SecDocs Feed

[Video] Space Federation

Thu, 17 May 2012 23:20:15 +0200

Authors: James Carlson
Tags: science space
Event: Chaos Communication Camp 2011
Abstract: Our mission is to provide financial and organizational support to open communities in shared physical spaces who use innovative methods and technology in hands-on education. We'll speak to the global community about the progress in America. Hacker and maker spaces are where people go to teach and learn their passions. Even as each space typically shares a common set of values – transparency, hands-on, collaboration – they are all tremendously different in terms of structure, funding sources, and sustainability. While a huge movement to create new hacker and maker spaces has been catalyzed in the United States, in part because of the Hackerspace Design Patterns release from the 2007 CCCamp, the sustainability of these spaces and the movement they represent is far from certain. The School Factory, a non-profit organization that formed an early American hackerspace/makerspace called Bucketworks in 2002, has been extrapolating the models and values of these spaces into programming that helps communities understand and take advantage of potential in the maker and hacker movements. Banding together, four established spaces have launched the Space Federation, which provides a sharing of best practices and fiscal infrastructure amongst each other and to interested communities. By linking our resources we are able to help other facilitators launch and sustain their own spaces. Resources take the form of fiscal sponsorship, a governance and taxation support model for donations that gives these spaces non-profit status without the overhead and delays of supporting their own legal status. Guidelines and programming that help spaces build healthy community by connecting their members on a personal level are also a focus. This is not a franchising of spaces but a celebration of individuation while ensuring the administrivia which often kills spaces is taken care of efficiently and effectively. We are a segue from the current culture into a new world of self-empowerment, involved communities, and free sharing of knowledge. But these ideals must exist in the current paradigm until they become the norm. In short, we still have to figure out how to pay rent. In the meantime, American schools and libraries are failing. Conservative government officials are eliminating teachers and setting standards which the current educational system cannot meet. Schools are decreasingly preparing students for work within a global economy, and struggle to stay apace with the technological and social advances brought about by the dedicated volunteer work of the open source community. Similarly, public libraries in America struggle to retain relevance when books are available online, and rules require silence. The community-building purpose of a library, and the free access to knowledge it represents, is an idea at risk in a modern political culture of conservatism. Low income and smaller communities will pay the price of lost innovation and learning for their citizens. Globally, countries wildly differ in terms of their legal structures and cultural support for hackerspaces and makerspaces. Education systems are equally variable, in some nations still biased towards certain genders, age groups, and skill domains. We believe that hackerspaces and their relatives are primordial seeds in a new system of global learning and education that spans generations, interests, and political fashions. These communities represent a low-cost, highly effective alternative to overly burdensome systems of public learning and the public distribution of knowledge and potential. It may take many generations for these environments to have a lasting impact on civilization. If we start good conversations with governments, communities, and businesses today - along with amongst ourselves - we can ensure that every possible value these spaces can contribute to global society is developed for the longer term. Challenges Faced by the Hackerspace and Makerspace Movement Clique-ish social communities Financial challenges Difficult to insure Unsympathetic landlords Challenging infrastructure requirements Not well understood by general public Dis-integrative structures Zoning and classification “but they’ll see the big board” - the perceived threat of transparency Inconsistent cultural norms Informal environments create barriers to entry Questions we would like to discuss with the CCC community: How does the hackerspace/makerspace movement look globally? In America? What has changed since 2007? Since 2002? What spaces are in the Space Federation? What are their experiences? What is the Space Federation? What is the School Factory? What is the Space Kit? How is it related to the Hackerspace Design Patterns presentation? What do we have in the Space Kit so far? - we have the steps but need a way to take people through it. It includes more of things like how to assess a neighborhood and local government, less of what tools you should have. What does it still need? Why is this important? (not just in USA but globally) What does having global concept of spaces like these mean for future humanity? What has been working? What hasn’t been working? What do we need help with? Conclusion: We would like to engage the CCC community in an open discussion on these questions, and facilitate a separate co-working session to further develop tools and models that will extend the potential of the hackerspace and makerspace movement across the globe. There will be LEGOs.

[Video] Transition Telecom

Thu, 17 May 2012 22:43:25 +0200

Authors: Frank Rieger Rop Gonggrijp
Tags: network
Event: Chaos Communication Camp 2011
Abstract: We'll need to come to grips with the challenges that declining oil production and increasing temperatures present. This talk explores positive future scenarios for the world of networking and communications past the great global energy free-for-all. "Business-as-usual" and "surely-they'll-think-of-something" scenarios are increasingly for dreamers. The time of perpetual growth is over and the cracks are beginning to show everywhere. But let's get past doom and gloom: there's a growing movement that acts to prepare themselves and their communities for "energy descent": cold turkey while kicking the oil habit. Too many are stuck thinking the future is either going to be apocalyptic or very much like today. (Both futures conveniently have in common that you don't have to do all that much.) In so-called Transition Towns, groups of inhabitants are working together to rethink the future of agriculture and land-use to effectively re-localize food, goods and services. All over the place, people are thinking, acting and (importantly) having a good time doing so. This talk will explore a number of future scenarios and try to assess the impact on the world of computers, networking and telecommunications. Most people in this transition movement are inspired (but not blinded) by technologies and methods from a time past. Modern communications technology has no set pre-industrial state to fall back on. But it would still be very nice if any future still featured a phone to call the fire brigade, not to mention as much of this internet thing as we can carry. So which technologies are resilient and which are brittle? What can we keep and what do we leave behind as energy consumption of everything becomes a design criterium, business models change, whole economies collapse and some central structures crumble? How do we best prepare for a variety of possible futures? And can we maybe have (even) more meaningful and fulfilling lives in the present by doing so? Needless to say our community has a defining role to play in figuring out the answers to these and other big questions in this field.

[Video] Stuff you don't see - every day

Thu, 17 May 2012 22:36:24 +0200

Authors: Marius Ciepluch
Tags: radio
Event: Chaos Communication Camp 2011
Abstract: Software Defined Radio defines a new approach to analyze signals with software. With the flexibility of software SDR literally opened a new spectrum of hacking. However the internals of Digital Signal Processing, especially from the perspective of informatics and computer science, are hard to explore. The lecture delivers a case-study on how to analyze 802.15.4 (alias Zigbee, as an easy protocol) with USRPs (modular popular hardware for SDR) on a real-time protocol (for send time verification, sniffing etc.). Furthermore internals on DSP will be explained - as simple as possible. The intent is to also give a non-academic start point and to seed motivation to explore more advanced projects (like osmocom*). So practically the lecture explains what a Software Spectrum Analyzer or a Software Oscilloscope does: from a Hacker's perspective. It gives insight into a USRP(2) internals and goes into programming C++ and Python with GNU Radio. All demo-analysis will remain within the ISM band. - No GSM/Tetra will be captured. It's about the SDR technology and its use-cases - for a clear and constructive adaption by the Hacker's community to assist interesting making projects (of home-automation devices using 802.15.4 e.g.). In many media articles - especially from last Chaos Congress - a misunderstanding can arise to reduce SDR to (GSM) attack scenarios while this is not the only/general use-case. The lecture however clearly aims to assist any intended understanding how the osmocom* implementations work - for example.

[Slides] Stuff you don't see - every day

Thu, 17 May 2012 22:15:19 +0200

[Video] Is this the Mobile Gadget World We Created?

Thu, 17 May 2012 00:22:42 +0200

Tags: phone
Event: Chaos Communication Camp 2011
Abstract: The most ubiquitous device on the planet is arguably the mobile phone. Tragically, it is also a device built under some of the worst living and working conditions in the world. This is the story of a mission - To build the world's first ethical phone. The most ubiquitous device on the planet is arguably the mobile phone. We use them, we need them, we get new ones every few years. Our old phones are either in a drawer, a landfill, or in the hands of those people in places like China and Brazil where old electronics are broken down or repurposed. Meanwhile in many parts of one of the most troubled nations in the world, the minerals that make are new phones are being mined under some very questionable circumstances. From some of the worst labor conditions in the world comes the cobalt and other essential minerals that will one day be your iphone. -- Is this how it simply has to be? -- A group in the Netherlands has embarked on an ambitious, risky, and little known quest - To build the world's first ethical phone. Are where did they start? In the Congo of course...

[Video] Introduction to Satellite Communications

Wed, 16 May 2012 23:42:12 +0200

Authors: Irmi Meister
Tags: satellite
Event: Chaos Communication Camp 2011
Abstract: In this lecture, I'll cover some satellite communication basics like pros and cons of different orbits, the characteristics of a satellite communications link and the difficulties regarding noise and attenuation when handling high frequency satellite communication systems. After a brief introduction to the history and development of satellites in general, we'll talk about different orbits and their characteristics regarding space conditions. After that, we'll have a look at a typical satellite communications link including channel characteristics, communications equipment and frequency considerations, before moving on to access techniques. If there's still time, there might be a short part about satellite navigation, too. And yes, to meet our need for pretty pictures, thematically related postage stamps (partly from a private collection) will be used to illustrate the topic.

[Slides] Introduction to Satellite Communications

Wed, 16 May 2012 23:40:14 +0200

[Video] OpenLeaks

Wed, 16 May 2012 00:34:33 +0200

Tags: privacy
Event: Chaos Communication Camp 2011
Abstract: This talk will introduce the next phase of the OpenLeaks project. We will present a more detailed insight into the project and take you on a tour around the different OL subprojects. We will also announce the activities we are planning for this years camp. This talk will introduce the next phase of the OpenLeaks project. Where last years congress was still too early, we would like to take the chance to present a more detailed insight into the project and its technicalities, and take you on a tour around the different subprojects OL is comprised of. We will also announce the activities we are planning for this years camp, including some workshops and a special surprise.

[Video] Strong encryption of credit card information

Wed, 16 May 2012 00:22:10 +0200

Authors: Torbjörn Lofterud
Tags: credit card PCI DSS compliance
Event: Chaos Communication Camp 2011
Abstract: The PCI DSS standard require strong cryptography or secure hashing as ways to protect cardholder information. But one important factor is missing; detailed instructions for how to correctly apply cryptography to credit card numbers. The primary objective of the Payment Card Industry Data Protection Standard (PCI DSS) is to safeguard cardholder information such as the Primary Account Number (PAN) and the sensitive authentication data (CVV2, Track 1 and 2). Chapter 3.4 deals with the details regarding encryption and key management. > 3.4 Render PAN unreadable anywhere it is stored (including on portable digital media, > backup media, and in logs) by using any of the following approaches: > * One-way hashes based on strong cryptography > * Truncation > * Index tokens and pads > * Strong cryptography with associated key-management processes and procedures What constitutes strong cryptography is further detailed in the glossary and in the PCI SSC FAQ documents as well as in periodic communication to security assessors. But one important factor is missing from the communication; the modes of operation for the cryptographic primitives. The PCI DSS glossary specifically mentions AES, 3DES, RSA, ECC, Elgamal and SHA1 as “industry-tested and accepted standards and algorithms for encryption” but fails to address important issues such as RSA padding and cipher block chaining for 3DES and AES. The requirements are quite clear on the fact that encryption and hashing needs to be implemented properly, but gives little guidance to developers or assessors as to what strong cryptography actually means. There are at least three different scenarios where cardholder information appears to be protected in compliance with the standard but remains vulnerable if disclosed. This presentation describes attacks for common failure scenarios when encrypting credit card information.

[Slides] Strong encryption of credit card information

Wed, 16 May 2012 00:05:05 +0200

[Paper] Strong encryption of credit card information

Wed, 16 May 2012 00:04:40 +0200

[Video] Rocket propulsion basics

Tue, 15 May 2012 23:53:52 +0200

Tags: science
Event: Chaos Communication Camp 2011
Abstract: We will discuss the basic principles of thermochemical engines and their application for rocket propulsion. The three main types of chemical rocket engines, i.e. solid, liquid, and hybrid, will be presented and compared. The main subsystem of every space flight system is the propulsion system also called the rocket engine. The present paradigm is the thermochemical engine that produces thrust by expanding hot gas produced by an exothermic reaction through a nozzle. Present rocket engine designs can be categorized in three classes dependent on the state of the propellant(s), i.e. solid, liquid or hybrid. We will sketch the underlying physical processes present in all engine designs necessary to get a basic understanding of the different approaches and compare their specific advantages and drawbacks.

[Audio] Having fun with RTP

Tue, 15 May 2012 06:51:44 +0200

Tags: VoIP
Event: Chaos Communication Congress 27th (27C3) 2010
Abstract: A lot of people are interested and involved in voice over IP security. Most of the effort is concentrated on the security of the signalling protocols. This talk is focussing on the security of the voice part involved in todays voice over IP world. It is the result of the questions that I had to ask myself while i was debugging audio quality problems of customers and implementing a RTP stack from scratch. The talk gives an introduction on the shortcomings of the Realtime Transport Protocol (RTP), how systems attempt to work around them and how they introduce security vulnerabilites. A few short demonstrations will give an idea on how they can be exploited in the real world (denial of service, man in the middle attacks, call redirection). The last part of the talk will discuss some solutions to fix those vulnerabilities.

[Video] Data Analysis in Terabit Ethernet Traffic

Tue, 15 May 2012 00:11:24 +0200

Authors: Lars Weiler
Tags: sniffer
Event: Chaos Communication Congress 27th (27C3) 2010
Abstract: Network traffic grows faster than monitoring and analysis tools can handle. During the last two years a couple of appliances hit the market which help in finding the “bits of interest”. Recently installed strategies and solutions for carriers, banks or lawful interception organizations will be discussed as examples. Quite every laptop nowadays is capable of handling Gigabit traffic. But doing a network analysis will hit the boundaries of CPU load quite quickly. Now, with 10GbE lines as the usual speed of carrier's and company's backbone, traffic monitoring and analysis became more and more painful. Even the biggest and most expensive analysis appliances on the market are barely capable of a real time traffic monitoring for more than 8Gbit/s. That's were a couple of vendors showed up and created devices which can handle multiple 10GbE lines at the same time. They call them “Active Distributed Traffic Capture Systems” or “Intelligent Data Access Networking Switches” – in short “Data Access Systems”. The primary use is for the aggregation and distribution of traffic. But all of the Data Access Systems are also capable of filtering traffic with the help of FPGA or CPLD techniques. So a carrier, bank or lawful interception organization can aggregate the data from many physical lines into one Data Access System, enter some filters with the help of a browser GUI, and distribute the resulting traffic to the analysis machines. It's easy to monitor 100 lines of 10GbE traffic. For competitive reasons, those vendors started to invent new features for a better or easier analysis of the data on the analysis devices. These include ingress port tagging, time stamping with nanosecond accuracy, slicing of packets and recalculation of checksums in realtime, blanking bits in packets, or even layer 7 filtering for e-mail and instant messenger addresses with full flow capturing. The interesting part for the usage is to create an infrastructure where even without data retention and a long term analysis specific users or just their communication with possible ”interesting“ data for intelligence agencies can be triggered and captured in real time. So, the process of the analysis can be quickened to quite no time. It's safe to say, that the flagship appliance by a vendor has been designed by request of US intelligence agencies. Of course, those devices have to be managed by administrators. For the ease of usage every vendor moved from a CLI based configuration interface to a shiny web GUI – with a couple of flaws. It is easy to break into the system or read out the configuration without access. This lecture will discuss the possibilities of today's data analysis with the help of these Data Access Systems. An overview of the features will help to understand that data analysis devices are not anymore the limiting factor in deep packet inspection of a huge amount of traffic. Examples will show what already has been set up and what is possible by companies and organizations – and which traffic they might monitor yet. During the last three years the speaker installed those appliances from different vendors at customers across Europe, gained deep knowledge of their usage, established a strong contact to the technicians and chief officers both at the vendors and customers side, and found out a lot about the hardware and software by reverse engineering.

[Video] News Key Recovery Attacks on RC4/WEP

Mon, 14 May 2012 23:48:48 +0200

Authors: Martin Vuagnoux
Tags: WiFi
Event: Chaos Communication Congress 27th (27C3) 2010
Abstract: In this paper, we present several weaknesses in the stream cipher RC4. First, we present a technique to automatically reveal linear correlations in the PRGA of RC4. With this method, 48 new exploitable correlations have been discovered. Then we bind these new biases in the PRGA with known KSA weaknesses to provide practical key recovery attacks. Henceforth, we apply a similar technique on RC4 as a black box, i.e. the secret key words as input and the keystream words as output. Our objective is to exhaustively find linear correlations between these elements. Thanks to this technique, 9 new exploitable correlations have been revealed. Finally, we exploit these weaknesses on RC4 to some practical examples, such as the WEP protocol. We show that these correlations lead to a key recovery attack on WEP with only 9,800 encrypted packets (less than 20 seconds), instead of 24,200 for the best previous attack.

[Slides] Data Analysis in Terabit Ethernet Traffic

Mon, 14 May 2012 23:48:16 +0200

[Audio] Data Analysis in Terabit Ethernet Traffic

Mon, 14 May 2012 23:46:17 +0200

[Video] Having fun with RTP

Mon, 14 May 2012 23:41:39 +0200

[Audio] News Key Recovery Attacks on RC4/WEP

Mon, 14 May 2012 23:35:45 +0200

[Paper] News Key Recovery Attacks on RC4/WEP

Mon, 14 May 2012 23:34:12 +0200

[Slides] Having fun with RTP

Mon, 14 May 2012 23:24:23 +0200

[Audio] How the Internet sees you

Mon, 14 May 2012 06:42:35 +0200

Authors: Jeroen Massar
Tags: network Netflow
Event: Chaos Communication Congress 27th (27C3) 2010
Abstract: On the Internet one tends to think that one is pretty much safe from poking eyes. Taps in most countries can only be established after a judge has issued a warrant, thus upto such a tap is succesfully deployed one might think one is pretty much in the clear. Most ISPs though actually employ a toolset comprising one of various NetFlow, IPFIX or sFlow protocols to do trend monitoring, billing and of course, the ability to try and establish which connections a certain IP address is making. During the CCC conference we will monitor the CCC network with NetFlow, collecting and directly anonimizing this information on IP basis. We will map a couple of well-known websites/trackers to a private IP range and preserving these mappings, while anonimizing the rest of the IP addresses, thus your anonimity is safe and please be yourself while using the network. Flow data will not be stored, thus we won't be able to go back and re-analyze the information. As a collector/analyzer we will be using the Anaphera tool by IBM Zurich Research Laboratory [1]. This tool is used in IBM datacenters and by customers of IBM worldwide for detecting malicious/unknown network traffic, traffic trending, anomaly detection, growth prognosis and billing. We'll be explaining the intriciate parts about NetFlow, IPFIX and sFlow, what the technologies are and how they work, hopping briefly in the big difference with taps and what they could see when they are deployed and also what we don't see now and what gets lost in the noise. We will be showing you what information and details can be taken from a flow based tool, so that you know what can be seen by ISPs around the world.

[Video] OpenLeaks

Sun, 13 May 2012 21:36:08 +0200

Authors: Daniel Domscheit-Berg
Tags: information operation privacy
Event: Chaos Communication Congress 27th (27C3) 2010
Abstract: Due to popular demand, the talk will give an introduction to the OpenLeaks system and the idea behind it.

[Video] Closing Event

Sun, 13 May 2012 21:34:06 +0200

Authors: Frank Rieger
Tags: hacking
Event: Chaos Communication Congress 27th (27C3) 2010

[Audio] Closing Event

Sun, 13 May 2012 21:09:07 +0200

Authors: Frank Rieger
Tags: hacking
Event: Chaos Communication Congress 27th (27C3) 2010

[Video] How the Internet sees you

Sun, 13 May 2012 21:08:30 +0200

[Audio] OpenLeaks

Sun, 13 May 2012 21:02:49 +0200

[Slides] How the Internet sees you

Sun, 13 May 2012 20:42:25 +0200

[Video] Hackers and Computer Science

Sat, 12 May 2012 06:31:29 +0200

Authors: Sergey Bratus
Tags: hacking
Event: Chaos Communication Congress 27th (27C3) 2010
Abstract: Although most academics and industry practitioners regard "hacking" as mostly ad-hoc, a loose collection of useful tricks essentially random in nature, I will argue that hacking has in fact become a "distinct research and engineering discipline" with deep underlying engineering ideas and insights. Although not yet formally defined as such, it are these ideas and insights that drive the great contributions that hacking has been making to our understanding of computing, including the challenges of handling complexity, composition, and security in complex systems. I will argue that hacking uncovers and helps to understand (and teach) fundamental issues that go to the heart of Computer Science as we know it, and will try to formulate several such fundamental principles which I have learned from hacker research. At some point I realized that I was learning more about what really matters in computer science from hacker conventions, Phrack, Uninformed, and other hacker sources than from any academic source. Moreover, it wasn't just about exploits and vulnerabilities, it was about how systems were really designed, as opposed to how developers thought and students were taught they were. Then I realized that the reason for vulnerabilities that kept on giving were quite deeply theoretical and involved, e.g., theory of computation and information theory. Very little of this was quoted or understood in the academic publications.

[Slides] Hackers and Computer Science

Sat, 12 May 2012 06:31:29 +0200

[Audio] Hackers and Computer Science

Fri, 11 May 2012 06:28:44 +0200

[Video] International Cyber Jurisdiction

Fri, 11 May 2012 06:28:44 +0200

Authors: Tiffany Rad
Tags: law
Event: Chaos Communication Congress 27th (27C3) 2010
Abstract: Concepts of sovereignty, freedom, privacy and intellectual property become amorphous when discussing territories that only exists as far as the Internet connects. International cyber jurisdiction is supported by a complicated web of international law and treaties. Jurisdiction hopping, a technique that is becoming popular for controversial content, is one we have used for the U.S. 1st Amendment censorship-resistant and non-profit hosting company, Project DOD, by using PRQ's services in Sweden. This technique is used to place assets in a diverse, but accessible, web of countries in which that content may be legal in the hosting country, but may have legal complications in the country in which it is accessed. As ownership and protection of property becomes a concept that is difficult to maintain across boundaries that are not easily distinguishable, can the U.S. "kill-switch" parts of the Internet and under what authority can it be done? Similarly, the geographic challenges to international cyber criminal law – and the feasibility of new sovereign nations – will be analyzed. When a cybercrime is committed in a country in which the electronic communication did not originate, there is difficulty prosecuting the crime without being able to physically apprehend a subject that is virtually within – and physically without – a country's boarders. Similarly, a technique called jurisdiction hopping can be used to place assets in a diverse, but accessible, web of countries in which that content may be legal in the hosting country, but is not in the country in which it is accessed. Lastly, if the U.S. attempts to isolate damage by cutting off Internet connections, under what authority can it be done? This presentation will discuss the types of international laws and treaties that may be cited in the event of extradition of cyber criminals, legal and geographic challenges – such as new sovereign nations – to jurisdiction hopping and the authority with which the U.S. may "kill switch" the Internet. I will also discuss the practical example of where, as a result of our Project DOD case in U.S. Federal court, we have put non-copyright infringing materials on PRQ's servers in Sweden to reduce the incidences of Digital Millennium Copyright Act’s "Take Down" infringement notices that are illegitimate.

[Audio] International Cyber Jurisdiction

Fri, 11 May 2012 06:28:44 +0200

[Paper] A framework for automated architecture-independent gadget search

Fri, 11 May 2012 06:28:44 +0200

Tags: hacking
Event: Chaos Communication Congress 27th (27C3) 2010
Abstract: We demonstrate that automated, architecture-independent gadget search is possible. Gadgets are code fragments which can be used to build unintended programs from existing code in memory. Our contribution is a framework of algorithms capable of locating a Turing-complete gadget set. Translating machine code into an intermediate language allows our framework to be used for many different CPU architectures with minimal architecture-dependent adjustments. We define the paradigm of free-branch instructions to succinctly capture which gadgets will be found by our framework and investigate side effects of the gadgets produced. Furthermore we discuss architectural idiosyncrasies for several widely spread CPU architectures and how they need to be taken into account by the generic algorithms when locating gadgets.

[Slides] A framework for automated architecture-independent gadget search

Fri, 11 May 2012 06:28:44 +0200

[Video] A framework for automated architecture-independent gadget search

Fri, 11 May 2012 06:28:44 +0200

[Video] Three jobs that journalists will do in 2050