============== Page 1/1 ============== Table of Contents Welcome 3 Volunteering 12 Security and First Aid 4 A/V 12 In case of an emergency 4 Bar 12 Safety regulations 4 Cashier 12 Campsite rules 5 Catering 12 Heat and sun 5 First aid 12 The long arm 5 Logistics 13 Drugs 5 Network 13 Access control 6 Power 13 Nature and Surroundings 7 Press 13 7 Rehash 13 8 Security 13 Take a hike.. Facilities 2 InfoHelpDesk 8 Map Speakerdesk 8 Program Day 1 14 - 15 16 Food and drinks 8 Program Day 2 17 Banking 8 Program Day 3 18 External food supplies 9 Program Day 4 19 Garbage 9 Workshops 20 Biological waste 9 Villages and Other POI 21 Random Infrastructure 10 The HARdware tent 21 Power 10 Family village 21 Network 10 (un)limited design contest 22 Telephony 11 Shout It Out! 23 HARfm 11 When You Leave 24 Thanks To 25 Immortals 26 Sponsors 27 Welcome Welcome to Hacking at Random! Glad you could make it! Please take some time to go through this booklet, it contains important information about all sorts of practical matters. We hope you enjoy HAR2009 as much as we did preparing for it. We have set up camp at ‘De Paasheuvel’, a former socialist youth camp. The name roughly translates as ‘Easter hill’, so named by the villagers because on this hill the traditional ­annual fires used to be lit on Easter. On that same spot, the ‘Arbeiders Jeugd Centrale’ (the ‘workers youth organization’) built the first of what would become a series of buildings that now have monumental status. One of those buildings, the ‘Zonnehal’, built in 1938 in times of unemployment, is our biggest lecture hall (dubbed ‘Monty Hall’). De Paasheuvel is ­symbolic for the liberation of workers, who did not even know what the word ‘vacation’ meant. Nowadays De Paasheuvel is a public camping ground, but history has not been forgotten. For example, De Paasheuvel participates in special programs for low-income families on welfare, who can not afford to go on holiday. This booklet contains the most important information, but does not have the ambition to be an all-knowing guide (note that the words “Don’t panic” are absent on the cover). Lots of details are available on the wiki, https://wiki.har2009.org/ and at the InfoHelpDesk. 3 Security and First Aid In case of an emergency Don’t panic! Seriously. If you cut yourself, but blood is not gushing out, you probably do not have an emergency on hand. However, when someone is seriously hurt or ill, there is a fire, a potentially dangerous situation arises or you witness plundering, fighting, rioting or looting, you should call the Security and First Aid team immediately. In case of an emergency, stay calm, mind your own safety and contact the Security and First Aid team. This team is available by: • DECT number 112; • External number +31 85 536 1122; • If all else fails, run to the Security and First Aid command post on field J. Please state your name, what happened, where it happened and possibly the nature of the assistance required. The command post will dispatch help immediately, and notify ­official emergency services if required. Note: always inform the Security and First Aid Team, even if you have informed ­external emergency services. The Security and First Aid team can be found on field ‘J’. First-aid is manned 24 hours a day by trained personnel and has basic medical supplies to take care of common issues, including an AED (Automatic Electronic Defibrillator) to handle a sudden cardiac arrest. The command post on field J is also manned 24 hours a day, coordinating emergency ­responses. Less urgent requests should be made by calling the command post on DECT number 1200 or sending an email to security@har2009.org. Safety regulations When you leave the safe surroundings of your normal dwelling and venture into the woods, where a bunch of crazy geeks have set up power generators and powerful equipment, you might forget that life can be dangerous. To anticipate those dangers, here are some things to keep in mind: • After prolonged periods of drought, the surrounding nature will dry out and make for excellent fuel. To prevent the entire area from going up in flames be careful with fire: • No open fire is allowed on the terrain; • Extinguish spent cigarettes properly (water is the surest way to make sure no spark is left); • Also, prevent melting of power cables by exceeding their maximum load (ie. do not ­cascade power bars indefinitely); • There are fire lanes on almost all fields, it is important to keep them free of tents and other objects; The fire lanes are marked with tape; • If you have symptoms of influenza (a fever, cough, sore throat, runny or stuffy nose, body aches, headache, chills, fatigue), we urge you to consult our First Aid team on field ‘J’, we do not want to be the event remembered for a pandemic outbreak; • It might sound silly, but be aware of ticks. Those little buggers spread many diseases and are commonly found during hot days in environments like our campsite. Check your body once in a while, and when you find a tick attached to it, remove it or visit First Aid. 4 Campsite rules • No smoking in lecture tents, buildings or other public tents (including the bar and the lounge); • No open fire; this includes coal barbecues, cooking on gas powered equipment is ­allowed; • Cars are not allowed on the camp site; • The unauthorized use of photographic and recording equipment is prohibited, not ­everyone wants their face on flickr; • Please keep quiet on the silent field (The Birthday Tent); • Please keep the overall noise level down after 23:00 CET; • Unfortunately, pets are not welcome on HAR2009. Heat and sun At the time of this writing the temperature is around 30 degrees Celsius, promising a hot summer. Especially when the sun is blazing, the heat may get the better of you. It is important to drink fluids that replenish the liquid content of the sack of bones and water that is also known as the human body. Drinking a lot of alcohol in the sun is not advisable (how ever much fun it may be). Taking in salty substances (such as soup) helps your body to retain water. Try to stay in the shade, do not forget to use your sunblock. If you feel dizzy or about to faint, visit First Aid! Oh, and in case it is raining when you read this, take care not to drown. The long arm You might expect that, at a hacker get-together, a lot of hacking may go on. Looking at what is being planned, that expectation is not unfounded. However, always remember that not everyone thinks hacking is a good thing. Some even believe we are just a bunch of criminals that are out for their credit card numbers, and are eagerly waiting for the first complaints from the outside world to push the proverbial big red button that instantly disconnects the entire camping grounds. Whatever you do, keep it legal! On HAR2009 Dutch law applies without exception. Specifically, gaining access to a system without proper authorization from the owner may get you in jail. If you intend to gain unauthorized access to any network or system outside of the camping network, delay those plans until you get home. Even though you may think no-one will know it was you, rest assured that there are some very smart people around. And if the law does not scare you, remember that even a stampeding herd of wild buffalo’s is nothing compared to a mob of thousands of hackers who just learned that you are responsible for their loss of connectivity. Drugs In The Netherlands, we have a relatively relaxed way of dealing with certain drugs: caffeine and alcohol are legal, cannabis is semi-legal (the official word is ‘gedogen’ or ‘tolerate’). Hard drugs such as speed, amphetamine, XTC, opium, GHB, cocaine and LSD are as illegal over here as in any other country (with maybe the exception of the United States, where it is especially illegal). 5 The official unofficial rules regarding cannabis state that a single person may carry as much as 3 grams on his or her person (the possession of five live plants is accepted as well). The consumption of cannabis in public is discouraged, especially around schools. Weed is available from ‘coffee shops’, which sometimes also sell coffee. They usually have more than 3 grams in store, and will happily sell you as much as you are willing to buy. In addition, medicinal cannabis is sold in certain pharmacies, but only on a doctors ­prescription. People rarely get arrested for the consumption or possession of soft-drugs, unless they are especially ostentatious about it. After years of growing and splicing Dutch cannabis, some species have very high levels of tetrahydrocannabinol, so try a small amount first to see how it compares to what you are used to. Hard drugs are illegal, and the police will enforce if they are confronted with it. Just so you know. Access control HAR2009 is much like an open asylum: there are no gates preventing us from getting out. The reverse holds as well: the same lack of gates makes it easy for others to wander onto the event terrain. 99% of those others are probably curious passers-by meaning no harm, but there will always be people aiming to make a quick buck. And with all those laptops and other equipment lying around, a quick buck is easily made. To bring some order into the chaos, all regular visitors will get a wristband at the entrance tent (deep blue for visitors/volunteers, bright blue for core volunteers and yellow for speakers). The security team will have volunteers walking around to check if everyone is indeed wearing a wristband. If your clothing obscures the wristband, they might ask you to show that you do have one on you. Please cooperate with these people, after all they are just volunteers trying to make sure everyone has a good time, our possessions are safe and everyone shares in the financial burden. They are not regulation-fetishists seeking compensation for the size of certain parts of their body. The security people will kindly ask those without a wristband to walk up to the entrance tent, and obtain one. If you see people without a wristband, remind them that everyone should be wearing one, and refer them to the entrance tent. 6 Nature and Surroundings Vierhouten is situated in the lush green Veluwe, at about 10 meters above sea-level. Going just a bit to the north-east, you end up 2 to 8 meters below sea-level! In fact, about half of The Netherlands is below sea-level. This far inland, however, the landscape is significantly different. Woodlands pepper the surroundings, interrupted by vast stretches of heathland. This precious landscape, the ­biggest of its kind in The Netherlands, is also very vulnerable. When fire breaks out, the flames may go underground and smoulder for over hundreds of square miles, lighting new fires along the way. Other dangers lurk, so please be careful with this natural heritage. Vierhouten is a relatively small village, renowned for its culinary industry. At approximately 750 residents, do not expect much in the way of facilities though. A somewhat larger (slightly less than 27.000 residents) village is Nunspeet, which is a 10-15 minute drive from Hacking at Random (or a 1:30 hour walk). There are two larger cities, Zwolle and Apeldoorn, at about 30 minutes driving from Vierhouten. Zwolle is connected by the A28 highway. Apeldoorn is somewhat more complicated to find, your best bet is to head east and find the A50, then head south which leads you into Apeldoorn. Take a hike.. ..along one of the walking routes starting in Vierhouten: • Elspeetsche Heideroute (blue poles), 17 km, a route carrying you over the spectacular heathlands between Vierhouten and Elspeet; • Bergeltroute (orange poles), 4 km, through the woods of Vierhouten; • Knapzakroute dagtocht (green/white poles), 22 km, from Vierhouten to Nunspeet; • Nieuw-Soerelroute (yellow poles), 5 km, through the Northern Woods; • Bos-in-Beeldroute (red poles), 1,5 km, langs Stakenbergerweg This is just a sampling of the beautiful routes you can follow when you have totally had it with technology and people. More information is available from the tourist office, online at www.vvvvierhouten.nl. 7 Facilities InfoHelpDesk Cannot find it in this booklet or having trouble finding it on the wiki? Do you have problems with the network? Or perhaps, you have a random question and you do not know where to ask it? Upload yourself to the nearest post-singularity router and send your packet-self to the InfoHelpDesk in the tent near Monty Hall. Here you will get answers to all your questions, by day and by night. It will not be 42 all the time, promised! Unless of course it is (it might be, you know?). The InfoHelpDesk is also available by phone on +31 577 2009 42, or on DECT number 1111. And last but not least, if you did manage to get your network interface up and your traffic routed, you can send a message to infohelpdesk@har2009.org. Speakerdesk Speakers are kindly requested to report to the speakerdesk as soon as they have arrived and recovered from their journey. The speakerdesk can be found in the small tent right next to Monty Hall. They will be able to tell you when you are due to appear, on which stage and how to get there. They will also be able to tell you everything about getting hooked up to the presentation system with your laptop. The speakerdesk can be reached on phone number +31 577 2009 46, or DECT number 1300. Food and drinks Food and drinks are served at the catering area right next to Monty Hall. The breakfast ­buffet (which doubles as the lunch buffet) starts at or around 09:00 CET, and closes at around 14:00 CET. Dinner is served between 18:00 CET and 21:00 CET. Various other snacks and ­delicacies are available from stalls near the main catering area, including full vegetarian meals. Drinks are served at two locations: the bar on field K and the lounge tent on location L. Both are stocked with soda, beer, club mate and various other beverages that may or may not have notable influence on your eloquence, alertness and ability to operate heavy machinery. A third source of replenishments is the Indian coffee house (formerly known as The Sl@ckers S@lon), adjacent to the Bike Shed workshop rooms. The coffee house offers hot and cold Indian coffee, light Indian snacks, chai (tea) and a technology-free environment. A haven of peace amidst the hustle and bustle of HAR2009. Obtaining food and liquor involves exchange of special tokens (HAR money). You can ­exchange your euros into HAR money at the coin cashier, right next to the InfoHelpDesk. It will also be possible to use your ATM card for obtaining coins, but only if it is a Dutch card or a foreign card that has the Maestro logo. In addition, during night hours a vending machine in the bar itself will exchange euros for HAR money. It is not possible to exchange coins back into real-world currency. Banking In Vierhouten, one used to be able to find an ATM. However, a vulnerability alert has gone out regarding the specific type of ATM recently, it turns out these machines can be injected with explosive gas which is then subsequently detonated to coerce the machine to reveal its contents without actually inserting your card. Chances are this ATM has thus been placed out of order when you are reading this text. You might be able to use the ATM services at the local supermarket though. 8 Nunspeet, which is a somewhat larger village not too far away, has several ATM’s. For an overview you can consult http://www.ilocal.nl/rubriek/pinautomaten/nunspeet. Most supermarkets also have ATM facilities, sometimes there is an ATM right inside the store, usually you can pay your groceries with your bank card and ask for an extra amount. Normal Dutch ATM’s will accept Visa or Mastercard for withdrawals (check with your credit card company about any overseas fees though, they can be extraordinarily high). If your banking requirements are a bit more involved (eg. exchanging dollars for euro’s), you probably need to visit a bank. The nearest bank that does currency exchange is in Zwolle: GWK Zwolle, Stationsplein 16, 8011 CW Zwolle. The GWK is open for business on Monday to Friday from 09:00 CET - 19:00 CET, and on saturdays from 09:00 CET - 17:00 CET. External food supplies There is a small supermarket in Vierhouten, ‘Spar Mulder’ (http://www.sparmulder.nl/). On weekdays, they open at 08:15 CET and close at 18:00 CET, with a lunch break between 12:30 CET and 13:30 CET. In the weekend, it closes at 17:00 CET. If what you are ­looking for is not there, you might want to go into Nunspeet. It has a small department store (HEMA), the address is Dorpsstraat 57. There are also a number of supermarkets such as Aldi and Lidl for the small budget, or Albert Heijn and Super de Boer for the more luxurious purse. If Nunspeet does not offer what you are looking for, you might need to head into Apeldoorn or Zwolle, both cities are about 30 minutes driving from Vierhouten. Garbage Scattered around the terrain are mini-containers, these will happily accept your garbage. Please use bags to aggregate garbage locally before dumping it into the containers, the volunteers that handle the containers will be eternally grateful! Empty garbage bags are available from the InfoHelpDesk free of charge. Also, do not under any circumstances drop chemicals, batteries, nuclear waste or anything else that might seriously damage the environment in the bins. If you have to dispose of such things, please take them home with you. The containers will be emptied at regular intervals. However, if you notice that one of the bins can not accept more garbage try and contact logistics (DECT no. 1040). To prevent such a situation from occurring, consider application of a convenient contemporary garbage compression algorithm. Biological waste Toilet buildings are omni-present. In addition, most of the permanent structures in use have toilets. The toilet buildings are combined with private shower cabins that provide hot running water. The toilets and showers are available 24 hours a day. All such facilities will be uni-sex (except where shared with already bewildered regular camping guests). 9 Random Infrastructure Power From several generators electricity flows to the fields where you can plug in to the distribution boxes. This year, we have opted for classy black boxes instead of the mushrooms you might remember from previous events. There are two types of distribution boxes, some have 6 sockets, others have 9. The sockets accept the standard north European plugs, ­better known as Schuko or CEE 7/4. If possible, please see about sharing a socket with your neighbors. Be careful with hooking up heavy loads to the power grid. Electric stoves and coffee ­ achines might trip the fuse and cut you and your neighbors off. If you have special needs m please do not improvise, but ask the power team to come over and improvise together. When there is rain (or a chance there-of), be extra careful to keep all electrical connections dry. Electricity and water do not mix very well, and may result in very dangerous situations when combined. Network Once you are sure you can sleep in relatively dry conditions (eg. put up your tent) you may think of the second necessity in life... Internet. A wireless network is available throughout the camp. If you are unable to reach this network, stay calm, there is always a “datenklo” nearby. A “datenklo” is our highly portable, upscale hosting facility... or an empty ­porta-potty. Go scout for it and roll out your UTP cable, if it is long enough. If not, you can go to the InfoHelpDesk and they will help you out. Place your cable in front of the datenklo, the NOC people will walk by regularly to hook up loose cables. As soon as you are connected, the DHCP server should provide you with a fresh IP ­address. Of course, if you have a stable personality or are just afraid of change, there will be rfc 2322 compliant Peg-DHCP available at the InfoHelpDesk as well. However, while the pegs themselves are portable, the addresses are only valid on the switch you request. So bring a copy of the information printed on your datenklo/switch. While the wired network is easy to grok, the wireless requires a few brain cells. 802.11a and 802.11g will be flying around at HAR. The SSIDs are named after their locations, e.g. “har-catering” for the catering area. To gain the best possible connectivity, pick an SSID with the strongest signal or one that matches your location. With wireless, your signal is everybody else’s noise - and vice versa. Thus, if you intend to beat the heck out of our network, please get a cable. Make sure to check the wiki for news or updates and ask the InfoHelpDesk in case of trouble. Have fun, enjoy the weather, and respect the environment! And by environment we do not just mean the flowers and the trees around the campsite, but also our infrastructure, the equipment your fellow visitors and volunteers have brought, and the Internet as a whole. So do not run your own DHCP server or wireless access point. Make sure to keep the ­network loop-free and respect all applicable laws regarding computer crime and privacy. Hacking is not wrecking, be neighborly! 10 Telephony To activate your DECT hand-set for use in the Hacking at Random telephony network, head over to the POC tent on the central area near the lounge. Once activated, your hand-set is good for dialing other activated hand-sets on the network, as well as making outgoing calls to The Netherlands and Germany for free. Your assigned number is available from the outside world as well. The prefix codes are +31 85 536xxxx for The Netherlands and +49 461 5056623xxxx for Germany (replace xxxx with the number you requested). SIP and IAX are available too. On the wireless network, a special SSID is available for your SIP-capable mobile phone: ‘har-voip’. HARfm If you do not feel like it, you do not need to leave your tent; all the info will be right at your fingertips by tuning your radio to 106.8FM. With interviews, tech tips, news and presentations during the day and music during the night HARfm will be our own station. If you bring your laptop you can simply surf to our online stream. The talk radio shows will be available as a podcast after the event. Of course it’s not about listening alone. If you want to help with tech, dj, talk on radio, as editorial staff, newsreader or conduct interviews the lake is your place to be. The HARfm studio is the fun place to be and we are always happy with more volunteers. If you want to be a DJ for an hour just let us know and we will set you up. Feeling lazy? Just phone in on Skype by adding HARFM as your buddy. 11 Volunteering If you have been to a hacker camp before, you already know: this is a community-driven event. This brings some perks: it means every visitor has a unique chance to look ‘behind the scenes’ and see how an event hosting thousands of people from all over the world is organized. We encourage you to check what teams appeal to your interests. You do not have to go all over-board and pinch in 8 hours a day for 4 days; even if you can spare only 4 hours during the entire event there is most likely a task with your name on it! Volunteering at an event like this is lots of fun and educational too! You would not be the first to discover new talents that you never suspected you had. To give some examples of tasks where help is welcome: building tents (although most tents are probably already up when you read this), operating camera equipment to record lectures for posterity, setting up chairs in the lecture tent, being an entrance desk operator, cleaning a toilet block, serving intoxicating alcoholic substances at the bar, selling coins, coordinating a team and more. You can contact the central volunteer switchboard through DECT number 1024, or by moving your physical manifestation to volunteer central on field J. They will always have an up-todate overview of where help is needed, and can make a match between your abilities and current needs. The teams that probably still need some help (details can be found on the wiki): A/V These are the people you never see, unless things go wrong. They make sure the speakers can be heard, even in the back of the tent, and the slides can be seen. If you have some experience operating a mixer, this team could use your help. Bar Restocking the bar, serving out drinks, brewing coffee. These are just some of the tasks the bar team handles. No prior experience is required, only your enthusiasm. Cashier To process the constant flow of visitors arriving at the entrance requires a lot of volunteers. Helping out at the entrance tent is a lot of fun, but a responsible task. If you feel up to it, join, join, join! Catering Breakfast, lunch and dinner do not serve themselves. If satisfying hungry people is something for you, this team probably has an open position just for you. First aid With a basic supply of medical articles (such as bandages and disinfectant), this team will address any medical issues you have. Serious medical incidents will be off-loaded to the local emergency services of course, but if you have some kind of first-aid certification ­(equivalent to the Dutch EHBO or BHV) this team can sure use your help. 12 Logistics Moving things and people, that is the core business of the logistics team. From a central ­location, this team distributes goods around the terrain. The shuttles from the train station and the parking field also need drivers. So, if you like to cruise through the woodlands: logistics wants you! Network Surprisingly, one of the more popular teams and usually not short of hands. You can always try, but the other teams probably need you harder! Power Almost as essential as water and bread: a clean source of mains power. Most of the work is in building up the power grid; cables will have to be rolled out according to a detailed plan. Press The press team not only handles external inquiries from journalists, but also pro-actively communicates to visitors as well as the outside world. Together with HARFM this team keeps everyone informed. If you have a knack for writing, photography or a nose for news, see if you can help this team out. Rehash With camera’s in all main tents, this team makes sure the lectures and presentations are archived for posterity. In addition, live streams allow people to catch the lectures as they ­happen. This team always needs volunteers to operate the camera equipment. Security Making sure things run smooth and safe, that is what the security team is for. If your strongest weapon is psychology rather than your fists, you might have what it takes to join this team. 13 14 15 Program Day 1, Thursday 13th of August Time Monty Hall 11.00 12.00 Opening ceremony By Koen Martens The Birthday Tent Two Envelopes Tent 12.00 13.00 Wikileaks By Julian Assange and Daniel Schmitt 13.00 14.00 The Future of Science By Michael Nielsen Capture the flag By Hans-Christian Espere & mc.fly (Un)limited design By Adrian Bowyer, Neil Gershenfeld & Ronen Kadushin 14.00 15.00 Anonymous Vs. Scientology By Henk de Vries Policy hacking By Arjen Kamphuis Protheses for $50 instead of $250.000 By Peter Troxler 15.00 16.00 Electrical enginering with free/libre open source software By Jelle de Jong Flipping the Phishing Con Game - Design and Implementation of FishPhucker By Dominik Birk Eyeborg project By Kosta Grammatis 16.00 17.00 Teh Internetz are pwned By Scott McIntyre Beautifulism & [de]light By Juliane Pilste & Stephan ‘ST’ Kambor The Embedded JTAG interface HOWTO By Gerrit van der Bij 17.00 18.00 Rootkits are awesome By Mike Kemp Design and Build a 2 MeV Cyclotron By Leslie Dewan Programming the cloud By Geerd-Dietger Hoffman 20.00 21.00 Search engines and censorship By Joris van Hoboken Hacking with Plants By Rick van Rein Countering behavior based malware analysis By Nomenumbra 21.00 22.00 The Complex Ethics of Piracy By Peter Eckersley Advanced MySQL Exploitation By Muhaimin Dzulfakar The ZeuS evolution By Clemens Kurtenbach 22.00 23.00 The Censoring Mob By Annelee Newitz Securing networks from an ISP perspective By Bradley Freeman Runtime Kernel Patching on Mac OS X By Bosse Eriksson 18.00 20.00 16 Program Day 2, Friday 14th of August Time Monty Hall The Birthday Tent Two Envelopes Tent 11.00 12.00 View from the orbit By Tomasz Rybak The IBM AS/400 By tvl 12.00 13.00 A hackers guide to surviving in the corporate world By Peter van Eijk Lightning talks Friday 7 short lectures in 2 hours See website for more ­information 13.00 14.00 Classic Mistakes By Roel Analog circuit design By Rüdiger Ranft All Your Packets Are Belong to Us By Daniel Mende 14.00 15.00 Hacking Mona Lisa By Robert Casties Developing embedded devices using opensource tools: application to handheld game consoles By jmfriedt DNS Security In The Broadest Sense By bert hubert 15.00 16.00 Side channel analysis and fault injection By Jasper van Woudenberg Native IPv6 deployment at XS4ALL By Marco Hogewoning Government and trust By Arnout Ponsioen 16.00 17.00 Relaunch Bits of Freedom By Ot van Daalen First woman on native IPv6, and other tales By BECHA TEMPEST for the casual election hacker By Andreas Bogk 17.00 18.00 Panel discussion with Brein, MPAA and HAR The dangers (and merits) of carrier grade nat By Marco Hogewoning WebAppInSec : 101 threats By Jacco van Tuijl Java Card By Eduard Karel de Jong 18.00 19.00 19.00 20.00 Hacking the iPhone (part 3.0) By the iPhone DevTeam 20.00 21.00 Eavesdropping on quantum cryptosystem by exploiting its detector vulnerability By Vadim Makarov When nerds dream big By Tijmen Schep Undisclosed Topic By Dan Kaminsky 21.00 22.00 Futureshock, don’t panic! By Arjen Kamphuis Why Tor is slow By Roger Dingledine Identity processes By Winfried Tilanus 22:00 23:00 The Super Awesome Cartoon Quizz 2009 By Elger ‘Stitch’ Jonker Privacy & Stylometry: Practical Attacks Against Authorship Attribution Techniques By Mike Brennan Stoned Bootkit By Peter Kleissner 17 Program Day 3, Saturday 15th of August Time Monty Hall The Birthday Tent Two Envelopes Tent 11.00 12.00 HackerTalks By Esther Schneeweisz Exploiting Native Client By Ben Hawkes 12.00 13.00 Breaking Hitag2 By Henryk Plötz, Karsten Nohl Lightning talks Saturday 7 short lectures in 2 hours See website for more information 13.00 14.00 How we break into domains By Niels Teusink Foundry CAM hacking By Vincent Bourgonjen Side channel analysis on embedded systems By Job de Haas 14.00 15.00 Cracking Internet By Rick van Rein Disclosure of a backdoor in Accton based switches (3com and others) By psy How to use quantum crypto­ graphy for secure identification By Stephanie Wehner 15.00 16.00 OpenBSC By Harald Welte WokTheWob: FOIA for open source By Brenno de Winter Anti-Counterfeiting Trade Agreement By Ante Wessels 16.00 17.00 Airprobe By Andreas Bogk The power of decentralization By James “Mycurial” Arlen, Tiffany Strauchs Rad Statistics and the Law By Peter Grünwald 17.00 18.00 Cracking A5 GSM encryption Your mind: Legal Status Rights and Securing Yourself By James”Myrcurial” Arlen, Tiffany Strauchs Rad Life or Death Cryptology: it is not about the encryption algorithm By Paul Bakker 18.00 19.00 Becoming government 2.0 By Davied van Berlo PGP and CAcert key signing party 19.00 20.00 Why did Germany pull the plug on e-voting? By Ulrich Wiesner 20.00 21.00 Surveillance SelfDefense By Peter Eckersley Unusual lock picking By iggy, mh, Ray Public transport SMS ticket hacking By Pavol Luptak 21.00 22.00 Results of a Security Assessment of Common Implementation Strategies of the TCP and IP Protocols By Fernando Gont Lockpicking By Barry The Key - Wels, Han Fey Deep Silicon Analysis By Karsten Nohl 22.00 23.00 Hacker Jeopardy By Ray 18 Program Day 4, Sunday 16th of August Time Monty Hall The Birthday Tent Two Envelopes Tent 12.00 13.00 Hack the law! By Jérémie Zimmermann MinixWall By Ruediger Weis An empirical study of division of labour in free software development By George Dafermos 13.00 14.00 Realizing the RFID Guardian By Serge Keyser Locally Exploiting Wireless Sensors By Travis Goodspeed Hackerspaces Everywhere By Esther Schneeweisz 14.00 15.00 My BREIN hurts! By Arnoud Engelfriet 15.00 16.30 HAR Network Overview By Elisa Jasinska & Leon Weber & Ariën Vijn 15.30 17.00 Closing Ceremony : So Long, and Thanks for All the.. By Aldert Hazenberg 11.00 12.00 Organising a Con By David Dolphin 19 Workshops There are three workshop rooms available: Bike-shed Red, Green and Yellow. The open time slots are available for last-minute workshops, just register at the schedule posted near the entrance of the workshop building. Do give the speakerdesk a heads-up if you want the workshop to be in the program on the website (corollary: check the website for the latest up-to-date program). Bike-shed Red Thursday 15.00 18.00 (un)limited design contest Ronen Kadushin c.s. 20.00 22.00 Friday 13.00 14.00 20 (un)limited design contest Ronen Kadushin c.s. Midi Hacking Manuel Odendahl SmallSister – defeat data retention Brenno de Winter 11.00 15.00 13.00 14.00 Sunday OpenSolaris Brian Leonard 11.00 18.00 12.00 18.00 Saturday Bike-shed Green Bike-shed Yellow (un)limited design contest Ronen Kadushin c.s. Our Dutch road to government transparency Jelle de Jong 15.00 18.00 Open Blueprints Ronen Kadushin 11.00 15.00 (un)limited design contest Ronen Kadushin c.s. Villages and Other Points of Interest Around the camp, you will find villages. Groups of people that share an interest in, for ­example, a certain flavor of operating systems, some specific activity, a nationality, or anything else that binds people together. It would be impossible to list all of those villages in this booklet, but some are worth mentioning. The HARdware tent “Mitch Altman can and will teach anyone to solder.” A giant tent on the far edge provides a whole armament of equipment that pleases even the most spoiled HARdware hacker: ­soldering stations, CNC routers, laser cutters, you name it. Just walk in and check out the action, or head over to the wiki to check the latest details on the program. Expect workshops on reverse engineering, hardware modding and ­embedded devices. And who knows, you might even be lucky and catch a live performance of the OpenBSD release songs. Family village Situated around a large central tent on the edge of the event terrain, the family village ­invites families with children to set up camp and participate in fun and educational ­activities. A virtually unlimited supply of lemonade, crayons, paint and drawing paper brings endless fun for the younger kids. A sandbox (with actual sand, not a virtual one), a water slide and more are featured as well. Kids can enjoy themselves and an instant group of playmates. For the older kids, there will be workshops on robotics with LEGO Mindstorms, ­soldering and hardware tinkering, wikipedia and wiki technology in general, lock picking, building ­water rockets, a special drone flight show and more. The family village is not a baby dump or daycare center though! Parents are asked to ­participate in the activities, and are always responsible for their own kids. If you think your kid is not old or responsible enough to walk around the campgrounds alone, you should not leave her or him at the family village without staying yourself. 21 (un)limited design contest 2009 Why put up with existing products when you can make your own? Today, powerful but easyto-use technology lets you design and build almost anything, and we want to help you make the most of it. Design an object from scratch or redesign an existing one – it is up to you. Surprise yourself and others, and enter your work in the (un)limited design contest. It is all about sharing ideas, creativity and blueprints. But only the best designs will win! The contest is divided into three categories: form, fashion and food. Anyone can enter! It is this easy: Step 1. Go to the HAR Fab Lab at the Bike-shed. Step 2. Invent a new design, or redesign an existing product to your satisfaction. Step 3. Print it in 3D on a machine of your choosing. Step 4. Upload the design and blueprint on the contest site and share it with others. Step 5. Hope you win! A fully operational Fab Lab set up is available for the duration of the festival. There, you can enter the (un)limited design contest and put open design into practice! For more information about the contest, see http://unlimiteddesign.nl/. The (un)limited ­design contest will kick off at Hacking at Random with a special program on open design at 13:00 CET on August 13th, in The Two Envelopes Tent. 22 Shout It Out! If it is not reported on online, it has not happened. So spread the word. Blog, tweet, share pictures, shout it out. The ‘official’ tag to use on your media is HAR2009. Of course, local customs apply; for example, on twitter we’ve been using #HAR2009. You can use the wiki to link to your pictures or perhaps stories in the press and on blogs that talk about Hacking at Random. Although unofficial, the channel #har on IRCnet is where hackers tend to meet at random. A convenient server that is close to our backbone is irc.xs4all.nl. Twenty years ago, when this series of events hatched, the internet was relatively unknown to the general public. You might remember that we used to traverse the public phone network to dial in to bulletin board systems, where we would exchange files and electronic ­messages. On Hacking at Random, these old days are commemorated with the Mononoke BBS. The BBS is on host bbs.mononoke.nl, which supports telnet, ssh (on port 666), https, ­gopher, nntp, smtp and finger. The fidonet node number is 2:280/4242, and the BBS is also linked to UseNet and DOVENet. HAR2009 groups have been created on various social networks, such as LinkedIn and Facebook. If you are into squandering your anonymity, join those groups! 23 When You Leave And of course, all good things come to an end. Unfortunately, all good things generally also end in a big mess. Starting Monday the 17th of August (actually already on the evening of the 16th) the big cleanup commences. The goal is to remove all traces of our presence by the end of Wednesday the 19th of August. So please stay a bit longer after all the fun! Lots of people are needed to strip the tents and break them down, remove the cool decoration and bring back all the buildings in their original state. Free food and drinks will be available for the hard workers. Also, when you leave, do not forget: • Put all your trash in a bag (available at the InfoHelpDesk), and dump it in one of the ­containers; • See if there are no sharp bits left in the grass (bottle caps or broken circuit boards for ­example); • Put borrowed furniture back where it belongs. Thanks! The parking field will close at the end of Monday the 17th, but if you intend to stay longer you can move your car to an alternative field. Details on that will be made available in due time. If you intend to use the shuttle service, please go to the appropriate page on the wiki and leave your name or nick and approximate time of departure there. 24 Thanks To The board of the Hxx foundation (being Aldert Hazenberg, Koen Martens and Mischa Peters) would like to extend their eternal gratitude to the following people for their essential role in making HAR2009 a reality (in random order): Sascha Ludwig Rop Gonggrijp Heleen Klopper Marco Hogewoning Melvin Rook Timo Hilbrink Jasper van Woudenberg Eelco Hotting Patrick Paumen Hans van Kranenburg Alex le Heux Winie Vissinga Martin Pels Jildou Gerritsma Ariën Vijn Wijnand Modderman Juerd Waalboer Hans van de Looij Lex van Roon Ray Larabie (typodermic.com) Brenno de Winter Sanne Versteegen Jan Klopper Menso Heus Elisa Jasinska Attilla de Groot Mathijs Schmittmann Lennart Lansbergen Sabine Hengeveld-Auer Dave Boelens QP Mark Janssen Mendel Mobach Souls Kristian Vlaardingerbroek Arjen Kamphuis Klaartje Patrice Riemens Wim Vandeputte Jeroen de Meijer Niels Bakker Erik Bosman Erik Bos Isack Karin Spaink Martin Assenmacher Bouke van der Voet Robin van Steenbergen Thomas Dullien Dwizzy Stephanie Wehner Sebastian S We are very grateful for the cooperative modus operandi of the municipality of Nunspeet, they have made us feel welcome and at home in their domicile. Last but not least, Koen and Aldert want to thank Mischa Peters for being there when this event was only a small and fragile seedling, his calmness in preventing two opposites from colliding and driving light-years to bring us closer together. 25 Immortals These people helped HAR2009 by paying way too much for their ticket: Ria ert & Ald Reinou t H eec k M a d on rs uPe em ild th Flo chol ort) Kristian ersfo Vla m ard A ( x i ing r t a er om mpson Di ede n" Si a M rik "G = Yuka Po C i p h oud Rein Arjen P iet e =Ps yc G r a ha m Xe n stappers 26 Peters Teja Rodecker k Plötz k nry cr He pe Emmanue l Go lds t ein n ute o h Sc Ale xa nd r rs ete aP k oe r b Hazenber g Sponsors Your Security is Our Business M4N Cisco Systems, Inc Brocade Mendix Technology BV SpeakUp BV Sonologic BIT BV Workrate 27