diff --git a/import/27C3_sample.xcs.xml b/import/27C3_sample.xcs.xml new file mode 100644 index 00000000..a84e31d3 --- /dev/null +++ b/import/27C3_sample.xcs.xml @@ -0,0 +1,2090 @@ + + + + 2.0 + -//Pentabarf//Schedule #<Conference_release::Row:0x2eadcdf118d8>//EN + 27C3 Schedule Release #<Conference_release::Row:0x2eadcdf118d8> + 27C3 Schedule + + PUBLISH + 4302@27C3@pentabarf.org + 4302 + 27c3_keynote_we_come_in_peace + 27C3 Keynote + We come in Peace + English + en + 20101227T113000 + 20101227T123000 + 01H00M00S + 27C3 Keynote- We come in Peace + + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4302.en.html + Saal 1 + Rop Gonggrijp + + + PUBLISH + 4244@27C3@pentabarf.org + 4244 + critical_overview_of_10_years_pet + A Critical Overview of 10 years of Privacy Enhancing Technologies + + English + en + 20101229T113000 + 20101229T123000 + 01H00M00S + A Critical Overview of 10 years of Privacy Enhancing Technologies + The objective of the session is to provide a critical overview of "privacy research" within computer science. The mechanisms proposed in the last ten year include mechanisms for anonymous communications, censorship resistance, selective disclosure credentials (and their integration in identity management systems), as well as privacy in databases. All of these system are meant to shield the user from different aspects of on-line surveillance either through allowing a user to keep some of her data "confidential" or by allowing her to assert "control" over her data. We will illustrate using concrete examples, why some paradigms came to dominate the field, their advantages, but also their blind spots, and unfulfilled promises given the conditions of our surveillance societies. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4244.en.html + Saal 2 + seda + + + PUBLISH + 4245@27C3@pentabarf.org + 4245 + adventures_in_analyzing_stuxnet + Adventures in analyzing Stuxnet + + English + en + 20101227T230000 + 20101228T000000 + 01H00M00S + Adventures in analyzing Stuxnet + There has been many publications on the topic of Stuxnet and its "sophistication" in the mainstream press. However, there is not a complete publication which explains all of the technical vulnerability details and how they were discovered. In this talk, you will get a first-hand account of the entire story. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4245.en.html + Saal 1 + Bruce Dang + Peter Ferrie + + + PUBLISH + 4057@27C3@pentabarf.org + 4057 + adventures_in_mapping_afghanistan_elections + Adventures in Mapping Afghanistan Elections + The story of 3 Ushahidi mapping and reporting projects. + English + en + 20101228T214500 + 20101228T224500 + 01H00M00S + Adventures in Mapping Afghanistan Elections- The story of 3 Ushahidi mapping and reporting projects. + Monitoring and reporting about elections in a war zone is a complex and dangerous task. While crisis mapping carried out via sms and email proved highly successful with the use of Ushahidi in situations like post-election violence in Kenya, tracking crime in Atlanta, or earthquake recovery in Haiti, could it prove useful in such a complex situation as the Afghan political process? This year a team of people set out to do just that with three different Ushahidi mapping projects for national media, national election observers, and international observers. The following presentation is about the challenges we faced, successes we did or did not have, and the lessons learned for the future of crisis mapping. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4057.en.html + Saal 1 + Bicyclemark + + + PUBLISH + 4168@27C3@pentabarf.org + 4168 + automated_architecture_independent_gadget_search + A framework for automated architecture-independent gadget search + CCC edition + English + en + 20101230T143000 + 20101230T150000 + 00H30M00S + A framework for automated architecture-independent gadget search- CCC edition + We demonstrate that automated, architecture-independent gadget search is possible. Gadgets are code fragments which can be used to build unintended programs from existing code in memory. Our contribution is a framework of algorithms capable of locating a Turing-complete gadget set. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4168.en.html + Saal 2 + kornau + + + PUBLISH + 4046@27C3@pentabarf.org + 4046 + all_colours_are_beautiful + AllColoursAreBeautiful + interactive light installation inspired by blinkenlights + English + en + 20101227T183000 + 20101227T193000 + 01H00M00S + AllColoursAreBeautiful- interactive light installation inspired by blinkenlights + Starting in the beginning of August 2010 and lasting until the mid of November, the project AllColoursAreBeautiful by the Munich chapter of the Chaos Computer Club was serving as a platform for interested people on the world to illuminate, animate and interact with the front of a vacant department store in Munich. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4046.en.html + Saal 3 + Franz Pletz + lilafisch + + + PUBLISH + 4114@27C3@pentabarf.org + 4114 + analyzing_modern_cryptographic_rfid_stystem + Analyzing a modern cryptographic RFID system + HID iClass demystified + English + en + 20101229T171500 + 20101229T181500 + 01H00M00S + Analyzing a modern cryptographic RFID system- HID iClass demystified + Popular contactless systems for physical access control still rely on obscurity. As we have shown, time and time again, proprietary encryption systems are weak and easy to break. In a follow-up to last year's presentation we will now demonstrate attacks on systems with 'proper' cryptographic algorithms. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4114.en.html + Saal 2 + Henryk Plötz + Milosch Meriac + + + PUBLISH + 4151@27C3@pentabarf.org + 4151 + android_geolocation_using_gsm_network + Android geolocation using GSM network + "Where was Waldroid?" + English + en + 20101229T171500 + 20101229T181500 + 01H00M00S + Android geolocation using GSM network- "Where was Waldroid?" + We introduce a new forensic technique that allows to collect users' past locations on most current Android phones, within a few seconds. It becomes possible to tell where the user was at a given time, or where a phone call took place over the last few hours or days. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4151.en.html + Saal 3 + Renaud Lifchitz + + + PUBLISH + 4144@27C3@pentabarf.org + 4144 + short_political_history_of_acoustics + A short political history of acoustics + For whom, and to do what, the science of sound was developed in the 17th century + English + en + 20101228T160000 + 20101228T170000 + 01H00M00S + A short political history of acoustics- For whom, and to do what, the science of sound was developed in the 17th century + The birth of the modern science of acoustics was directly intertwined with the desires to surveill and communicate, either in secret or to everybody at once. Acoustics was not just about 'learning more about nature,' right from the start it was an applied science, driven by very clear notions of who has the right, and thus should have the possibility, of listening in on others, who needs to be able to converse in private, and who should be heard by everybody if he wishes to. How are these historical ideas related to those of today? + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4144.en.html + Saal 3 + Oona Leganovic + + + PUBLISH + 4160@27C3@pentabarf.org + 4160 + automatic_identification_cryptographic_primitives + Automatic Identification of Cryptographic Primitives in Software + + English + en + 20101227T160000 + 20101227T170000 + 01H00M00S + Automatic Identification of Cryptographic Primitives in Software + In this talk I demonstrate our research and the implementation of methods to detect cryptographic algorithms and their parameters in software. Based on +our observations on cryptographic code, I will point out several inherent characteristics to design signature-based and generic identification methods. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4160.en.html + Saal 3 + Felix Gröbert + + + PUBLISH + 4061@27C3@pentabarf.org + 4061 + bulding_custom_disassemblers + Building Custom Disassemblers + Instruction Set Reverse Engineering + English + en + 20101228T171500 + 20101228T181500 + 01H00M00S + Building Custom Disassemblers- Instruction Set Reverse Engineering + The Reverse Engineer occasionally faces situations where even his most advanced commercial tools do not support the instruction set of an arcane CPU. To overcome this situation, one can develop the missing disassembler. This talk is meant to be a tutorial on how to approach the task, what to focus on first and what surprises one may be in for. The primary focus will be on the transformation of byte code back into mnemonic representation where only the reverse transformation is available (i.e. you have the respective assembler). It also covers how to integrate your new disassembler into your reverse engineering tool chain. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4061.en.html + Saal 1 + FX of Phenoelit + + + PUBLISH + 4298@27C3@pentabarf.org + 4298 + ccc_jahresrueckblick_2010 + CCC-Jahresrückblick 2010 + + German + de + 20101229T113000 + 20101229T133000 + 02H00M00S + CCC-Jahresrückblick 2010 + Wir berichten über vergangene Veranstaltungen, Erfa-Aktivitäten, Demonstrationen, Hacks, Medienkontakte, Gerichtsverhandlungen, Lobbyarbeit sowie weiteres Erfreuliches und Ärgerliches des Jahres 2010 keinesfalls objektiv, sondern mit der gewohnten Hackerperspektive. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4298.en.html + Saal 1 + Andreas Bogk + Andy Müller-Maguhn + Constanze Kurz + Frank Rieger + + + PUBLISH + 4211@27C3@pentabarf.org + 4211 + chip_and_pin_is_broken + Chip and PIN is Broken + Vulnerabilities in the EMV Protocol + English + en + 20101229T203000 + 20101229T213000 + 01H00M00S + Chip and PIN is Broken- Vulnerabilities in the EMV Protocol + EMV is the dominant protocol used for smart card payments worldwide, with over 730 million cards in circulation. Known to bank customers as “Chip and PIN”, it is used in Europe; it is being introduced in Canada; and there is pressure from banks to introduce it in the USA too. EMV secures credit and debit card transactions by authenticating both the card and the customer presenting it through a combination of cryptographic authentication codes, digital signatures, and the entry of a PIN. In this paper we describe and demonstrate a protocol flaw which allows criminals to use a genuine card to make a payment without knowing the card’s PIN, and to remain undetected even when the merchant has an online connection to the banking network. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4211.en.html + Saal 1 + Steven J. Murdoch + + + PUBLISH + 4299@27C3@pentabarf.org + 4299 + closing_event + Closing Event + + English + en + 20101230T183000 + 20101230T193000 + 01H00M00S + Closing Event + + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4299.en.html + Saal 1 + Frank Rieger + + + PUBLISH + 4096@27C3@pentabarf.org + 4096 + code_deobfuscation_by_optimization + Code deobfuscation by optimization + + English + en + 20101227T124500 + 20101227T134500 + 01H00M00S + Code deobfuscation by optimization + Optimization algorithms present an effective way for removing most obfuscations that are used today. Much of the compiler theory can be applied in removing obfuscations and building fast and reliable deobfuscation systems. By understanding traditional optimization problems and techniques it is possible to develop and customize compiler optimization algorithms for usage in binary deobfuscation/analysis. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4096.en.html + Saal 2 + Branko Spasojevic + + + PUBLISH + 4276@27C3@pentabarf.org + 4276 + cognitive_psychology_for_hackers + Cognitive Psychology for Hackers + Bugs, exploits, and occasional patches + English + en + 20101229T140000 + 20101229T150000 + 01H00M00S + Cognitive Psychology for Hackers- Bugs, exploits, and occasional patches + Experience firsthand some of the most interesting, surprising, and perspective-changing findings from cognitive and social neuropsychology. With perceptual illusions, priming, biases, heuristics, and unconscious influences, humans have tons of firmware "bugs". All have exploits; some even have patches. + +Learn how to improve your own thinking, use others' bugs to your advantage, and gain new perspective on the unconscious and often illusory processes involved in your perceptions. + + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4276.en.html + Saal 3 + Sai + + + PUBLISH + 4087@27C3@pentabarf.org + 4087 + console_hacking_2010 + Console Hacking 2010 + PS3 Epic Fail + English + en + 20101229T160000 + 20101229T170000 + 01H00M00S + Console Hacking 2010- PS3 Epic Fail + Over 70 million Wiis, over 40 million Xbox 360s and over 35 million Playstation 3s have been sold in the last few years. That makes over 145 million embedded devices out there and most of them are just used to play games. But what can you do with them if you don't like playing games? You hack them to make them run your own code of course! +We're going to talk about the various hacks that you can use to gain control of your hardware and make it do what you want it to do. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4087.en.html + Saal 1 + bushing + marcan + sven + + + PUBLISH + 4140@27C3@pentabarf.org + 4140 + contemporary_profiling_of_web_users + Contemporary Profiling of Web Users + On Using Anonymizers and Still Get Fucked + English + en + 20101227T140000 + 20101227T150000 + 01H00M00S + Contemporary Profiling of Web Users- On Using Anonymizers and Still Get Fucked + This talk will provide a summary of recently discovered methods which allow to break the Internet's privacy and anonymity. + + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4140.en.html + Saal 2 + Dominik Herrmann + lexi + + + PUBLISH + 4103@27C3@pentabarf.org + 4103 + copyright_enforcement_versus_freedoms + Copyright Enforcement Vs. Freedoms + ACTA, IPRED3 and other upcoming battles of the crusade against sharing + English + en + 20101227T124500 + 20101227T134500 + 01H00M00S + Copyright Enforcement Vs. Freedoms- ACTA, IPRED3 and other upcoming battles of the crusade against sharing + ACTA, upcoming criminal enforcement directive, filtering of content... The entertainment industries go further and further into their crusade against sharing. They not only attack our fundamental freedoms, but also the very essence of the Internet. + +This session is a panorama of the current and upcoming battles, campaigns and actions. Everyone can help defeat the motherf#§$ers! + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4103.en.html + Saal 1 + Jérémie Zimmermann + + + PUBLISH + 4003@27C3@pentabarf.org + 4003 + cybernetics_for_the_masses + Cybernetics for the Masses + implants, sensory extension and silicon - all for you! + English + en + 20101230T124500 + 20101230T133000 + 00H45M00S + Cybernetics for the Masses- implants, sensory extension and silicon - all for you! + Lightning talk on biohacking, complete with cyborg speaker, implant demonstrations, and knowledge of how to hack your own perception of electromagnetic radiation for approximately thirty Euros. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4003.en.html + Saal 2 + Lepht Anonym + + + PUBLISH + 4067@27C3@pentabarf.org + 4067 + data_analysis_in_terabit_ethernet_traffic + Data Analysis in Terabit Ethernet Traffic + Solutions for monitoring and lawful interception within a lot of bits + English + en + 20101230T140000 + 20101230T150000 + 01H00M00S + Data Analysis in Terabit Ethernet Traffic- Solutions for monitoring and lawful interception within a lot of bits + Network traffic grows faster than monitoring and analysis tools can handle. During the last two years a couple of appliances hit the market which help in finding the “bits of interest”. Recently installed strategies and solutions for carriers, banks or lawful interception organizations will be discussed as examples. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4067.en.html + Saal 3 + Lars Weiler + + + PUBLISH + 4231@27C3@pentabarf.org + 4231 + datenrettung_fun_with_hard_drives + Data Recovery Techniques + Fun with Hard Drives + English + en + 20101228T214500 + 20101228T224500 + 01H00M00S + Data Recovery Techniques- Fun with Hard Drives + Data recovery has always been an area of myths. This lecture will lift some of their covers. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4231.en.html + Saal 3 + Peter Franck + + + PUBLISH + 4190@27C3@pentabarf.org + 4190 + data_retention_in_the_eu + Data Retention in the EU five years after the Directive + Why the time is now to get active + English + en + 20101227T203000 + 20101227T213000 + 01H00M00S + Data Retention in the EU five years after the Directive- Why the time is now to get active + 2011 will again be a crucial year in the battle against data retention and blanket surveillance. The EU Commission is planning to publish its review of the directive in December (right in time before 27C3), and the lobbying and PR battle has already begun. In six months from now, we will see the legislative proposal from the EU commission for the revision of data retention. + +The talk will give a full picture of the legal state of play, what is going on in Brussels, what is already being done and of course where you can help. The speakers are closely involved in the process on the European and national level. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4190.en.html + Saal 1 + axel + Katarzyna Szymielewicz + Patrick Breyer + Ralf Bendrath + + + PUBLISH + 4123@27C3@pentabarf.org + 4123 + defense_is_not_dead + Defense is not dead + Why we will have more secure computers - tomorrow + English + en + 20101228T183000 + 20101228T193000 + 01H00M00S + Defense is not dead- Why we will have more secure computers - tomorrow + The security model of our current computer architectures - kernel in ring 0, processes in ring 3 - goes back to the early 70s. However, science hasn't stopped. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4123.en.html + Saal 2 + Andreas Bogk + + + PUBLISH + 4017@27C3@pentabarf.org + 4017 + desktop_on_the_linux + Desktop on the Linux... (and BSD, of course) + you're doing it confused? weird? strange? wrong? + English + en + 20101227T203000 + 20101227T213000 + 01H00M00S + Desktop on the Linux... (and BSD, of course)- you're doing it confused? weird? strange? wrong? + Time to take a look back and under the hood of the current state of FOSS based desktops: The Good, The Bad and The Ugly – Bloat, strange APIs, too much complexity. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4017.en.html + Saal 2 + datenwolf + + + PUBLISH + 4297@27C3@pentabarf.org + 4297 + die_gesamte_technik_ist_sicher + "Die gesamte Technik ist sicher" + Besitz und Wissen: Relay-Angriffe auf den neuen Personalausweis + German + de + 20101227T214500 + 20101227T224500 + 01H00M00S + "Die gesamte Technik ist sicher"- Besitz und Wissen: Relay-Angriffe auf den neuen Personalausweis + Für den neuen elektronischen Personalausweis sind drei verschiedene Lesegeräteklassen spezifiziert, von denen die einfachste bereits einige Kritik erfahren hat. Nach der Diskussion um die Sicherheit des Personalausweises stellt sich die Frage: Können zertifizierte Lesegeräte den neuen Ausweis schützen? + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4297.en.html + Saal 1 + Dominik Oepen + Frank Morgner + + + PUBLISH + 4085@27C3@pentabarf.org + 4085 + digitale_spaltung_per_gesetz + Digitale Spaltung per Gesetz + Das Internet und geschaffene soziale Ungleichheit im Alltag von Erwerbslosen + German + de + 20101229T203000 + 20101229T213000 + 01H00M00S + Digitale Spaltung per Gesetz- Das Internet und geschaffene soziale Ungleichheit im Alltag von Erwerbslosen + Hartz IV-Empfangende brauchen keine internetfähigen Computer, weil sie Fernseher haben. Dieser Ansicht sind deutsche Sozialgerichte und forcieren damit eine digitale Spaltung per Gesetz. Im Zeitalter der digitalen Informations- und Kommunikationsgesellschaft mutet dieser Umstand absurd an, aber eine breite öffentlichkeitswirksame Debatte steht bisher aus. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4085.en.html + Saal 2 + Betje Schwarz + Doris Gerbig + Kathrin Englert + + + PUBLISH + 4203@27C3@pentabarf.org + 4203 + distributed_fpga_number_crunching_for_the_masses + Distributed FPGA Number Crunching For The Masses + How we obtained the equivalent power of a Deep Crack for a fistful of dollars - and how the community can benefit from this + English + en + 20101228T113000 + 20101228T123000 + 01H00M00S + Distributed FPGA Number Crunching For The Masses- How we obtained the equivalent power of a Deep Crack for a fistful of dollars - and how the community can benefit from this + In 1998, the EFF built "Deep Crack", a machine designed to perform a walk over DES's 56-bit keyspace in nine days, for $250.000. With today's FPGA technology, a cost decrease of 25x can be achieved, as the copacobana project has shown. If that's still too much, two approaches should be considered: Recycling hardware and distributed computing. This talk will be about combining both approaches for the greater good. + + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4203.en.html + Saal 2 + Felix Domke + + + PUBLISH + 4006@27C3@pentabarf.org + 4006 + diy_synthesizers_and_sound_generators + DIY synthesizers and sound generators + Where does the sound come from? + English + en + 20101229T160000 + 20101229T170000 + 01H00M00S + DIY synthesizers and sound generators- Where does the sound come from? + At least if you have used all the features of a synthesizer, you probably ask the questions: "How can I modify it? How can I build a synthesizer myself? What features do I personally need?" + +This talk covers this topic from a theoretical and technical point of view. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4006.en.html + Saal 2 + Sylwester + + + PUBLISH + 4111@27C3@pentabarf.org + 4111 + eins_zwei_drei_alle_sind_dabei + Eins, zwei, drei - alle sind dabei + Von der Volkszählung zum Bundesmelderegister + German + de + 20101227T160000 + 20101227T170000 + 01H00M00S + Eins, zwei, drei - alle sind dabei- Von der Volkszählung zum Bundesmelderegister + Neben einer kurzen Einführung in die Problematik des Zensus 2011, soll es in dem Vortrag auch über die CCC Stellungnahmen für mehrere Landetage gehen. Weiterhin geht es auch um die mittlerweile abgewiesene Verfassungsbeschwerde des AK Zensus sowie weitere Möglichkeiten "was zu machen". + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4111.en.html + Saal 2 + Oliver "Unicorn" Knapp + + + PUBLISH + 4099@27C3@pentabarf.org + 4099 + file_print_electronics + File -> Print -> Electronics + A new circuit board printer will liberate you from the Arduino-Industrial Complex + English + en + 20101228T113000 + 20101228T123000 + 01H00M00S + File -> Print -> Electronics- A new circuit board printer will liberate you from the Arduino-Industrial Complex + Are you ready to wake up from the cult of Arduino? Tired of plugging together black-box pre-built modules like a mindless drone, copying and pasting in code you found on Hackaday? You've soldered together your TV-Be-Gone, built your fifth Minty Boost, and your bench is awash with discarded Adafruit packaging and Make magazines. It's time to stop this passive consumption. It's time to create something that is truly yours. It's time, my friend, to design your first circuit board. And you'll need a machine to print it. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4099.en.html + Saal 1 + Jeff Gough + + + PUBLISH + 4070@27C3@pentabarf.org + 4070 + fnord_jahresrueckblick_2010 + Fnord-Jahresrückblick 2010 + von Atomausstieg bis Zwangsintegration + German + de + 20101229T214500 + 20101229T224500 + 01H00M00S + Fnord-Jahresrückblick 2010- von Atomausstieg bis Zwangsintegration + Auch dieses Jahr werden wir uns wieder bemühen, Euch mit einem Rückblick auf die Fnords des Jahres zu unterhalten. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4070.en.html + Saal 1 + Felix von Leitner + Frank Rieger + + + PUBLISH + 4334@27C3@pentabarf.org + 4334 + fnord_jahresrueckblick_2010_translation + Fnord-Jahresrückblick 2010 (english translation) + von Atomausstieg bis Zwangsintegration + English + en + 20101229T214500 + 20101229T224500 + 01H00M00S + Fnord-Jahresrückblick 2010 (english translation)- von Atomausstieg bis Zwangsintegration + Auch dieses Jahr werden wir uns wieder bemühen, Euch mit einem Rückblick auf die Fnords des Jahres zu unterhalten. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4334.en.html + Saal 2 + Felix von Leitner + Frank Rieger + + + PUBLISH + 4164@27C3@pentabarf.org + 4164 + friede_sei_mit_euren_daten + Friede sei mit Euren Daten + Ein datenschutzrechtlicher Ausflug in ein kirchliches Parelleluniversum + German + de + 20101227T171500 + 20101227T181500 + 01H00M00S + Friede sei mit Euren Daten- Ein datenschutzrechtlicher Ausflug in ein kirchliches Parelleluniversum + Bundesdeutscher und kirchlicher Datenschutz führen eine Parallelexistenz. Während das Bundesdatenschutzgesetz von der Öffentlichkeit wahrgenommen und kritisch begleitet wird, ist den Wenigsten überhaupt klar, dass es auch einen vom BDSG losgelösten Datenschutz innerhalb der Kirchen gibt, der sich in einigen wichtigen Punkten vom staatlichen unterscheidet. Dieser Vortrag soll das Bewusstsein für ein Recht wecken, von dem sechzig Prozent der Deutschen betroffen sind – oft ohne es zu wissen. Praxisbeispiele und Tipps inbegriffen. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4164.en.html + Saal 2 + Jochim Selzer + + + PUBLISH + 4175@27C3@pentabarf.org + 4175 + from_robot_to_robot + From robot to robot + Restoring creativity in school pupils using robotics + English + en + 20101227T124500 + 20101227T134500 + 01H00M00S + From robot to robot- Restoring creativity in school pupils using robotics + Today, hacking is reserved for the microscopic fraction of the population who manage to shake themselves free of the suppressive education regime. Student Robotics is the beginning of the solution. By fostering creativity through competition to solve engineering challenges, we provide the inspiration society desperately needs. We develop an open platform for robotics and provide it to schools to open students' minds to the world of hacking. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4175.en.html + Saal 3 + Robert Spanton + + + PUBLISH + 4018@27C3@pentabarf.org + 4018 + frozencache + FrozenCache + Mitigating cold-boot attacks for Full-Disk-Encryption software + English + en + 20101229T230000 + 20101230T000000 + 01H00M00S + FrozenCache- Mitigating cold-boot attacks for Full-Disk-Encryption software + Cold boot attacks are a major risk for the protection that Full-Disk-Encryption solutions provide. FrozenCache is a general-purpose solution to this attack for x86 based systems that employs a special CPU cache mode known as "Cache-as-RAM". Switching the CPU cache into a special mode forces data to held exclusively in the CPU cache and not to be written to the backing RAM locations, thus safeguarding data from being obtained from RAM by means of cold boot attacks. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4018.en.html + Saal 3 + Juergen Pabel + + + PUBLISH + 4141@27C3@pentabarf.org + 4141 + hacker_jeopardy + Hacker Jeopardy + Number guessing for geeks + German + de + 20101229T230000 + 20101230T010000 + 02H00M00S + Hacker Jeopardy- Number guessing for geeks + The Hacker Jeopardy is a quiz show. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4141.en.html + Saal 1 + Ray + Stefan 'Sec' Zehl + + + PUBLISH + 4333@27C3@pentabarf.org + 4333 + hacker_jeopardy_translation + Hacker Jeopardy (english translation) + Number guessing for geeks + English + en + 20101229T230000 + 20101230T010000 + 02H00M00S + Hacker Jeopardy (english translation)- Number guessing for geeks + The Hacker Jeopardy is a quiz show. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4333.en.html + Saal 2 + + + PUBLISH + 3983@27C3@pentabarf.org + 3983 + hackers_and_computer_science + Hackers and Computer Science + What hacker research taught me + English + en + 20101230T134500 + 20101230T141500 + 00H30M00S + Hackers and Computer Science- What hacker research taught me + Although most academics and industry practitioners regard "hacking" as mostly ad-hoc, a loose collection of useful tricks essentially random in nature, I will argue that hacking has in fact become a "distinct research and engineering discipline" with deep underlying engineering ideas and insights. Although not yet formally defined as such, it are these ideas and insights that drive the great contributions that hacking has been making to our understanding of computing, including the challenges of handling complexity, composition, and security in complex systems. I will argue that hacking uncovers and helps to understand (and teach) fundamental issues that go to the heart of Computer Science as we know it, and will try to formulate several such fundamental principles which I have learned from hacker research. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/3983.en.html + Saal 2 + Sergey + + + PUBLISH + 4176@27C3@pentabarf.org + 4176 + hacking_ibuttons + Hacking iButtons + + German + de + 20101227T203000 + 20101227T213000 + 01H00M00S + Hacking iButtons + + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4176.en.html + Saal 3 + Christian Brandt + + + PUBLISH + 4265@27C3@pentabarf.org + 4265 + hacking_smart_phones + hacking smart phones + expanding the attack surface and then some + English + en + 20101227T183000 + 20101227T193000 + 01H00M00S + hacking smart phones- expanding the attack surface and then some + There's been a fair bit written and presented about smartphone's, and yet, when it comes to the attack surface of the operating systems running on them, and the applications running on top of those, much still has to be explorer. This talk will dive a bit deeper into that attack surface. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4265.en.html + Saal 2 + Ilja van Sprundel + + + PUBLISH + 4193@27C3@pentabarf.org + 4193 + having_fun_with_rtp + Having fun with RTP + „Who is speaking???“ + English + en + 20101230T171500 + 20101230T181500 + 01H00M00S + Having fun with RTP- „Who is speaking???“ + A lot of people are interested and involved in voice over IP security. Most of the effort is concentrated on the security of the signalling protocols. This talk is focussing on the security of the voice part involved in todays voice over IP world. It is the result of the questions that I had to ask myself while i was debugging audio quality problems of customers and implementing a RTP stack from scratch. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4193.en.html + Saal 3 + kapejod + + + PUBLISH + 4295@27C3@pentabarf.org + 4295 + high_speed_high_security_cryptography + High-speed high-security cryptography: encrypting and authenticating the whole Internet + + English + en + 20101228T203000 + 20101228T213000 + 01H00M00S + High-speed high-security cryptography: encrypting and authenticating the whole Internet + Are you writing a program that sends data through the Internet? Are you sending the data through HTTP, or SMTP, or simply TCP, leaving it vulnerable to espionage, corruption, and sabotage by anyone who owns a machine connected to the same network? + +You can use SSH and IPsec to protect communication with your own machines, but how do you talk to the rest of the Internet? You can use TCPcrypt to protect yourself against attackers too lazy to forge packets, but how do you protect yourself against serious attackers? You can use HTTPS for low-frequency communication, but how do you handle heavy network traffic, and how do you protect yourself against the security flaws in HTTPS? Today's Internet cryptography is slow, untrustworthy, hard to use, and remarkably unsuccessful as a competitor to good old unprotected TCP. + +This talk will present a different approach to high-security Internet cryptography. This approach is easy for users, easy for system administrators, and, perhaps most importantly, easy for programmers. The main reason that the approach has not been tried before is that it seems to involve very slow cryptographic operations; this talk will show that the approach is extremely fast when it is done right. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4295.en.html + Saal 1 + Daniel J. Bernstein + + + PUBLISH + 4301@27C3@pentabarf.org + 4301 + flow_analysis_of_internet_activities + How the Internet sees you + demonstrating what activities most ISPs see you doing on the Internet + English + en + 20101230T160000 + 20101230T170000 + 01H00M00S + How the Internet sees you- demonstrating what activities most ISPs see you doing on the Internet + On the Internet one tends to think that one is pretty much safe from poking eyes. Taps in most countries can only be established after a judge has issued a warrant, thus upto such a tap is succesfully deployed one might think one is pretty much in the clear. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4301.en.html + Saal 1 + Jeroen Massar + + + PUBLISH + 4089@27C3@pentabarf.org + 4089 + ich_sehe_nicht_dass_wir_nicht_zustimmen_werden + Ich sehe nicht, dass wir nicht zustimmen werden + Die Sprache des politischen Verrats und seiner Rechtfertigung + German + de + 20101230T124500 + 20101230T134500 + 01H00M00S + Ich sehe nicht, dass wir nicht zustimmen werden- Die Sprache des politischen Verrats und seiner Rechtfertigung + Der Vortrag zeigt auf, wie sich Politiker rechtfertigen, wenn sie gegen ihre Argumentation und die Überzeugungen entscheiden oder handeln, für die sie stehen. Es ergibt sich dabei eine extreme Zwangslage, denn es ist oft nicht so einfach möglich, die zuvor vorgebrachten Argumente aufzugeben. Also muss auf Leerformeln, Nebelkerzen, Scheinargumente und spezielle grammatische Mittel zurückgegriffen werden, die die Regresspflicht mindern (Konjunktive, doppelte Verneinungen, Modalpartikeln usw.); dabei sind Kunstgriffe nötig, die über die inzwischen hinlänglich bekannte Leyen-Rhetorik hinausgehen. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4089.en.html + Saal 1 + maha/Martin Haase + + + PUBLISH + 4149@27C3@pentabarf.org + 4149 + i_control_your_code + I Control Your Code + Attack Vectors Through the Eyes of Software-based Fault Isolation + English + en + 20101228T140000 + 20101228T150000 + 01H00M00S + I Control Your Code- Attack Vectors Through the Eyes of Software-based Fault Isolation + Unsafe languages and an arms race for new bugs calls for an additional line of defense in software systems. User-space virtualization uses dynamic instrumentation to detect different attack vectors and protects from the execution of malicious code. An additional advantage of these virtualization systems is that they can be used to analyze different exploits step by step and to extract the exploit code from a running program. + +This talk explains the concept of different attack vectors (stack buffer overflows, format string attacks, return to libc attacks, race attacks / TOCTTOU, integer overflows, heap buffer overflows, and code anomalies). For each of these attack vectors we show possible exploits and explain how the virtualization system is able to detect and prevent the exploit. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4149.en.html + Saal 3 + Mathias Payer + + + PUBLISH + 4084@27C3@pentabarf.org + 4084 + ignorance_and_peace_narratives_in_cyberspace + Ignorance and Peace Narratives in Cyberspace + Cloud Computing, Assessment, and Fools like Me. + English + en + 20101229T134500 + 20101229T141500 + 00H30M00S + Ignorance and Peace Narratives in Cyberspace- Cloud Computing, Assessment, and Fools like Me. + This paper explores the challenges of being proactive with existing and future data mining possibilities when facing the realities of institutional expectations for assessment and when facing the fact that one’s own understanding of cyber capabilities is less than ideal. This paper discusses the current assessment cyber resources, trends, and pressures within USA academic institutions and the challenges of reactive/proactive labor in the midst of multiple levels of technological/informational literacies amongst administrators. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4084.en.html + Saal 2 + Angela Crow + + + PUBLISH + 4206@27C3@pentabarf.org + 4206 + immi_from_concept_to_reality + IMMI, from concept to reality + The Icelandic Modern Media Initiative and our need for a well-regulated flow of information + English + en + 20101229T171500 + 20101229T181500 + 01H00M00S + IMMI, from concept to reality- The Icelandic Modern Media Initiative and our need for a well-regulated flow of information + The talk will give an update on the status of the Icelandic Modern Media Initiative. If we put IMMI into the context of the bus Rop talked about in the keynote, then IMMI is the quality rubber for the tires that can ride that road safely. It is part of what our bus should look like, ride like, feel like. The talk will also try to define some more of that bus, and elaborate on what else we need apart from the best rubber we can get. + +The talk will hence deal with some of the latest developments in respect to freedom of speech, specifically that of the press, and political pressure being excersized on it, roles and responsibilities, and the role of responsibility. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4206.en.html + Saal 1 + Daniel Domscheit-Berg + + + PUBLISH + 4237@27C3@pentabarf.org + 4237 + indect_eu_surveillance_project + INDECT - an EU-Surveillance Project + + English + en + 20101229T183000 + 20101229T193000 + 01H00M00S + INDECT - an EU-Surveillance Project + INDECT + +The acronym stands for Intelligent Information System Supporting Observation, Searching and Detection for Security of Citizens in Urban Environment. +A total of 17 partners in nine member states are developing an infrastructure for linking existing surveillance technologies to form one mighty instrument for controlling the people. They are laying the foundation of a European police state, since INDECT's results serve to increase the effectiveness of police operation on the national and European level. +INDECT is funded under the European Commission's Seventh Framework Programme (FP7), the security-related research of which provides € 1.4 billion Euro for more than 60 partly interlaced projects. + + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4237.en.html + Saal 2 + Sylvia Johnigk + + + PUBLISH + 4236@27C3@pentabarf.org + 4236 + international_cyber_jurisdiction + International Cyber Jurisdiction + Kill Switching” Cyberspace, Cyber Criminal Prosecution & Jurisdiction Hopping + English + en + 20101230T160000 + 20101230T170000 + 01H00M00S + International Cyber Jurisdiction- Kill Switching” Cyberspace, Cyber Criminal Prosecution & Jurisdiction Hopping + Concepts of sovereignty, freedom, privacy and intellectual property become amorphous when discussing territories that only exists as far as the Internet connects. International cyber jurisdiction is supported by a complicated web of international law and treaties. Jurisdiction hopping, a technique that is becoming popular for controversial content, is one we have used for the U.S. 1st Amendment censorship-resistant and non-profit hosting company, Project DOD, by using PRQ's services in Sweden. This technique is used to place assets in a diverse, but accessible, web of countries in which that content may be legal in the hosting country, but may have legal complications in the country in which it is accessed. As ownership and protection of property becomes a concept that is difficult to maintain across boundaries that are not easily distinguishable, can the U.S. "kill-switch" parts of the Internet and under what authority can it be done? Similarly, the geographic challenges to international cyber criminal law – and the feasibility of new sovereign nations – will be analyzed. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4236.en.html + Saal 2 + TiffanyRad + + + PUBLISH + 4121@27C3@pentabarf.org + 4121 + is_the_ssliverse_a_safe_place + Is the SSLiverse a safe place? + An update on EFF's SSL Observatory project + English + en + 20101228T160000 + 20101228T170000 + 01H00M00S + Is the SSLiverse a safe place?- An update on EFF's SSL Observatory project + The EFF SSL Observatory has collected a dataset of all TLS/HTTPS certificates visible on the public web. We discuss this dataset - what we have learned from it, how you can use it, and how intend to offer a live, continually updated version of it. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4121.en.html + Saal 2 + Jesse + Peter Eckersley + + + PUBLISH + 4011@27C3@pentabarf.org + 4011 + embedded_reverse_engineering + JTAG/Serial/FLASH/PCB Embedded Reverse Engineering Tools and Techniques + a dump of simple tools for embedded analysis at many layers + English + en + 20101227T140000 + 20101227T150000 + 01H00M00S + JTAG/Serial/FLASH/PCB Embedded Reverse Engineering Tools and Techniques- a dump of simple tools for embedded analysis at many layers + Bring your target. Will release a slew of simple tools that explore attack surfaces and explain of how to use: jtag/serial scanners, parallel flash dumper, DePCB board routing analysis. So, crossover from software RE and start hacking/improving like its 1996 again. (full documentation and reference at: http://events.ccc.de/congress/2010/wiki/Embedded_Analysis) + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4011.en.html + Saal 3 + Nathan Fain + Vadik + + + PUBLISH + 4296@27C3@pentabarf.org + 4296 + lightning_days_d2 + Lightning Talks - Day 2 + 4 minutes of fame + English + en + 20101228T124500 + 20101228T134500 + 01H00M00S + Lightning Talks - Day 2- 4 minutes of fame + 4 minutes for every speaker. Learn about the good, the bad, and the ugly - in software, hardware, projects, and more. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4296.en.html + Saal 3 + Nick Farr + + + PUBLISH + 4239@27C3@pentabarf.org + 4239 + lightning_talks_d3 + Lightning Talks - Day 3 + where is my community? + English + en + 20101229T113000 + 20101229T134500 + 02H15M00S + Lightning Talks - Day 3- where is my community? + 4 minutes for every speaker. Learn about the good, the bad, and the ugly - in software, hardware, projects, and more. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4239.en.html + Saal 3 + Nick Farr + + + PUBLISH + 4300@27C3@pentabarf.org + 4300 + lightning_talks_d4 + Lightning Talks - Day 4 + where is my community? + English + en + 20101230T113000 + 20101230T134500 + 02H15M00S + Lightning Talks - Day 4- where is my community? + 4 minutes for every speaker. Learn about the good, the bad, and the ugly - in software, hardware, projects, and more. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4300.en.html + Saal 3 + Nick Farr + + + PUBLISH + 4195@27C3@pentabarf.org + 4195 + literarischer_abend + Literarischer Abend + + German + de + 20101228T171500 + 20101228T181500 + 01H00M00S + Literarischer Abend + Ein literarischer Abend im Quartett. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4195.en.html + Saal 2 + Andreas Lehner + Lars + + + PUBLISH + 4073@27C3@pentabarf.org + 4073 + logikschaltungen_ohne_elektronik + Logikschaltungen ohne Elektronik + logische Schaltungen mit Pneumatik + German + de + 20101228T143000 + 20101228T150000 + 00H30M00S + Logikschaltungen ohne Elektronik- logische Schaltungen mit Pneumatik + Ein kurzer Überblick über mechanische und strömungstechnische Logikschaltungen und Computer + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4073.en.html + Saal 2 + Äpex + xif + + + PUBLISH + 4210@27C3@pentabarf.org + 4210 + lying_to_the_neighbours + Lying To The Neighbours + Nasty effects with tracker-less BitTorrent + English + en + 20101228T130000 + 20101228T133000 + 00H30M00S + Lying To The Neighbours- Nasty effects with tracker-less BitTorrent + Distributed Hash Tables implement Routing and Addressability in large P2P networks. In the Kademlia adaption for Bittorrent a peer's address (NodeID) is to be generated randomly, or more appropriate: arbitrarily. Because randomness isn't verifiable, an implementation can advertise itself with popular NodeIDs or even change them on a per-packet basis. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4210.en.html + Saal 2 + Astro + + + PUBLISH + 4081@27C3@pentabarf.org + 4081 + netzmedienrecht_lobbyismus_korruption + Netzmedienrecht, Lobbyismus und Korruption + Wie wirkt die Lobby von Medienkonzernen? + German + de + 20101228T171500 + 20101228T181500 + 01H00M00S + Netzmedienrecht, Lobbyismus und Korruption- Wie wirkt die Lobby von Medienkonzernen? + Die Mediennutzung, aber auch ihre Verwaltung und Vergütung, also ihr Management, müssen an eine digitale Netzwelt angepasst werden. Wie ist der Stand der juristischen Auseinandersetzung um die Rechte von Urhebern, Verwertern und Nutzern von Medieninhalten? Wie und wo setzen sich starke Wirtschaftsinteressen mit Lobbygruppen durch? + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4081.en.html + Saal 3 + Thomas Barth + + + PUBLISH + 4094@27C3@pentabarf.org + 4094 + netzneutralitaet_und_qos + Netzneutralität und QoS - ein Widerspruch? + Fakten auf den Tisch + German + de + 20101227T183000 + 20101227T200000 + 01H30M00S + Netzneutralität und QoS - ein Widerspruch?- Fakten auf den Tisch + Geht es mit der Netzneutralität zu Ende? Was haben wir den Lobbyisten und PR-Leuten der Telekommunikationsunternehmen argumentativ entgegenzusetzen? Was sind die Fakten, was gehört ins Reich der Mythen? + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4094.en.html + Saal 1 + Andreas Bogk + Falk Lüke + scusi + Uli Blumenthal + + + PUBLISH + 4261@27C3@pentabarf.org + 4261 + key_recovery_attacks_rc4 + News Key Recovery Attacks on RC4/WEP + + English + en + 20101230T171500 + 20101230T181500 + 01H00M00S + News Key Recovery Attacks on RC4/WEP + In this paper, we present several weaknesses in the stream cipher RC4. +First, we present a technique to automatically reveal linear +correlations in the PRGA of RC4. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4261.en.html + Saal 2 + Martin Vuagnoux + + + PUBLISH + 4142@27C3@pentabarf.org + 4142 + nodejs_as_a_networking_tool + Node.js as a networking tool + + English + en + 20101228T134500 + 20101228T141500 + 00H30M00S + Node.js as a networking tool + Node.js is a library that provides non-blocking I/O for Google's V8 JavaScript engine. This talk explores node's suitability for a diverse range of networking applications. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4142.en.html + Saal 2 + Felix Geisendörfer + + + PUBLISH + 4221@27C3@pentabarf.org + 4221 + omg_wtf_pdf + OMG WTF PDF + What you didn't know about Acrobat + English + en + 20101230T113000 + 20101230T123000 + 01H00M00S + OMG WTF PDF- What you didn't know about Acrobat + Ambiguities in the PDF specification means that no two PDF parsers will see a file in the same way. This leads to many opportunities for exploit obfuscation. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4221.en.html + Saal 1 + Julia Wolf + + + PUBLISH + 4339@27C3@pentabarf.org + 4339 + openleaks + OpenLeaks + + English + en + 20101230T160000 + 20101230T170000 + 01H00M00S + OpenLeaks + + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4339.en.html + Saal 3 + Daniel Domscheit-Berg + + + PUBLISH + 4143@27C3@pentabarf.org + 4143 + parttimescientists + Part-Time Scientists + One year of Rocket Science! + English + en + 20101228T160000 + 20101228T170000 + 01H00M00S + Part-Time Scientists- One year of Rocket Science! + The Part-Time Scientists is an international team of Scientists and Engineers participating in the first private race to the moon, the Google Lunar X-Prize. Our approach to win this competition is quite unique as everyone involved really is a part-time scientist. + +In our presentation we will present our latest lunar rover, lander, electronic and communications developments. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4143.en.html + Saal 1 + Karsten Becker + Robert Boehme + + + PUBLISH + 4253@27C3@pentabarf.org + 4253 + pentanews_game_show + Pentanews Game Show + Your opponents will be riddled as well + English + en + 20101228T001500 + 20101228T011500 + 01H00M00S + Pentanews Game Show- Your opponents will be riddled as well + Out of the news section of the [C3D2](http://www.c3d2.de "CCC Dresden") [radio programme](http://www.pentamedia.org/pentaradio Pentaradio24) we've compiled an entertaining game show, an Internet-based multiplayer "Who becomes millionaire?" challenge. The audience and folks on the peace missions are asked to help the players. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4253.en.html + Saal 1 + Alien8 + Astro + + + PUBLISH + 4326@27C3@pentabarf.org + 4326 + radio_der_zukunft + Radio der Zukunft + Was kommt nach dem analogen Radio? + German + de + 20101229T140000 + 20101229T150000 + 01H00M00S + Radio der Zukunft- Was kommt nach dem analogen Radio? + Radio – das ist eine der wenigen elektronischen Medientechnologien, die den Sprung in die digitale Ära noch nicht richtig geschafft hat. Während die Fernsehverbreitung schon fast vollständig per volldigitalen Systemen wie DVB-T stattfindet, bleiben die Radiosender dem guten alten Analog-Funk auf UKW treu. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4326.en.html + Saal 1 + Peter Welchering + Ralph Müller-Schmid + Tim Pritlove + Willi Steul + + + PUBLISH + 3957@27C3@pentabarf.org + 3957 + ipv6_insecurities + Recent advances in IPv6 insecurities + + English + en + 20101227T214500 + 20101227T224500 + 01H00M00S + Recent advances in IPv6 insecurities + New protocol features have been proposed and implemented in the last 5 years and ISPs are now slowly starting to deploy IPv6. This talk starts with a brief summary of the issues presented five years ago, and then expands on the new risks. +Discovered implemention security issues in Windows 7/2008, Linux and Cisco will be shown too. Comes with a GPL'ed toolkit: thc-ipv6 + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/3957.en.html + Saal 2 + vanHauser + + + PUBLISH + 4036@27C3@pentabarf.org + 4036 + reverse_engineering_a_real_word_rfid_payment_system + Reverse Engineering a real-world RFID payment system + Corporations enabling citizens to print digital money + English + en + 20101229T203000 + 20101229T213000 + 01H00M00S + Reverse Engineering a real-world RFID payment system- Corporations enabling citizens to print digital money + How to reverse engineer the data format of a real-world RFID based debit card system. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4036.en.html + Saal 3 + Harald Welte + + + PUBLISH + 4159@27C3@pentabarf.org + 4159 + reverse_engineering_mos_6502 + Reverse Engineering the MOS 6502 CPU + 3510 transistors in 60 minutes + English + en + 20101228T124500 + 20101228T134500 + 01H00M00S + Reverse Engineering the MOS 6502 CPU- 3510 transistors in 60 minutes + The MOS 6502 CPU, which was designed in 1975 and powered systems like the Apple II, the Atari 2600, the Nintendo NES and the Commodore 64 for two decades, has always been subject to intense reverse engineering of its inner workings. Only recently, the Visual6502.org project has converted a hi-res die-shot of the 6502 into a polygon model suitable for visually simulating the original mask at the transistor level. This talk will present the way from a chip package to a digital representation, how to simulate transistors in software, and new insights gained form this research about 6502 internals, like "illegal" opcodes. + + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4159.en.html + Saal 1 + Michael Steil + + + PUBLISH + 4082@27C3@pentabarf.org + 4082 + sap_landscape + Rootkits and Trojans on Your SAP Landscape + SAP Security and the Enterprise + English + en + 20101227T230000 + 20101228T000000 + 01H00M00S + Rootkits and Trojans on Your SAP Landscape- SAP Security and the Enterprise + SAP systems are the heart of many enterprises. Most critical business functions run on SAP Applications and the complexity of these systems makes it very difficult to protect against attackers. Default setups, forgotten/unimplemented security configurations, weak password management and change processes that apply to one ‘unimportant’ system can result in complete compromise of the SAP landscape. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4082.en.html + Saal 3 + Ertunga Arsal + + + PUBLISH + 3952@27C3@pentabarf.org + 3952 + running_your_own_gsm_stack_on_a_phone_osmocombb + Running your own GSM stack on a phone + Introducing Project OsmocomBB + English + en + 20101229T183000 + 20101229T193000 + 01H00M00S + Running your own GSM stack on a phone- Introducing Project OsmocomBB + In recent years, we have seen several Free Software projects implementing the network side of the GSM protocol. In 2010, OsmocomBB was started to create a free software implementation of the telephone-side. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/3952.en.html + Saal 1 + Harald Welte + Steve Markgraf + + + PUBLISH + 4183@27C3@pentabarf.org + 4183 + safety_on_open_sea + Safety on the Open Sea + Safe navigation with the aid of an open sea chart. + English + en + 20101229T160000 + 20101229T170000 + 01H00M00S + Safety on the Open Sea- Safe navigation with the aid of an open sea chart. + In maritime shipping accurate positioning is vital to preserve damage to life, ship, and goods. Today, we might tend to think that this problem is sufficiently solved yet because of the existence of electronic positioning systems like, most notably, the Global Positioning System (GPS) or the Russian counterpart GLONASS. This is wrong. Positions in terms of latitude and longitude just make sense together with an accurate sea chart (and of course, together with a navigator that is able to translate charting data into reality). + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4183.en.html + Saal 3 + Bernhard Fischer + + + PUBLISH + 4138@27C3@pentabarf.org + 4138 + secure_communications_below_the_hearing_threshold + Secure communications below the hearing threshold + Improved approaches for auditive steganography + English + en + 20101228T230000 + 20101229T000000 + 01H00M00S + Secure communications below the hearing threshold- Improved approaches for auditive steganography + Auditive steganography allows for various usage scenarios. In our project we focused on hidden communications in VoIP and GSM in which voice data is typically compressed and transmitted in realtime. A framework has been developed to meet these requirements, providing interfaces for robust steganographic algorithms. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4138.en.html + Saal 2 + Marcus Nutzinger + Rainer Poisel + + + PUBLISH + 4230@27C3@pentabarf.org + 4230 + security_nightmares + Security Nightmares + + German + de + 20101230T171500 + 20101230T181500 + 01H00M00S + Security Nightmares + Was hat sich im letzten Jahr im Bereich IT-Sicherheit getan? Welche neuen Entwicklungen haben sich ergeben? Welche neuen Buzzwords und Trends waren zu sehen? + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4230.en.html + Saal 1 + Frank Rieger + Ron + + + PUBLISH + 4181@27C3@pentabarf.org + 4181 + sip_home_gateways_under_fire + SIP home gateways under fire + Source routing attacks applied to SIP + English + en + 20101229T143000 + 20101229T150000 + 00H30M00S + SIP home gateways under fire- Source routing attacks applied to SIP + The SIP home gateway -- which combines a NAT router, a SIP proxy, and analogue phone adapters -- is the weakest link in a Voice over IP network. SIP's numerous source routing mechanisms share the well-known security weaknesses of IP source routing. The talk discusses possible exploits and countermeasures. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4181.en.html + Saal 2 + Wolfgang Beck + + + PUBLISH + 4060@27C3@pentabarf.org + 4060 + attacking_mobile_phones + SMS-o-Death + From analyzing to attacking mobile phones on a large scale. + English + en + 20101227T171500 + 20101227T181500 + 01H00M00S + SMS-o-Death- From analyzing to attacking mobile phones on a large scale. + Smart phones, everybody has a smart phone! No! Just about 16% of all mobile phones are smart phones! Feature phones are the most common type of mobile phone in the world. Some time ago we decided to investigate the security of feature phones. In this talk we show how we analyzed feature phones for SMS security issues. We show our results and the kind of attacks that are possible with our bugs. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4060.en.html + Saal 1 + Collin Mulliner + Nico Golde + + + PUBLISH + 4125@27C3@pentabarf.org + 4125 + spinning_the_electronic_wheel + Spinning the electronic Wheel + Still the bicycles for the 21th century + German + de + 20101227T230000 + 20101228T000000 + 01H00M00S + Spinning the electronic Wheel- Still the bicycles for the 21th century + Dreieinhalb Jahre nach dem Talk '21st Century digital Bikes' auf dem Camp 2007 ist einiges in der Welt der elektrischen Fortbewegung passiert. Ende 2010 ist ein guter Zeitpunkt, den Stand der Dinge aufzurollen, die Neuigkeiten darzustellen und über eine mehr unschärfer als klarer werdende Zukunft der elektrischen Mobilität zu sprechen. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4125.en.html + Saal 2 + Betty + Gismo C. + + + PUBLISH + 4145@27C3@pentabarf.org + 4145 + spoilers_human_interfaces_airplanes + "Spoilers, Reverse Green, DECEL!" or "What's it doing now?" + Thoughts on the Automation and its Human interfaces on Airplanes + English + en + 20101228T203000 + 20101228T213000 + 01H00M00S + "Spoilers, Reverse Green, DECEL!" or "What's it doing now?"- Thoughts on the Automation and its Human interfaces on Airplanes + Getting the interfaces right to computers controlling complex and dangerous machines such as commercial airliners is crucial. I will present a successful accident analysis method and talk about interface design problems, ideas for solutions, methods for understanding causal control flow. There will be some spectacular aviation accident videos and stories of bad luck, bad design, bad decisions, and a hero that managed to turn a near-catastrophe into an accident without fatalities. + + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4145.en.html + Saal 3 + Bernd Sieker + + + PUBLISH + 4184@27C3@pentabarf.org + 4184 + stanislaw_lem_weltverbesserer + Stanislaw Lem - Der enttäuschte Weltverbesserer + Ein audiovisuelles Live-Feature + German + de + 20101229T001500 + 20101229T011500 + 01H00M00S + Stanislaw Lem - Der enttäuschte Weltverbesserer- Ein audiovisuelles Live-Feature + Man kennt ihn als einen der wichtigsten Science-Fiction-Autoren des zwanzigsten Jahrhunderts. Aber Lem war mehr als das: Als Philosoph und Wissenschaftler konnte er technische Entwicklungen der Menschheit und ihre Auswirkungen sogar voraussehen. Als solcher prägte er viele heute geläufige Begriffe für technische Errungenschaften, die seinerzeit noch gar nicht existierten. Seine teils utopische, teils humoristische und selbstironische Art zu schreiben, brachte ihm weltweit große Popularität ein, seine Bücher erreichten eine Auflage von mehr als 45 Millionen und wurden zum Teil verfilmt. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4184.en.html + Saal 1 + Agata Królikowski + Constanze Kurz + Ina Kwasniewski + Jens-Martin Loebel + Kai Kittler + Marcus Richter + + + PUBLISH + 4097@27C3@pentabarf.org + 4097 + identifizierung_von_netzwerkprotokollen + Techniken zur Identifizierung von Netzwerk-Protokollen + + German + de + 20101228T183000 + 20101228T193000 + 01H00M00S + Techniken zur Identifizierung von Netzwerk-Protokollen + Der Vortrag soll Techniken aufzeigen, mit denen man Netzwerk-Protokolle identifizieren kann, die in Layer 7 des OSI-Modells angesiedelt sind. Alle Techniken - darunter auch die Deep Packet Inspection (DPI) - werden technisch erläutert und kritisch bewertet. + + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4097.en.html + Saal 3 + Florian Adamsky + + + PUBLISH + 4055@27C3@pentabarf.org + 4055 + terrorists_win_exploiting_telecommunications_data + Terrorists Win - Exploiting Telecommunications Data Retention? + + English + en + 20101229T123000 + 20101229T133000 + 01H00M00S + Terrorists Win - Exploiting Telecommunications Data Retention? + Telecommunications data retention (TDR) has become a reality in most +Western countries. Protagonists claim that the collection of massive +amounts of data on the communication behavior of all individuals +within a country would enable law enforcement agencies to exploit +patterns in the stored data to uncover connections between suspects. + + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4055.en.html + Saal 2 + Kay Hamacher + Stefan Katzenbeisser + + + PUBLISH + 4090@27C3@pentabarf.org + 4090 + baseband_apocalypse + The Baseband Apocalypse + all your baseband are belong to us + English + en + 20101228T203000 + 20101228T213000 + 01H00M00S + The Baseband Apocalypse- all your baseband are belong to us + Attack scenarios against mobile phones have thus far concentrated on the application processor. The operating systems running on these processors are getting hardened by vendors as can be seen in the case of Apple's iOS -- the current release uses data execution prevention and code signing. In contrast, the GSM stack running on the baseband processor is neglected. The advent of open-source solutions such as OpenBSC and OpenBTS for running GSM base stations is a game-changer: Malicious base stations are not within the attack model assumed by the GSMA and ETSI. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4090.en.html + Saal 2 + Ralf-Philipp Weinmann + + + PUBLISH + 4201@27C3@pentabarf.org + 4201 + the_concert_a_disconcerting_moment_for_free_culture + "The Concert" + a disconcerting moment for free culture + English + en + 20101228T183000 + 20101228T193000 + 01H00M00S + "The Concert"- a disconcerting moment for free culture + Corey Cerovsek and Julien Quentin, accomplished musicians known worldwide for their classical recital performances, and media artist Alex Antener present something that's not quite an ordinary concert, to draw attention to the importance of the public domain in centuries of classical music tradition. It's both more — and less — than what you might expect to see and hear at a classical concert. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4201.en.html + Saal 1 + Alex Antener + Corey Cerovsek + Julien Quentin + + + PUBLISH + 4174@27C3@pentabarf.org + 4174 + the_hidden_nemesis + The Hidden Nemesis + Backdooring Embedded Controllers + English + en + 20101228T230000 + 20101229T000000 + 01H00M00S + The Hidden Nemesis- Backdooring Embedded Controllers + Want to persistently backdoor a laptop? Backdooring the BIOS is out of the question since your target can dump and diff it? Planting hardware is out of the question as well? Shhhhhhh.. I have something for you: + + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4174.en.html + Saal 3 + Ralf-Philipp Weinmann + + + PUBLISH + 4263@27C3@pentabarf.org + 4263 + resisting_excessive_government_surveillance + The importance of resisting Excessive Government Surveillance + Join me in exposing and challenging the constant violations of our right to privacy + English + en + 20101228T230000 + 20101229T000000 + 01H00M00S + The importance of resisting Excessive Government Surveillance- Join me in exposing and challenging the constant violations of our right to privacy + My name is Nicholas Merrill and I was the plaintiff in a legal case in the US court system where I challenged the FBI’s policy of using a feature of the so-called USA PATRIOT act - what are called “National Security Letters” - to bypass the American Constitution's system of checks and balances and in violation of the United Nations Universal Declaration of Human Rights - in order to obtain protected personal information and to unmask anonymous Internet users. I spent over 6 years not able to speak to anyone (other than my lawyers) about my case - forced to lie to those closest to me due to an FBI gag order that carried a possible 10 year prison sentence for violating it. However the lawsuit resulted in the establishment of two key legal precedents and made changes that affect every Internet worker and Telephone worker in America. I would like to speak to the 27C3 audience in order to tell about my experience and to challenge (and offer my support and assistance to) those individuals who are in a position to challenge government surveillance requests to follow their consciences and do so. + +People who work at Internet Service Providers and Telephone companies as well as IT workers at Universities and private businesses are increasingly likely to encounter government attempts at surveillance. I would like to speak to the CCC regarding my experiences in resisting a National Security Letter and also a “Grand Jury Subpoena” as well as my experience of being gagged by the FBI for nearly 7 years - unable to speak on the subject or identify myself as the plaintiff in the NSL lawsuit. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4263.en.html + Saal 1 + Nicholas Merrill + + + PUBLISH + 4124@27C3@pentabarf.org + 4124 + three_jobs_that_journalists_will_do_in_2050 + Three jobs that journalists will do in 2050 + Why future media may be more powerful (and more subversive) than ever before + English + en + 20101230T140000 + 20101230T150000 + 01H00M00S + Three jobs that journalists will do in 2050- Why future media may be more powerful (and more subversive) than ever before + Print media are dying, but what is rising up to take their place? In this presentation, I'll answer that question by describing three new kinds of jobs for journalists that do not exist in mainstream print media. These jobs are: hacker journalist, data-mining reporter, and crowd engineer. I'll be describing what these jobs entail, and current examples of organizations already employing people to do them. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4124.en.html + Saal 1 + Annalee Newitz + + + PUBLISH + 4098@27C3@pentabarf.org + 4098 + tor_is_peace_software_freedom_is_slavery + Tor is Peace, Software Freedom is Slavery, Wikipedia is Truth + The political philosophy of the Internet + English + en + 20101230T113000 + 20101230T123000 + 01H00M00S + Tor is Peace, Software Freedom is Slavery, Wikipedia is Truth- The political philosophy of the Internet + The Internet began as state-sponsored anarchy, but it is now the tool of first resort for dissidents and propagandists alike. The poster-child project of the Free Software Movement runs on the authority of a single person; the rest clash over the very definition of the word 'free'. A company which pictured itself as smashing Big Brother is now seen as one of the perceived secretive and authoritarian in the industry; and for another, 'Don't Be Evil' is proving to be a challenging motto to live by. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4098.en.html + Saal 2 + Adam + + + PUBLISH + 4234@27C3@pentabarf.org + 4234 + usb_and_libusb + USB and libusb + So much more than a serial port with power + English + en + 20101227T171500 + 20101227T181500 + 01H00M00S + USB and libusb- So much more than a serial port with power + Learn about the benefits and limitations of Universal Serial Bus, how communication works on the bus, how and why the right (and sometimes wrong?) driver can be loaded automatically by the operating system, and find out the easiest way to add USB to your washing machine, toaster, or other favorite appliance. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4234.en.html + Saal 3 + Peter Stuge + + + PUBLISH + 4252@27C3@pentabarf.org + 4252 + von_zensursula_ueber_censilia_zum_kindernet + Von Zensursula über Censilia hin zum Kindernet + Jahresrückblick rund um Internet-Sperren, Sendezeitbegrenzungen im Internet und vermeintlichen Jugendschutz + German + de + 20101227T140000 + 20101227T150000 + 01H00M00S + Von Zensursula über Censilia hin zum Kindernet- Jahresrückblick rund um Internet-Sperren, Sendezeitbegrenzungen im Internet und vermeintlichen Jugendschutz + Nach Zensursula kam Censilia und das Kindernet: 2010 brachte nach den hitzigen Diskussionen um Internet-Sperren und das Zugangserschwerungsgesetz einige neue Entwicklungen – und die Rundfunkkommission der Länder wollte mal wieder den Jugendschutz im Internet angehen. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4252.en.html + Saal 1 + Alvar C. H. Freude + + + PUBLISH + 4185@27C3@pentabarf.org + 4185 + whistleblowing__licht_ins_dunkel + Whistleblowing + Licht ins Dunkel! + German + de + 20101227T160000 + 20101227T170000 + 01H00M00S + Whistleblowing- Licht ins Dunkel! + Whistleblowing als universelles Konzept für mehr Transparenz – oder: über die Rückeroberung der Dunkelräume in Wirtschaft und Politik auch jenseits von Wikileaks. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4185.en.html + Saal 1 + Johannes Ludwig + Whistleblower-Netzwerk + + + PUBLISH + 4208@27C3@pentabarf.org + 4208 + wideband_gsm_sniffing + Wideband GSM Sniffing + + English + en + 20101228T140000 + 20101228T150000 + 01H00M00S + Wideband GSM Sniffing + GSM is still the most widely used security technology in the world with a user base of 5 billion and a quickly growing number of critical applications. 26C3's rainbow table attack on GSM's A5/1 encryption convinced many users that GSM calls should be considered unprotected. The network operators, however, have not woken up to the threat yet. Perhaps the new capabilities to be unleashed this year – like wide-band sniffing and real-time signal processing – will wake them up. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4208.en.html + Saal 1 + Karsten Nohl + Sylvain Munaut + + + PUBLISH + 4338@27C3@pentabarf.org + 4338 + wikileaks_und_mehr + Wikileaks und mehr + Eine Whistleblowerperspektive auf Leaking-Plattformen + German + de + 20101228T113000 + 20101228T123000 + 01H00M00S + Wikileaks und mehr- Eine Whistleblowerperspektive auf Leaking-Plattformen + Als kurzfristiger Ersatz für eine ausgefallenen Vortrag wurde die Entwicklung von Wikileaks kurz nachgezeichnet, bis hin zu den derzeit entstehenden weiteren Leaking-Plattformen. Im Mittelpunkt stand die Frage welchen Nutzen Wikileaks & Co. für Whistleblower bieten, welche Voraussetzungen für ihre anonyme Nutzung bestehen und wie die Entwicklung weitergehen wird. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4338.en.html + Saal 3 + Guido Strack + + + PUBLISH + 4187@27C3@pentabarf.org + 4187 + your_infrastructure_will_kill_you + Your Infrastructure Will Kill You + + English + en + 20101229T183000 + 20101229T193000 + 01H00M00S + Your Infrastructure Will Kill You + The past century our infrastructure has seen both massive expansion and heavy centralization. When it fails, it fails big -- this is the reality of our modern interconnectedness. We live in a world of crumbling bridges and bankrupt states, and our infrastructure will kill us. The people we’re relying on to keep us safe are trying to accomplish long-term risk management with short-term thinking. So, what now? We can't opt out, but we can become more resilient, and we can start thinking about risk differently. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4187.en.html + Saal 3 + Eleanor Saitta + + + PUBLISH + 4209@27C3@pentabarf.org + 4209 + zero_sized_heap_allocations_vulnerability_analysis + Zero-sized heap allocations vulnerability analysis + Applications of theorem proving for securing the windows kernel + English + en + 20101229T214500 + 20101229T224500 + 01H00M00S + Zero-sized heap allocations vulnerability analysis- Applications of theorem proving for securing the windows kernel + The dynamic memory allocator is a fundamental component of modern operating systems, and one of the most important sources of security vulnerabilities. In this presentation, we emphasize on a particular weakness of the heap management that has proven to be the root cause of many escalation of privilege bugs in the windows kernel and other critical remote vulnerabilities in user-land applications. + PUBLIC + CONFIRMED + Lecture + http://events.ccc.de/congress/2010/Fahrplan/events/4209.en.html + Saal 3 + Julien Vanegue + + +