst mit den eigenen Stärken für unsere Bürgerrechte einsetzen kann
Peter Molnar, Roland Lezuo
Just in Time compilers - breaking a VM
Saal 3 en lecture Hacking
http://cacaojvm.org/ cacaojvm.org
We will present state of the art JIT compiler design based on CACAO, a GPL licensed multiplatform Java VM. After explaining the basics of code generation,
we will focus on "problematic" instructions, and point to possible ways to exploit stuff.
2007-12-28 17:15
Practical VM exploiting based on CACAO
27. - 30. Dezember 2007, Berlin
180 24C3
Florian
Modelling Infectious Diseases in Virtual Realities
Saal 3 en lecture Science
http://www.burckhardt.de/24c3_modelling_infdis_in_vr.pdf conference talk
World of Warcraft is currently one of the most successful and complex virtual realities. Apart from gaming, it simulates personality types, social
structures and a whole range of group dynamics.
2007-12-28 18:30
The "corrupted blood" plague of WoW from an epidemiological perspective
Raoul "Nobody" Chiesa, mayhem
Hacking SCADA
Saal 3 en lecture Hacking
http://conference.hitb.org/hitbsecconf2007kl/materials/D1T2%20-%20Raoul%20Chiesa%20and%20Mayhem%20-%20Hacking%20SCADA%20-%20How
%20to%200wn%20Critical%20National%20Infrastructure.pdf Our slides @hitb07
SCADA acronym stand for "Supervisory Control And Data Acquisition";, and it's related to industrial automation inside critical infrastructures. This talk will
introduce the audience to SCADA environments and its totally different security approaches, outlining the main key differences with typical IT Security
best practices. We will analyze a real world case study related to Industry. We will describe the most common security mistakes and some of the direct
consequences of such mistakes to a production environment. In addition, attendees will be shown a video of real SCADA machines reacting to these attacks
in the most "interesting"; of ways! :)
2007-12-28 20:30
how to own critical infrastructures
Peter Fuhrmann
C64-DTV Hacking
Saal 3 en lecture Hacking
The C64-DTV is a remake of the classic homecomputer sold as a joystick-contained videogame. The talk gives an overview about the structure of the dtv,
and showes different hardware and software modifications that can be done.
2007-12-28 21:45
Revisiting the legendary computer in a joystick
2) Food and Coins Available On Landing.
Vending Machine for Crows
Saal 3 en Society
As humanity spreads its population across the globe and in ever-increasing densities we are forcing darwinian selection on all species, selecting for those
which can best adapt to us. Crows are one such example of a synanthropic (human-adapted) species which has been selectively breeding for intelligence,
tool use, and flexible, logical thought. This experiment attempt to autonomously train crows to pick up lost change and deposit it into a machine in
exchange for peanuts.
Aside from the monetary potential ($216million USD/year in the US), this effort highlights the otherwise unexamined relationship between humanity and
the species we impact. Are we simply the propegators of attempted genocide against "pest" species, or are we willing to engage synanthropic species in
mutually beneficial relationships? If we can autonomously train crows to engage in tasks for us (and there is every indication we can - see
www.wireless.is/crows), what will it mean for our ethical responsibilities as stewards of the planet we are busily destroying and the species who are
adapting to us?
2007-12-28 23:00
Saving the World, or Manufacturing Minions?
Tag 3 - Saal 1
What can we do to counter the spies?
Saal 1 en lecture Society
A presentation about the role of intelligence agencies in the current era of the unending "war on terror";, how they monitor us, the implications for our
democracies, and what we can do to fight back.
2007-12-29 11:30
What it was like to be recruited and work for MI5.
Tomislav Medak, Toni Prug, Marcell Mars
Hacking ideologies, part 2:
Saal 1 en lecture Society
http://publication.nodel.org/The-Mirrors-Gonna-Steal-Your-Soul The Mirror's Gonna Steal Your Soul
http://rabelais.socialtools.net/FreeSoftware.ToniPrug.Aug2007.pdf Free Software
The Open Source initiative re-interpreted Free Software to include it into the neo-liberal ideology and the capitalist economy - whose aims are contrary
to the FS starting axioms/freedoms. This platform will focus on ideological and political aspects of this. It will also suggest FS recovery strategies.
2007-12-29 12:45
Free Software, Free Drugs and an ethics of death
24. Chaos Communication Congress
Volldampf voraus! 181
Rose White
The history of guerilla knitting
Saal 1 en lecture Making
"Guerrilla knitting" has a couple of meanings in the knitting community - to some, it merely means knitting in public, while to others, it means creating
public art by knitted means.
2007-12-29 14:00
Frank Rieger, Ron
Die Wahrheit und was wirklich passierte
Saal 1 de lecture Society
Jede Geschichte hat vier Seiten. Deine Seite, Ihre Seite, die Wahrheit und das, was wirklich passiert ist.
2007-12-29 16:00
Jede Geschichte hat vier Seiten.
Wolfgang Wippermann
Agenten des Bösen
Saal 1 de lecture Science
http://www.dradio.de/dkultur/sendungen/kritik/645433/ Buchkritik Agenten des Bösen (dradio)
http://www.media-mania.de/index.php?PHPSESSID=cd7e73d2ef22df76bdded374d65350ca&action=rezi&p=2&id=5770
Buchkritik Agenten des Bösen
Wolfgang Wippermann hat 2007 unter dem Titel "Agenten des Bösen" ein Buch über "Verschwörungstheorien von Luther bis heute" veröffentlicht. Darin
geht es unter anderem auch um Verschwörungstheorie, die in Hackerkreisen auf Interesse stoßen (Illuminanten, 9/11...). Interessant ist seine Einordnung
solcher Verschwörungstheorien in größere Zusammenhänge.
2007-12-29 17:15
Verschwörungstheorien
Steven J, Murdoch
Relay attacks on card payment:
Saal 1 en lecture Hacking
http://www.cl.cam.ac.uk/sjm217/papers/usenix07bounding.pdf Academic paper
http://www.cl.cam.ac.uk/research/security/projects/banking/relay/ Summary website
Relay attacks allow criminals to use credit or debit cards for fraudulent transactions, completely bypassing protections in today's electronic payment
systems. This talk will show how using easily available electronics, it is possible to carry out such attacks. Also, we will describe techniques for improving
payment systems, developed by Saar Drimer and me, in order to close this vulnerability.
2007-12-29 18:30
Keeping your enemies close
FX of Phenoelit
Toying with barcodes
Saal 1 en lecture Community
The talk focuses on 1D and 2D barcode applications with interference possibilities for the ordinary citizen. Ever wondered what is in these blocks of
squares on postal packages, letters and tickets? Playing with them might have interesting effects, reaching from good old fun to theft and severe impact.
2007-12-29 20:30
The line of least resistance
Florian Bischof
Sex 2.0
Saal 1 de Society
http://www2.gender.hu-berlin.de/gendermediawiki/index.php/Hauptseite Gender@Wiki
Der lange Schwanz der Dating-Communities sowie die De- und Rekonstruktion von Geschlecht und sexueller Orientierung haben ungeahnte Auswirkungen
auf unser Sexualleben. Ein Überblick darüber, was Sex ist, wie Dating-Communities funktionieren und wie man zu einem erfüllten Sexualleben kommen
kann.
2007-12-29 21:45
Hacking Heteronormativity
Ray
Hacker Jeopardy
Saal 1 de contest Community
Das bekannte Quizformat - aber natürlich mit Themen, die man im Fernsehen nie zu sehen bekäme.
2007-12-29 23:00
Die ultimative Hacker-Quizshow
Tag 3 - Saal 2
27. - 30. Dezember 2007, Berlin
182 24C3
Jens Muecke, Sven Übelacker
Hamburger Wahlstift
Saal 2 de lecture Hacking
http://www.24-februar.de/ Werbeseite zur Wahl
Am 24. Februar wollte Hamburg als Pilotprojekt mit dem Digitalen Wahlstift wählen.
2007-12-29 11:30
jz
Distributed campaigns for promoting and defending freedom in digital societies
Saal 2 en lecture Society
http://www.april.org/ APRIL, french non-profit organization for promoting and defending libre software
http://www.eucd.info/ Campaign for raising awareness about DRM, the criminalization of their circumvention,
and their effects on economics, law, innovation
http://www.candidats.fr/ Campaigns to make the candidates to elections work on freedom in the digital world
http://www.stopDRM.info/ campaigns to educate consumers about music and video locked-down with DRM
A presentation of a few successful campaigns in France lead by libre software activists for defending freedom in a digital world: bringing awareness of the
politicians about the dangers of the EUCD transposition and DRM, and their economical, social and political impact and influencing the candidates at a
presidential election to talk about Libre Software, software patents, DRM, etc. How did we do that? What have we learned? Maybe for political action
_too_, sharing is a way of just doing it better.
2007-12-29 12:45
Sharing experience about campaigning on the political field in France
Markus Schneider
Wahlchaos
Saal 2 de lecture Society
http://univis.uni-magdeburg.de/form?__s=2&dsc=anew/lecture_view&lvs=fgse/ipw/zentr/psy_0&anonymous=1&founds=fgse/ipw/
zentr/psy_0,fma/iag/zentr/comput,/linear,/mab,/oberse&nosearch=1&ref=main&sem=2006s&__e=
Seite des Seminars aus dem Universitätsinformationssystem
Wahlchaos beschäftigt sich mit Wahlverfahren aus mathematischer und politischer Sicht. So wurden die Wahlen von 1998, 2002 und 2005 betrachtet und
a-postpriori manipuliert und ihre Auswirkungen diskutiert.
2007-12-29 14:00
Paradoxien des deutschen Wahlsystems
Tomasz Rybak
Analysis of Sputnik Data from 23C3
Saal 2 en lecture Science
http://www.openbeacon.org/ Main page of Sputnik Project
http://www.bogomips.w.tkb.pl/sputnik.html My page with some analysis
http://pmeerw.net/23C3_ Page with analysis made by Peter Meerwald
http://wiki.openbeacon.org/wiki/Datamining Open Beacon Wiki about analysing data
In December 2006, in BCC 1000 atendees were wearing Sputnik Tags. Data was stored, and then made available for analysis. Unfortunately all IDs of tags
were lost. This lecture presents what was stored, what happened to it, and attempts of reconstructing IDs and sequences of movements.
2007-12-29 16:00
Attempts to regenerate lost sequences
Roger Dingledine
Current events in Tor development
Saal 2 en lecture Hacking
https://tor.eff.org/ Tor
Come talk with Roger Dingledine, Tor project leader, about some of the challenges in the anonymity world.
2007-12-29 17:15
Emerson
Hacking in the age of declining everything
Saal 2 en lecture Society
It is thought by many that the world may be facing Peaks in fossil fuel production and catastrophic climate change. These huge problems put into
question the Industrial Civilisation and call for, at the very least, massive changes to society if humanity is to survive. Do hackers have a role to play in a
post transition society? What sort of things should hackers know and prepare for in such a future?
2007-12-29 18:30
What can we do when everything we thought turns out to be wrong
starbug, Constanze Kurz
Meine Finger gehören mir
Saal 2 de lecture Society
Zum 1. November 2007 ging der biometrische Reisepass in die nächste Ausbaustufe. Seitdem müssen reisewillige Bürger neben dem frontalen Gesichtsbild
auch noch ihre Fingerabdrücke abgeben.
2007-12-29 20:30
Die nächste Stufe der biometrischen Vollerfassung
24. Chaos Communication Congress
Volldampf voraus! 183
Johannes Grenzfurthner
All Tomorrow's Condensation
Saal 2 en Culture
A long time ago in a post-apocalyptic region far, far away. Sympathetic outlaws battle against hyper-villains. Some people die, some people get famous.
Societal business as usual. But wait! Something is _happening_!monochrom (featuring Bre Pettis, Sean Bonner and others) try to reinterpret the
steampunk genre in form of a steamy puppet extravaganza. A journey into the backwaters of imagination!
2007-12-29 21:45
A puppet extravaganza by monochrom and friends
Oona Leganovic, Daniel Kulla
Space Communism
Saal 2 en other Culture
http://events.ccc.de/camp/2007/Fahrplan/events/1856.en.html "Weltraumkommunismus" auf dem Camp '07
http://dewy.fem.tu-ilmenau.de/CCC/CCCamp07/video/m4v/cccamp07-de-1856-Weltraumkommunismus.m4v
Videomitschnitt vom Camp (m4v, 144 MB)
Following "Chaos und Kritische Theorie" from 23C3, another verbal battle: Oona Leganovic (aka Ijon Tichy) will promote the idea to sublate the capital
relation and bring about communism first and only then to go to Space, because otherwise the earthly problems will be spread everywhere. Daniel Kulla
(impersonating Captain Kathryn Janeway) will, on the other hand, defend the exploration humanism that once already ended the middle ages and of
which can be expected to do the same to the crusted planetary commodity circus.
2007-12-29 23:00
Communism or Space first?
Tag 3 - Saal 3
Tonnerre Lombard
Grundlagen der sicheren Programmierung
Saal 3 de lecture Hacking
Dieser Vortrag bietet eine Übersicht über einige Dinge, welche man im Kopf behalten sollte, wenn man Software schreibt - vorausgesetzt, diese soll
nachher nur von der Person benutzt werden, die sie auch betreibt. Die theoretischen Aspekte der Sicherheit werden mit Codebeispielen untermalt.
2007-12-29 11:30
Typische Sicherheitslücken
Jens Kaufmann
Introduction in MEMS
Saal 3 en lecture Science
MicroElectroMechanical Systems or MEMS are as part of micro system technology, systems with electrical and mechanical subsystems at the micro scale. It
is basically an introduction in the technology and in its potential for hardware hacks and potential ways of homebrew devices.
2007-12-29 12:45
Skills for very small ninjas
Henning Westerholt
OpenSER SIP Server
Saal 3 de lecture Hacking
http://openser.org/dokuwiki/ OpenSER Dokumentation
Der Vortrag stellt OpenSER und das Open Source Projekt dahinter vor. OpenSER ist ein flexiber und leistungsfähiger SIP Server, mit dem alle Arten von
Voice over IP Infrastrukturen realisiert werden können. Er ist sowohl im DSL Router als Telefonanlage für die Wohngemeinschaft als auch von Carriern mit
mehreren Millionen Kunden einsetzbar. Anhand dieser Beispiele werden einige gebräuchliche Einsatzszenarien aufgezeigt. Dafür ist es notwendig, kurz auf
die Konfiguration, die Anbindung an Datenbanken und die wichtigsten Module einzugehen. Abschließend wird anhand des aktuellen Release 1.3 und der
Roadmap die weitere Entwicklung des Projektes vorgestellt.
2007-12-29 14:00
VoIP-Systeme mit OpenSER
Stephan Schmieder
Getting Things Done
Saal 3 de lecture Culture
http://unixgu.ru/papers/gtd.html Keylearnings mindmap
http://www.amazon.de/dp/0142000280 The Manual bei Amazon
http://unixgu.ru/lib/exe/fetch.php?id=papers&cache=cache&media=gtd-mrmcd-slides.pdf Slides from the same talk at mrmcd110b
http://freemind.sf.net/ http://www.lifehack.org/
http://www.zenhabits.net/ http://www.lifeoptimizer.org/ http://www.thinkingrock.com.au/
Eine Einführung ins Antiverpeilen mit Tools und Techniken rund um David Allens "Getting Things Done"-Methodik.
2007-12-29 16:00
Der Antiverpeil-Talk
27. - 30. Dezember 2007, Berlin
184 24C3
twiz, sgrakkyu
From Ring Zero to UID Zero
Saal 3 en lecture Hacking
http://www.phrack.org/issues.html?issue=64&id=6#article Phrack #64: Attacking the Core : Kernel Exploiting Notes
The process of exploiting kernel based vulnerabilities is one of the topic which have received more attention (and kindled more interest) among security
researchers, coders and addicted.
2007-12-29 17:15
A couple of stories about kernel exploiting
Nicolas Cannasse
haXe
Saal 3 en lecture Hacking
http://haxe.org haXe website
http://nekovm.org neko website
http://haxe.org/hxasm hxASM website
http://haxevideo.org haxeVideo website
haXe is a programming language for developing both server AND client side of a website. haXe can do Javascript/AJAX, Database access and even Flash and
video streaming. All with one single programming language.
2007-12-29 18:30
hacking a programming language
dash
Reverse Engineering of Embedded Devices
Saal 3 en lecture Hacking
The event aims on reverse engineering small boxes you can buy at your local Saturn or Media Market like SOHO Routers.
2007-12-29 20:30
Frederik Ramm
OpenStreetMap, the free Wiki world map
Saal 3 en lecture Making
The OpenStreetMap project has achieved remarkable successes in creating a free world map, and is growing fast. This talk gives an overview of what we
do, why we do it, and what our data can be used for.
2007-12-29 21:45
3 years done - 10 to go?
Tag 4 - Saal 1
Peter Eckersley
A Spotter's Guide to AACS Keys
Saal 1 en lecture Hacking
AACS is the DRM system used on HD-DVD and Blu-Ray discs. It is one of the most sophisticated DRM deployments to date. It includes around twelve different
kinds of keys (in fact, even counting the different kinds of keys is non-trivial), three optional watermarking schemes, and four revocation mechanisms
(for keys, hardware, players, and certain disc images).
2007-12-30 11:30
Wearables of the electronic and digital ages and the female cyborg
Saal 1 en lecture Society
Historians of technology usually argue that in the mediation of technology, female icons served two purposes: firstly, attracting the male buyer as erotic
signals; secondly, representing the simplicity of a technology`s handling. This scheme is obviously too simple and in itself stereotyped. It neglects the
nuances of how women are envisioned in relation to what technologies and what this means for both the semiotics of a technology and the identities of
women. For the case of the portable electronics, I will demonstrate such nuances. E.g. the radio was connected to female users as long as it served
leisurable entertainment in public spaces.
However, when marketed as an information tool back home or on business tours, it was put in male hands. Furthermore, the popular ascriptions which
condensed in the visions of media, advertising and manuals, also materialized in the artifacts themselves. Thus, radios or cell phones which were targeted
explicitly at women had feminized designs, colours and features which should relate to their life experiences. In my talk, I will also include this dimension
of the artifacts, analyzing them as frozen envisions of social and cultural values.
2007-12-30 14:00
24. Chaos Communication Congress
Volldampf voraus! 185
Luke Jennings
One Token to Rule Them All
Saal 1 en Hacking
The defense techniques employed by large software manufacturers are getting better. This is particularly true of Microsoft who have improved the
security of the software they make tremendously since their Trustworthy Computing initiative. Gone are the days of being able to penetrate any
Microsoft system by firing off the RPC-DCOM exploit. The consequence of this is that post-exploitation has become increasingly important in order to
"squeeze all the juice" out of every compromised system.Windows access tokens are integral to Microsoft's concept of single sign-on in an active directory
environment. Compromising a system that has privileged tokens can allow for both local and domain privilege escalation.
2007-12-30 16:00
Post-Exploitation Fun in Windows Environments
TyRaNiD
Playstation Portable Cracking
Saal 1 en lecture Hacking
The Sony PSP is over 3 years old yet barely a day has gone by without some part of it getting attacked. This lecture will go through how hacker ingenuity
and systematic failures in Sony's hardware, software and business practices ended up completely destroying the hand held's security including some
previously unreleased information about how it was achieved.
2007-12-30 17:15
How In The End We Got It All!
Alexander Kornbrust
Latest trends in Oracle Security
Saal 1 en lecture Hacking
http://www.red-database-security.com/ Homepage Red-Database-Security GmbH
Oracle databases are the leading databases in companies and organizations. In the last 3 years Oracle invested a lot of time and engery to make the
databases more secure, adding new features ... but even 2007 most databases are easy to hack.
2007-12-30 18:30
Ron, Frank Rieger
Security Nightmares 2008
Saal 1 de lecture Hacking
Security Nightmares - der jährliche Rückblick auf die IT-Sicherheit und der Security-Glaskugelblick für's nächste Jahr.
2007-12-30 20:30
Oder: worüber wir nächstes Jahr lachen werden
Tim Pritlove
Closing Event
2007-12-30 21:45 Saal 1 en lecture Community
Tag 4 - Saal 2
Peter Voigt
GPLv3 - Praktische Auswirkungen
Saal 2 de lecture Society
Was der Umstieg auf die GPLv3 an Neuerungen mit sich bringt, welche Fehler beim Wechsel vermieden werden können und an welchen Stellen rechtliche
Fragestellungen lauern, für deren Klärung technische Überlegungen nicht ausreichen, schildert dieser Vortrag.
2007-12-30 11:30
Marc-Andr Beck, Bernd R. Fix
Smartcard protocol sniffing
Saal 2 en lecture Hacking
http://postcard-sicherheit.ch/ postcard-sicherheit.ch
This talk will introduce you to the theoretical and practical issues involved in cloning/simulating existing smartcards. It is based on the lessons learned
from cloning the Postcard (swiss debit card) issued by PostFinance.
2007-12-30 12:45
Jonathan Weiss
Ruby on Rails Security
Saal 2 en lecture Hacking
This talk will focus on the security of the Ruby on Rails Web Framework. Some dos and don'ts will be presented along with security Best Practices for
common attacks like session fixation, XSS, SQL injection, and deployment weaknesses.
2007-12-30 14:00
Machtelt
Lobbying for Open Source
Saal 2 en lecture Society
This talk is about our experiences with talking to the government. The focus is on how to get the job done, talking politics to people who are clueless
about the need for free and open software.
2007-12-30 16:00
From one angry mail to writing national policy on Open Source
27. - 30. Dezember 2007, Berlin
186 24C3
kuza55
Unusual Web Bugs
Saal 2 en lecture Hacking
While many issues in web apps have been documented, and are fairly well known, I would like to shine some light on mostly unknown issues, and present
some new techniques for exploiting previously unexploitable bugs.
2007-12-30 17:15
A Web Hacker's Bag O' Tricks
I know who you clicked last summer
Saal 2 en lecture Hacking
One-mode and two-mode networks: This talk introduces some techniques of social network analysis and graph theory. It aims at using simple approaches
for getting interesting facts about networks. I will use the data of a popular community to demonstrate some of the techniques.
* modelling possibilities* basic measures of networks and some algorithms of network and graph theory
2007-12-30 18:30
A swiss army knife for automatic social investigation
Felix von Leitner
Abschlussbericht FeM-Streaming und Encoding
Saal 2 de lecture Making
Das Streaming-Team der FeM e.V. möchte zum Abschluss des 24C3 einen Überblick über die Streaming-Aktivitäten geben, ein paar Statistiken jonglieren
und sonstige (Un-)Auffälligkeiten und Stories berichten.
2007-12-30 20:30
Tag 4 - Saal 3
Benjamin Henrion
OOXML
Saal 3 en lecture Society
http://www.noooxml.org/ Say NO to Microsoft Office broken standard
Microsoft is currently trying to buy an ISO stamp for their flawed Office OpenXML (OOXML) specification.
2007-12-30 11:30
A twelve euros campaign against Microsoft's Office broken standard
Olivier Cleynen
Overtaking Proprietary Software Without Writing Code
Saal 3 en lecture Society
Free or "Open-Source" software, and in particular Linux, is doing extremely well technically. However, it fails to secure a significant portion of the
protected, lucrative software market, especially for end-users. Can Free Software finally make a full entry into our society? The main obstacles to
overcoming the domination of proprietary software, most of them non-technical, require thinking outside of code-writing. "Overtaking Proprietary
Software Without Writing Code" will relate experience gained from the activities of the GNU/Linux Matters non-profit, and provide some hands-on advice
for community members, taking a handful of relevant examples.
2007-12-30 12:45
"A few rough insights on sharpening free software"
Immanuel Scholz
Dining Cryptographers, The Protocol
Saal 3 en lecture Science
http://www.eigenheimstrasse.de/imi/dc DC Network Client (Java WebStart)
http://www.eigenheimstrasse.de/svn/dc/ Source Code to the DC Network Client
http://www.eigenheimstrasse.de/svn/dc/doc/dcnetwork.pdf Slides
Imi gives an introduction into the idea behind DC networks, how and why they work. With demonstration!
2007-12-30 14:00
Even slower than Tor and JAP together!
Cyworg
Lieber Cyborg als Göttin
Saal 3 de lecture Society
Das Cyborgmanifest verbindet die Analyse der heutigen Gesellschaft als "Informatik der Herrschaft" mit dem Aufruf von politischem, kreativem Umgang
mit Technik, der Möglichkeit des Angreifens von Machtstrukturen und mit der Überwindung der starren Grenzen zwischen den Geschlechtern.
Последнее редактирование:
