Private Investigations Berliner Congress Center (bcc) Berlin 2005-12-27 2005-12-30 4 2.2 06:00 01:00 11:00 01:00 Saal 1 private_investigations Opening Show and Keynote Speech Community Vortrag englisch Introductory opening session by Tim Pritlove and keynote speech on the 22C3 topic "Private Investigations" by Joi Ito. Tim Pritlove Joi Ito 12:00 01:00 Saal 1 biop_2_studie Biometrische Feldtests in Europa Society Vortrag deutsch Die BioP-II-Studie sollte eigentlich als Entscheidungshilfe für den Gesetzgeber die Einsatztauglichkeit der biometrischen Merkmale von Finger, Gesicht und Iris in Reisedokumenten testen. Leider wurde ihr Erscheinen um mehrere Monate verzögert und die entsprechenden Gesetze in der Zwischenzeit verabschiedet. Resigniert stellen die Macher der Studie fest, daß sie von der politischen Entscheidung überholt und vor vollendete Tatsachen gestellt wurden. Man hätte lieber auf die Ergebisse warten sollen. Wir beleuchten die Ergebnisse und die Bedingungen, unter denen die Studie durchgeführt wurde. Wir analysieren die Zahl der tatsächlichen Teilnehmer und zeigen, daß die Verbliebenen nicht repräsentativ für die reisende Bevölkerung sind. Constanze Kurz starbug 13:00 02:00 Saal 1 gesundheitskarte Eine unendliche Geschichte - Kapitel: Die Sümpfe der Traurigkeit Society Vortrag deutsch Wenige Tage noch, dann bricht die schöne, neue Welt der elektronischen Gesundheitskarte an. Alles wird besser -- bloß für wen? Damit will sich dieser Vortrag befassen, und insbesondere mit den Konsequenzen für diejenigen, für die es nicht besser wird. Die Schöne, Neue Welt -- was alles kommen soll - Versprechen -- was erzählt uns das Akzeptanz-Marketing - Versprecher -- und was ist fachlich kaum haltbar - medizinisch - wirtschaftlich - technisch Die Dunkle Seite -- Risiken und Nebenwirkungen - die Konsequenzen von Datenschutzpannen - die medizinischen Risiken - die Kosten für uns alle Dunkle Wasser und Sumpfmonster - Warum man nicht kritisieren darf, aber sehr wohl loben ... - Warum es keine (Berichterstattung über ;-) Alternativen gibt Vivisektion eines Gespensts - Ein vergnüglicher Blick in die Rahmenarchitektur - Sicherheitsanforderungen (ROTFL!) - Sicherheitsarchitektur - Wirtschaftlichkeit - Ein Blick nach Österreich (alles gewürzt mit pikanten Zitaten wichtiger Leute ...) Und nun, was tun? - Vorschläge, um nicht in den Sümpfen der Traurigkeit zu versinken ThoMaus 16:00 01:00 Saal 1 hacking_data_retention How bureaucrats fail to fight terror Hacking Vortrag englisch Data retention is presented as a solution for fighting child pornography and terror, but in reality the measures will fail. Circumventing is easy and mistakes are waiting to happen. This presentation shows the hard evidence to hack data rentention. In the fight against terror too often we it is said that a balance between privacy and security has to be sought. In many cases this is bad news for privacy. The plans to have Internet Service Providers store all movements made by their customers for years is a prominent example. However some people will claim that this "data retention" will make our lives safer. But will it really? In the presentation examples will be given how easy it is to circumvent the government control in numerous ways. The proof shows that the approach will inconvenience a somewhat intelligent terrorist at most, making the measure very inefficient. Meanwhile it is easy to make dangerous mistakes, coming to wrong conclusion from misinterpreted or just plain wrong data. With examples from cases where mistakes were already made as well as examples how to mislead crime fighters the story will be very realistic and anything but theoretical. Given the facts of an error prone approach to security and amazingly high level of inefficiency, it will become clear that data retention might actually might make us even more insecure than we already are. The attendee has to make up their own mind if the trade-off between privacy and security is a good one in this case. Brenno de Winter http://dewinter.com/ 17:00 01:00 Saal 1 epass_und_biop2 Hacking Vortrag deutsch Der Vortrag wird sich mit der Technik des neuen ePasses beschäftigen. Ab dem 1.November 2005 wir in Deutschland der neue ePass eingeführt. Auf einem RFID-Chip werden dann neben den Daten der maschinenlesbaren Zone auch ein digitales Gesichtsbild gespeichert, für das ganz neue Anforderungen gelten. Ab vorraussichtlich März 2007 kommen dann auch noch die Bilder zweier Fingerabdrücke hinzu. Der Vortrag beschäftigt sich mit den im Pass verwendeten Techniken der Biometrie und der Funktechnik und deren Unzulänglichkeiten im Bezug auf den Einsatz in Ausweisdokumenten. starbug 18:00 01:00 Saal 1 ccc_jahresrueckblick Ein Überblick über die Aktivitäten des Clubs 2005 Community Vortrag deutsch Die Sprecher des CCC stellen die Aktivitäten des und Geschehnisse im Chaos Computer Club im abgelaufenen Jahr vor. Hierunter fallen Berichte und Anekdoten von Veranstaltungen innerhalb des CCC als auch Vorträge und Konferenzen, an denen CCC-Vertreter teilgenommen haben. starbug Lars Weiler Andy Müller-Maguhn http://www.ccc.de/ 19:00 01:00 Saal 1 we_lost_the_war Welcome to the world of tomorrow Society Vortrag englisch Come to terms with the imminent loss of privacy and civil rights without going lethargic. We will analyse current events, how we think they will affect the issues we care about and how we can be most effective given the new circumstances. Or possibly how to simply survive the times ahead. During this lecture, we will first analyse what is happening on a global scale with regards to privacy, civil rights, democracy, corporate control of the media and related issues. We will try to highlight trends and the interests and motivations behind them, and we will try to analyse which strategies work well and which ones don't, both from the Luke Skywalker and from the Darth Vader perspective. Among other things, we will examine recent events and current situation in The Netherlands as a model for a possible Fortress-Europe future. We are now deep inside the kind of future we speculated about as a worst case scneario, back then. This is the ugly future, the one we never wanted, the one that we fought to prevent. We failed. And even if it wasn't our fault, we still have to live in it. The activists among us will need to figure out how to exercise the maximum amount of influence in a radically different environment. A surprising number of our friends work on the dark side, or at least in the twilight zone. While it certainly would be better if the surveillance industry were to die from lack of talent, the more realistic approach is to keep talking to those of us who sold their souls. We need to know much more about the details, but the general technological roadmap for the user-friendly police state is probably as clear to us today as the Internet Future was clear to us in 1993. We must think of ways to leverage this foresight. In order to stay relevant in this future, we need to choose our battles extremely wisely and avoid knee-jerk responses to knee-jerk politics. We will argue that fighting all battles on all battlefields will demotivate the very people we depend on if we want to change things for the better. Surviving and still having fun might not be easy, but is certainly possible. We don't pretend to have (too many) ready-made answers, but we will point to some models, ideas and implementations. Rop Gonggrijp Frank Rieger 21:00 01:00 Saal 1 working_memory_mental_imagery How does the brain learn to think? Science Vortrag englisch A representation of an untrained human brain, call it B(0), is encoded in the human genome -- its size can hardly exceed a few megabytes. In contrast, a representation of a trained brain, B(t), after big enough time t (say t=20years) must be very long (terabytes?) – it must include a representation of the brain's individual experience. How can a "simple" B(0) change into an extremely complex B(t) in the course of learning? Consider a cognitive system (W,D,B), where W is an external world, D is a set of human-like sensory and motor devices, and B is a control system simulating the work of human nervous system (for simplicity, B will be referred to as the brain). System (D,B) can be thought of as a human-like robot. Let us divide (W,D,B) into two subsystems: the brain, B, and the external world, W, as it appears to the brain via devices D – subsystem (W,D). In this representation, both subsystems can be treated as abstract "machines," the inputs of B being the outputs of (W,D), and vice versa. Let B(t) denote the state of B at moment t, where t=0 is the beginning of learning. The talk promotes the following general propositions: There must exist a relatively short formal representation of B(0). This representation is encoded, in some form, in the human genome and can be short enough to fit into a single floppy disk (megabytes). Any formal representation of B(t) with a big t, say t=20years, must be very long (terabytes) -- B(t) must include a representation of a very large individual experience. Let B(t)=(H(t),S(t)), where H(t) is a representation of “brain hardware” (e.g., in the form of a neural network model), and S(t) is a representation of the “brain software” (e.g., in the form of a set of synaptic gains). The hardware H(t) is close to H(0) -- the main difference is between initial software S(0) and the software S(t) created in the course of learning. The right methodology should be directed at reverse engineering B(0)=(H(0), S(0)). It is practically impossible to find and understand S(t) without first finding S(0) and understanding the process of learning that transforms S(0) into S(t). To find B(0) one needs to rely on a combination of psychological and neurobiological data. Ignoring psychological data leads to the, so-called, "mindless brains," whereas ignoring neurobiological data leads to the, so-called, "brainless minds."Traditional Artificial Neural Networks (ANN) and Artificial Intelligence (AI) research had fallen pray to this methodological pitfall. To make a big progress in reverse engineering (hacking!) B(0) and, consequently, in simulating and understanding a broad range of nontrivial cognitive phenomena in system (W,D,B(t)) it is critically important to develop a unified integrated approach to brain modeling and cognitive modeling! The talk discusses the following fundamental problems that must be addressed by the above unified integrated approach: 1. What is working memory and mental imagery? How, can our brain learn to imagine a process of writing and erasing symbols on a sheet of paper, or to move chess pieces on an imaginary chess board? 2. Importantly, the behavior from item 1, requires the highest general level of computing power (Chomsky’s type 0). How can a neural network model learn to perform behavior of type 0? It is easy to show that the error minimization learning algorithms employed in traditional neural network models cannot answer the above question. (These algorithms cannot be use to learn behavior higher than type 3!) 3. An experienced chess player can mentally play a combinatorial number of different chess parties. At the same time, he/she can recall the real chess parties he/she played. How can our brain combine these two properties? 4. The problem of pattern recognition is traditionally treated as a problem of optimal classification. This general approach was called into question by neurophysiologists Zopf Jr. (1962) in his paper entitled "Attitude and Context." (The paper was largely ignored!) Zopf argued that, in the case of the human brain, there is no such thing as an optimal context-independent classification. The fact is that we can treat a given object as a member of a combinatorial number of different classes depending on our attitude (mental set). What is mental set? How can a computing system with a linearly growing size of knowledge (software) dynamically reconfigure this knowledge to match a combinatorial number of different contexts? Victor Eliashberg http://www.brain0.com/ 22:00 01:00 Saal 1 voiphreaking Introduction to SIP Hacking Hacking Vortrag englisch Within the last year VoIP devices and applications flooded the market. SIP (Session Initiation Protocol) became the industry standard although it's still under constant development. VoIP networks converge with the PSTN and thus offer ways and means for new (and old) attacks. The talk gives a brief introduction on how various components in the VoIP universe interact. The main part deals with implementation problems within SIP in both end user as well as ISP site devices and applications. Hendrik Scholz 23:00 01:00 Saal 1 hacking_tomtom_go Reverse-Engineering des Embedded-Linux-Navigationssystems Hacking Vortrag deutsch TomTom hat mit dem Go ein schickes und flexibles Embedded-Linux-System auf den Markt gebracht, das nur danach schreit, auch für andere Zwecke verwendet zu werden. Leider sind System-Images signiert - und hier soll gezeigt werden, wie diese Signatur geknackt wurde. TomTom hat im Juli 2004 als erster Hersteller von Navigationssystemen eine „Self-Contained“-Lösung auf den Markt gebracht, die bisher einmalig war: Das Gerät kann aus der Box genommen, eingeschaltet werden und funktioniert. GPS-Empfänger, CPU, Display mit Touchscreen, Lautsprecher, SD-Karten-Leser – alles ist direkt ins Gehäuse eingebaut. Basieren tut das System auf einem Embedded-Linux und dem wissenden Geek fallen sofort viele Möglichkeiten ein, was mit einem solchen System noch zu tun ist: MP3/OGG-Spieler, Video-Player, WLAN-Sniffer (über externe WLAN-Karte am USB, etc. Leider stand vor dem Ausführen eigener Programme und Kernels eine digitale Sigantur im Boot-Image – ein mit Blowfish gecrypteter MD5-Hash von Kernel und Init-Ramdisk. Einige lange Nächte hat es im Herbst 2004 gedauert bis der Algorithmus geknackt und der Schlüssel bekannt war. Es wurden Firmware-Updates analysiert, der Bootloader disassembliert und, eine serielle Schnittstelle mit einer Console gesucht und gefunden. Alles das soll in unserem Vortrag erklärt und beschrieben werden und so eine kleine Anleitung zum Einstieg in die Welt von Embedded-Linux geben und vielleicht dem einen oder anderen dabei helfen, selber seinen neuen Router, seine neue Telefon-Anlage, etc. vielleicht auch als Linux-System zu enttarnen. Christian Daniel Thomas Kleffel OpenTom 00:00 01:00 Saal 1 biometrics_in_science_fiction Culture Sonstiges deutsch Gezeigt und kommentiert werden Ausschnitte und Szenen biometrischer Techniken aus Film und Fernsehen. Daß Film Fiktion ist, weiß der gemeine Kinogänger - Hollywood eben. Doch die Inszenierung von Biometrie im Film prägt das Bild der Menschen. Beim Blick in vergangene Film- und Fernsehproduktionen gehen wir der Frage nach, wie biometrische Techniken in Zukunft aussehen und funktionieren könnten. Roland Kubica Constanze Kurz 12:00 01:00 Saal 2 hacking_health Electronic Patient Records in The Netherlands Society Vortrag englisch I have been researching the implementation of electronic patient records (EPR) in NL. The first part of EPRs - a national database of medication that each patient is described - will become mandatory in early 2006. To 'ease the implementation' of a national EPR database, all Dutch citizens will be given a Civil Service Number which supplants our social security number. This CSN - which is actually the same identifier as your social sucurity number - will be used in health services, school, child care, work and taxes. The Dutch government states that this the use of this CNS will be regulated 'within existing European privacy laws' but also adds that using one identydying number in all social areas, including health care, is 'helpful in matters of law enforcement'. On top of that, national electronic (biometric) identity cards will be issued, allegedly to allow citizend (patients) to log in to heir personal EPRs, notwithstanding the fact that hardly any EPR software exists that allow patients to log in. In other words, EPRs are at least partially used to sell biometric identity cards. EPR implementation is supposed to reduce bureaucracy in health care, and to reduce the amount of medical errors; thus, it supposedly helps to cut down costs. Policy makers do not seem to take into account that automating EPRs creates a new subset of medical errors (input errors now being the 4th most common reason for medical errors). Also, they overvalue using computers, believing them to be 'flawless'. Security around EPRs is bad. One Dutch hospiyal was not able to see policlinic patients for a week, due to a computer virus. More hospitals have ad virus problems but have refrained from stating so. The Dutch Health Inspection issued a warning that a pharmacy software program used to calculate mediaction dosage, iscalculated the amount for 200 medicins, amongst themm cytostatics. To test the safety of hospital computer systems, I organised a penetration test with two random hospitals that used EPRs. We were able to access 1.2 million patient records. Karin Spaink 13:00 01:00 Saal 2 hopalong_casualty On automated video analysis of human behaviour Hacking Vortrag englisch Automated analysis of surveillance videos has seen a lot of research in recent years. Face recognition and person tracking are widely available, more sophisticated behaviour analysis is coming. The aim of the current talk is an overview into the methods used for analysis, their current performance and limitations. Automated analysis of videos is a hot research topic currently, mostly fuelled (and funded) by interest in surveillance applications. Some of the work focuses on /identifying/ persons by individual differences in their motion patterns, e.g., the way the walk. Much current work tries to determine human interaction behaviour, e.g. whether two persons are standing and talking or whether they are fighting. A last big area is that of trajectory analysis, e.g. distinguishing persons walking straight across an open place from persons sticking around longer. This talk will give an overview into whats possible currently and then introduce some of the common methods of motion analysis with a focus on real-time capability. It will touch upon motion-history images, model-based tracking, graphical models for time-series and learning methods for classification. Throughout, pointers to toolkits that can be used to implement the methods presented will be provided. Of course, there are still a lot of problems, some of them quite fundamental, e.g. occlusions, crowds, influence of rain and wind, and the like. These problems, and their causes, will be explained under the assumption that the audience will be able to make creative use of this knowledge for playing with the system. Ingo Lütkebohle 14:00 01:00 Saal 2 hacking_cctv Watching the watchers, having fun with cctv cameras, making yourself invisible Hacking Vortrag deutsch CCTV möchte für mehr öffentliche Sicherheit sorgen, bringt aber viel mehr Unsicherheit - sehen wir, was Überwacher sehen, in dem wir uns kurz mit Funkfrequenzen und mit Empfaengern - bzw was sich noch alles dafuer verwenden laesst - befassen. Welche sowieso schon erhältlichen Antennen (zB Wlan) eignen sich dafür? Welche Kameratypen gibt es, und was sind ihre Schwächen? Warum (fast alle) Kameras auch für Infrarot empfindlich sind, und wie sich das nutzen lässt - zB um sich unkenntlich zu machen. Mit etwas Glück können wir auch unser "quintessenz CCTV privatizer cap" vorstellen. Welche nichtdestruktiven Methoden der CCTV Vereitelung gibt es noch? IP-Cameras hingegen führen das interne Netz bis an die Häuserfront oder broadcasten ihre Bilder bereitwillig ins Netz - und sind dazu auch noch einfach aufzufinden. Adrian Dabrowski Martin Slunsky http://www.quintessenz.at/cctv/ 16:00 01:00 Saal 2 videoueberwachung_hochschulen oder: "Über meine Maßnahmen gebe ich keine Auskunft" Society Vortrag deutsch Nach den BigBrotherAwards 2004, bei denen die Universität Paderborn einen Preis für ihre Videoüberwachung abgeräumt hat, liefen einige tolle Aktionen an der Universität. Davon motiviert hat der FoeBuD e.V. zusammen mit dem fzs (freier zusammenschluss studentInnenschaften) ein Projekt ins Leben gerufen, bei dem untersucht werden sollte, wie weit Videoüberwachung an deutschen Hochschulen verbreitet ist. Dazu wurden zwei Fragebögen entwickelt, die wichtige Kennziffern der Hochschule und interessante Daten über deren (eventuelle) Überwachung erfassen. Diese Fragebögen wurden zum einen an die Rektorate aller deutschen Hochschulen geschickt (300 Stk.) und zudem an alle StudentInnenvertretungen. Nach einer dreimonatigen Befragungsphase, einem entsprechenden Erinnerungsbrief, und Mailingaktionen, beginnt jetzt Mitte Oktober die Auswertung der Antworten. Der grobe Überblick verspricht interessante Ergebnisse, die zwar nicht quantitativ ausgewertet werden können, aber einen aufschlussreichen qualitativen Einblick ermöglichen. Unter anderem werden diese Fragen erörtert werden: * Wer hat geantwortet, und wieso haben machen Hochschulen nicht geantwortet? * Wieso wird Videoüberwachung eingesetzt? * Wieso wird _keine_ Videoüberwachung eingesetzt? * Wie sieht eine typische Videoüberwachung an einer Hochschule aus? * Kann man etwas gegen diese Videoüberwachung unternehmen? Olode http://www.foebud.org/video/uni-paderborn http://hochschulsicherheit.de http://fzs-online.org http://foebud.org 17:00 01:00 Saal 2 x86_64_buffer_overflow_exploits Hacking Vortrag deutsch Die X86-64 Architektur bietet neben den bisher bei x86 verfügbaren Page-protection-bits ein neues Bit, welches es erlaubt Seiten als nicht ausführbar zu markieren. Dies soll dazu dienen die weithin bekannten Buffer-overflow-exploits zu verhindern oder zu erschweren. Wie sich das trotzdem anstellen lässt zeigt dieser Vortrag. In recent years many security relevant programs suffered from buffer overflow vulnerabilities. A lot of intrusions happen due to buffer overflow exploits, if not even most of them. Historically x86 CPUs suffered from the fact that data pages could not only be readable OR executable. If the read bit was set this page was executable too. That was fundamental for the common buffer overflow exploits to function since the so called shellcode was actually data delivered to the program. If this data would be placed in a readable but non-executable page, it could still overflow internal buffers but it won’t be possible to get it to execute. Demanding for such a mechanism the PaX kernel patch introduced a workaround for this r-means-x problem [7]. Todays CPUs (AMD64 as well as newer x86 CPUs) however offer a solution in-house. They enforce the missing execution bit even if a page is readable, unlike recent x86 CPUs did. From the exploiting perspective this completely destroys the common buffer overflow technique since the attacker is not able to get execution to his shellcode anymore. Why return-into-libc also fails is explained within the next sections. Sebastian Krahmer x86-64 buffer overflow exploits and the borrowed code chunks exploitation technique (PDF) 18:00 01:00 Saal 2 syscall_proxying Introduction to syscall proxying and applications for in the wild exploitations Hacking Vortrag englisch This talk is about how using syscall proxying technique for envolved attacks or other distributed applications. It includes source code examples like shellcodes, tools and a poc rootkit using this technique. This talk will be submited first at 0sec, a private security event we organize in switzerland in october. Since long time hackers are searching way to execute code on hosts through different types of vulnerabilities. The shellcode is one of the master part of a successfull exploitation. Making reliable exploit working in the wild with "universal" payload is the goal of every exploit writer. Syscall proxying is a technique which was introduced by Maximiliano Caceres (CORE SDI) which can provide a real remote interface to the host's kernel. The goal is writing universal "agents" to create all you can imagine locally but running it remotly. The best part of the syscall proxying technique is the attacker tools are locally stored but remotely executed through the payload. During this talk Casek will introduce this technique and his own implementation of syscall proxy shellcodes and tools. Different type of payloads, a library, tools and a proof of concept lightweight rootkit will be presented. He will discuss exploiting vulnerabilities with this goal: exploiting, privilege escalation if needed, rootkiting (remotly infecting processes or patching on the fly the kernel), covering traces etc... all in one time. csk http://www.uberwall.org/ http://0x736563.org/ 19:00 01:00 Saal 2 developing_intelligent_search_engines Science Vortrag englisch The presentation will give a short overview of the architecture of search engines and how machine learning can help improving search engines. In addition some projects you can take part in will be briefly introduced. Developers of search engines today do not only face technical problems such as designing an efficient crawler or distributing search requests among servers. Search has become a problem of identifying reliable information in an adversarial environment. Since the web is used for purposes as diverse as trade, communication, and advertisement search engines need to be able to distinguish different types of web pages. In this paper we describe some common properties of the WWW and social networks. We show one possibility of exploiting these properties for classifying web pages. Isabel Drost http://dx.doi.org/10.1007/11564096_14 http://www.informatik.hu-berlin.de/wm http://www.nutch.org http://www.yacy.net/yacy/ 21:00 01:00 Saal 2 applied_machine_learning Brief Introduction into Machine Learning followed by application examples. Science Vortrag englisch Overview of the current state of research in Machine Learning including the general motivation, setup of learning problems, state-of-the-art learning algorithms and applications like our brain computer interface. The talk is going to have three parts: (a) What is Machine Learning about? This includes the general motivation (spam detection as example) and the setup of supervised learning problems. (b) What are state-of-the-art learning techniques? With a minimal amount of theory, I'll describe some methods including a currently very successful and easily applicable method called Support Vector Machines. I'll provide references to packaged implementations of these algorithms. (c) I'll discuss a few applications in greater detail, to show how Machine Learning can be successfully applied in practice. These will include: Handwritten letter/digit recognition, drug discovery, file classification (e.g. on Linux and BSD sourcecode), gene finding and brain-computer interfacing. I present the material as self-contained as possible. Part b will contain some math, but this will be kept to a minimum: I mainly want to bring ideas across. Timon Schroeter Sören Sonnenburg Konrad Rieck http://ida.first.fraunhofer.de/homepages/ida/ http://bbci.de/ 22:00 01:00 Saal 2 tcpip_covert_channels Creation and detection of IP steganography for covert channels and device fingerprinting Hacking Vortrag englisch This talk will show how idiosyncrasies in TCP/IP implementations can be used to reveal the use of several steganography schemes, and how they can be fixed. The analysis can even be extended to remotely identify the physical machine being used. A number of steganography techniques have been designed to insert a covert channel into seemingly random TCP/IP fields, such as the IP ID, TCP initial sequence number (ISN) or the least significant bits of the TCP timestamp. While compliant with the TCP/IP specification, their output is unlike that an unmodified operating system would generate. This talk will show how by taking in account the implementation of the TCP/IP stack, a number of such specification-based steganography schemes can be broken. This includes Nushu, an ISN based scheme presented at 21C3. Firstly the talk will introduce the field of covert channels and TCP/IP steganography in particular, giving an overview of the steganographic potential of different fields in the protocol. This will show that only the IP ID and TCP ISN can be plausibly used for steganography. The talk will then describe how these fields are generated, and how steganography schemes which do not properly take in account these algorithms can be detected. The talk will then present improved TCP/IP steganography schemes for Linux and OpenBSD which, by deriving a reversible transformation from the standard TCP/IP stacks' implementation, make a much harder to detect covert channel. Such a scheme can be shown to be as strong as the underlying encryption, when attacked by an adversary monitoring packet content. Finally, a side effect of the steganography detection system is to reveal microsecond-level deviations in the clock speed of the device being monitored. Clock-skew varies from computer to computer so can act as a fingerprint of a particular physical device. This talk will show how this fact can be used to track physical devices across the Internet, and how the use of TCP ISNs can improve over schemes based on TCP timestamps. This work was done in conjunction with Stephen Lewis. Steven J. Murdoch Slides of the Talk Paper of previous results 23:00 01:00 Saal 2 hacking_openwrt Hacking Vortrag englisch OpenWrt is a Linux distribution for embedded Wireless LAN routers. In this lecture I'm going to introduce OpenWrt and show you how you can use and customize it for your own projects. OpenWrt is basically a complete Linux distribution designed to work within the space constraints of average wireless routers like the Linksys WRT54G or the ASUS WL-500g. Since April 2005 the build system has been completely rewritten to support a large repository of packages that are built automatically and to make it easy to port it to other router platforms in the future. That makes it useful for creating custom solutions involving wireless networking, like a Hotspot service complete with authentication and billing or a small Voice over IP server (with Asterisk). I'd like to present the structure of the OpenWrt base system and show you how you can create your own packages and firmware images with the tools that we provide (Image Builder, SDK and the build system itself). Felix Fietkau 12:00 01:00 Saal 3 understanding_buffer_overflow_exploitation The fascinating interplay of CPU, stack, C-compiler and shellcode in a nutshell Hacking Vortrag englisch Everything started with Aleph One's paper "Smashing the Stack for Fun and Profit". These techniques are still the basis for modern exploitation of buffer, heap and format string vulnerabilities. We will give a swift overview about C functions, stack usage, assembler, gcc, gdb and how these few tools can be used to understand and write shell-code to turn simple buffer overflows into backdoors that open whole systems to potential attackers. Sure you want to know how to defend against that. We also will tell you about that! This course essentially was held at Informatica Feminale in Bremen in September 2005. Not by accident, there is a strong alignment to Aleph1's popular paper on this topic. We will start by looking at the i386 architecture, the linux memory model, typical C functions, how function parameters are pushed onto the stack according to standard C calling convetions and how space is allocated on the stack for local variables. We will take a closer look at the steps neccessary to open a shell and exit cleanly and how to find out how to implement these functions in assembler to build a shellcode, which yields a pretty universal howto of shellcode writing on nearly any architecture, just using gcc and gdb. Finally, we will see how the vital stack space of some vulnerable programs gets overwritten and and how to cleverly do that to force even unknown programs into doing what WE want them to do. The conclusion of this course will put buffer overflows into a wider perspective. How are they related to those other vulnerabilities, like heap overflows and format string vulnerabilities and what can we do to prevent them? Christiane Ruetten 13:00 01:00 Saal 3 preventing_buffer_overflows An overview of static and dynamic approaches Hacking Vortrag englisch A talk that will present academic tools, which are designed to find or disarm security problems in C code The last years have proven that humans are notorious producers of insecure code. They also seem to have problems security bigs on their own. For this reason scientist spend a reasonable amount of time in developing ideas how to automate the process of finding those security bugs (using static analysis) or how to fix those bugs automatically (with dynamic measures which take effect on runtime). The talk will give an introduction to both approaches. The presented tools are aimed at problems that belong to the programming language C: Buffer Overflows, Format String Exploits and their friends. Static tools examine the source code before the compilation. Depending on the tool methods like functional verification, finite automatons or lattice theory are used to find security bugs. The talk will try to show, how these tools work and what their shortcomings are (e.g. to many false positives, no weighting, hard to configure,...) Dynamic tools alter the source code before or during the compilation. They try to add constructs to the control flow with additions that are supposed to prevent the exploitation of security flaws. Classic examples (Stack Guard) and modern approaches (StoBo) are presented and discussed. Only tools and methods that are applicable by the programmer are addressed. Methods of preventing exploitation by altering the underlying infrastructure (i.e. the OS) are omitted. The focus is on measures that can be employed by the actual programmer. We think it is important that the usage of these kind of tools (esp. static analysis) grows in the open source community. Commercial companies are employing static analysis on a broad basis nowadays (for example Microsoft requires their coders to use the tools PreFast and PreFix daily). Otherwise the security advantage, that open source claims to possess, may diminish. Martin Johns 14:00 01:00 Saal 3 the_grey_commons Strategic considerations in the copyfight. Society Vortrag englisch Piratbyran.org in Sweden has since 2003 We will have a paper ready until the first of December around the Nordic pirate projects and file shearing scene and its current development. Will we will describe the work of Piratbyran, The Pirate Bay, Piratgruppen and Artliberated. This will be done under the title The Grey Commons where we describe the special approach of temporal constructions that has been developing as a way to uphold the possibility of redistribution. The main issues and themes are talked about in the interview attached with Palle Torsson that will be published in the next issue of Mute. We will use this text as a base for our paper. Palle Torsson Rasmus Fleischer http://www.piratbyran.org/ http://www.artliberated.org/ http://www.thepiratebay.org/ http://www.piratgruppen.org/ 16:00 01:00 Saal 3 peer_to_peer_under_the_hood An in-depth look at p2p algorithmics Hacking Vortrag englisch About p2p-algorithms for fully distributed, totally serverless, fully scalable peer-to-peer systems. Not about specific p2p-softwares. This will only be a very brief overview of p2p-algorithms. This talk is about p2p-algorithms for fully distributed, totally serverless, fully scalable, globally searchable, robust, efficient peer-to-peer systems. These algorithms make it possible to make millions or even billions of computers work together in an organised manner without any central servers, without any computer being a boss over the others. We can now make applications such as filesharing, chat, instant messaging, Internet telephoning, radio and TV (sent from a single home user computer to a billion nodes), distributed calculation systems and many more applications. Since this talk is rather short we will not talk about specific p2p-softwares, encryption, stealth or anonymity. But we will mention some never before published stuff. The talk will be held by David Göthberg who has researched p2p-algorithms since 1997 and full time since the year 2000. Before that he used to work with Internet communication and computer security in embedded systems. (Internet in cars and other machinery.) David has now finished his research and is now working on building a p2p-programming library. So that other programmers can build advanced p2p applications easily, without having to spend years on research first. David's p2p-programming library will be available free of charge for anyone making free software. If you want more information from David before or after the congress take a look at www.pjort.com/projects/ or chat with "Mole2" in the channel #p2p-hackers on the IRC-network irc.freenode.net. David Göthberg http://www.randpeer.com/ http://www.pjort.com/projects/ 17:00 01:00 Saal 3 media_system_deployment Hacking Vortrag englisch Using Python, a large variety of media-oriented systems can be scripted with very little effort. The talk will explore the available libraries for 2d and 3d graphics, video and sound and describe real-world experiences in deploying these systems. Multimedia on linux has made great progress. A few years ago, video support was very limited, low-latency-audio was impossible, getting jitter-free performance was a nightmare and fonts were rendered with a quality that made any designer cringe. This has changed. One language that has been used successfully in many multimedia systems is python. The talk will look at what is required to set up a multimedia system with python. While the focus will be on installations in public or semi-public areas (museums, showrooms, the c-base), many of the techniques can be used in other areas as well. Most of the talk will cover Linux-based systems, with some references to the possibilities of Mac OS X systems. Among others, the talk will discuss the following libraries: - libavg: libavg (www.libavg.de) is a display mixer and general multimedia library/framework with a python interface. The goal of avg is to make it almost as easy to build installations as it is to build a web page. Designing interactive systems will still need some programming skills, but this should be kept to a minimum. An avg installation consists of one or more xml files that describe screen layout(s) and corresponding python code that describe the dynamics of the installation: What to do when a user interacts with the system, some time has elapsed or any other input has arrived. The result is a very high-level approach to screen-oriented multimedia that still allows for very competitive performance. - alpy: alpy (http://www.stolk.org/alpy/) is an incredible library that allows mixing of sound in 3d with a very high-level interface. It is based on OpenAL, the sound library that was used in games like Unreal 2 and Soldier of Fortune 2, among about 30 others. Sounds can be placed in a 3d space around the listener and moved in realtime with a few lines of python code. The system transparently determines the sound a listener would hear, taking into account distance, orientation and movement of the sound (doppler effects!) with respect to the listener. - pyopengl: This library (http://pyopengl.sourceforge.net/) exposes the opengl 3d api to python, allowing full low-level access to the capabilities of modern graphics cards. - pil: The Python Imaging Library (http://www.pythonware.com/library/index.htm) adds image processing capabilities to python. It can be used as a supporting library for the other libraries described. In addition to the library features, the talk will cover areas like interoperability (which libraries cooperate well) and hardware support/ease of installation and configuration. Integration of custom hardware devices using serial/parallel ports ist covered as well. If there is interest, I intend to follow the talk with a hands-on workshop at the c-base on the following day. The workshop will be limited to ten participants, with five computers with preinstalled software available. Persons interested in the workshop can contact the speaker via coder@c-base.org. Ulrich von Zadow 18:00 01:00 Saal 3 better_code Fast development of object-oriented functional programs Hacking Vortrag englisch An overview of the highly dynamic, object-oriented, functional programming language Dylan will be given. As an example a web-based network management tool will be demonstrated. Dylan is a fully buzzword-compliant language (object-oriented, dynamic, functional) which was developed by Apple, CMU and Harlequin back in the early 90s. While the Apple project was cancelled in the early beta testing stage due to financial trouble at Apple, both CMU and Harlequin finished their compilers. CMU released a Dylan-to-C batch compiler as open source. Harlequin produced a full-blown development environment, including an IDE with code browsers, a debugger, profiler, and a native compiler for x86. This compiler has been available commercially. After the bankrupt of Harlequin, the programmers bought the rights to their code, and after an unsuccessful attempt to sell it, recently decided to release it as open source too. Dylan is unique in that it combines both the ease of use and rapid prototyping features of very high level languages with high performance code execution, allowing the deployment of real-life production systems. Additionally, it is amongst the languages that prevent many of the the common exploitable bugs like buffer overflows, integer overflows, format string exploits, double frees, that plague programs written in C. Dylan is semantically closely related to Scheme, but comes with an Algol-like syntax that should be more convenient to the programmer than the S-expression syntax used by the Lisp family of languages. It features a well-integrated class system with dynamic types and multiple inheritance, polymorphism via generic functions, first class functions and matching higher-order functions, automatic memory management and a macro system that allows to extend the grammar of the language. This talk presents the Dylan language and its implementations. It also demonstrates a sample application for configuring switches, routers, DHCP- and DNS-servers for a network environment such as the one of the Chaos Communication Congress over a web interface, focusing on how usage of the Dylan language features allows construction of a powerful framework for such purposes. Hannes Mehnert Andreas Bogk Dylan Hackers @ ICFP 2005 Memory Pool System Project Open Dylan The Eighth Annual ICFP Programming Contest 2005 19:00 01:00 Saal 3 rfid_protocols ISO14443, ISO15693, their GPL librfid implementation and passive sniffing hardware Hacking Vortrag englisch The presentation will cover an introduction into the two popular RFID Standards, ISO14443 and ISO15693, as well as the author's Free Software implementation "librfid" The number of deployments of RFID based solutions is growing every day. Still, detailed low-level knowledge of the involved protocols is rare, even within the hacker community. The first part of this presentation describes the two commonly-deployed ISO standards 14443 and 15693 - from physical layer up to session layer. It will then continue to look at the typical architecture of RFID readers. The second part will cover "librfid", the GPL licensed Free Software implemetation of an ISO 14443 and 15693 host-side stack. The third part will look at our current progress in developing hardware and software defined radio (SDR) based passive sniffing of the RFID radio interface. After all, who wouldn't want to have "tcpdump" like functionality for RFID? * Authors: Harald Welte <laforge@gnumonks.org> Milosch Meriac <meriac@bitmanufaktur.de> Harald Welte Milosch Meriac http://rfiddump.org/ http://svnweb.gnumonks.org/trunk/librfid http://svnweb.gnumonks.org/trunk/libmrtd 21:00 01:00 Saal 3 exploring_protocols_and_services_on_internet_connected_embedded_devices Looking for Insecurities Hacking Vortrag englisch Embedded devices are set to take centre stage in the coming internet connected revolution where anything and everything will be connected to the internet. But are the Devices, Operating Systems, Protocols and Services mature enough for what the future holds for them? This session looks at the requirements of an internet connected embedded device and the necessary protocols and services required and available, then, it goes into some implications of the currently known vulnerabilities. This lecture is based on my work in compiling a database of embedded devices, their models with operating systems (and versions), with protocols (and versions), and services (and their versions) together with vulnerabilities and the current known research on them. I will use Networked CCTV Systems as an example of network connected systems and how they can be used inappropriately to gain access. Sarbjit Sembhi 22:00 01:00 Saal 3 big_brother_awards Datenkraken beim Kragen packen Society Vortrag deutsch "The winner is ..." zumindest "unhappy". Wer einen BigBrotherAward erhält, hat es damit schriftlich bekommen, dass sein Verhalten "evil" ist. In vielen Ländern werden BigBrotherAwards, Datenschutznegativpreise für "Datenkraken", vergeben. Vertreterinnen und Vertreter aus Schweiz und Deutschland präsentieren die Ergebnisse, Hintergründe und Erfolge des Jahres 2005. Im Schnelldurchgang und mit Filmbeiträgen werden Preisträger, Trends und Tendenzen präsentiert. padeluun Thomas Bader Rena Tangens http://www.bigbrotherawards.de http://www.bigbrotherawards.ch http://www.bigbrotherawards.at 23:00 01:00 Saal 3 digitale_buergerrechte_in_europa Society Vortrag deutsch Die digitale Wissensgesellschaft wird in wesentlichen Punkten von der Europäischen Union bestimmt und häufig haben Richtlinien und andere Maßnahmen der EU direkte Auswirkungen auf unsere digitalen Bürgerrechte. Es geht bei unserer Präsentation nicht um einen Lobby-Überblick, sondern um eine Darstellung, welche Direktiven und Maßnahmen gerade auf europäischer Ebene in Arbeit sind, die "Digital Rights" mittelbar oder direkt betreffen. Und das sind eine ganze Menge, die teilweise fernab der Öffentlichkeit im Hintergrund vorbereitet werden, bzw. auf wenig öffentliches Interesse stoßen. Die bekannteste ist sicherlich die mehr als umstrittene Richtlinie zur Ausweitung der Vorratsdatenspeicherung von Telefon- und Internetdaten, aber es gibt zahlreiche weitere angekündigte Maßnahmen auf europäischer Ebene, die nicht minder brisant sind. Diese finden fast alle im Rahmen einer neuen EU-Initiative "Für Rechte an geistigem Eigentum und gegen Nachahmungen" statt, die der für Wirtschaftspolitik zuständige Kommissar Verheugen für das Frühjahr 2006 angekündigt hat. Im Mittelpunkt der strafverschärfenden Maßnahmen stehen eine Richtlinie "Über strafrechtliche Maßnahmen zur Durchsetzung der Rechte des geistigen Eigentums" und ein damit verbundener Rahmenbeschluss zur "Ahndung der Verletzung geistigen Eigentums". Die vorgesehen Regelungen gegen "Produktfälscher" und "Raubkopierer" sollen die bereits im vergangenen Jahr verabschiedete Richtlinie zur "Durchsetzung der Rechte des Geistigen Eigentums" ergänzen, deren Umsetzung in deutsches Recht kürzlich von Justizministerin Zypries angekündigt wurde. Diese Richtlinien werden auch kurz als "IPRed-1" und "II" bezeichnet und werden u.a. erweiterte Auskunftsansprüche an Provider zur Folge haben. Wir werden versuchen, all diese komplizierten Dokumente in verständliche Folgeabschätzungen zu übersetzen. Aber auch in Sachen Digital Rights Management - hier geht es vor allem um mögliche Standardisierungsmaßnahmen in Richtung der in den USA bereits berüchtigten, so genannten "Broadcast Flag" - droht Ungemach aus Brüssel. Ein weiteres Thema wird die umstrittene Richtlinie zum Schutz von Datenbanken sein. Oliver Passek Markus Beckedahl 12:00 01:00 Saal 4 cybercrime_convention Hacking on its way to become a criminal act? Society Vortrag englisch Within the topic of international regulation attempts in the field of Cybercrime (CoE Convention on Cybercrime & EU Council Framework Decision on Attacks against Information Systems) a number of Member States is planning to implement "hacking"-provisions in their national criminal law. This development could lead to a criminal sanctions not only for hacking acts committed with criminal intent but also for testing network security. The presentation is giving an overview about the specification of the international regulations – focussing the chances for the Member States to make restrictions to the specifications in order to keep more liberal criminal law provisions. Marco Gercke http://news.bbc.co.uk/1/hi/programmes/click_online/3686846.stm 13:00 01:00 Saal 4 w3c_mobil_css_multimodal A look at the upcoming standards by W3C Science Vortrag englisch W3C is developing several new Web technologies and modules for existing technologies, many of which have to do with the requirements of new, mobile devices. This talk will look at a few of them. W3C has some 50 working groups. Some of them work on guidelines or "best practice," but many of them write specifications for new technology. Looking at what those groups are developing should give a good idea of what W3C and its members expect to happen on the Web in the next couple of years. This talk will describe a few of the developments, with a special focus on delivering Web content on mobile devices. Some of the expected topics are CSS level 3, Compound Documents, EMMA, XHTML2, and "binary XML." Bert Bos 14:00 01:00 Saal 4 message_generation_at_the_info_layer Basic introduction in coding on unvirtual realities. Society Vortrag englisch What have talking to your lover and information warfare in common? After building a simple model on human communication and some introductions we begin to play with message construction learning about how to program the matrix. Workshop about message and campaign construction for nerds has to start with definitions and a basic model to work with. Looking at some specific forms of communication and communication errors, we can enhance model and knowledge about how to make a message clear and a campaign out of these messages. An improvement if those adressed won't listen to a techie community otherwise. ulong 16:00 01:00 Saal 4 lightning_talk_day_1 Nine five minutes talks by various speakers Lightning-Talk englisch There are also loads of reasons for attending the lightning talks (there is a 1-hour block of those each day at 22C3, with 10 talks in a row). It’s entertaining. You get to learn about a lot of different subjects in a short time. And even if one particular speaker is boring: hey, it will be over in just 5 minutes and a new topic will begin. But what is a lightning talk? It’s a 5-minute talk you (for reasons of your own) don’t feel like doing as a full 1-hour presentation. Maybe the topic is too obscure. Maybe the research you want to present is still too much in progress. Maybe you just want to talk about a detail you noticed on the way to the congress. Maybe you have a cool software or hardware hack you need helpers for and just want to drop the name of your project. Maybe you got the idea for doing a talk at the congress itself and the deadline for the call for papers is long gone… There are really loads of reasons why you should do a lightning talk. Just be short and sweet. After 5 minutes, you will be cut off and it’s the next speaker’s turn. mc.fly Lightning Talks in the Public Wiki 17:00 01:00 Saal 4 bad_trips What the WTO Treaty did in Hongkong and what that means for us Society Vortrag englisch The TRIPS Treaty is one of the most discussed within the WTO. Its impact on knowledge and so-called intellectual property rights is huge, not only for developing countries. This talk will give the listener a short introduction on the main principles of TRIPS, who stands behind it and what chances a different treaty could bring. As the WTO meeting in Hong Kong is just two weeks in advance of the 22c3, there will be much news on the progress of the treaty. With Oliver Moldenhauer being an NGO representative at the WTO conference we'll have first-hand experience on the debates amongst NGOs and press in Hong Kong. Much of this talk is going to be dead on time: Oliver Moldenhauer will attend the WTO conference as a NGO representative, his way will take him from HongKong directly back home and into 22C3. As many variables still exist, no exact contents of this talk can be given up to a few days before the conference. Stay tuned for the newest developments, as well as ten years of history of strengthening IP-Rights throughout the world Oliver Moldenhauer Julian 'hds' Finn 18:00 01:00 Saal 4 data_retention Science Vortrag englisch Chances and Risks of Data Retention Legislation are currently discussed in an intensive way without talking a closer look what could be the next legislative steps to increase the investigation authorities possibilities. It is well known, that offenders as well as normal users acting in networks can easily circumvents the "risks" caused by the complete storage of traffic data by using public access points and encryption technology. Therefore the next generation of regulation in this sensitive area is expected to be accelerated within the next years. Possible scenarios could be stricter regulation of establishing open networks an a ban on effective encryption technology. The presentation is giving an overview about the risks of further interference in the fundamental rights of the internet user. Marco Gercke 21:00 01:00 Saal 4 european_it_lobbying An investigation into intransparency Community Vortrag englisch Information overflow is a general problem of today's open information infrastructures. Everything can be found on the web but unfortunately not by everyone. Getting informed about the European Union and its projects is a task which you cannot leave to the Commission's public relations department. You should better start your own investigation. European decisions effect your interests and your business. Community building, interest representation through communication and influencing public opinion is not sufficient for effective lobbying. Information superiority by better access, knowledge retrieval and social engineering techniques gives you an advantage. We will try to answer some pragmatic question based on our own experience: Access to Information * Where can I obtain official documents and recordings? * relevant databases * What means e.g. COM(2005), 276? How to decode documents and diplomatic speech. * How can I track the status of legislative proposals? * What surplus has the use of MS Word inside the Commission? Grassroot efforts * Where and how can I contribute to EU-Consultations? * Of what use are petitions and the EU ombudsman? * What can my MEP do for me? * Why EU-Parliament is on your side. Inside the Lobby * What other stakeholders are represented in Brussels? * Why astroturfing is doomed to fail * What shadow groups are influential inside EU-Parliament and how to be on their tricks. What makes EU-Parliament so special ? * How and why we won the historical vote André Rebentisch 22:00 01:00 Saal 4 magnetic_stripe_technology Hacking Vortrag englisch Find out how magnetic stripe technology works, how it can be hacked, how to build a card reader with parts you can find in your 'junk drawer', and how this reader design can be used to reverse engineer proprietary formats. Here in New York, I wanted to investigate the content of the MetroCard's magnetic stripe (the fare control card used in the subway system). Because the card format is completely proprietary, I had to design a reader capable of dumping the content, which lead me to the design described here: http://www.sephail.net/articles/magstripe/ I designed the reader hardware to be as simple as possible while having all of the demodulation of the signals done in software (through a sound card interface). I originally wrote the reader software to conform to the standard track formats (ISO 7811, 7813, 4909, etc.) and tweaked it to become capable of reading the MetroCard format as well. I then proceeded to reverse engineer the content of the MetroCard, and as of last Spring, have published (in 2600 Magazine) the most complete description of the MetroCard system that I know to exist. The lecture will basically describe the theory of magnetic stripes, how the reader design works, how to build one yourself, how the decoding software functions, and how to use it to possibly reverse-engineer other proprietary formats (by using the MetroCard as a recent practical example) -- and of course, read all the standard cards floating around in your wallet ;-). Joseph Battaglia http://www.sephail.net/articles/magstripe/ http://www.sephail.net/articles/metrocard/ 23:00 01:00 Saal 4 erste_hilfe_fuer_nerds_und_geeks Wie überlebe ich (ohne nennenswerten Schäden) einen Congress? Community Workshop deutsch Wie überlebe ich einen vier Tage langen Chaos Communication Congress ohne nennenswerte Schäden davonzutragen? Dieser Vortrag ist speziell für Nerds und Geeks geeignet. Wie überlebe ich einen vier Tage langen Chaos Communication Congress ohne nennenswerte Schäden davonzutragen? Dieser Vortrag ist speziell für Nerds und Geeks geeignet. Ich werde Antworten auf elementare Fragen wie: "Ach komm, Koffein ist doch nicht wirklich schädlich? Wozu brauch ich denn Wasser??", "Wer braucht schon mehr als zwei Stunden Schlaf?" oder "WTF ist frische Luft?" geben.. Keine Sorge, die Antwort wird nicht "42" lauten. In ein paar praktischen Vorführungen werden die Grundlagen der Ersten Hilfe aufgefrischt.. Das ganze natürlich nicht todernst ;) SaniFox aka Sven Vößing 11:00 01:00 Saal 1 eu_data_retention_proposals Commission vs. Council - the lesser of two evils? Society Vortrag englisch Presentation and Discussion of the EU proposals for mandatory data retention, proposed individualy by the EU council and the EU comission. The proposals for harmonized Data Retention within the EU have changed significantly since being introduced as a proposal by four member states in early 2004. Various versions have emerged over time, spearheaded by either the council under i.e. its Dutch presidency in late 2004 or the UK presidency in 2005, as well as the commission version in September 2005. The session is intended to give an introduction into data retention in general, its meaning and implications for both the individual as well as the communications industry at large. It will discuss the various proposals introduced by the council as well as the commission, highlight the differences and discuss the different approaches and intended goals. A “historical” overview will map the developments against existing legislation prior to the proposals as well as today, its moving evolution over time taking into account the real-world developments influencing political opinion. While some countries have already adopted similar legislation, some vehemently reject retention as of today. Which impact will harmonized data retention have for these countries? Why is it that some societies are willing to adopt strong diminishments of personal freedom while others are not? A look “over the fence” into non-EU countries and their approach – or non-approach – to data retention will be included. Very recent developments including the proposal for amendments to the commission proposal by the EU parliament, the so called “joint” version released by the council on 29th of November 2005 will be introduced to the audience, as well as possible future developments: Driven by the UK Home Secretary Charles Clarke - currently responsible for the council as the UK heads the EU council until the end of the year - heavy pressure is put on the EU parliament to adopt a variant of this joint proposal by mid December 2005, a development strongly opposed by the parliament reporter Alexander Alvaro. The session will highlight the outcome of this development and take a look at the most recent changes, which might unfortunately even be adopted by either the parliament or the council by the time of the congress. Klaus Landefeld Data Retention Is No Solution Wiki Data Retention Is No Solution 12:00 01:00 Saal 1 software_patenting Adequate means of protection for software. Society Podium englisch Patent attorneys and a few large corporations advocate patent law as an appropriate protection tool for software development. Most economists, software professionals and SMEs disagree. They believe patent law does not serve market needs. This year the European Parliament rejected a 'Directive on the patentability of computer-implemented inventions'. However, as the European Patent Offices continues to grant them problems remain. Our expert panel with discuss further developments. Topics: - Future European and woldwide developments On the worldwide level the patent system is reforming and increasing its efficiency. But further safeguards for software development and against institutional failure are required to reduce the collateral damage of the inflexible system which is not ready for dynamical. We will discuss possible initiatives on the national, European and supranational level. Our European activities were echoed by an intense debate in the United States. Companies like Microsoft (see Eolas case) now call for a patent reform. However, the United States export their current legislation through Trade Agreements. Further developing nations put pressure on TRIPs-'harmonisation' and access to knowledge at WIPO. Notably too the Indian Parliament recenty rejected a governmental proposal for software patenting. - Industrial Copyright The dichotomy of "copyright for literary creation, patents for technical invention" has visibly broken down due to the appearance of software and the debate about copyrightability vs patentability for software. It is time for an integrated redesign of the intellectual/industrial property (i2p) system. Recent experience shows that industrial copyright comes closer to the requirements than patent law. Future exclusion rights should be fast, cheap and narrow. - IPRED2 - the last cornerstone of the EURO-DMCA Remember IPRED 1? It is not implemented yet. Targeted to product piracy it was widened by EU Parliament to all kinds of infringements, as a 'compromise' criminal provisions were left out. But this summer the Commission sent a new proposal for a 'European Parliament and council directive criminal measures aimed at ensuring the enforcement of intellectual property rights' to the European Parliament. It consists of one single broad core. Article 3: 'Offences Member States shall ensure that all intentional infringements of an intellectual property right on a commercial scale, and attempting, aiding or abetting and inciting such infringements, are treated as criminal offences.' We will explain what side effects this fuzzy provision might have in regard of the software patent problems and business risk in general. - Community patent and reform of the European Patent Office (no EU institution) We have a European single market but no community patent yet. The last attempt failed due to so called 'language reasons'. The delay offers room to rethink and improve the whole instutional framework. The European Patent Office is reforming. The aim is to make the Technical Boards of Appeal more independent. Here is what the EPO writes about that: "The Organisation would then have the three-way separation of powers typical of a state bound by the rule of law, into legislature, executive and judiciary, the latter being the new judicial body." In particular, we and other stakeholders have endorsed proposals for privatisation of this system by careful distribution of burdens of proof. Such a reform would result in debureaucratisation and, by consequence, dissolution of the European Patent Organisation, which some have called "an intergovernmental creature that no longer has a place in today's European Union". A lean privatised patent examination system would, as a side effect, also solve the problems of the Community Patent. Tonnerre Lombard André Rebentisch http://swpat.ffii.org http://wiki.ffii.org/Ipred2En 13:00 01:00 Saal 1 informationsfreiheitsgesetz Society Vortrag deutsch In diesem Vortrag geht es um das Informationsfreiheitsgesetz des Bundes, dass am ab 1.1.2006 in Kraft tritt. Ab 1.1.2006 gibt es ein Informationsfreiheitsgesetz des Bundes. Damit hat sich Deutschland endlich in den Kreis der Länder eingereiht, für die dies eine Selbstverständlichkeit ist. In Schweden beispielsweise seit 1766. Dennoch bleibt das Gesetz auch hinter manchen Erwartungen zurück. Welche Chancen bietet es, wie kann es genutzt und möglicherweise weiterentwickelt werden? Jörg Tauss 14:00 01:00 Saal 1 das_geheimnis_reloaded Culture Vortrag deutsch Seit jeher war es das Gegenteil von Information, ihr dunkler Bruder: das Geheimnis. Jetzt ist es wieder mit aller Macht im Kommen. Peter Glaser über den Weg in die Geheimnisgesellschaft. Geheimnis ist das, was einem manchmal das Gefühl gibt, frei verfügbare Information sei nur harmlose Unterhaltung, erst im Innersten des Geheimnisses liege die Wahrheit verborgen. Geheimnisse wecken die Aufmerksamkeit, sie schärfen unser Interesse. Ein Mythos umweht sie. Aber an zahllosen gelüfteten Geheimnissen läßt sich studieren, dass der Mythos dem Glanz seiner Verheißung nie entspricht. Der Kern eines Geheimnisses, das Innerste des Tempels ist meist leer. Das ändert nichts an der immensen Produktivkraft von Geheimnissen. In den zurückliegenden Jahrzehnten haben sich die Machtstrukturen im Westen zu öffnen begonnen. Der freie Fluß von Information wurde als wesentliche Bedingung für politischen und wirtschaftlichen Fortschritt propagiert. Spätestens nach dem 11. September hat eine Umwertung der Werte stattgefunden - das Geheimnis hebt wieder sein Haupt. So hält beispielsweise das Information Security Oversight Office penibel die Zahl der Dokumente fest, die in den USA jedes Jahr im Dienst der nationalen Sicherheit als geheim eingestuft werden. Seit dem Amtsantritt von Präsident George W. Bush hat diese Klassifikation massiv zugenommen - von 9 Millionen Dokumenten im Jahr 2001 auf 15,6 Millionen im Jahr 2004. Die Behörden schränken inzwischen auch den Zugriff auf nicht klassifizierte Informationen ein. Das Telefonbuch des Pentagon etwa, das zuvor jeder kaufen konnte, ist seit 2001 nur noch "für den Dienstgebrauch" erhältlich - eines von zahllosen Beispielen, die darauf hinweisen, dass die Informationsgesellschaft immer öfter dazu gezwungen wird, den Datenschleier anzulegen. Peter Glaser 16:00 01:00 Saal 1 black_ops_of_tcp_ip New Explorations: Large Graphs, Larger Threats Hacking Vortrag englisch I will discuss new experiences and potential directions involving scanning massive networks, such as the entire world's DNS infrastructure. Our networks are growing. Is our understanding of them? This talk will focus on the monitoring and defense of very large scale networks, describing mechanisms for actively probing them and systems that may evade our most detailed probes. We will analyze these techniques in the context of how IPv6 affects, or fails to affect them. A number of technologies will be discussed, including: * New findings in our worldwide scans of the DNS infrastructure * Mechanisms for very high speed reconstruction of IPv4 and IPv6 network topologies, complete with visual representation of those topologies implemented in OpenGL. We will discuss how a graph theoretical approach to network management can (and can't) solve flow control for massive scans. * A temporal attack against IP fragmentation, using variance in fragment reassembly timers to evade Network Intrustion Detection Systems * DNS poisoning attacks against networks that implement automated defensive network shunning, and other unexpected design constraints developers and deployers of security equipment should be aware of * In addition, we'll briefly discuss the results of research against MD5, which allows two very different web pages to emit the same MD5 hash. Dan Kaminsky 17:00 01:00 Saal 1 desaster_areas Experiences from Iraq and post Katrina New Orleans Society Vortrag englisch A discussion about technology, culture, the Creative Commons and the media with regards to disaster areas and warzones. A discussion about technology, culture, the Creative Commons and the media with regards to disaster areas and warzones. Jacob Appelbaum traveled from Turkey into Iraq in April of 2005. He documented his trip with a focus on photography, blogging and video interviewing. After hurricane Katrina, he traveled into Houston, Baton Rouge and finally New Orleans. The discussion will cover issues from safety, technology, documentation, sensitivity to local cultural issues, techniques for entry, methods for networking in remote parts of the world, helping other travelers and how new media such as blogging helps us to address issues worldwide. It will be a discussion about modern techniques for disseminating information in a wide spread manner. The speaker will discuss the programs, protocols, and methods he has used in his recent experiences in New Orleans and Iraq. The speaker will also discuss methods for bypassing authority figures that may wish to restrain or monitor a person disseminating information. Further subject manner will include: Finding uplinks in obscure or distant parts of the world or destroyed areas directly after a disaster. The use of cryptography and stenography, when and where it's useful. Finding a core audience of people that are interested in the subject matter. Being helpful and knowing when to say what. Staying safe and being prepared. Jacob Appelbaum Photo und Kommentar Jacobs Vortrag auf der Webzine 2005 18:00 01:00 Saal 1 search_oracle_society The Saga continues: Search Engines, Technology, Politics, Prostitution, Corruption, Privacy and Espionage. Society Vortrag englisch The session will focus on the influence of search engines on individuals, societies, education and politics. The session will focus on the influence of search engines on individuals, societies, education and politics. The exponential growth and the decentralized structure of the Internet require automated search solutions which now control our access to information and influence our view of life. With several billions indexed pages, search engines are not only the biggest storage systems worldwide, they are also used by millions of users every day. The session will analyze these developments and pay special attention to media monopolies, political implications, censorship, and privacy violations. Several recent case studies, including but not limited to the Google Book Scan program, Google WiFi, Google Earth, and the self proclaimed support of Open Office and other open software frameworks will be used to explore these monopolies and relationships. The session will focus on the problems arising when the availability of information, knowledge, and values becomes dependent from commercial search services. Information which is not accessible through search engines appears to be even non existent for our information society. This session explains the perils of this development and shows the conflicts between commercial interests of search engines, political influence, censorship, advertising, paid rankings and the freedom of information. The presentation will also discuss the dark side of the force, including but not limited to Google bombing, link farms, guestbook/blog/wiki spam, cloaking, Pagerank prostitution, result hijacking etc. The session will discuss the dangerous implications of search engines used to invade the privacy of individual users, focus on user tracking and profiling, and propose methods and techniques to assess and eliminate the threat. The session will further underline the privacy risks and violations caused by search engines, focusing on the digital breadcrumbs, traces, and cookies left by individual users using internet based search/or related services. The session will include entertaining elements and present basic and advanced search methods of Google Hacking and demonstrate how search engines can be misused to identify insecure server and shopping systems, infiltrate networked appliances including webcams and printers, and collect commercial and private information including passwords, credit card data, user account and other personal information. The session will shed some light on upcoming search engine algorithms, technologies, and implications. Search engine technology is still in its infant stages, many resources are still devoted to the analysis, detection and elimination of search engine marketing, webspam, affiliate or duplicate content. There are new and interesting algorithms, technologies, and proposals, as discussed in a recent patent of Google Inc, used in the Open Source search engine Nutch, or proposed by the peer-to-peer search engine Yacy (A search engine Made in Germany), which provide some insight into the future of search engine technology and knowledge management. Michael Christen Frédéric Philipp Thiele Wolfgang Sander-Beuermann Hendrik Speck 19:00 01:00 Saal 1 old_skewl_hacking MMIrDA - Major Malfunction's InfraRed Discovery Application Hacking Vortrag englisch An updated look at InfraRed hacking, and the state of the art in owning hotel TV systems. Infra Red is all around us. Most of us will use an Infra Red controller on more or less a daily basis, to change the TV channel, or open a car or garage door, but how often have you thought about how it actually works? This talk will describe not only how to analyse the signals being sent by your remote, but also how to use that information to find hidden commands and reveal functions you didn't even know your systems had. You will learn how to brute force garage doors, car doors, hotel pay-per-view TV systems, take over LED signs, vending machines and even control alarm systems, using cheap or home made devices and free software... Major Malfunction http://www.alcrypto.co.uk/MMIrDA/mmirda_syscan05.pdf http://www.wired.com/news/privacy/0,1848,68370,00.html 21:00 01:00 Saal 1 technological_art Artists (mis)using technology Culture Vortrag englisch A review of today's technological art scene, with examples and discussion of their impact on our technology-driven society. Traditionally, technological art was often biased in criticising the status quo, where the misuse of technology in the spirit of avant-garde was a given opposite force to the mainstream. Today's technological art is much more mutlifaceted, where the more critical approach is complemented with works that readily assume the existence of questionable technologies, but provide alternative views on possible futures, that do not neceesarily have to be dystopian. We review a series of such works from different field of new media art as examples of these two tendencies and discuss their impact on how we see our technology-driven living today. Ranging from device hacking to network services augmentations, and personalisations of the public. The exposure of such works also reach much wider audience today than before, and hence have very different impact than works created and presented in a garage. Régine Débatty Jussi Ängeslevä http://www.we-make-money-not-art.com/ 22:00 01:00 Saal 1 corp_vs_corp Profiling Modern Espionage Hacking Vortrag englisch An impressionistic overview of what makes the difference today and in the future (in the digital playground) in the balance of power between economic and military powers. The presentation will also cover a description of the business behind espionage worldwide as well as the asymmetric organizations that are the real master of puppets. * How do digital espionage asymmetric networks work * Secret servicies and network mercenaries * Prevention and monitoring vs data retention and "special laws" in today's terrorism and data theft situations. 1) old and new threats after 9/11th 2) Industrial Espionage / State sponsored espionage 3) Cyber defence methodology: from digital identification of attacker to counterattack strategy 4) Cyber counter attacks: Information leakage, injected intercepion Fabio Ghioni Roberto Preatoni 23:00 01:00 Saal 1 literarisches_code_quartett The good, the bad, and the ugly Culture Podium deutsch Die Parallelen bei Software und Büchern gehen von dem kreativen Schaffensprozeß über Konsumverhalten, Entlohnung bis zu Fragen wie Lizenzen und Verwertungsmodelle. Wir werden das dieses Jahr noch etwas weiter treiben, indem wir analog zur bekannten Fernsehsendung besonders prägnante Codestücke auf der Bühne mit Publikum kritisieren werden. Bei oberflächlicher Betrachtung scheint es sich bei Source Code lediglich um Anweisungen für eine Maschine zu handeln. Wenn das die ganze Wahrheit wäre, gäbe es aber keinen Grund, Computer nicht mit Nullen und Einsen zu programmieren. Nein, die bloße Existenz des Phänomens "Source Code" zeigt, daß es sich dabei um mehr handelt: nämlich um ein Medium, das der Kommunikation von Programmierern untereinander oder mit sich selbst durch die Zeit dient. Mithin ist Source Code eine Form von Literatur. Mangelndes Verständnis des literarischen Aspektes führt zu den typischen Problemen, die man in vielen Programmen beobachten kann: Inkonsistenzen, Bloat, Bugs, und unwartbarer Code. Auf der anderen Seite resultiert auch mangelndes Verständnis des technischen Umfeldes in schlechter Performance, umständlichem Code, und wiederum Bloat und Bugs. Schöne Software hingegen ist ein Quell der Freude bei der Lektüre, der Weiterentwicklung und der Benutzung. Wir halten die Lektüre von Source für unabdingbar für eine umfassende humanistische Bildung, und werden einen Kanon desselben aus verschiedenen Blickwinkeln betrachten. Naturgemäß wird eine Kritik nur punktuell erfolgen können, wir hoffen aber, zur Erbauung des Publikums beitragen zu können. Andreas Bogk Felix von Leitner Lisa Thalheim FX of Phenoelit 00:00 01:00 Saal 1 have_you_hugged_your_mac_today Ein audiovisuelles Live-Feature Culture Sonstiges deutsch Live-Performance der Hörspielwerkstatt der Humboldt-Universität Berlin in deutscher und englischer Sprache über Apple, Steve Jobs und Steve Wozniak. Das Audio Feature wird, wie im letzten Jahr, szenisch gestaltet und visuell mit Bildern untermalt sein. Es wird um die kritische Würdigung von Steve Jobs' und Steve Wozniaks Arbeit sowie auch um ihr privates Leben gehen. Kai Kittler Ina Kwasniewski Jens-Martin Loebel Jochen Koubek Marcus Richter Constanze Kurz Skripte früherer Features 12:00 01:00 Saal 2 collateral_damage Consequences of Spam and Virus Filtering for the E-Mail System Hacking Vortrag englisch This lecture takes a critical look at the impact that contemporary spam and virus filter techniques have on the stability, performance, and usability of the e-mail system. Spam and virus filtering techniques have been discussed numerous times at this congress and other ones. What is rarely considered are the consequences that these measures have for the overall stability, performance, and usability of the e-mail system. Many spam filtering techniques play tricks with the e-mail protocols, which carries the risk of shutting out systems that use stricter or alternative implementations of these protocols. Filter systems that create bounce messages have become a plague of their own on the Internet. Alternatively, filter systems discard messages without notification, with the result that there is currently no longer a guarantee that any message will arrive anywhere. Large ISPs are regularly listed on DNS block lists, and many users are indiscriminate in their application of these lists, creating more communication barriers. New purported sender idenfication techniques such as SPF do nothing to fight spam but instead discriminate users of certain ISPs and lock in users to their e-mail service providers. Besides these technical issues, spam filtering when applied without careful consideration also creates privacy and legal problems. Massive gathering and analysis of e-mail traffic cannot only be used to fight spam but also to harvest information about e-mail users. Many providers and administrators may not even be aware that most of their e-mail filtering activities are likely to toe the line to illegality. This lecture will take a critical look at these issues, looking at examples, experiences, and current developments in the fight against e-mail abuse, with the goal of raising awareness among users and administrators. Peter Eisentraut 13:00 01:00 Saal 2 3g_investigations Scanning your GPRS/UMTS IP network for fun and profit Hacking Vortrag englisch We are giving an overview of ip networks used for >=2.5G technologies. Our main focus is on scanning the overlaying ip network, on different Voice-over-IP filter implementations and the possibilities to circumvent them. We want to explain the ip networks used in GPRS and UMTS cellular networks from the enduser point of view. How do they work today and what has to be done to get a normal webpage, voice-over-ip or even a video stream onto your PDA or SmartPhone. For your private investigations inside your providers ip network we want to demonstrate you a tcp/udp port and round-trip-time based traceroute program based on the .NET compact framework. With the help of this program we want to analyse the anti voice-over-ip filters implemented by different cellular providers and show you some possibilities how to circumvent them _efficently_. So we don't just tunnel all the traffic through a VPN. But even when these filters become more sophisticated in the future we want to present some ideas how to defeat your right to talk via voice-over-ip whereever and whenever you want to. Achim 'ahzf' Friedland Daniel 'btk' Kirstenpfad 14:00 01:00 Saal 2 military_intelligence A lamer's introduction to retrieving "sensitive" intelligence information Hacking Vortrag englisch Since 9/11, the US government is especially picky about which information is to be published. This lecture shows how you can still get some very interesting and "sensitive" geographical information. Since 9/11, the US governments is picky about publishing potentially sensitive information. In this lecture, I will show what the US government doesn't want you to know and how you can still retrieve that information by only using free tools in a very lame but efficient way. Andreas Krennmair http://synflood.at/blog/index.php?/archives/380-How-to-find-nuclear-power-plants.html 16:00 01:00 Saal 2 was_ist_technisches_wissen Philosophische Grundlagen technischer Wissenschaften Science Vortrag deutsch Unter dem steigenden Interesse der Technikphilosophen und der Diversifizierung der philosophischen Wissenschaftstheorie erscheinen erste Untersuchungen über technisches Wissen. Der Vortrag zeigt an, auf welchen Pfaden und mit welchen Fragen die Wissenschaftsphilosophie an die Technik derzeit heran tritt. Davon ausgehend soll auch das gegenwärtige philosophische Bild vom technischen Wissen gezeigt werden. Die Wissenschaftsphilosophie wendet sich seit einigen Jahren vermehrt den speziellen Wissenschaften zu. Dies ist nicht etwa das Resultat eines gelungenen Abschlusses, dem nun die erobernde Explorationen der je spezifischen Gegenstände folgt. Im Gegenteil: es handelt sich um das Symptom des noch langsam gegen alte Eitelkeiten anschleichenden Eingeständnisses, dass man in den großen, generalistischen Entwürfen die Komplexität der tatsächlichen Wissenschaften unterschätzt hat. Sie liessen sich nämlich bisher nicht einfach taxonomisieren und schematisieren. Dieses Zugeständnis ist sogar parallel aus den beiden, mit Reichenbach unterschiedenen wissenschaftstheoretischen Traditionen des Entdeckungskontext und des Rechtfertigungskontext zu verzeichnen. Für den Entdeckungskontext kann man, mit avantgardistischer Grobschlächtigkeit, für den aktuellen Stand auf die sich gerade etablierende Wissenschafts- und Technikforschung verweisen. Sie subsumiert die methodologiekritschen Strömungen der letzten dreißig Jahre: ein Anteil Wissenschaftsgeschichte korrespondiert dem Kuhnschen Historismus, ein Anteil Wissenschaftssoziologie dem Feminismus, der sozialen Epistemologie und dem sozialen Konstruktivismus und ein Anteil philosophischer Wissenschaftstheorie erörtert, weiterhin geradlinig unempirisch, allgemein Grundsatzprobleme im Rahmen philosophischer Traditionen und Mittel wie etwa in der Finalisierungsdiskussion der Siebziger und Achtziger Jahre. Aber auch auf der Seite des Begründungskontext, dessen Diskussionen sich völlig unabhängig von denen des Entdeckungskontext bewegt haben, wurde und wird entdeckt, dass Wissenschaft ein stark lokales Phänomen ist. Ein Pluralismus wird inzwischen in vielen Kontexten angenommen. Diese methodologische Vielfalt ist auch die These von Cartwright, die von einer durch verschiedenste Methoden und Mittel „gescheckten“ Wissenschaft ausgeht und damit die Opposition zum reduktionistischen, universalistischen Ideal der klassischen Wissenschaftstheorie letztlich auch vom Begründungskontext her konsolidiert. Die Konsequenzen dieser Erkenntnisse der Wissenschaftstheorie festigen sich derzeit innermethodisch durch Lokalisierungen von klassisch universalistischen Fragen. Entsprechend des sich damit bietenden Bildes von stark mehrfach lokalisierten Fragestellungen fallen auch die derzeit stattfindenden ersten wissenschaftstheoretischen Untersuchung des technischen Wissens aus. Die meisten dieser ersten Betrachtungen beziehen sich dabei zunächst auf das technische Handeln und untersuchen schliesslich von da aus, was das dazu nötige technische Wissen ist. Einige dieser Untersuchungen sollen im weiteren noch vorgestellt werden, indem technikphilosophische Überlegungen zum technischen Handeln mit wissenschaftsphilosophischen Konzeptionen zum technischen Wissen kontrastiert werden. Sandro Gaycken 17:00 01:00 Saal 2 lawful_interception_of_voip_networks Old Laws and New Technology the German Way Hacking Vortrag englisch Lawful Interception (aka voice and signalling sniffing) equipment has been deployed and is in use for both traditional PSTN networks and internet connections. With the advent of Voice over IP applications the governments step-by-step adopted laws to extend PSTN interception to VoIP. The talk gives an introduction to the applying laws, rules of conduct and the basic PSTN setup. Sample VoIP setups show drawbacks and the resulting development and intermediate steps of the german Law Enforcement Agency (LEA) named Bundesnetzagentur that eventually aim to gain as much information as possible while still allowing companies to run a lucrative business. An outlook to possible countermeasures and detection methods will be given. Hendrik Scholz http://www.wormulon.net/ http://www.wormulon.net/ 18:00 01:00 Saal 2 vulnerability_markets What is the economic value of a zero-day exploit? Science Vortrag englisch What is the market value of a zero-day exploit? It is evident that information on vulnerabilities and information security threads is very valuable, but the market for it is neither structured nor liquid. This talk combines examples from real world information security business with academic arguments on the pros and cons of vulnerability markets, including vulnerability sharing circles, bug auctions, remote root derivatives, and cyber-insurance. Would we live in a more secure world if every geek could go and sell his exploit at the market price? How could this market eventually be organised? What are the incentives of market participants and where are dangers for conflicts of interest? Join us on a journey to a hypothetical world where information security is entirely melted into finance so that S&P quotes a daily kernel hardness index … Rainer Böhme http://infosecon.net/workshop/pdf/15.pdf http://www.cl.cam.ac.uk/~rja14/econsec.html 19:00 01:00 Saal 2 the_realtime_podcast Everything you need to know about Podcasting Hacking Vortrag englisch This lecture is more of a live podcast recording session than a traditional talk. So you will be more of an audience in a radio studio while Tim is producing the podcast. In the podcast which is produced in realtime, Tim will lay out the various aspects of podcasting including history, background technology and future directions. Podcasting has taken a significant mind share in the recent months and is positioned to be the next big media hype. Podcasts are about to complement and enhance the radio landscape and appear to be a primary outlet for promoting both free speech and free music. So far broadcasting regulations haven't hit the scene which continues to create new formats and revolutionize audio-based communication on the web. The Podosphere emerges as the audible Usenet drawing people to the net that haven't been attracted before. The Audible Web is going to draw people to the Internet that haven't had much fun with the mainly text and image-based appearance. While many like to communication text-based in chats, e-mails, forums and other services some people not only prefer to listen and talk, it's the only thing you might get hold of their opinions and preferences. Podcasting is doing to radio and TV what the web did to printed magazines, newspapers and books. It's not going to replace, but significantly enhance the medium adding new value and formats to the line-up which can in return benefit the whole scene. Time-delayed listening much better fits the need of people in modern life that is dominated by tight schedules Tim Pritlove Wikipedia:Podcasting 21:00 01:00 Saal 2 muxtcp Writing your own flexible Userland TCP/IP Stack - Ninja Style!!! Hacking Vortrag englisch This talk will discuss design approaches for writing flexible userland tcp/ip stacks for network hacking tools. Lots of network hacking tools require the same basic infrastructure: reading, writing, decoding and encoding packets, creating and maintaining protocol state, and some application logic. The muXTCP Project aims to develop a reusable implementation of this basic infrastructure. This talk will present and discuss design approaches for implementing a hacker-friendly tcp/ip protocol stack framework. Based on experiences with prototypes, whose sourcecode will be released at the conference, advantages and disadvantages of composition and inheritance based implementation strategies are discussed. Some attention will then be given to Design Patterns that can help in generalizing the framework, and finally a promising hybrid design that is currently in development will be offered for discussion. The framework is written in Python, using Twisted as asynchronous event framework, and Scapy as networking/decoding backend. The design is loosely based on a 1995 Paper named "A Framework for Network Protocol Software". Paul Böhm Python Twisted Event Framework Scapy Conduits Paper Become a T-Shirt Ninja! muXTCP Homepage 22:00 01:00 Saal 2 learning_cryptography Shaping a digital future with ancient wisdom Science Vortrag englisch For many people cryptography is something that they consider too complicated. But actually one can understand the principles very well if they only try. By looking at old handcyphers used for coding one can begin to understand modern cryptography. There is still a magical mist surrounding cryptography that is still regarded as being complex and impossible to comprehend. So people shy away from exploring their options with the technology that has many useful purposes. This is actually sad, since cryptography is the cornerstone of computer security and a good cure against the ever continuing erosion of civil rights. So the technology cannot be missed and hackers should actually embrace it. Learning to understand it isn't that difficult after all. In order to understand the principles we'll go back in time to see the evolution of modern cryptography. We focus on on handcyphers that can be used without a computer and have grown in complexity throughout time even tough some early mechanisms are still in use today. Over the centuries hackers have made great contributions by cracking the algoritms and stimulated us to improve security by patching flaws. The presentation will show us many different ways of making an algoritm and help us become critical users or even better coders. The session will help people become acquinted with cryptography and is a good learning experience. It will not be groundbreaking in the sense that any new hacks will be shown. However it will be fun to be at. Please state if you are going to submit a paper to be included in the 22C3 Proceedings : If you people want to yes, but I wasn't planning it yet. Please state if you are going to use slides in your talk and in which format you are going to provide a copy : OpenOffice.org so OOO, PPT or PDF format will be present Brenno de Winter DeWinter Information Solutions Slides vom Vortrag auf der WTH 23:00 01:00 Saal 2 geometrie_ohne_punkte Buckminster Fullers Theorie und Praxis einer Wissenschaft zum Selberbauen Science Vortrag deutsch Über die Prinzipien hinter den geodätischen Domen, einige weitere Erfindungen und die wissenschaftliche Rezeption Fullers. Das Verhältnis von Fuller zur modernen Naturwissenschaft. Fullers "Synergetics" basieren auf seiner extremen Experimentierfreudigkeit und der Ansicht, dass auch Geometrie eine experimentelle Wissenschaft sei. Als solche müsse sie ohne die gegenwärtig verwendeten abstrakten Konzepte von Punkt, Gerade, Ebene etc. auskommen, da diese "vormikroskopische" Annahmen seien und man inzwischen doch wisse, dass die Welt aus schwingenden "Energieereignissen" bestünde. Im Laufe seines Lebens schuf er sich ein Gedankengebäude, das sich einerseits auf die völlige Vorherrschaft der Empirie stütze, andererseits aber auch von dem stetigen Versuch geprägt war, sich einer Sprache zu bedienen und damit eine Gedankenwelt zu schaffen, die diese Empirie möglichst akkurat wiedergeben würde. Dazu gehörten Wendungen wie die, dass es doch Unsinn sei, 400 Jahre nach Galilei immer noch davon zu sprechen, dass die Sonne untergehe, wenn wir doch alle wüßten, dass sich die Erde dreht... Er versuchte, das "Koordinatensystem der Natur" zu beschreiben, und kam zu dem Schluss, es basiere auf 60°-Winkeln statt auf den 90°-Winkeln, in denen die meisten Menschen, Ingenieure und Architekten immer noch denken. Seine Überlegungen führten ihn zur Konstruktion der "Geodätischen Dome" und einiger anderer Einrichtungen zur Lebenserleichterung; er entwarf schwimmende, tauchende und schwebende Städte, Düsenfahrzeuge für den Individualverkehr und Einfamilien-"Häuser" zum Preis eines Kleinwagens. Er war davon überzeugt, dass die Menschheit weit von einem tatsächlichen Resourcenmangel entfernt sei, und nur einfach schrecklich ineffizient konstruieren würde. Er prägte den Ausdruck des "doing more with less" und glaubte, keine Politik, sondern die Aufhebung des allgemeinen Mangels durch bessere Konstruktion bzw. "Design Science" würde den notwendigen gesellschaftlichen Wandel bewirken. Diese sympathischen Äußerungen darüber, dass man alles noch viel besser machen könnte, wurden begleitet von teilweise recht merkwürdigen Vorstellungen über die Weltwirtschaft und einem spirituellen Empfinden, das heute gerne von Esoterikern vereinnahmt wird. Versuchte er einerseits, möglichst vielen Menschen seine Erkenntnisse nahe zu bringen, so war er auf der anderen Seite ganz Technokrat, der der Welt wünschte, von Ingenieuren bzw. Praktikern der "Design Science" völlig vernünftig gelenkt zu werden. Mit seinen Vorstellungen von Geometrie begab er sich auf einen Pfad geradezu engegengesetzt zur herrschenden Wissenschaftsauffassung, und seine Pläne zur Behausung von Menschen scheiterten teilweise an so trivialen Dingen wie Bauvorschriften - dennoch kam einiges davon zur Anwendung, bezeichnenderweise hauptsächlich auf den Gebieten des Militärs und der Raumfahrt. Die Chemienobelpreisträger des Jahres 1996 ehrten ihn, indem sie ihre Entdeckung, eine spezielle Gruppe von Kohlenstoffmolekülen, die ihn ihrer Struktur Fullers Domen ähneln, "Fullerene" nannten. Ich möchte also einen kurzen Überblick über seine Entwürfe und eine Einführung in seine "Synergetics" geben, veranschaulichen, wie diese Gedanken sich in seinen Konstruktionen wiederfinden, und Differenzen und Berührungspunkte mit den "herkömmlichen" Natur- und Technikwissenschaften aufzeigen (so bezieht sich etwa Norman Foster mit der neuen Kuppel des Reichstagsgebäudes explizit auf Fuller und neuere Erkenntnisse der Biologie legen nahe, dass Hautzellen in ihrem Aufbau Fullerschen "Tensegrity"-Konstruktionen ähneln). Oona Leganovic http://www.farbengarten.com/scrupeda/symmetrie_und_ordnung.pdf http://www.cjfearnley.com/buckyrefs.html http://www.cjfearnley.com/fuller-faq.html http://www.rwgrayprojects.com/synergetics/synergetics.html 12:00 01:00 Saal 3 voip_2005_regulierte_revolution Ansätze für die Regulierung von VoIP und NGN im vergangenen Jahr Society Vortrag deutsch Der Vortrag gibt einen Überblick über die Aktivitäten der amerikanischen und europäischen Regulierungsbehörden - insbesondere der Bundesnetzagentur (vormals RegTP) im Bereich Voice over IP (VoIP) und Next Generation Networks (NGN). Bis zum Beginn dieses Jahres war die Einstellung der Regulierungsbehörden zum Thema Voice over IP eher eine wohlwollend beobachtende: Der Markt soll sich erst einmal entwickeln, die Regulierung hat noch Zeit. Markt und Technologie entwickelten sich jedoch deutlich schneller als erwartet und VoIP wurde nicht nur ein kommerzieller Faktor - wie der Kauf von Skype durch eBay eindrucksvoll bewiesen hat, sondern befindet sich langsam auf dem Weg zum Massenmarkt. VoIP ist damit die erste "Killer-Applikation" auf dem Weg zum Next Generation Network (NGN). Zeitversetzt, aber nicht weniger dramatisch entwickelte sich die Haltung der Regulierer: Zwei Todesfälle in den USA führten zu einer raschen Regulierung der FCC zum Thema Notruf. Der Präsident der Bundesnetzagentur berief ein hochrangiges Gremium zur Entwicklung einer neuen Ordnung für die IP-basierte Zusammenschaltung von Carriern. Der Vortrag gibt einen Überblick über die Entwicklung zu den folgenden Themen: * Nummerierung: Hierbei wird vor allem die Entwicklungen zur 032er Rufnummerngasse und die nomadische Nutzung von Ortsnetzrufnummern dargestellt und ein kurzer Ausblick auf den Status von ENUM gegeben. * Öffentliche Sicherheit: Neben der Notruffunktionalität ist hier vor allem die Telekommunikationsüberwachung zu nennen. * Zusammenschaltung (Interconnection) Während bisher die Zusammenschaltung von VoIP Carriern vor allem über das PSTN erfolgt, kommt der Interconnection über IP eine immer größere Bedeutung zu. * Breitband ohne Telefon - "Naked" DSL Dies ist durch den Verzicht auf die Grundgebühr für den analogen oder ISDN-Telefonanschluß ein wesentlicher Faktor für die Verbreitung von VoIP. Diese Punkte werden explizit in einem Eckpunktepapier der BNetzA vom 09. September genannt, aber es gibt eine Reihe von Themen, die in diesem Zusammenhang für die zukünftige Diskussion beleuchtet werden müssen, von der Entgeltgenauigkeit, insbesondere bei Mehrwertdiensten über IP über Sicherheit bis hin zur Gestaltung von Endgeräten. Der Vortrag gibt einen Überblick über den aktuellen Stand der Diskussion. Jörg Müller-Kindt http://www.von.org/ http://www.wik.org/content/diskus/264.htm http://europa.eu.int/information_society/index_en.htm http://www.bundesnetzagentur.de/enid/c229088ba921c20ebebd80c2184cef74,0/am.html http://www.fcc.gov/voip/ http://www.wik.org/content/diskus/248.htm 13:00 01:00 Saal 3 seaside_squeak Hacking Vortrag englisch Seaside represents a new generation of web frameworks: It makes web development simple and fun. Using advanced features of Squeak, Seaside is able to provide easy to use abstractions for true agile development. Last year at 21C3 we have had a general introduction to Squeak and the project around it. This talk will give a more in-depth account of how to use Squeak and the Seaside Framwork for advanced web development. Seaside represents a new generation of web frameworks: It makes web development simple and fun. Using advanced features of Squeak, Seaside is able to abstract the underlaying request-response model of HTTP, making development of web applications very much like that of any other GUI application. Marcus Denker http://seaside.st http://squeak.org http://squeak.de 14:00 01:00 Saal 3 ajax_web_applications Hacking Vortrag englisch Isn't ironic that web applications are now as nice to use as GUI applications were before the web was invented? Well, almost as nice. We review state of the technologies that make this possible, and discuss the ramifications for the architecture of web applications. Only very recently has it been widely noticed that web client technology has matured to a point that supports applications whose visual and interaction qualities are comparable to graphical user interfaces (GUIs) as they were known before the web. Web applications can now offload a considerable part of the interaction and application logic to the client side, and thus reconcile the advantages in deployability, distributedness, and concurrency that the web provides with desirable properties of GUIs such as rich state, immediate feedback, and direct manipulation, which are sadly missing from pure HTML based web applications. The technologies that enable this architecture are JavaScript, asynchronously handled HTTP requests, and XML, which in this combination are nowadays referred to as AJAX, and of which, although probably most well known, XML is the least essential. Besides increasing the interactive quality, AJAX introduces a rather radical segregation of functionality and interaction into the architecture of web applications in that it requires a non trivial part of the application to be implemented in yet another programming language, JavaScript, and in that objects which are communicated between the parts of the application are marshalled through HTTP sessions. These requirements might seem to be burdensome at first but in fact they can considerably reduce the complexity into which purely server based web applications have evolved. (mesch) Steffen Meschkat http://en.wikipedia.org/wiki/AJAX 16:00 01:00 Saal 3 robots_for_fun_and_research Hacking Vortrag englisch In this talk, several examples of cutting-edge research in robotics will be presented, and their implications for the future of robotics will be discussed. Robots will play an increasingly important role in the development of Artificial Intelligence. Many researchers are convinced that for machines to become truly intelligent, they will need to be embodied. Contemporary research in intelligent robotics does not only draw inspiration from biology and psychology, but also provides these disciplines with the means to test hypotheses by using robots as research tools. Outside the lab, the main market today for robots is moving away from industry robots to the home, with robotic companions being developed for entertainment purposes. As hardware costs are getting smaller and smaller, the same development that happened several years ago with personal computers can now be applied to personal robots. A new trend is to modify existing commercially available robots and add new functionalities (also called `robot hacking'). These different approaches will be presented, and their implications for the future of robotics will be discussed. Verena Hafner 17:00 01:00 Saal 3 pypy Language/VM R&D, whole program type inference, translation to low level backends, fun Hacking Vortrag englisch We present our first self-contained Python virtual machine that uses parts of itself to translate itself to low level languages ("the Muenchhausen approach"). The PyPy approach could solve problems at language/interpreter-level that formerly required complex frameworkish solutions at user-level. PyPy is a reimplementation of Python written in Python itself, flexible and easy to experiment with. Our long-term goals are to target a large variety of platforms, small and large, by adapting the compiler toolsuite we developed to produce custom Python versions. Platform, Memory and Threading models will become aspects of the translation process - as opposed to encoding low level details into a language implementation itself. Basically, we think it's a good way to avoid writing n x m x o interpreters for n dynamic languages and m platforms with o crucial design decisions. In PyPy any one of these can be changed independently. We are going to briefly describe the concepts of object spaces, abstract interpretation and translation aspects and how they led us to a first self-contained very compliant Python implementation in August 2005, completely independent from the current mainstream CPython implementation. We go through a translation example of a Python program with control-flow-graphs and the according translated lowlevel C and LLVM (Low level Virtual Machine) code. We'll also try to relate PyPy's architectural concepts (known roughly for 2-3 years now) to similar upcoming concepts in e.g. pugs/Perl 6 development and we'll give an outlook on our starting Just-In-Time Compiler efforts and approaches. Lastly, we intend to discuss experimental new language/interpreter-level solutions to long-standing problems such as distributed computing, persistence and security/sandboxing. Development of PyPy is partly funded by the European Union during the 6th Research Framework programme. Armin Rigo Carl Friedrich Bolz Holger Krekel http://codespeak.net/pypy 18:00 01:00 Saal 3 privaterra IT Security and Human Rights organizations - The needs, the challenges & recommendations Society Vortrag englisch An overview of the work being done by Privaterra and other organizations to help identify and mitigate security vulnerabilities faced by Human Rights Organizations. The presentation will present the work currently being done in the area of security training for human organizations by Privaterra and other organizations. A brief history of the field will be presented. This will be followed by the specific challenges and needs being faced by organizations "at risk", such as social justice NGOS, as well as Human Rights defenders. Lessons learned from several field projects from Central & South America, Asia & Africa will be presented. Specific emphasis will be given to the recently concluded field mission to Guatemala. Details on and about the recently discovered secret police archive will be presented. In summary, the presentation will focus on the needs and issues faced to bring security procedures and technologies to human rights defenders and other social justice organizations. Robert Guerra mnesty International on Guatemala Human Rights Watch on Guatemala BBC News on Guatemala The Tactical Technology Collective International Foundation for the Protection of Human Rights Defenders National Security Archive Electronic Briefing Book No. 170 (Nov 21,2005) National Security Archive - Guatemala Documentation Project BBC News - Guatemala secret files uncoveredBy Simon Watts - Monday, 5 December 2005 Privaterra website 19:00 01:00 Saal 3 anon_tor_jap Rechtliche und technische Aspekte Society Vortrag deutsch Der Vortrag bietet einen Überblick über die verfügbaren Systeme und Implementierungen, ihre Entwicklungsgeschichte und die technischen Grundlagen. Darüber hinaus schildert er die rechtlichen Rahmenbedingungen und Gesetzgebungsbestrebungen. Es folgt ein kurzer Abriss der Erfahrungen als Betreiber eines Node. In dieser Veranstaltung werden vor dem Hintergrund zunehmender Überwachung und der Verlagerung gesellschaftlicher Aktivitäten in automatisiert auswertbare Datennetzkommunikationen die Probleme mit dauerhaften und allumfassenden Personenkarteien skizziert. Es werden Techniken zur Schaffung von Pseudonymität und Anonymität vorgestellt, ihre Entwicklung aufgezeigt und die Motivation der Handelnden hinterfragt. Die derzeit verfügbaren Implementierungen werden vorgestellt und verglichen. Ein Überblick über die theoretischen rechtlichen Rahmenbedingungen, das weitestgehende Fehlen derselben in bestimmten Bereichen und Bestrebungen des Gesetzgebers und der Sicherheitsbehörden folgt. Der Vortrag schließt mit einem Rückblick über die Erfahrungen mit den Strafverfolgungsbehörden und der Software, die in einem einjährigen Modellversuch gewonnen wurden. Julius Mittenzwei Andreas Lehner Peter Franck http://www.ccc.de/anonymizer/ http://tor.eff.org http://www.anon-online.de 21:00 01:00 Saal 3 digital_identity "Once I Was Lost But Now I've Been Found" Society Vortrag englisch The demarcation line that used to separate your digital identity from your real world physical identity is rapidly disappearing. More seriously, it is permanently changing the way in which the world sees you and you see yourself. Social identity lies at the very core of our existence as human beings. Without identity we are lost both in the physical and virtual world. Before the coming of the digital revolution, most people struggled to create a single, permanent identity that stayed with them for the remainder of their lives. Digital technology has changed that way of life forever. People are now given digital identities by governmental, business and military organizations, sometimes with their knowledge but often without them knowing. People have also begun to weave multiple digital identities for themselves - using digital technology they can now create their own alternative identities that they can wear and shed like skins for their own personal purposes. In this lecture I will discuss how the digital identities that we create for ourselves and those that others create or us affect both our image of ourselves, our own psychological makeup and well-being as well as how it affects how others see and deal with us. Max Kilger 22:00 01:00 Saal 3 autodafe Presentation of an innovative buffer overflow uncovering technique called "Fuzzing by weighting attacks with markers" Hacking Vortrag englisch Automated vulnerability searching tools have led to a dramatic increase of the rate at which such flaws are discovered. One particular searching technique is fault injection – i.e. insertion of random data into input files, buffers or protocol packets, combined with a systematic monitoring of memory violations. Even if these tools allow to uncover a lot of vulnerabilities, they are still very primitive; despite their poor efficiency, they are useful because of the very high density of such vulnerabilities in modern software. This paper presents an innovative buffer overflow uncovering technique, which uses a more thorough and reliable approach. This technique, called "fuzzing by weighting attacks with markers", is a specialized kind of fault injection, which does not need source code or special compilation for the monitored program. As a proof of concept of the efficiency of this technique, a tool called Autodafé has been developed. It allows to detect automatically an impressive number of buffer overflow vulnerabilities. Martin Vuagnoux 23:00 01:00 Saal 3 community_mesh_networking Ubiquitous wireless mesh clouds with olsrd from olsr.org Hacking Vortrag englisch Olsr.org's improved algorithm (compared to the initial INRIA OLSR draft) and how it may influence the development of ubiquitous free wireless networks. The Optimized Link State Routing Deamon - olsrd - from olsr.org is a routing application developed by community networking activists for wireless mesh networks. It is a open-source project that supports Mac OS-X, Window$ 98, 2000, XP, Linux, FreeBSD, OpenBSD and NetBSD. The application is available for Accesspoints that run Linux like the Linksys WRT54G, Asus Wl500g, Asus Wireles Harddrive, 4G Access Cube or Pocket PCs running Familiar Linux. Olsrd is a tremendous success. Community Wifi Networks all over the world are using olsrd now - in South Africa, Europe, Asia, Nepal, to mention a few. Rumours say that the most prominent person that communicates using olsrd at the moment is the Dalai Lama in exile... I will show what is going on in olsrd, where we are heading to with the protocol, what you can actually do with it now and what are the differences to the initial INRIA OLSR draft. Elektra Wagenrad http://olsr.org 12:00 01:00 Saal 4 fuzzy_democracy Using modern communication to transform the way we make political decisions Society Vortrag englisch As we can see by the German voting results in 2005, there is a huge disenchantment with politics in modern democracies. The voting people feel powerless in a governance where the power should originally belong to the people. "Democracy" only tends to be the best compromise among other types of government, but it could be different. Those modern means of communication most of us already use on a daily basis, like internet forums, webs of trust and possibly e-voting systems, can be used as a basis for political discussion and decision making as long as we are aware of their benefits as well as their limitations. This talk puts our traditional believes about democracy into question by closely looking at its roots in history. A careful deconstruction of that monolithic term will instantly lead to a very different perspective on the ideals behind it. It then becomes very easy to see how much closer modern technology might take us to the original idea of democracy. To sum it up: There are much better strategies of mobilizing and informing people than consuming TV ads and then voting the lesser evil every 4 years. This lecture first focuses on the roots of democracy as it was meant in the ancient world as direct realization of human rights and direct participation. As a theoretical fundament, there will be a brief overview over the history of democracy. We will take the original ideas behind democracy and show how and why -- very much justified by the state of ancient societies and ancient means of communications -- democracy evolved into a form of represantative election, which still is, after many centuries, the unadapted way we practice democracy today. After deconstructing our modern idea of democracy, we will focus on different approaches to reach closer to the original ideals with modern technologies. We will elaborate on direct communication in forums and decision making, non-binary decision models ("fuzzy voting" by using fuzzy logic and statistics on vote distributions), webs of trust, online discussions and voting in forums and other means. It is also very important to understand the implications of new technologies when used as a basis for democracy. There are severe limitations to the internet as we know it today. There are also limitations on who is able to cousciously and expertedly decide on certain topics. We will take a closer look on security as well as on how to define proper levels of decision ("Entscheidungsebenen"). We will finish the lecture by giving some example-implementations of "Fuzzy Democracy" to run small political parties, companies or associations. We the will then see how these implementations can be extended to any abstract political system that can be defined by its interfaces: even town councils or whole states, but how finding proper decision-levels and technology puts severe limits to this process. Svenja Schröder Christiane Ruetten A way to fuzzy democracy (Wiki page) 13:00 01:00 Saal 4 informational_cognitive_capitalism Science Vortrag englisch Discussion premised on the intersections of information feudalism, free software and open sources, piracy, cracking, volunteer and unwaged labour, class reconfigurations, and tainted myth. Discussion premised on the intersections of information feudalism, free software and open sources, piracy, cracking, volunteer and unwaged labour, class reconfigurations, and tainted myth. The discussion will take a hard look at the radical potentialities that the transition to cognitive-informational capitalism has brought about, as well as the reactionary forces that set in motion the imaginary of intellectual property law in order to regulate immaterial labour. A question is central to the discussion: what strange world reveals itself when Capital cannot maintain the pace or character of the historical magnification which has been defining it since the 15th century? When the commodity-form turns inward, facing itself in the mirror of production, in effect appropriating the flows of cultural heritage and social knowledge, what new myths arise to phisosophise reality? George N. Dafermos 14:00 01:00 Saal 4 hash_trust_compute Der aktuelle Stand Science Vortrag deutsch Wir präsentieren ein generisches Angriffs-Framework und zeige exemplarisch neue pratische Angriffe auf digitale Signaturen, die Zertifikats-Infrastruktur und die Bootkontrollsequenzen basierend auf neuen Resultaten zur Hashfunktion SHA-1. Diese Ergebnisse komprimtieren grundlegend die Sicherheit der TCG Architektur. Mit Microsoft Vista und dem Wechsel von Apple zu Intel-Chipsätzen (inklusive TPMs) scheinen die seit Jahren geäusserten Warnungen vor einen Entmündigung der Computerbesitzer durch Digital Restriction Management Technologien konkrete Realität zu werden. Industrievertreter und oberflächliche Beobachter räumen inzwischen zwar ein, dass DRM und TCG grundsätzlich zur Zensur und Wettbewerbsbehinderung eingesetzt werden können, betonen jedoch die "Neutralität" von Technologien. So fragwürdig derartige Thesen schon generell sind, im Falle der Trusted Computing Architektur führen bereits die grundlegen Designentscheidungen in eine höchst problematische Richtung. Zentrale Philosophie der Trusted Computing Architektur ist nicht der Schutz des Nutzer, sondern der Schutz des elektronischen Systems vor dem Nutzer. Dies verdeutlicht sich am klarsten durch die fehlende Kontrolle des Computerbesitzers über die in der TPM Hardware gespeicherten kryptographischen Schlüssel. Auch das Konzept der Remote Attestation, welche eine Kontrolle des persönlichen Computers durch Diensteanbieter über das Netzwerk ermöglicht, zeigt deutlich die grundsätzlichen Probleme dieser Architektur. Obwohl zahlreiche Kryptographen schon seit Jahren vor der Verwendung der Hashfunktion SHA-1 gewarnt hatte, wurden diese Mahnungen in den Wind geschlagen. Neuere Forschungsresultate zeigten nun eine bemerkenswerte Anzahl von schwerwiegenden Schwächen. Bereit die bisher veröffentlichten Resultate zeigen, dass ein Brechen von zentralen Sicherheitsprotokollen, welche SHA-1 verwenden, praktisch durchführbar ist. Wir präsentieren ein generisches Angriffs-Framework und zeige exemplarisch neue pratische Angriffe auf digitale Signaturen, die Zertifikats-Infrastruktur und die Bootkontrollsequenzen. Diese Ergebnisse komprimtieren grundlegend die Sicherheit der TCG Architektur. Wir fordern die TCG auf insbesondere auch wegen der hohen Umstellungkosten nicht eine Hardware Architektur basierend auf einem gebrochenen kryptographischen Algorithmus in den Markt zu drücken. Rüdiger Weis 16:00 01:00 Saal 4 lightning_talk_day_2 Nine five minutes talks by various speakers Lightning-Talk englisch There are also loads of reasons for attending the lightning talks (there is a 1-hour block of those each day at 22C3, with 10 talks in a row). It’s entertaining. You get to learn about a lot of different subjects in a short time. And even if one particular speaker is boring: hey, it will be over in just 5 minutes and a new topic will begin. But what is a lightning talk? It’s a 5-minute talk you (for reasons of your own) don’t feel like doing as a full 1-hour presentation. Maybe the topic is too obscure. Maybe the research you want to present is still too much in progress. Maybe you just want to talk about a detail you noticed on the way to the congress. Maybe you have a cool software or hardware hack you need helpers for and just want to drop the name of your project. Maybe you got the idea for doing a talk at the congress itself and the deadline for the call for papers is long gone… There are really loads of reasons why you should do a lightning talk. Just be short and sweet. After 5 minutes, you will be cut off and it’s the next speaker’s turn. fh Lightning Talks in the Public Wiki 17:00 01:00 Saal 4 sony_rootkit Über die Durchsetzung industrieller Interessen um jeden Preis Society Vortrag deutsch "Ich glaube, die meisten Menschen wissen gar nicht was ein Rootkit ist, warum sollen sie sich also darum kümmern?" - Thomas Hesse, Präsident Global Digital Business-Abteilung bei Sony BMG Sony BMG hat eine ganze Reihe von populären CD-Titeln mit einem DRM versehen, das teilweise rootkit-ähnliche Funtionalitäten aufweisst. Dieses Vorgehen hat eine Menge Fragen und Diskussionen über Gegenwart und Zukunft von Kopierschutzmechanismen ausgelöst. Zudem offenbart dieser Fall einen äussert verstörenden Einblick in die Sicht der Antiviren- und Security-Firmen und wirft ein seltsames Licht auf Sonys Vorstellungen von geistigem Eigentum und der damit verbundenen Rechte und Pflichten im Allgemeinen und im Speziellen. Markus Beckedahl fukami Zeitleiste des Sony Rootkits 18:00 01:00 Saal 4 anonymous_data_broadcasting An open-source project to develop a tool for broadband satellite broadcasts Hacking Vortrag englisch The lecture focuses on satellite ISP technology and how to misuse it for anonymously broadcasting to an unlimited number of anonymous users while only one user pays for a standard dial-up connection of a satellite ISP. The lecture focuses on satellite ISP technology and how to misuse it for broadcasting to an unlimited number of users. Satellite ISPs connect users to the Internet by means of satellite communication. The first part of the lecture introduces the basic types of satellite ISPs (symmetric vs. asymmetric or encrypted vs. unencrypted broadcasts). Then we give an overview of our basic idea: We exploit the fact, that the satellite downstream, containing the data requested by the user, can be received in the whole footprint of the satellite. To broadcast certain data the sender first sends it to a dedicated server, which is connected to the Internet. Then the sender requests this data over the satellite ISP, which results in the data being broadcasted by the satellite ISP. The potential receivers simply listen to the satellite broadcast and filter the data, e.g., by implicit addresses. Implicit addresses are achieved by means of public key encryption and, at the same time, achieves confidentiality of the broadcasted data. While unconditionally strong receiver anonymity is immediately achieved by the nature of a broadcast channel, sender anonymity is achieved by techniques similar to those applied in anonymous P2P publication systems. Our system works immediately if the satellite ISPs does not encrypt the data. If the satellite ISP encrypts the satellite downstream, the system works as well, but is more involved. This issue and other technical hurdles (e.g., robust broadcasts in face of a high error rate of the broadcast downstream or achieving sender anonymity) are discussed in the third part of the lecture. The lecture closes with the results of a prototype implementation (a modified web server plus user client) that enables broadband data broadcasting (e.g., file sharing) by exploiting a satellite ISPs. We propose an open-source project to continue the development of our prototype. Sven Löschner 19:00 01:00 Saal 4 rootkits_linux_kernel Kernel Module unter dem 2.6er Kernel für gut und böse? Hacking Vortrag deutsch Bisher war weder möglich rootkits noch Abwehrmassnahmen unter dem 2.6er Kernel zu schreiben, durch unsere Technik ist es nun möglich die System-Calls direkt zu modifizieren. Somit geben wir euch die Technik in die Hand Rootkits zu erstellen, als auch Abwerhmethoden zu implementieren. In unserem Vortrag, erklären wir wie ein Rootkit generel funktioniert und wie man mit Hilfe der antisec-technik Rootkits unter dem 2.6er Kernel erstellen kann. Das ganze wird durch eine live Demo abgerundet. k-mode newroot 21:00 01:00 Saal 4 the_cell_processor Computing of Tomorrow or Yesterday Hacking Vortrag englisch The x86 architecture has been the de facto standard for many years. Attempts to take the turn, like Intel tried with the VLIW Itanium Architetcture were desastrous. But the x86 architecture is not able to fulfil the demands of today's market. Several additions have been proposed (MMX,3dNow,SSE1-3), but the Cell approach takes them to the next level. The cell processor offers unique new features which are focused on high througput computing with low power. This approach is not compatible to the commonly known and widely spread x86 architecture, which survived every attempt to replace it since decades. The latest proposal by Intel, the Itanium architecturue did not make it, they are going to merge back to x86. But the Cell approach is fundamentally different, the aim is not to take the server or workstation market, the architecture is mainly targeted for the console and consumer elektronics. Two big companies from this sectors, Sony and Toshiba realized a research project together with one of the biggest microprocessor architects, IBM. The result was the Cell architecture, which is in particular very interesting, not only for the consumer electronics but also for the PC, Server and Supercomputing market. The necessary ideas to implement vector operations additionally to normal operations are also implemented in x86 as MMX/3dNow or SSE1-3, but the Cell architecture has gone further. This architecture proposes a heterogeneous Multiprocessor consisting of a normal general purpose CPU and several (8 in Version 1) small and fast Vector CPUs. The main concept is to reduce the complexity on the chip to increase the number of functional units and the clock rate. The vector CPUs are cache-less, have no branch prediction scheme and provide only in order execution with two very simple pipelines. All the complexity has been moved inside the upper software layer (compiler), where it can be handled efficiently (cmp. VLIW architectures). All Elements, the computing units and interconnects are introduced and analyzed in the talk. The first prototype with chip layout is explained. Furthermore different (thinkable) programming strategies are shown. Torsten Hoefler http://gustav.informatik.tu-chemnitz.de/~htor/sec/22c3_slides.pdf 22:00 01:00 Saal 4 lyrical_i Abschluss des CCC-Poesie-Wettbewerbs Culture Vortrag deutsch Auf der Abschlußveranstaltung des CCC-Poesie-Wettbewerbs "Lyrical I" werden die schönsten und originellsten Beiträge vorgestellt. Die drei Juroren des CCC-Poesie-Wettbewerbs "Lyrical I" werden ihre Lieblingsgedichte aus den eingesendeten Beiträgen vorstellen. Eventuell anwesende Autoren können ihr Gedicht natürlich gern selbst vortragen. Martin Haase/maha Jens Ohlig Henriette Fiebig 23:00 12:00 Saal 4 capture_the_flag Hacking Wettkampf englisch CTF von 23.00 bis 7.00 Capture The Flag ist eine Hacker-Wettbewerb, bei dem Teams mit Rechnern mit identisch vorbereiteten Diensten gegeneinander antreten. Ein Game Server spricht diese Dienste an, in dem er sog. Tickets verteilt, die er später auch wieder einsammelt. Jedes verteilte und vor allem jedes wieder eingesammelte Ticket bringt Punkte. Wenn ein Team es schafft, auf einem Fremdsystem ein fremdes Ticket gegen ein eigenes zu tauschen werden ihm diese Punkte gut geschrieben. Auf diese Art werden sowohl defensive als auch offensive Taktiken angesprochen. mc.fly Lexi Pimendis 12:00 01:00 Saal 1 sicherheitueberwachung Videoüberwachung am Beispiel des Congressgebäudes Society Podium deutsch Fortsetzung der Kameradiskussion zum Congress Im Rahmen der Vorbereitung des 22C3 gab es eine kontroverse Diskussion, wie mit der Kameraüberwachung hier im Haus verfahren werden soll. Wir möchte diese Diskussion nochmals aufrollen, Sachzwänge erläutern und unseren persönlichen Umgang mit Überwachungskameras darstellen. Können und sollen wir als Bürgerrechtler und Hacker noch gegen Überwachungskameras ankämpfen? Jens Ohlig padeluun Andy Müller-Maguhn Frank Rosengart 13:00 01:00 Saal 1 private_investigations_in_searching How to find any book (and many other roadkills) on the Information Super-Highway Hacking Vortrag englisch You will not need to copy any more nothing on your hard disk. Once you learn some sound searching techniques, you will easily find whatever you want, whenever you want on the fly. The Path of the Seeker Like a skilled native, the able seeker has become part of the web. He knows the smell of his forest: the foul-smelling mud of the popups, the slime of a rotting commercial javascript. He knows the sounds of the web: the gentle rustling of the jpgs, the cries of the brightly colored mp3s that chase one another among the trees, singing as they go; the dark snuffling of the m4as, the mechanical, monotone clincking of the huge, blind databases, the pathetic cry of the common user: a plaintive cooing that slides from one useless page down to the next until it dies away in a sad, little moan. In fact, to all those who do not understand it, today's Internet looks more and more like a closed, hostile and terribly boring commercial world. Yet if you stop and hear attentively, you may be able to hear the seekers, deep into the shadows, singing a lusty chorus of praise to this wonderful world of theirs -- a world that gives them everything they want. The web is the habitat of the seeker, and in return for his knowledge and skill it satisfies all his needs. The seeker does not even need any more to hoard on his hard disks whatever he has found: all the various images, musics, films, books and whatsnot that he fetches from the web... he can just taste and leave there what he finds, without even copying it, because he knows that nothing can disappear any more: once anything lands on the web, it will always be there, available for the eternity to all those that possess its secret name... The web-quicksand moves all the time, yet nothing can sink. In order to fetch all kinds of delicious fruits, the seeker just needs to raise his sharp searchstrings. In perfect harmony with the sourronding internet forest, he can fetch again and again, at will, any target he fancies, wherever it may have been "hidden". The seeker moves unseen among sites and backbones, using his anonymity skills, his powerful proxomitron shield and his mighty HOST file. If need be, he can quickly hide among the zombies, mimicking their behaviour and thus disappearing into the mass. Moving silently along the cornucopial forest of his web, picking his fruits and digging his jewels, the seeker avoids easily the many vicious traps that have been set to catch all the furry, sad little animals that happily use MSIE (and Outlook), that use only one-word google "searches", and that browse and chat around all the time without proxies, bouncing against trackers and web-bugs and smearing all their personal data around. Moreover the seeker is armed: his sharp browser will quickly cut to pieces any slimy javascript or rotting advertisement that the commercial beasts may have put on his way. His bots' jaws will tear apart any database defense, his powerful scripts will send perfectly balanced searchstrings far into the forest. Fravia http://www.searchlores.org/private.htm http://www.searchlores.org http://www.searchlores.org/mines.htm 14:00 01:00 Saal 1 i_see_airplanes How to build your own radar system Hacking Vortrag englisch The lecture describes how to build your own passive radar system using relatively low-cost hardware and free software. The lecture describes how to build your own passive radar system using relatively low-cost hardware and free software. Passive radar systems allow you to determine the position and velocity of aircraft, etc, using broadcast TV and FM radio transmitters as illuminators. The system works by watching the direct path and reflections from L transmitters using M coherent receivers at N locations. From the raw data we extract estimates of bistatic range, doppler and angle of arrival. These estimates are fed into a tracking algorithm that attempts to sort airplanes from clutter and noise. Eric Blossom http://ieeexplore.ieee.org/xpl/tocresult.jsp?isYear=2005&isnumber=31424&Submit32=Go+To+Issues http://en.wikipedia.org/wiki/Passive_radar ttp://www.gnu.org/software/gnuradio 16:00 01:00 Saal 1 changing_realities Innovation, user-creation, activism and entrepreneurship in Second Life Culture Vortrag englisch The 3D digital world of Second Life has been completely built by its residents. Running on a growing grid of computers, SL's real-time collaborative-creation tools and physical simulation allow for creativity of stunning depth and breadth. Second Life is unique virtual world, completely created by its residents. Hosted on a grid of over 1000 computers, Second Life is the home to over 60,000 residents from all over the world. By leveraging the powerful built-in tools for collaborative creation, virtual pioneers are building, exploring, learning, loving and fighting. Not content to remain behind the magic circle, wealth, ideas, games, and fashion are flowing back and forth between the real and the virtual worlds. Uniquely, the residents of Second Life retain their intellectual property rights in these creations. The session will begin with an overview of the technology and history of Second Life. Based on a distributed grid, Second Life was created to allow both discrete and physical simulation across a large number of commodity computers. By combining this simulation space with compression, a highly complex and dynamic scene is streamed to client computers via a broadband connection. This ability to support a completely dynamic scene enables real-time, collaborative creation which in turn allows residents to succeed in creating 3D and scripted content, two areas traditionally considered too difficult to be generally accessible. The body of the session will be a discussion of what residents have accomplished within Second Life in the 30 months since launch. By leveraging user-creation, residents have built everything from real-estate empires, games, and fashion houses to schizophrenia simulations, real-work jobs, and university education. The freedom to explore a virtually limitless design space without having to ask permission has resulted in an explosion of innovation that continues to accelerate. Finally, the session will conclude with a look to the next several years. What happens as the increasingly interactive "web as platform" collides with the accelerating connectivity of Second Life? What new forms of business, research and activism appear as international groups collaborate within simulated places? As the false dichotomy of "play" versus "work" breaks down, how will society and culture adapt to a technically adept, international, online workforce that relies on technology generally identified as "a game"? Cory Ondrejka Blog Entry from Cory about his talk Whitepaper Second Life History http://www.secondlife.com/ 17:00 01:00 Saal 1 free_software_gsm_phone Reverse Engineering the Motorola EZX (A768,A780,E680) series of Linux-based GSM phones Hacking Vortrag englisch This presentation describes the progress of hacking and extending the Motorola series of Linux based Smartphones, with the ultimate goal to replace all proprietary applications with 100% free software. It's been two years since Motorola has released the first Linux Smartphone (A768). More recently, two new models were introduced, the A780 and the E680, the former even officially distributed in Germany and all over the EU. What's so special about a Linux based smartphone? It's special because the Linux kernel acts as an enabler for 3rd party hacks and 3rd party software, like it can be observed with the OpenWRT, OpenTom, NSLU2-Linux, OpenEmbedded, OpenZaurus and other similar projects. The author of this presentation has sucessfully obtained "telnet" access to an A780 cellphone, built a matching cross-compilation toolchain and installed various applications for debugging, such as busybox, iptables, nmap, lsof, strace, etc. While re-engineering efforts are still in a early stage, work is proceeding extremely fast, and important pieces such as the protocol between the PXA270 frontend processor and the ARM7TDMI GSM processor have already been partially re-engineered. The project is expected to progress significantly until 22C3. Harald Welte http://www.motorolafans.com/ http://gnumonks.org/~laforge/weblog/linux/a780/ http://svnweb.gnumonks.org/trunk/a780/ 18:00 02:00 Saal 1 xbox_hacking 17 Mistakes Microsoft Made in the Xbox Security System & Xbox 360 Hacking Hacking Vortrag englisch A lot about Xbox hacking has been published earlier. This talk summarizes all this, explains some very cool new hacks and analyzes the 15 mistakes Microsoft made in the Xbox security system. It also gives an introduction on the Xbox 360. We have made talks on the Xbox security on 19C3 and 20C3. One might think that there is nothing new about Xbox hacking, and in a way that is true - there is few really new information, but a lot of information that the Xbox Linux Project has never published earlier: For example, it has never been revealed how easily the "Xbox V1.1" has been hacked - so that Microsoft would be unable to fix it, and we could use this method for future Xboxes. (The specific flaw of the x86 architecture that is responsible for this can possibly be used to circumvent any Trusted Computing BIOS!) The talk also summarizes all hacks that have been done and all flaws that have been found in the Xbox security system. It analyzes how Microsoft designed the security system and explains the 15 mistakes they made. Fifteen mistakes... in a video game console security system... 7 mistakes in the design, 6 mistakes in the implementation and 2 mistakes in their policies. And these are *types* of mistakes - they made several mistakes more than once, in different fields. In the remaining time, we will talk about the Xbox 360 security system. The release date of the Xbox is late November, just one month before the 22C3, but we are certain that we will still be able to present a lot of interesting information about the Xbox 360 security system as well as approaches to hacking it. Felix Domke Michael Steil http://www.xbox-linux.org/ http://www.xbox-linux.org/wiki/Xbox_Manufacturing_Process http://www.xbox-linux.org/wiki/Xbox_Manufacturing_Process_Pictures http://www.xbox-linux.org/wiki/The_Hidden_Boot_Code_of_the_Xbox 21:00 01:00 Saal 1 nanotechnology A concise introduction to what NT is, what it can't do yet and what we should be aware of Science Vortrag englisch Nanotechnology marks the merger of different technologies in structures smaller than 100 nm. While it could yield some powerful applications for sustainability, medicine and electronics, some hazards begin to appear that have to be addressed urgently Nanotechnology is the manipulation of matter smaller than 100 nm and marks the merger of different fields of technologies like biotech, chemistry, electronics and physics towards a single new technology of the 21st century. Whereas some parts of nanotechnology have been known for decades like colloid chemistry that is now relabeled as chemical nanotechnology, others have been discovered only recently, especially the exploitation of quantum effects in nanoscale particles. They enable the development of applications that have no technical precursor in the past. Some nanotools for analysing matter on an atomic scale and basic applications like new materials are already on the market. But more complex devices like nanoelectronic processors are not yet feasible, because except for physical self organisation there are no precise methods of integrating nanostructures into micro or macro objects – or in the field’s jargon, true „bottom-up“ technologies like for instance molecular manufacturing as suggested by Eric Drexler. While nanotechnology could yield some powerful applications for a more sustainable use of ressources and energy production, medicine and electronics, some hazards begin to appear that have to be addressed urgently. The current debate about nanotech hazards is hampered by a lack of risk data as well as a useful classification of nanotech applications concerning human exposure. Therefore a classification is proposed that divides the field into 1. contained, 2. bioactive and 3. disruptive nanotechnologies. Finally a case is made for the creation of an „open nanotechnology“ where „open“ stands for 1. transparency of the technological knowledge and applications and 2. for the application of the Open Source idea to the realm of nanotechnological designs. Niels Boeing http://nano.bitfaction.com Link zum Bild 22:00 01:00 Saal 1 fnord_jahresrueckblick Was wirklich geschah Society Vortrag deutsch The underreported stories of the year, sorted by bizarreness. Jedes Jahr passieren berichtenswerte Dinge. Einige von ihnen bekommen enormes Medienecho, andere tauchen nur am Rande bis gar nicht in den Mainstream-Medien auf. Dank Heise sind Techies ganz gut über techniknahe Problemzonen wie Überwachung, Data Retention, die Copyright-Mafia u.ä. informiert; diese Veranstaltung möchte die Zone des Informiertseins auch auf andere Themen ausweiten. Felix von Leitner Frank Rieger 23:00 02:00 Saal 1 hacker_jeopardy The one and only hacker quizshow Community Sonstiges englisch The well known quizshow format, but of course covering topics not usually seen on television Hacker Jeopardy is a quiz following the well known inverted answer-question scheme. Heise once entitled it "Number guessing for geeks", which is of course a very unfair abbreviation: it's also guessing for letters and special characters :) Stefan 'Sec' Zehl Ray 11:00 01:00 Saal 2 transparenz_der_verantwortung_in_behoerden Society Vortrag deutsch Wir brauchen eine neue, gesellschaftlich breit überzeugende Lösung für das Problem mit dem Datenschutz. So wie es jetzt läuft geht die Aushöhlung der Persönlichkeitsrechte durch schrittweise Einschränkung des Datenschutzes immer weiter. Statt dem gläsernen Bürger brauchen wir die gläserne Verwaltung. Die gläserne Verwaltung bedeutet: Immer wenn Behörden und sonstige Akteure Daten erheben, weiterleiten, verarbeiten, speichern und nutzen, müssen jeweils zugleich mit erfasst werden: Die verantwortliche Person und die Umstände, insbesondere die Begründung warum es gemacht wird. Dann hat jeder Datensatz seine Entstehensgeschichte bis zu allen Ursprüngen und mit allen Verantwortlichen dabei. Es liegt in der Natur der Informationstechnik, dass dies technisch leicht machbar ist und der Aufwand wäre überschaubar gering. Dann würde jeder Verantwortliche mit Sorgfalt abwägen, ob seine Aktion sinnvoll und zulässig ist, oder nicht. Auch ein Versäumnis wäre ein Fehler. Bestraft werden sollen nicht die strittigen Ermessensentscheidungen, sondern die klaren Verstöße. Philipp Sonntag 12:00 01:00 Saal 2 data_mining_weltfrieden Society Vortrag deutsch Wir drehen den Spiess um: Wie die Quintessenz die NSA analysiert hat. Warum die Bedrohung durch schmutzige Bomben eine fiktive ist. Wie zerlegt man systematisch eine Angst und Hysterie schürende Informationspolitik? Data Mining ist ein einschlägigen Kreisen eine sehr negativ belegte Phrase. Die Kunst der Informationsbeschaffung und -analyse kann man allerdings auch zu Zwecken verwenden, die gut fürs Karma sind: wie man systematisch eine Angst und Hysterie schürende Informationspolitik zerlegt. Am Beispiel der quintessenziellen 'Datamining the NSA' und dem Thema schmutzige Bomben wird eine Einführung gegeben. Jule Riede-Buechele 13:00 01:00 Saal 2 the_silent_decline_of_public_control Why German voting machines do not meet the requirements of democratic elections. Society Vortrag englisch The voting machines widely used in Germany's recent elections fail to follow both fundamental democratic principles and German legal requirements. Highlights of a recent Irish report on security issues of these machines will be provided. In this year's September elections of the Bundestag, more than 2 Million voters had to submit their vote using voting machines of the Dutch automation provider, Nedap. The machines, which have been subject to a (non-public) governmental certification process, do neither allow the voter to verify that his vote has been correctly stored, nor do they provide a transparent and auditable vote counting process. While the a specimen of the software has been reviewed as part of the certification process, the software installed on the Nedap machines is at no time subject to any authentication or validation by the German authorities. This is of specific interest, as a recent report of an Irish government commission claims that the implemented security measures mainly follow the concept "security by obscurity", and that two minutes of unauthorized access might be sufficient to replace the installed software. Ulrich Wiesner Overview article on the voting machines used in Germany (in German) Findings of the Irish Commission on Electronic Voting (in English) Legal framework (in German) 14:00 01:00 Saal 2 internet_voting_in_estonia First-ever pan-national official occasion. Society Vortrag englisch Tarvi, the project manager for Estonian e-voting, is going to explain how the Internet voting system is built and how the Internet voting was made possible for the Estonian voters. Tarvi Martens http://www.vvk.ee/engindex.html 16:00 02:00 Saal 2 fuzzing Breaking software in an automated fashion Hacking Vortrag englisch Fuzzing is the art of automatic bug finding. This is done by providing applications with somewhat broken to really broken input. During my talk I'll give an overview of current fuzzers and how to build your own. In this talk fuzzing will be explained. Fuzzing is the art of providing an application with a lot of different and mostly broken input. The input should in most cases be good enough so applications will assume it's valid input, but at the same time be broken enough so that parsing done on this input will fail. Such failing can lead to unexpected results such as crashes, information leaks, delays, ... In order to decently fuzz a given application tools are needed. Some are better then others and a variaty of fuzzing tools will be covered in this lecture. Some of the most known are: - spike - scapy - smudge - protos - ... There are 3 basic types of fuzzers that will be covered: - Manual testing. - semi-automatic fuzzing - automatic fuzzing. The tools that will be covered are either standalone fuzzers which can usually only fuzz 1 type of protocol or application or so called fuzzing frameworks. Fuzzing frameworks have api's to easely produce broken data and implement specific protocols. Most fuzzing tools concentrate only on fuzzing certain network protocols. This lecture will show that a lot more can fuzzed, such as: - network stacks - Arguments, signals, stdin, envvar, file descriptors, .... - Api's (library calls, systemcalls) - files (binary, human readable, ...) During the lecture a lot of examples will be shown. I'll show how some of the most widely used applications break within seconds with some of the fuzzing tools. Some of these applications are: - internet explorer - ios 12.x - solaris kernel - grandstream GXP2000 voip phone - many many more A large part of the talk will go deeper into how to produce broken input that will likely cause problems. As will be shown size fields and strings are usually very interesting to change. Some time will also be spend with exploring the current debugging and disassembling tools in order to figure out what broke, and where it broke. Near the end there will also be a list of annoying things that one might enounter during fuzzing. Usually they get in the way of automated fuzzing (Think of an application that will give an annoying popup every single time it recieves badly formed data). Some ideas will be given to bypass these annoyances. At the end of the lecture pretty much all attendants will realize that most people writing parsing code today aren't doing such a good job (in term of security !) and how easy it is to go out and find cool security bugs with automated tools. Ilja ttp://lufgi4.informatik.rwth-aachen.de/movies/summerschool/vansprundel-fuzzing-2005-09-23.mov http://ilja.netric.org/files/fuzzing.sxi http://static.23.nu/md/Pictures/FUZZING.PDF 18:00 01:00 Saal 2 disassembler_internals Hacking Vortrag englisch Disassembler Internals II is an advanced look at the power of programmatic disassembly analysis. The talk will focus on data structure recognition for the purposes of reducing time spent reverse engineering protocols and proprietary file formats. Disassembler Internals II is an advanced look at programmatic disassembly analysis with a focus on data structure recognition. The original Disassember Internals presentation given at Toorcon 7 discussed the basic concepts required to build a high-level disassembler. These topics included binary format parsing, opcode disassemblers, and elementary disassembly analysis algorithms for indentifying relationships within the code. These topics will be reintroduced to bring attendees up to speed, and Disassembler Internals II will take the audience to the next level with a discussion of techniques for programmatically recognizing data structures. The ability to properly identify high-level data structures is crucial in the process of reverse-engineering. General structure recognition is accomplished by tracking references to offsets within a known set of data. Depending on the complexity of the assembly code, a great percentage of fields can be immediately identified, reducing the amount tedious manual labor required when reversing a protocol or file format. Given advanced disassembler tools with cross- referencing abilities, tracking variables and examining the transfer of pointers from one location to another to identify high-level objects is fully attainable through static binary analysis. A view of how the program interacts with supplied data can be analyzed to determine memory allocation for structures, structure member data-types, and potential flaws in structure parsing code. This sort of analysis can be rapidly prototyped with IDA Pro and developed further as desired in custom reverse-engineering tools. Finally, the presentation will discuss the usefulness of the concepts when applied to automated vulnerability discovery. The category of vulnerability discovery tools known as "fuzzers" can benefit greatly from the ability to automatically determine the structure of the data being manipulated. Fuzzers can be used to rapidly determine parsing errors in protocols and file formats. There are generally two approaches to software fuzzing: random manipulation of a valid dataset or using pre-defined protocol templates. The latter approach is typically more effective, but requires substantial effort to construct a protocol template that is useful for the fuzzer. The combination of fuzzing technology and algorithms for automatic protocol template generation will lead to intelligent fuzzers that are more effective at finding vulnerabilities. The presentation will conclude with a demonstration and release of a standalone console disassembler/analyzer for PE and ELF binaries and an IDA plugin capable of identifying structures in code. Richard Johnson Toorcon 7 Presentation - Disassembler Internals 21:00 01:00 Saal 2 intrusion_detection_systems Elevated to the Next Level Hacking Vortrag englisch Currently there exist many different IDS techniques. However, none of them is the superior one. Best results can only be determined by a combination of them. We introduce an approach how to do that efficiently. Currently there exist many different Intrusion Detection techniques. Starting from network based systems, such as pattern matching, traffic correlation, traffic anomaly detection... or host based systems such as file integrity checkers, log file parsers or root kit detectors up to things like Honeypots are widely used. Todays major problem is that most people simply don't have enough monitors to look at all the different IDS consoles at the same time. Also, for some quite popular IDSs there doesn't exist a usable console at all. Since each IDS has it's own analysis tools, correlation of the big variety of events detected by different systems has to be done manually - if even possible. That gets even more tricky if one has multiple IDSs at certain places in the network. So, how to deal with that complexity? What we are going to introduce first is the IDMEF (Intrusion Detection Message Exchange Format) approach to normalize and standardize log events that are coming out of IDSs. That gives you all the events of all those different IDSs in a common format. So far so good. But how to get valuable clues out of all this data? To correlate IDS events in order to get an automatic decision if a certain system has been attacked or misused isn't that simple - obviously. Is an outbound connection of let's say a web server ok? Maybe not if the admin is not logged in. Is changing /etc/shadow valid if there is just a web server running? It may depend on many things as the time of the day, source, further events on the system, who is logged on, what other processes are running, certain system states, system load ... We will present a method correlating those IDS events using Fuzzy Logic and Neural Networks as an extension of the Prelude Hybrid IDS framework. After a short introduction of the Prelude framework we explain how those methods can be used to get more reliable results out of this hybrid IDS. To illustrate the concept behind in a more demonstrative way we will use IDS events of common attacks to give an idea how it can be employed to make IDSs work more efficiently. Matthias Petermann Alien8 http://www.prelude-ids.org http://www.snort.org/ http://la-samhna.de/samhain/s_download.html http://en.wikipedia.org/wiki/Fuzzy_logic http://en.wikipedia.org/wiki/Neural_networks 22:00 01:00 Saal 2 zauberhafte_naturwissenschaften Science Vortrag deutsch Zur Anregung, sich mit Naturwissenschaften zu beschäftigen und „einfache, selbstverständliche“ Sachverhalte wieder fragwürdig und problemhaltig zu machen. Eine Einführung in das Thema Zaubern: * Wie arbeitet ein Naturwissenschaftler (Computerfachmann)? * Das Hütchenspiel - mit Wassermolekülen? * Wie schreckhaft sind Wassermoleküle? * Lässt sich eine Interkontinentalrakete im Hörsaal starten? * Kann man den el. Strom nach seiner Herkunft direkt an der Steckdose verifizieren? * Kann man ein Strom führendes Kabel (230 V) mit den Zähnen durchbeißen? * Gibt es die „wahre“ Energiesparlampe? * Hat Herr Kirchhoff mit seinen Regeln unrecht? * Was passiert, wenn man einen menschlichen Finger minutenlang in flüssigen Stickstoff (-196°C) taucht und dann mit dem Hammer draufschlägt? * Gibt es Wunder in der Mathematik? * Was hat Himmel und Hölle mit der Mitgliedschaft bzw. Nichtmitgliedschaft im CCC zu tun? * Wie verhält sich das Betriebsschiff des CCC im Sturm der Finanzen? * Wie reagieren Mitglieder des CCC auf Innovationen? Wolfgang Hahn 23:00 01:00 Saal 2 entschwoerungstheorie Verschwörungstheoretiker sind hinter mir her! Society Vortrag deutsch Anschließend an den letztjährigen Vortrag über die bedauerliche Mangel- und Fehlrezeption Robert Anton Wilsons soll die Gesellschaft, in der sich populäre Verschwörungstheorien über 9/11 und "USrael" befinden, vorgestellt werden. Verschwörungstheorien können ein lustiges Spielzeug sein, wenn sie nicht geglaubt werden. In der bewußtseinserweiternden Tradition von Wilson könnten Hacker für assoziativen Mindfuck werben. Warum jedoch werden Verschwörungstheorien so selten dekonstruiert und so oft gepusht? "Nur weil du paranoid bist, heißt das nicht, daß du hinter anderen her sein mußt." Ein Überdenken des Umgangs mit Verschwörungstheorien scheint dringend erforderlich. Eine der global am weitesten verbreiteten Ideologien ist die Vorstellung einer jüdischen Konspiration, welche über die Kontrolle der amerikanischen Ostküste die Welt beherrscht. In diesem antiimperialistisch konnotierten Bild sind die noch vor 100 Jahren klar getrennten Stränge der Verschwörungstheorie - die antisemitische und die anti-geheimbündlerische - verbunden, so daß es für rechte und linke Vereinfacher und Ideologen, für Nazis und Leninisten gleichermaßen attraktiv geworden ist. Die handgreifliche Folge besteht darin, daß die eigene Regierung oder die wirklichen Herrschaftsstrukturen nur halbherzig angegriffen werden, während nationale Gemeinschaften sich gegen die überproportionierte Bedrohung zusammenschließen. Die gefährlichsten realen Verschwörungen wurden von Verschwörungsgläubigen ins Werk gesetzt und kosteten Millionen von Menschenleben. Grundlegende Veränderungen der Gesellschaft wurden und werden in diesem Kontext mit der Auslöschung bestimmter Gruppen von Menschen verwechselt. Was Wilson in "Illuminatus!" demonstrierte, waren die Absurdität und die geistige Anregung der Verschwörungstheorie gleichermaßen. Indem er die verschiedenen widersprüchlichen Erzählungen zusammenstrickte, machte er die Möglichkeiten und Gefahren assoziativen Denkens sichtbar. Diese reflektierte und ausgesprochen komische Art der Aneignung scheint bei heutigen und hiesigen Konspirologen kaum eine Rolle zu spielen. Verbissen beharren Mathias Bröckers wie Gerhard Wisnewski auf ihrer Version der Geschichte und räumen dem bei Wilson so wichtigen Zufall und auch menschlichen Schwächen oder Fehlern keinen Platz mehr ein. Was geschieht, geschieht auf Plan und Anordnung, und auf wessen Plan und Anordnung wird allzuoft nur mäßig kaschiert. Mit der Behauptung einer "Kosher Conspiracy" (Bröckers) und der Verharmlosung antisemitischer Propaganda und Tat schwimmen diese sich gern als vorurteilsfrei und subversiv gerierenden Verschwörungstheoretiker im globalen Mainstream unappetitlicher und gefährlicher Ideologien. Als Ausgleich zur Empirieferne und Phantasiearmut der analytisch-logischen Weltanschauungen funktioniert der assoziative Mindfuck weiterhin sehr gut. Routinierte Mustererkennung wenig origineller deutscher Journalisten führt jedoch bestenfalls zu Schenkelklopfen, miefiger Selbstbestätigung und Duldung gefährlicher Wahnsinniger. Mit einem Ausflug in die Geschichte der Verschwörungstheorie und ihres enormen Einflusses auf die Politik der vergangenen 100 Jahre, mit einer Betrachtung von personalisierter Geschichtsschreibung sowie mit Verweis auf aktuelle Beispielen grausiger Verbindungen könnte der Versuch starten, das bunte Spielzeug der konstruktiven Paranoia dem graubraunen Assoziationsautomaten zu entreißen. Daniel Kulla http://www.systemausfall.de/Daniel_Kulla_Germany_might_trick_me_once_Zur_Dialektik_von_Dope_und_Mate_2005.pdf http://www.danielpipes.org/art/cat/4 http://jaecker.com/verschwoerungstheorien.htm 11:00 01:00 Saal 3 complete_harddisk_encryption_with_freebsd Learn how to effectively protect not only your data but also your applications Hacking Vortrag englisch Most technologies and techniques intended for securing digital data focus on protection while the machine is turned on – mostly by defending against remote attacks. An attacker with physical access to the machine, however, can easily circumvent these defenses by reading out the contents of the storage medium on a different, fully accessible system or even compromise program code on it in order to leak encrypted information. Especially for mobile users, that threat is real. And for those carrying around sensitive data, the risk is most likely high. This talk will introduce a method of mitigating that particular risk by protecting not only the data through encryption, but also the applications and the operating system from being compromised while the machine is turned off. ====Securing digital data==== When is comes to securing digital data, a lot of resources are usually spent on mitigating the risk of network-based attacks: encrypt transmissions, apply patches, harden network stacks and use firewalls and an IDS. All these countermeasures are without doubt justified – even more so as more and more devices become networked. However, all defenses against network-based attacks are useless if the attacker can simply read out the contents of the hard disk(s) from a (usually) different system – which brings us to in-storage data encryption. ====The problem with partial encryption==== Even if storage encryption is used, it is often less effective than it is perceived to be – because a lot of programs "leak" data to unencrypted parts of the medium by creating temporary copies of the files you are working on. Aside from thus giving the user a false sense of security, both the file-based and the partition-based encryption approach suffer from a major problem: the operating system remains unencrypted. ====Mobile users at particular risk==== With today's cipher-strengths in mind, pretty much anything is easier than a brute-force attack against the encrypted data (a strong key provided). So, if the attacker has physical access to the hard disk, compromising the OS or the applications seems like the easiest way to get the data. The implication is that, unless you keep your computer in sight at all times, you cannot really be sure it has not been compromised. But as a mobile user you obviously do not want to carry your notebook on you all day long. The goal is therefore to encrypt the entire hard disk, so that physical access to the device offers no realistic chance for a (software) compromise. ====Core issues discussed in this talk==== The talk will be divided into three main subjects: * Background & motivation: explains the need for in-storage data encryption and discusses partial disk encryption and the motivation behind complete disk encryption. * Implementation: details of how to implement complete disk encryption on a FreeBSD system. The solution relies on standard FreeBSD tools and does not involve programming. * Implications: explains what is and is not protected by complete disk encryption. New risks, dangers as well as trade-offs will also be discussed. Part II will be technical and aimed mainly at experienced UNIX users. Parts I & III discuss general issues regarding complete disk encryption and should therefore also be interesting to a broader audience. Marc Schiesser 12:00 01:00 Saal 3 real_life_bug_finding_in_win32 Hacking Vortrag englisch Overview of a few academic program verification/checking tools; their usefulness for practical bug finding (particularly, in Win32 PE binaries); a report on the progress of integer overflow detection tool implementation (with preliminary results). Although computer-aided program verification and bug finding receives significant attention in academic circles, very little information on these efforts has been presented at conferences for security practicians; this talk intends to shed some light on the subject. Particularly, many security professionals believe that the academic tools cannot be used for practical tasks, while in fact some of the tools have been quite successful in some aspects. It is crucial to make a distinction between "program verification" and "checking". The goal of the former is to prove that a given program is fully correct. Generally, this goal cannot be reached. One of the basic theorems of the computer science is "the halting problem", which states that there does not exist an algorithm to tell whether a Turing machine (which is an abstraction of a computer) terminates its calculation on a given input. Even intuitively, proving program correctness is harder than the halting problem; therefore, only in particular, simple cases one can attempt to prove program correctness. During the talk, a sample session of Caduceus tool will be presented, and some trivial C programs will be proven. On the other hand, "program checking" does not attempt to prove full correctness, but rather to check whether selected properties hold. It is similar to a typical security audit, when an auditor tries to check that usage of potentially dangerous programming constructions is safe. "Program checking" is a best effort approach, as it does not guarantee completeness of any kind. However, automatic program checkers are able to find interesting bugs; the talk includes appropriate examples of bugs in Linux kernel, discovered by the MECA tool developed in Stanford University. Because of many reasons, nowadays the security (or the lack thereof) of Win32 systems is important for security researchers. It would be very useful to have a tool capable of finding bugs in Win32 programs. As there is no publicly available source code, one has to work with assembly code, which presents another set of problems. Besides Halvar Flake's work, there is little related material available. During the talk, the New Jersey Machine-Code Toolkit will be presented, which allows a programmer to easily capture assembly instructions semantics. Finally, a working prototype of a tool which checks for integer overflows in Win32 binaries will be presented. The choice to look for integer overflows is very compelling for at least three reasons: 1) This kind of vulnerability was the cause of major, recent problems in Windows security 2) Most probably, many similar bugs remain undiscovered 3) It is relatively easy to use a theorem prover to check for this type of vulnerability Currently, the tool is unable to handle many programming constructions, which makes it unfeasible to use it for most binaries; however, for some programs it performs reasonably well. When applied to "nwwks.dll" binary, which implements a service addressed by a recent MS bulletin, the tool discovered seven cases of suspicious integer calculations; among them, three were real remotely exploitable bugs. Rafał Wojtczuk http://www.stanford.edu/~engler/ http://why.lri.fr/caduceus/ http://www.eecs.harvard.edu/~nr/toolkit/ 13:00 01:00 Saal 3 w3c_web How to turn your idea into a standard Community Vortrag englisch W3C brings together experts, companies and users to define the fundamental formats and protocols of the Web. The challenge is to create a coherent system (the "Semantic Web") without forgetting everybody's short-term needs. When W3C started, in 1994, the Web was simple: the IETF had taken on the task of defining URLs; W3C and the IETF worked together on HTML and HTTP; W3C developed CSS; and a group of people donated PNG to W3C. There were plenty of people helping out and although some had trouble understanding W3C's vision of a Web on other devices than PCs, the architecture was simple enough and progress was quick. Now the Web is big, slow and complex. There is an ever increasing demand for new technologies, for security, b2b, multimedia, accessibility, privacy, and what not, and although W3C's vision is still the same, it needs more and more discussion in more and more groups to harmonize all the technologies being proposed. But at least everybody now wants the Web on small devices... Let's take a (brief) look at the methods W3C tries to use to reach consensus (because consensus is the basis of W3C's decision making), at the ways in which people can follow and participate in the work, and at a few of the technologies that are expected. Bert Bos http://www.w3.org http://www.w3.org/Style/CSS/current-work 14:00 01:00 Saal 3 agile_business_and_eu_funding Sprint methodology in funded OSS projects Community Vortrag englisch There is a growing number of open-source developers organized and connected to company and money related work. We report our experiences from the first year of the PyPy project which has a 7 company/university consortium and a 1.3 Million Euro research grant from the European Union. We'd like to present and discuss models and experiences for connecting open-source/hacking culture driven development to money related projects and goals with the audience. We are going to briefly describe the organisation of the PyPy project, showing how formal stakeholders and OSS Python community interact through agile practices like sprinting. We will also reflect on the aspect of diversity, combining technical and non technical people and skills and learnings from this. We will relate the various agile techniques used in PyPy and other projects/companies to the agile practices known from the work in the Agile Alliance (XP, Scrum, Crystal) and tell you what we know of how other projects are doing it. Lastly we will also share our experience of various challenges and possibilities when integrating the different cultures and skills from the OSS perspective, EU perspective and the Chaos Pilot/process management perspective - managing diversities. Holger Krekel Beatrice Düring http://codespeak.net/pypy/dist/pypy/doc/dev_method.html http://codespeak.net/pypy/dist/pypy 16:00 01:00 Saal 3 evocell Exploring the huge space of possible cellular automata by evolution Science Vortrag englisch This talk is for everyone who liked to play around with the game of life when he/she was a kid (or older). The goal of this talk is to present EvoCell, a free software project released under the GPL. EvoCell can simulate arbitrarily many cellular automata in parallel with any neigbourhood, any number of states (RAM is the limit) and any transition rules. The really interesting part is that you can evolve the transition rules. By using genetic algorithms EvoCell allows you to explore the huge space of possible cellular automata. Strange worlds of gliders, replicators, blinkers and other cellular machines are awaiting you. In the talk I'll try to explain some fundamental principles of artificial life and demonstrate how the can be seen in cellular automata. The goal of this talk is to present EvoCell, a free software project released under the GPL. EvoCell is all about simulating and evolving cellular automata so I'll start with a semi-formal of what a cellular automaton is: A cellular automaton (CA) is a discrete mathematical model that has been used to explore interesting phenomenons like self organisation, emergence, self replication, artificial life and even evolution. A CA is defined by four parameters. * a grid geometry * a finite number of states * a neighbourhood and * a transition function The grid geometry defines how the cells are aligned. The CAs presented in the talk will have a 2D rectangular grid with a torus topology (when you leave the grid at the right/bottom side you enter it on the left/top side). At each discrete time t each cell is in one of a finite number of states. The state of each cell at time t+1 is a function of the states of the cell and some surrounding cells - the neighbourhood cells - at time t. The function that maps each possible combination of states of the neighbourhood cells to the target state in the next time step is called the transition function or transition rule. From this description it is easy to calculate the number of possible transition functions for CAs with N neighbours and S states. Each of the cells in the neighbourhood can be in one of the S states. So there are S^N different states the neighbourhood can be in. For each of these we can assign one of S possible outcomes. This gives S^(S^N) possible different transition functions. This number gets extremely large as S and N increase. So there is a huge space of possible CAs. EvoCell, the software project I want to introduce in the talk, allows the user to explore this huge space of possible CAs by using genetic algorithms. But why should one want to explore this space? There are a lot of spaces that are huge but nevertheless extremely uninteresting like the space of all possible COBOL programs for example. To show that CAs are worth exploration one only has to look at which interesting rules have already been found by researchers around the world during the last 50 years since John von Neumann proposed the first CA. The most famous CA is probably Conways's game of life (9 cell neigbourhood, 2 states). The rules for game of life are extremely simple but it shows some remarkable properties like gliders, glider guns and even Turing machines. Another interesting CA is Langton's Loop. A loop-like structure in a 5 cell neighbourhood, 9 states CA which self replicates. Eventually it self replicates on and on, filling the entire space with loops that become dysfunctional because of collisions with other loops. A variation of Langton's Loop called the Evoloop solves this problem because it has an additional "death state", which clears the space of dysfunctional loops making space for other loops to replicate into. Due to collisions of the loops during self replication the loop structure sometimes "mutates". Some of the mutated loops are able to replicate faster thus giving rise to evolutionary effects. So the space of possible CAs includes some interesting points and maybe it is a good idea to use software to search for even more interesting gliders and replicators then the ones described. But how do you explore such a huge space? If the space is "smooth" - that means points in space that are close together have similar properties - then evolution could work. CAs have this property. If you change the transition function only a little then the development of the cells in time will not change too much (at least in the beginning). EvoCell allows you to do this: To mutate the transition functions of CAs and to watch how these small changes effect the development of cell patterns. A normal EvoCell session runs like this: 1. You start with a CA with some initial transition rule. This could be some simple predefined rule like every-cell-goes-to-state-zero or a rule saved during a previous EvoCell session. 2. Multiple variations of the original rule are according according to user defined mutation parameters. 3. All mutated CAs and the original CA are initialized with a random or predefined cell pattern so the difference in the transition rules can be seen as differences in the development of the cell patterns. 4. Select the most interesting rules and goto step 2. The EvoCell engine supports arbitrary transition functions, arbitrary neighbourhoods, and arbitrary dimensions, but at this time the display functions have been implemented for 2D only. But the most interesting part is of course playing around with the CAs :) After some time one gets a feeling for what kind of rules produce what kind of structures. How one has to mutate the get the desired effects. For example it is really easy to evolve simple gliders once you found out what kind of transition rules produce them. Because new rules are always mutated versions of old ones all the rules form an evolutionary tree. It's very interesting so go through some evolutionary line of CAs and see how the rules changed in the course of the human directed evolution. You'll see all that in the talk. Philipp Tiefenbacher Background on the Evoloop Homepage of EvoCell Project Real World application of Cellular Automata Wikipedia entry on CAs A short history of (some) self replicating Cellular Automatons 17:00 01:00 Saal 3 learning_js_with_google_maps Hacking Vortrag englisch The web application programming interface (API) that allows to embed google maps in web pages is quite simple, if you speak javascript, yet it employs some of the more sophisticated concepts of the language, such as custom objects and closures. So if you don't speak javascript yet, but want to learn it, using the google maps API gives you a head start. We will walk through the components of the google maps API, emphasizing the javascript language features and their application to the API design as well as discussing the API itself. Issues include: the language itself, event handling, closures, custom objects. (mesch) Steffen Meschkat Google Maps API http://maps.google.com/ Slides 18:00 01:00 Saal 3 atmel_avr_for_dummies Was ist denn nun eigentlich so ein 'Interrupt'? Hacking Vortrag deutsch Mikrocontroller sind heutzutage als Embedded Devices kaum noch wegzudenken. Dieser Workshop soll anhand vom Beispiel fnordlicht[1] zeigen, wie ein Atmel AVR Controller funktioniert und programmiert wird. Nahezu in jeder grösseren Schaltung kommen Mikrocontroller zum Einsatz. Leider ist der Anfang der Lernkurve so steil, dass dies allein viele Menschen abschreckt. Wie programmiere ich einen Controller? Was für eine Schaltung brauche ich? Woher bekomme ich den unterstützten Befehlssatz und wie weiss ich, was in diesem Ding denn nu drin ist? fd0 http://koeln.ccc.de/prozesse/running/fnordlicht 19:00 01:00 Saal 3 wartracking Satellite Tracking, harvesting and security Hacking Vortrag englisch An spiced up introduction into the world of satellite telecommunications. We'll begin at reception setup. Explain theory behind the technical part of satellite telecommunications and finally present the variety of signals flowing down from orbit to the reciever. Several hack-valued topics will be covered. Such as "Be your own satellite broadcaster", fascinating data traffic, "Who else is listening?" and self made recieving/transmitting gear. WarTracking as deducted from WarDriving and Satellite Tracking is a traditional field of interest to the technically talented (aka nerd), though only few master the obstacles on the way to successfull advanced satellite listening. Our journey will begin at the basics. We'll explain terms and definitions of WarTracking to assure an equalized level of understanding for the attending audience. As our Journey proceeds the listeners will learn about satellite-orbit calculation / prediction for non-geosynchronous orbits and the technical requirements for reception of such satellites. We'll also stop by to revisit past noteworthy events such as live-military-war footage on non suspicious commercial TV-transponders. A main part of this Lecture will be the current situation "up there" including information on easy but fascinating catches for the beginning WarTracker. We'll shed a light on the often neglected commercial broadcast satellite transponders carrying fascinating payload. Then audience will be taken one step further: "Ever wanted to be a satellite broadcaster heard around the world? - No Problem!". There are several ways for low budget *active* fun with satellites - some of them even are legal. ;) Rounding up the journey we'll also have a look at the commercial "WarTrackers" and the enormous efforts undertaken by them (Echelon, Satos). Finally we'll try to draw a picture of what the near and not so near future holds for us WarTrackers. Everything concluded by an open Q&A session with much space for in-depth discussions that will continue outside the lecture room. Thomas B. Rücker - dm8tbr Miguel Elias Slides 21:00 01:00 Saal 3 free_software_and_anarchism does this compute? Society Vortrag englisch The mode of production in free software development is often being described as anarchical. Despite this attribution seems not initially intended in any fundamental political sense, this sense starts to transfuse the discussions. This invites to a closer look at the reference: what it is, what it's not and what it could be. And once viewed from general anarchist theory and the anarchist theory of technology, any political relation seems to vanish. But despite this first stance, a demonstrative value can still be obtained as soon as some critical remarks are acknowledged and some developmental frames would be changed. The term „anarchism“ has been used frequently when free software development has been described. It was meant to grasp two main notions of the phenomenon: first, the open, unguided and non-monopolized mode of technological development and second, the seemingly anti-capitalist aspect of its free propagation. Although the term first appeared to be intended largely to discredit free software development – as a part of the usual warmongering –, it soon took a positive connotation as many anarchist hackers embraced it as fitting and as the free software idea proved to be exceedingly more successful and accepted among users. Thus meanwhile, it transgresses its old territory of rhethoric warfare into a mode of identification and a topic on its own, seemingly placing the free software debate onto a more general political ground. But this is not quite legitimate. The use of the term in the debate was largely introduced in its colloquial sense which stems from the public image of anarchy. And that is quite far from what anarchist theory actually is about. Thus the question arises how fitting the term actually is, if free software development is viewed from anarchist theory. To investigate this, one has to accredit two possible points of view. First, free software would have to be judged as a technology from the anarchist theory of technology. This reveals that the revolt happens only within another technology which is not so free and quite ambivalent, namely computers. Second, apart from the resulting technology, free software could be judged as a pure developmental method. But as such, it can soon be demonstrated how it is bracketed by the ideological frameworks of capitalism and authority, thus reproducing and proliferating both. It follows that the use of the term „anarchism“, contrary to the fact that it is now intended more openly in its political notion, is more of a fashion, a linguistic reinvention of capitalism and authority. Free software appears to be just slightly more political than any other chunk of consumer electronics and the culture it proposes is not as free and counter-capitalistic as it is held to be. But this judgement doesn't have to be the end of it. Something politically valuable can still be drawn from the developmental method if it can be stripped of its ideological framings and thus placed on a more genuine anarchical turf. In that case, one can render the core argument against intellectual property conceptions, addressing the case of a highly creative, boosted productivity in free software development, into an argument – attached to a case study – for the developmental potential of an anarchical society in general. With this developmental argument transitively enlarged into an argument for anarchism, the case of free software could receive an outstanding political importance. It could factually prove that leadership and financial interest are not only not essential to production, research or development, but also hindering those, thus hindering the development of human faculties in general. Free Software and Anarchism - does this compute? Sandro Gaycken 22:00 01:00 Saal 3 honeymonkeys Chasing hackers with a bunch of monkeys Hacking Vortrag englisch As part of their ongoing efforts to secure the use of the web for Windows-based systems Microsoft recently launched a new research initiative called Honeymonkeys. This talk will introduce the basic concepts and ideas behind this initiative and will present the speakers' latest research project to gain more knowledge about implementing client-based honeypots. According to Symantec's Internet Security Threat Report VIII (September 2005) attackers these days tend to move away from large-scale attacks towards smaller but precisely focused attacks on client-side targets. Equipped with a certain "exploiting a windows box for fun and profit" mindset and supported by browser bugs, bot networks and all sorts of malicious code, attacks seem to be more and more motivated by a deep desire for money and profit ultimately marking a true shift in the today’s threat landscape. Based on this development and as part of their ongoing efforts to secure the use of the web for Windows-based systems Microsoft recently launched a new research initiative called Honeymonkeys. This talk will introduce the basic concepts and ideas behind this initiative and will compare honeymonkeys to honeypots highlighting both the similarities as well as differences between those two technologies. It will also feature the speakers’ efforts and experiences in implementing, monitoring and analyzing such client-based honeypots with a step-by-step howto for starting your own honeymonkey project. Experiences and catches will be presented in a real environment, so kids please try this at home! Krisztian Piller Sebastian Wolfgarten http://en.wikipedia.org/wiki/Honeymonkey http://research.microsoft.com/honeymonkey/ 23:00 01:00 Saal 3 hexenbesen_und_heiliger_gral Vorläufige und subjektive Gedanken zur inhaltlichen Qualität von Wikipedia-Artikeln Community Vortrag deutsch Einige vorläufige und ausgesprochen subjektive Gedanken zur Artikelqualität in der Wikipedia aus der Sicht eines Geisteswissenschaftlers. Dabei interessiert weniger die Frage nach den sogenannten „Relevanzkriterien”, als vielmehr die Frage danach, inwieweit die Arbeitsweise in und mit der Wikipedia den Ansprüchen an eine wissenschaftliche Arbeitsweise genügt. Ein Anleitung auch für den, der sich fragt, ob man den Informationen eines Wikipedia-Artikels denn überhaupt trauen kann. Die Wikipedia als Nachschlage- und Recherchewerkzeug hat sich inzwischen nicht nur bei den notorischen Nutzern des Internets durchgesetzt, auch im akademischen und schulischen Bereich wird sie gern als Informationsquelle genutzt. Allerdings haben Lehrer, Dozenten und wissenschaftlich Arbeitende Vorbehalte gegenüber der inhaltlichen Qualität der Artikel. Fachleute bemängeln häufig mangelnden oder nicht vorhandenen qualitativ überzeugenden Inhalt; die Urteile gehen dabei von „Unvollständig” über „nur marginale Informationen” bis hin zu „kompletter Blödsinn”. Aber ist das tatsächlich so? Oder haben wir es bei diesen Zeitgenossen nur mit Menschen zu tun, die ihre eigenen überzogenen Ansprüche auf ein Projekt übertragen, das sich noch im Entwicklungs- und Aufbaustadium befindet? Es geht dabei nicht darum die Wikipedia als Enzyklopädie derer zu verteufeln, die von allem ein wenig, aber von nichts so richtig eine Ahnung haben. Es geht vielmehr um die Frage, wie man es schaffen kann, auch als Gelegenheitsschreiber in der Wikipedia auf Dauer die inhaltliche Qualität der Artikel zu sichern und als Fachfremder diese zu beurteilen. Eine wichtige Rolle wird auch die Frage danach spielen, ob und inwieweit die Wikipedia wissenschaftlichen Anforderungen an einen enzyklopädischen Text nachkommen sollte und ob sie das überhaupt kann. Dabei stellt sich auch die Frage danach, was denn das Besondere an der Wikipedia als Enzyklopädie ist und wo ihre inhaltlichen Stärken, aber auch Schwächen gegenüber den herkömmlichen Enzyklopädien liegen. Anhand einiger Beispiel-Artikel aus aus eher unbekannten Themenbereichen der Geisteswissenschaften werden nicht nur die Schwierigkeiten erläutert, die ein Artikel-Ersteller zu bewältigen hat, sondern auch Möglichkeiten gezeigt, wie auch der Fachfremde die inhaltliche Qualität eines Artikels überprüfen kann. Henriette Fiebig 12:00 01:00 Saal 4 the_right_track A new approach to copyright in the digital world Society Vortrag englisch A discussion of the Intellectual Contributions model and the Rights Office system as an alternative for regulating copyright in a digital environment. Imagine that when you next buy a musical recording, a book, a chunk of code, or a film that you know that you own access rights to that work for the rest of your life and there will be a system in place to support these rights. You can anonymously use the content whenever and wherever you like, on the device of your choosing and in the format of you choosing. You can even legally pass on a copy to family and friends. At the same time you can actively support your favourite artists, performers, and creators and their work will always be attributed to them. Wouldn’t most people say this would be the ideal situation? The proposed Rights Office system supports such a scenario. It proposes replacing the copy-based model of Copyright with a rights-based model. A new regime for our digital world that can use the Internet and modern technology to maximum advantage for distributing intellectual content while still recognising and rewarding the author and other players in the production chain. My lecture would briefly introduce Intellectual Contributions as a new model for analyzing the trade in intellectual property and review analogue copyright in the light of this model. I then go on to look at DRM, levies and Creative Commons licences from the point of view of Intellectual Contributions model. Following this introduction I will present the Rights Office system that proposes a distributed, peer to peer, rights management infrastructure that could provide the basis of trading intellectual works in the digital future. I describe the dual persistent identification system that provides the tangible reference that replaces the physical analogue copies as the trading commodity. I then describe how new business models operating in the Rights Office environment can remove the need for expensive DRM technology but still provide a revenue chain for artists and authors and how P2P networks could become the norm for distribution intellectual content. Of course there will still be cheats who won’t play fair but the Rights Office system has the potential to limit the worst case of cheating where someone illegally profits from another’s work. Finally, I would like to have a discussion on the merits of the Rights Office system and get feedback on the possibility of developing the system at the community level as it appears to very difficult to introduce this concept to the established media players. Nicholas Bentley http://www.commonrights.com http://www.omidyar.net/group/intellectual-contributions/ws/ic_rights/ http://www.indicare.org/tiki-read_article.php?articleId=133 http://p2pnet.net/story/6358 13:00 01:00 Saal 4 attacking_ipv6 Hacking Vortrag englisch After a short introduction on the differences of IPv4 to IPv6, the weaknesses in IPv6 will be shown. Highlight of the talk is the presentation of the THC-IPV6 Attack Toolkit, which includes all IPv6 attacks as well as a low level packet library for easy crafting packets. IPv6 is arriving slowly in Europe, but an important topic in Japan and South Korea, as IPv4 addresses are scarce. IPv6 will change the issues of security and hacking by a large degree. This speech will give a short introduction on the protocol differences, then show the vulnerabilities in the protocols and finally present the THC-IPV6 Attack Toolkit which includes the tools for all vulnerabilities shown, as well as a very easy packet crafting library. van Hauser 14:00 01:00 Saal 4 lojban A Hackers' /Spoken/ Language?! Culture Vortrag englisch Lojban is an artificial language for humans. It was designed to be a more powerful means of communication between humans than "legacy" natural languages. Among other attractions, it is based on predicate logic and has an unambiguous grammar. It can be learnt within days. Lojban is an artificial language meant to be spoken by humans. Its distinctive features include a basis in logic (predicate calculus!), regularity (no exceptions), an isomorphic mapping between written and spoken form, and an unambiguous grammar. It was originally developed for research on the Sapir-Whorf hypothesis. This hypothesis states that the structure of one's language constrains one's thinking. Lojban was designed to minimize such constraints. It enables clear, powerful, and unambiguous communication among humans. Its rigorous grammar also makes it a prime candidate for communication with computers. Additionally, Lojban's clear phonetic structure makes it robust over noisy channels. This lecture aims to show that, just as we develop and use new programming languages for additional power, we can develop and use new languages for use among ourselves. It will provide a first glance at Lojban structure and grammar, and pointers to the readily-available learning material. Sven Moritz Hallberg http://www.lojban.org/ 16:00 01:00 Saal 4 lightning_talk_day_3 Nine five minutes talks by various speakers Lightning-Talk englisch There are also loads of reasons for attending the lightning talks (there is a 1-hour block of those each day at 22C3, with 10 talks in a row). It’s entertaining. You get to learn about a lot of different subjects in a short time. And even if one particular speaker is boring: hey, it will be over in just 5 minutes and a new topic will begin. But what is a lightning talk? It’s a 5-minute talk you (for reasons of your own) don’t feel like doing as a full 1-hour presentation. Maybe the topic is too obscure. Maybe the research you want to present is still too much in progress. Maybe you just want to talk about a detail you noticed on the way to the congress. Maybe you have a cool software or hardware hack you need helpers for and just want to drop the name of your project. Maybe you got the idea for doing a talk at the congress itself and the deadline for the call for papers is long gone… There are really loads of reasons why you should do a lightning talk. Just be short and sweet. After 5 minutes, you will be cut off and it’s the next speaker’s turn. fukami Lightning Talks in the Public Wiki 17:00 01:00 Saal 4 esperanto Eine gut strukturierte Sprache für Geeks und die EU Culture Vortrag deutsch Esperanto ist eine leicht erlernbare Sprache, die durch ihre klare Struktur besticht. Sie soll als Zweitsprache weltweite Verständigung ermöglichen. Momentan werden Englisch und dessen Muttersprachler bevorzugt. Bei Esperanto sind alle gleich. Esperanto ist eine leicht erlernbare Kunstsprache, die durch ihre klare Struktur besticht. Als Zweitsprache soll sie die weltweite Verständigung ermöglichen ohne Nationalsprachen zu verdrängen. Im Sprachwirrwarr der EU wäre Esperanto eine gute Lösung, die keine bestimmte Nationalsprache, und damit deren Sprecher, bevorzugt. Technisch orientierte Menschen dürfte das Baukastensystem, mit dem man in Esperanto Wortstämmen neue Bedeutungen geben kann, besonders ansprechen. Auch ideell gibt es zwischen Geeks und Esperantisten eine große Schnittmenge, da beide Gruppen ähnliche Ziele wie ungehinderte Kommunikation und freier Informationsfluss haben. Der Vortrag wird eine Einführung in die Sprache geben (der Schwerpunkt) und im Anschluss erörtern, welche Probleme sich mit ihr lösen lassen. pallas (Corinna Habets) http://www.esperanto.de http://www.2-2.se/de 18:00 01:00 Saal 4 future_challenges Hacking Vortrag englisch In the near future, hackers are facing new challenges that can't easily be compared to the ones in the recent years. Operating systems have been hardened and the task of taking advantage of bugs and flaws is getting more complicated every day. van Hauser Dan Kaminsky 19:00 01:00 Saal 4 hacking_challenge Background information on CIPHER, an international Capture-The-Flag contest Community Vortrag englisch The talk will give a deep view behing the scenes of creating a CTF-hacking challenge. Starting from a short analysis of requirements for such an event, the organizational work to be done, to the main topic: designing the actual contest and choosing the software to be hacked. This years CIPHER event was a larger hacking event for students from international universities. 14 teams gathered from four continents and fourteen countries to hack the other team's server and defend their own. The exercise is about hosting a server that initially runs multiple services, i.e. a webserver, a mail server and customized services. These have typical security vulnerabilities that allow to compromise the server. The goal is to maintain the services up and uncompromised for the duration of the game, scores are also given for exploiting weaknesses and gaining access to other team's servers. The contest was held within a VPN, to authenticate the teams and ensure that the contest will not leak 'surprises' on the remainder of the internet. The services were hosted on VMWare- images, so that the memory layout and starting conditions for each team were controlled and known to all participants. We will give an overview of the services used in the contest, how we build them and demonstrate the tools we used to run the contest. The main goal of the exercise was to teach students how to act in situations of constant pressure and ubiqituous insecurity. The skills to actively participate not only include programming languages but also system administration and knowledge about offensive techniques. Lexi Pimendis http://www-i4.informatik.rwth-aachen.de/~lexi/cipher.php 21:00 01:00 Saal 4 memory_allocator_security Hacking Vortrag englisch This talk will discuss a variety of memory allocators that are available for C and C++ and how they can be exploited. Afterwards I will describe our modification to one of these memory allocators that makes it more resilient to attacks. While stack-based buffer overflows have dominated the vulnerabilities which can cause code injection attacks, heap-based buffer overflows and dangling pointer references to heap memory are also important avenues of attack. In this talk we will describe how attackers can exploit many common memory allocators. We will discuss the memory allocator used in Linux (dlmalloc), the one from FreeBSD (phkmalloc), 2 academic allocators (CSRI, Quickfit) and Boehm's garbage collector. We will then discuss our more secure memory allocator (called dnmalloc) and will also describe several countermeasures that exist that protect against these attacks: Robertson's heap protector, GlibC 2.3.5's integrity checks and Contrapolice, .... This talk will also mark the first public release of dnmalloc which is the more secure memory allocator that I will be talking about. Yves Younan, Wouter Joosen, and Frank Piessens, A Methodology for Designing Countermeasures against Current and Future Code Injection Attacks, Proceedings of the Third IEEE International Information Assurance Workshop 2005 (IWIA2005), College Park, Maryland, U.S.A., March 2005, IEEE, IEEE Press. [http://www.fort-knox.org/younany_countermeasures.pdf] Yves Younan Yves Younan, Wouter Joosen and Frank Piessens and Hans Van den Eynden. Security of Memory Allocators for C and C++. Technical Report CW419, Departement Computerwetenschappen, Katholieke Universiteit Leuven, July 2005. Yves Younan, Wouter Joosen, and Frank Piessens, A Methodology for Designing Countermeasures against Current and Future Code Injection Attack, Proceedings of the Third IEEE International Information Assurance Workshop 2005 (IWIA2005), College Park, Maryland 23:00 01:00 Saal 4 web_of_trust Hacking Vortrag englisch Even with tutorials on the WoT and good trust policies the concept of "trust" can still be hard to grasp. Here we'll look at trust metrics, ways of using current trust systems better, and some non-crypto applications of trust. The web of trust best known for its use in PGP is now used in a number of other applications and is established as a good method for doing non-centralized PKI. But how good is it? How does one define a metric for trusting a trust metric? We have keysigning parties and extensive tutorials on good trust policies, but a lot of people still don't understand the basic concept of "trust," especially when it is superimposed on the world of graph theory. We'll take a look at the web of trust as it is currently used, including statistics on the PGP WoT and what that means in practical terms. And from there on, it's all about trust, including the trust metrics involved (and why they could be a lot better), and current "correct" practices for establishing trust (and why they could be a lot better). To wrap up, we'll look at the possibilities for doing other interesting (but non-cryptographic) applications involving trust. Seth Hardy 12:00 01:00 Saal 1 wsis_review Hacking a Dictatorship Society Vortrag englisch Der zweite World Summit on the Information Society (WSIS) findet im November in Tunis statt. Die beiden beherrschenden Themen Internet Governance und Financing Mechanism sind nicht besonders spannend. Allerdings wird der WSIS2 in Tunesien stattfinden, einem Land mit einer Diktatur, wo Menschenrechte mit Füssen getreten werden und die gesamte ICT-Infrastruktur überwacht und zensiert wird. Zivilgesellschaftliche Vertreter auf der ganzen Welt bereiten sich gerade darauf vor, aus Tunesien live und mit vielen verschiedenen Kommunikationsformen über Menschenrechtsverletzungen in Tunesien zu informieren und Bewusstsein dafür zu schaffen, dass Diplomaten und Regeirungen aus aller Welt über eine gemeinsame Informationsgesellschaft diskutieren, Menschenrechte aber keine grosse Bedeutung haben. Der Vortrag soll einen Rückblick darüber bieten, wie die ICT-Infrastruktur in Tunesien überwacht und zensiert wird, welche Möglichkeiten wir gefunden haben, diese zu umgehen, wie man mit ständiger Beobachtung durch Geheimdienste auf einer UN-Konferenz umgehen kann und wie in Bottum-Prozessen die neuen Chancen von ICT-Technologien genutzt wurden, auf Menschenrechte aufmerksam zu machen. Dazu soll noch ein wenig auf die politischen Entscheidungen eingegangen werden. Robert Guerra Markus Beckedahl Ralf Bendrath UN World Summit on the Information Society World Summit on the Information Society itizens' Summit on the Information Society (CSIS) Flickr - WSIS tag Human Rights Watch - The World Summit on the Information Society Dispatch from Tunis: The Civil Society Summit That Wasn’t Privaterra WSIS Blog 13:00 01:00 Saal 1 quantum_entanglement An introduction Science Vortrag englisch Entanglement is possibly the most intriguing element of quantum theory. This talk gives a gentle introduction to the phenomenon of entanglement and nonlocality. Uses of entanglement in quantum cryptography and quantum computing are also presented. Stephanie Wehner http://en.wikipedia.org/wiki/Quantum_entanglement 14:00 01:00 Saal 1 freenet_new_version A major new version of freenet Hacking Vortrag englisch At Defcon 13, we presented our ideas for creating scalable networks where only trusted friends speak directly to each other. In this talk, we will elaborate on this, discussing further experiments and results, as well as our attempts to build such a network for real. We believe that such networks, because they are covert and difficult to detect, are the only viable future for peer-to-peer communication in a time when it is under attack from all sides. The problem with such "dark" networks, or Darknets, is that peers in general are connected only through sequences of friends knowing friends. In order to create a network that still allows global communication, one must find a way of searching efficiently for such paths between hosts. This is where we have focused our attention: if one can efficiently find such paths, then one can use the known techniques of distributed hashtables to make a working, searchable, network. We have now begun our plan towards actually deploying a version of Freenet based on these principles: a file sharing network where only once trusted friends will know that one is even participating. Since it is to be the next version of Freenet, we also intend for it to offer anonymity and replication to protect against censorship. In this talk, we will further elaborate on the ideas and the issues we are facing. We will discuss further experiments and results, as well as our initial experiences of attempting to create such a network for the real world. As before, we will present both the theoretical aspects of our research, which has its roots in deep mathematical results, and the practical aspects of what we are trying to achieve. Ian Clarke Oskar Sandberg http://freenetproject.org 16:00 02:00 Saal 1 bluetooth_hacking A roundup and live demonstrations of all currently known Bluetooth vulnerabilities. Hacking Vortrag englisch This talk will provide an overview of all currently know Bluetooth exploits, as well as live demonstrations, including Bluebugging, Snarfing, Dumping, PIN cracking and Car Whispering. Since the last trifinite group presentation at 21C3 a lot has happened in the Bluetooth hacking world. New vulnerabilities have come to light, including some that, unlike previous issues, attack the Bluetooth fundamentals themselves, such as pairing and cryptography. In addition to these, other new attacks such as BlueSmack, BlueSnarf++, BlueBump and Car Whisperer have been developed. In the rapidly expanding world of Bluetooth, it seems the opportunities for mischief abound, and this is a target rich environment for the White and Black Hat hacker alike. In this talk we will present live demonstations of tools such as Car Whisperer, which allows an attacker to connect to vehicle car kits and listen in to conversations via the microphone, and/or inject sound into the car speakers... Provide your own useful traffic bulletins! How often have you wanted to reach out and pass your compliments on the excellent manouver the guy in front of you just made? Now you can do all of that and more... In May, 2005 Shaked & Wool published a theoretical attack on the Bluetooth pairing process. In this talk we will show that the theory is a reality, and present the combined techniques of BlueDumping, BlueSpooofing and PIN cracking, leading to the all-new eavesdropping attack dubbed BlueDropping. This is a brand new attack, never seen in public before, and disclosed for the first time at 22C3. Using this technique, it is possible to monitor and record any and all data and/or voice traffic within a Bluetooth piconet. New tools such as BloooverII will also be released. Marcel Holtmann Martin Herfurt Adam Laurie http://trifinite.org/trifinite_group.html http://trifinite.org/trifinite_stuff.html http://www.eng.tau.ac.il/~yash/shaked-wool-mobisys05/ 18:00 01:00 Saal 1 blackberry Teach yourself upper management in 22 days Hacking Vortrag englisch RIM Blackberry devices and servers are hidden behind a curtain of FUD and secrecy. The purpose of this talk is to lift the curtain a little and show what can and could be done. Many security interested people look with suspicion at RIM's Blackberry solution, but all the world's top management loves it. RIM's intention is to keep as much secret about their devices and server products as possible and claim its secure. The Blackberry topic provides many interesting playgrounds, but the little information available makes it a hard and time consuming game. The talk will give an introduction in attack vectors, things already tried that worked or failed as well as things to try at home. FX of Phenoelit 19:00 01:00 Saal 1 security_nightmares Oder: worüber wir nächstes Jahr lachen werden Hacking Vortrag deutsch Security Nightmares - der jährliche Rückblick auf die IT-Sicherheit und der Security-Glaskugelblick fürs nächste Jahr. Security Nightmares betrachtet die Vergangenheit, Gegenwart und Zukunft von Sicherheitsvorfällen in der IT. Wir machen eine Rückschau auf unsere Vorhersagen vom letzten Jahr, unterhalten uns darüber, was sonst noch passiert ist und wagen dann die Vorschau ins nächste Jahr. Ron Frank Rieger 20:00 01:00 Saal 1 closing_event Famous last words Sonstiges englisch Please join us as we look back to what happened and look forward to what's next on our agenda. Tim Pritlove http://www.ccc.de/congress/2005/ 12:00 01:00 Saal 2 urheberrecht Fakten, Mythen, Geschichte(n) und mögliche Zukünfte Society Vortrag deutsch Viel wird erzählt, viel ist auch falsch, anderes wird verschwiegen Jenny-Louise Becker (Autorin des Buches "Sounds Right!" und Julian Finn (Attac, Entropia (CCC Karlsruhe)) führen den Zuhörer auf eine Reise von den Anfängen des Urheberrechtes bis hin zur heutigen Zeit, räumen mit den Mythen auf und bieten Visionen an, wohin es gehen könnte. Natürlich nicht ohne die Gefahren und Abgründe zu erwähnen, die sich auftun oder noch auftun könnten. Nicht selten trifft man in Diskussionsforen und Chats auf eine krude bis gefährliche Ansammlung an Halbwissen zum Thema Urheberrecht. Gesetzgebungen werden vermischt, Begriffe falsch verwendet und falsche Propaganda wird für bare Münze genommen. Zeit aufzuräumen, Begriffe und Entwicklungen zu erklären und einen Ausblick in verschiedene Zukünfte, in positive wie negative Utopien zu wagen, nicht ohne den Sinn für Realität zu verlieren. Jenny-Louise Becker Julian 'hds' Finn 13:00 01:00 Saal 2 fair_code Free/Open Source Software and the Digital Divide Society Vortrag englisch What has software to do with development policy? A lot. Software is not only about code, it is about rights, control, transparency, freedom and power. Poorly educated people with little financial resources, mostly located in the Southern hemisphere, have little chance to have access to information and communication technologies (ICTs) and to the Internet. Since the mid-1990s, the so-called digital divide appeared on the political agenda. By providing access to ICTs, it is hoped to promote economical, political and social development as well. This lecture explains the digital divide and its implications and gives an overview of the different positions within the discourse. There are three different modes of argumentation: the optimists claiming the new ICTs could strengthen the voice of the poor and developing nations and of marginalized groups; sceptics who believe that new technology alone will make little difference; and pessimists who emphasize that digital technologies will further exacerbate the existing North-South divide. So far, the choice of the software model has hardly played a role in digital development policy. Proprietary architectures are the rule. Only in recent time, the nature of code becomes an issue. E.g., the country of Brazil is going pro-Linux. Free/Open Source Software has a lot of advantages for poor and developing nations: it offers access to knowledge and information engineering skills of the most developed countries, it promotes technological independence and it is for free. So how come that GNU/Linux is not being used all over the place? Why is Brazil's approach towards free code something completely new? This lecture explains why software becomes an increasingly important political issue. Meike Richter http://www.fair-code.net/ http://www.pro-linux.de/news/2005/8379.html http://www.wired.com/wired/archive/12.11/linux.html http://www.technologyreview.com/articles/05/02/wo/wo_krotoski021605.asp http://www.firstmonday.org/issues/issue9_8/luyt/index.html 14:00 01:00 Saal 2 access_to_knowledge Copyright, Patents and Politics at the World Intellectual Property Organisation Community Vortrag englisch Your Access to Knowledge is at stake. At the World Intellectual Property Organisation, where international treaties on copyright and patents are decided on, a revolution is taking place. Big rightsholders have been getting their way until now, restricting the free use of ideas. A Treaty on Access to Knowledge is needed to guarantee your rights, and the Free Software Foundation Europe is working on it. Ever get the feeling that your country's copyright regime is getting more restrictive? This may well be due to a UN agency you have probably not heard of: The World Intellectual Property Organisation (WIPO) in Geneva. Here, international treaties on copyright, patents and trademarks are drafted and decided on. Until now, this has usually happened in the interest of big rightsholders (read: the pharma, music and film businesses). These treaties are increasingly restricting your Access to Knowledge, and they are hurting developing countries. But now, in a move that can be called dramatic by UN standards, those countries are making their voices heard. The Group of Friends of Development, led by Brasil, Argentina and India, are demanding a reorientation of WIPO's work. Instead of ever stricter enforcement of copyright and patent treaties, they are calling for more emphasis on flexibilities. Karsten Gerloff https://www.fsfe.org/Members/gerloff/blog/ http://www.germany.fsfeurope.org/projects/wipo/wipo.en.html http://www.wipo.int 16:00 01:00 Saal 2 wifi_long_shots Wireless connections of 20km and more Hacking Vortrag englisch What you need to know to successfully design and build a wifi long shot. RF Calculation. Knowledge about the Fresnel Zone. Polarisation of electromagnetic waves. Tricks to avoid interference. Timeout problems of 802.11abg and how to deal with them. What you need to know to successfully design and build a wifi long shot. RF Calculation. Knowledge about the Fresnel Zone. Polarisation of electromagnetic waves. Tricks to avoid interference. Timeout problems of 802.11abg and how to deal with them. Slightly more comprehensive description: Wifi is a really inexpensive way to build datalinks up to 120 kilometer distance. Such use of Wifi is already relatively widespread in developing countries that lack communication infrastructure. The world wide web is so far not truly for everyone - may 1 billion people use it and about 5 billions don't. It maybe unavailable, too expensive or both. Indeed, Information needs to be free - that also means that there must be cheap ways to share it. So far WiFi is the cheap way to go where no infrastructure exists - although that may change with WiMax in the future. Even if you live in a developed country it is fun or may be necessary to build your own (community) network beyond the range a few hundred meters. During the last months I was designing Wifi-links (long shots) in Bangladesh - mostly used for inexpensive calls with Voice over Internet Protocol since most people are illiterate there. The use of the network for applications beside speech is slowly increasing. If you are interested to build your own metropolitan area network - or even bigger - with inexpensive technology for a few bucks - then this presentation may be interesting. A brief list of the topics: Link calculation - propagation attentuation, transmit power, receiver sensitivity, antenna gain, additional losses, curvation of earth, fresnel zone, polarisation of electromagnetic waves. Recommended hardware - Access Points, WiFi Cards, Antennae a.s.o. Important Do's and Dont's. Propagation delay and 802.11. Tricks to minimize interference. How to do long shots and stay in legal limits if you are scared. (You won't be able to achieve 120 km, though.) Elektra Wagenrad 17:00 01:00 Saal 2 linux_fuer_blinde_und_sehbehinderte Erfahrungen aus der Praxis Hacking Vortrag deutsch In diesem Vortrag wird erläutert, wie Blinde und Sehbehinderte Menschen mit dem Computer generell und speziell mit OpenSource-Lösungen arbeiten. Dabei werden sowohl Hard- als auch Softwarelösungen vorgestellt. In diesem Vortrag wird erläutert, wie Blinde und Sehbehinderte Menschen mit dem Computer generell und speziell mit OpenSource-Lösungen arbeiten. Dabei werden sowohl Hard- als auch Softwarelösungen vorgestellt. Am Anfang des Vortrags wird ein kurzer Überblick gegeben, inwieweit barrierefreie Softwarelösungen unter Unix/Linux verbreitet sind und wie die derzeitige und zukünftige Entwicklung aussieht. Anschließend wird die Arbeitsweise mit verschiedenen Hilfsmitteln erläutert. Dazu zählen bei Sehbehinderten der Einsatz von Vergrößerungssoftware bzw. die Anpassung des Systems u.a. durch Einsatz von großer Schrift und kontrastreichen Farben. Anschließend wird aus der Sicht eines blinden Anwenders der Einsatz von Braillezeilen und Sprachausgabe anhand verschiedener Lösungen unter GNU/Linux gezeigt. Am Ende des Vortrags werden über die Softwarelösungen für Blinde und Sehbehinderte hinaus kurz weitere Accessibility-Lösungen für u.a. Körperbehinderte erwähnt. Sebastian Andres Lars Stetten http://www.linaccess.org 18:00 01:00 Saal 2 advanced_buffer_overflow_methods Cracking the VA-Patch Hacking Vortrag englisch A quick review of the standard buffer overflow exploit structure VA Patch, What it is and what it does to prevent buffer overflows. The Concept of Stack Juggling The RET2RET Method The RET2POP Method The RET2EAX Method The RET2ESP Method The Stack Stethoscope Method VA Patch released in the purpose of raise the bar on buffer overflow exploits. It does a very small thing but it's effect is much bigger. To the moment this patch been integrated to the mainstream Linux kernel tree approximately from 2.6.11rc2 and it's activated by default. It is not optional during Kernel Compile but does have a /proc trigger. Stack Juggling concept. Using assembly that already exists within the code in order to travel inside the stack and find a way back to the shellcode. That's includes RETs / POPs / CALLs and etc. RET2RET Method is designed to refactor the upper frame stack for potential return address. It does by constructing a chain of RET's to bridge the gap and the side effect of NULL byte that exists inside C strings to perform a byte-alignment. RET2POP Method is reassembles to RET2RET only focus on buffer overflow within a function. It also based on chain of RET's only to avoid the impact of the NULL byte-alignment it uses POP followed by RET RET2EAX Method shows that when function is kind enough to return back a string pointer (the buffer) back to the program. it's passed through EAX register and the CRT (C Runtime) includes a CALL to EAX and by that provides the perfect solution. RET2ESP Method shows the double meaning. The output of INT A = 58623 can be abused. To due hex value of the number 58623 is 'FFE4' (JMP %ESP) through offset jump into the MOV instruction it's possible to create a perfect start jump. The Stack Stethoscope Method shows that exploit that's locally attacks a daemon can predict the exact return address. This thanks to the /proc entry of the process that exports the 'stack start address' and by calculating the distance between buffer and the stack start address. Makes it possible for the exploit prior to the attack, to calculate the return address. * I will be showing proof of concepts actual code for each method, that includes 'vuln.c' and 'exploit.c' Izik http://lwn.net/Articles/120966/ http://lwn.net/Articles/121845/ 12:00 01:00 Saal 3 modern_disk_encryption Hacking Vortrag englisch Jacob Appelbaum will discuss different disk encryption systems in their current implementation. This will include technical as well as legal issues. Jacob Appelbaum will discuss different disk encryption systems in their current implementation, the users rights in their given country (ie: the USA, Germany and the UK), issues with the implementations, commentary on the community surrounding each featured implementation, threats posed by legal systems, requirements for users, as well as ideas for working around the letter of the law. Jacob Appelbaum 13:00 01:00 Saal 3 paper_prototyping_workshop Eine Usability-Methode Hacking Workshop deutsch Paper Prototyping ist eine schnelle und effiziente Methode, um User Interfaces ohne Programmieraufwand zu modellieren und mit echten Nutzern zu testen. Benötigt werden nur ein paar Blatt Papier, eine Schere und ein Stift. Paper Prototyping ist eine schnelle und effiziente Methode, um User Interfaces in einem frühen Entwicklungsstadium zu testen. Die einzelnen GUI Elemente werden auf Papier aufgezeichnet, ausgeschnitten und auf einem anderen Papier, das den Computerbildschirm darstellt, wieder angeordnet. Auf diese Weise kann die Anordnung der GUI Elemente schnell und ohne Programmieraufwand modifiziert werden. Ebenso einfach werden Labels umbenannt, Objekte hinzugefügt, entfernt oder gegen alternative Widgets ausgetauscht. Der Vorteil des Paper Prototypings gegenüber eines GUI Builders liegt in der Möglichkeit, die Abfolge ganzer Dialogsequenzen direkt zu variieren. So können konkurrierende Interaktionsdesigns einer Anwendung schon vor der Implementierung auf ihre Gebrauchstauglichkeit getestet werden. Paper Prototyping dient einer Vielzahl an Zwecken. Zu Beginn der Konzeptionsphase kann es im Entwicklerteam zum Brainstorming eingesetzt werden; Ideen werden gesammelt und auf Papier visualisiert. Schritt für Schritt entsteht das Interface, so dass es die Erwartungen und Vorstellungen aller Team Mitglieder vereint. Um die Anwendbarkeit des Interaktionsdesigns zu testen und mögliche Schwachstellen zu identifizieren, werden typische Use Cases durchgespielt. Steht das Interaktionsdesign schließlich, so kann es anhand von Papier Prototypen auf Usability getestet werden. In einem User-Test mit echten Nutzern interagieren diese mit dem Paper Prototypen als sei er ein echter Computer. Dieser wird durch eine andere Person entsprechend der „Eingaben“ der Testperson modifiziert, das heißt Dialoge auf Button-Klick hin geöffnet, Optionen gesetzt oder Texteingaben dargestellt. Wie in einem Usabilitytest mit einer fertigen Software können so mögliche Nutzungsbarrieren identifiziert werden, lange bevor mit der eigentlichen Implementierung begonnen wird. In unserem Workshop werden wir die verschiedenen Methoden des Paper Prototypings erklären und das Usability-Testing in einem Live-Test demonstrieren. Anschließend werden die Teilnehmer in einer praktischen Übung selbständig Prototypen designen und ihre Anwendbarkeit anhand von Use Cases überprüfen. Bitte Papier und Scheren mitbringen (aber keine Sorge - wir werden auch ein bisschen Material mitbringen). Antenne Springborn Ellen Reitmayr http://www.usabilitynet.org/tools/prototyping.htm http://www.uie.com/articles/prototyping_risk/ http://www.openusability.org/ 14:00 01:00 Saal 3 terminator_genes_and_gurt Five Years after the announcement of a quasi moratorium Science Vortrag englisch Terminator Technology prevents plants from producing reproducible seeds, acting as a sort of copy protection technology for plants. In this talk we want to talk about the technological background, explaining the bits of genetic code that can switch reproduction on and off. Also we want to focus on the implication of this technology, the parallels to our struggles as hackers, and the resistance to its introduction. In 2000 the conference of the parties of the convention on biological diversity agreed on a quasi moratorium towards the introduction on terminator technology. Now, as problems within green biotech rise, terminator seeds are being introduced as a "safety mechanism". In fact, this technology is capable of making farmers more dependant of seed-producers, disallowing own reproduction of seeds. This talk will not only explain the genetic coding behind the terminator technology, but also point out the many aspects BRM (or ARM) and DRM, farmers throughout the world, especially in developing countries, and hackers and other civil libertarians have in common and where a joint struggle can bring help both sides. Julian 'hds' Finn Oliver Moldenhauer 16:00 01:00 Saal 3 seccode Why developing Secure Software is like playing Marble Madness Hacking Vortrag englisch This talk will introduce new strategies for dealing with entire bug classes, and removing bug attractors from development environments. Paul Böhm http://kybernet.org/Presentations/seclang.pdf 17:00 01:00 Saal 3 the_realtime_thing What the heck is realtime - and what to do with it Hacking Vortrag englisch An overview on realtime software design, with explanations of commonly used terms and methods. What is the real-time thing - is my PC real-time - for what can I use it? These typical questions will be covered in this lecture. It is a basic introduction in the area of real-time design. The first part of the lecture is about - the introduction: In theory real-time is everything which reacts within a specified time on an external request. Sometimes Real-Time is used to distinguish between the "real" time and the virtual "model" time of a computer system. If this system can interact with the "real" time it is said to be real-time capable. So - every computer is a "real-time" system (as a non reaction on a request would often be called an error) - even the most popular PC operating system (we all know). But, as expected, real-time programming and real-time software is more than just this definition (since this would not give any benefit). Real-Time programming tries to get the maximum reactivity and reliability out of a computer system, because the typical application has to react on certain events reliable within a specified time. e.g. It would not make sense to assign a traffic ordance to a laggard, as he would not react within the needed time resulting (best case) in traffic jams. But maybe this laggard is fast enough to sort (real)-mail. As the previous example shows, real-time depends on the application: commonly it is distinguished between Soft-Real-Time, with un-guaranteed reaction and Hard-Real-Time with a guaranteed reaction. For some applications a normal windowed OS is good enough - for others it isn't. The lecture will give some examples on some typical real-time applications and the used operating system. The second part of the lecture is the practical part: An introduce the basic functions a real-time capable OS has to support (e.g. like semaphores or message boxes) will be given. Typical real-time vocabulary (like blocking or thread) will be covered. And finally within this part a simple real-time application will be shown to illustrate the function of the described elements (which lead to a short RTAI Real-Time linux program). The third part of the lecture will be about pit-falls and design limits. This is again a theoretic part, which shows how excellent real-time design can (and will) fail on certain occasions. Typical pit-falls like the hungry philosopher problems (deadlock), priority inversion, and event storms will be explained together with typical prevention mechanisms. Finally this part will address some promising design methods (like virtualisation and fixed time scheduling). Felix Erkinger Erwin Erkinger http://www.rtai.org/ http://de.wikipedia.org/wiki/Realtime 18:00 01:00 Saal 3 22c3_network Hacking Vortrag englisch An Introduction into the structure and design of the congress network - featuring a description of hardware setup and focusing on the uplink to the internet. Building a high-demand network in less than 72hrs is a job that requires sufficient planning in advance. It starts with organizing hardware that is capable to serve the usage profile of about 2342 power-users and ends in asking providers to contribute in upstream connectivity. This talk will give you an outline of what the NOC people do - beginning month before congress doors open. 22c3 network concept is based on the experiences of the last two congresses and tries to solve some problems that arised on 21c3. So this talk will show you, why network is the way it is. Focus of this talk is wired network from access layer to the backbone and our upstream routers. It intends to give network administrators a brief overview of our approach to meet all requirements. Sebastian Werner Stefan Wahl 12:00 01:00 Saal 4 the_future_of_virtualization The "anyOS" paradigm and its implications through virtualization Hacking Vortrag englisch Modern virtualization technics are changing the point of view used to build software and its infrastructure. Explaining the techniques used in cutting edge virtualization software, this talk gives an introspection how virtualization is solving design issues in heterogenos computing environments. This lecture will give a basic introduction in the area of virtualization techniques, covering partitioning kernels, para- and full virtualization, hybrid technics, its design and implications, using opensource software like xen, qemu, linux-vserver and others. Starting with an explanation of commonly used terms, the lecture is going to cover the design of current state of the art virtualization software. Finally it explains the benefits of virtualization technics in modern software and system developement, and why virtualization is going to change software development radically. Felix Erkinger http://en.wikipedia.org/wiki/Virtualization http://www.cl.cam.ac.uk/Research/SRG/netos/xen/ 13:00 02:00 Saal 4 nerds_kochen Culture Vortrag deutsch Im Sinne einer humorvollen Kochshow mit parallel getatekten Tips zu Einkauf, Zubereitung und Hardware zeigen wir, dass selbst gekocht nicht mehr Aufwand ist, als in der Mikrowelle aufgewärmt. Die Show gibt Ideen und Rezepte zu: *) Dinner for Two *) Essen für Freunde *) Schnelles für 0 bis 24 Uhr *) Einkauf/Markt *) Hardware "Asia Tricolore" ist ein asiatisches Gericht, das zwischen den ersten beiden Themen anzusiedeln ist und besteht aus: Paprika (grün, rot, gelb), Zwiebeln Sojasprossen, Erbsenschoten, Reis, Sojasouce, Gewürzen und Hühnerfiltet. Diese Speise läßt sich in ca. 45 bis 50 Minuten bei etwas Vorbereitung live zubereiten und nebenbei bleibt noch Zeit für Erklärungen und den Hinweis auf andere Gerichte. Die Zubereitung werden wir für den Abstract noch genauer ausführen und außerdem wollen wir ja noch daran etwas optimieren. Hans Knöll Christian Jeitler 16:00 01:00 Saal 4 lightning_talk_day_4 Nine five minutes talks by various speakers Lightning-Talk englisch There are also loads of reasons for attending the lightning talks (there is a 1-hour block of those each day at 22C3, with 10 talks in a row). It’s entertaining. You get to learn about a lot of different subjects in a short time. And even if one particular speaker is boring: hey, it will be over in just 5 minutes and a new topic will begin. But what is a lightning talk? It’s a 5-minute talk you (for reasons of your own) don’t feel like doing as a full 1-hour presentation. Maybe the topic is too obscure. Maybe the research you want to present is still too much in progress. Maybe you just want to talk about a detail you noticed on the way to the congress. Maybe you have a cool software or hardware hack you need helpers for and just want to drop the name of your project. Maybe you got the idea for doing a talk at the congress itself and the deadline for the call for papers is long gone… There are really loads of reasons why you should do a lightning talk. Just be short and sweet. After 5 minutes, you will be cut off and it’s the next speaker’s turn. prometoys Lightning Talks in the Public Wiki 17:00 01:00 Saal 4 the_very_early_computer_game_history How the games have become the first digital mass product Culture Vortrag englisch Andreas Lange will show the very early computer games before they became a commercial product. If you ever want to know, what was really the first game this session will be the right one for you. Andreas Lange will present the hidden history of early computer games - a story that is only now beginning to be told. While mainstream history usually starts with the space shooter Computer Space, which was programmed at M.I.T. in 1962, the rich games history began much earlier. It is surprising to discover just how strong the contemporary aspects of commerce, science and entertainment were way back then. Want to know what the first game was really like? This is the session for you. Andreas Lange 18:00 01:00 Saal 4 wargames_hacker_spielen Männliche Identitätskonstruktion und spielerische Herangehensweisen an Computer Society Vortrag deutsch In diesem Vortrag unternehme ich den Versuch, einige Aspekte der Konstruktion von Geschlechteridentitäten anhand der Figur des Hackers zu beleuchten. Der Hacker als Identitätskonstruktion interessiert mich in Bezug auf den technikzentrierten Kontext, in dem er spielerisch agiert. Hacker bzw. Vorgehensweisen die man als Hacken bezeichnen kann, gab es bereits wesentlich früher, doch erst in den beginnenden 80ern werden sie zum medial verwerteten Thema. Dem Film Wargames von John Badham kommt in diesem Setting eine wichtige Rolle der Popularisierung der Techniken und sozialen Werte „des Hackers“ zu. Hier werden geballt alle Stereotypen abgefeiert, die sich mit dem Bild vom Hacker in Verbindung bringen lassen: Sie sind auf der „guten Seite“, wenngleich auch ein bisschen illegal und gefährlich. Sie sind Männer, und als solche technikbegeistert und gleichzeitig jenseits dieser Welt und mittendrin. Sie spielen gern und Hacken ist Teil dieses Spiels. Sie haben manchmal sogar Freundinnen usw. usf. Mit dem Abstand von 20 Jahren wird die Konstruiertheit dieser Identitätenzuschreibung klar, aber in seiner Zeit konnte der Film eine nicht zu unterschätzende Wirkmacht entfalten, die die Computerjugendkulturen der Gamer und Hacker nachhaltig geprägt hat. Francis Hunger Vortrag in deutsch Vortrag in englisch Wargames bei der IMDB