Show filters Hide filters

Refine your search

Publication Year
1-36 out of 167 results
Change view
  • Sort by:
56:38 Chaos Computer Club e.V. English 2017

Type confusion: discovery, abuse, and protection

Type confusion, often combined with use-after-free, is the main attack vector to compromise modern C++ software like browsers or virtual machines. Typecasting is a core principle that enables modularity in C++. For performance, most typecasts are only checked statically, i.e., the check only tests if a cast is allowed for the given type hierarchy, ignoring the actual runtime type of the object. Using an object of an incompatible base type instead of a derived type results in type confusion. Attackers have been abusing such type confusion issues to compromise popular software products including Adobe Flash, PHP, Google Chrome, or Firefox, raising critical security concerns. We discuss the details of this vulnerability type and how such vulnerabilities relate to memory corruption. Based on an LLVM-based sanitizer that we developed, we will show how to discover such vulnerabilities in large software through fuzzing and how to protect yourself against this class of bugs.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
53:47 Chaos Computer Club e.V. English 2017

Deep Learning Blindspots

In the past decade, machine learning researchers and theorists have created deep learning architectures which seem to learn complex topics with little intervention. Newer research in adversarial learning questions just how much “learning" these networks are doing. Several theories have arisen regarding neural network “blind spots” which can be exploited to fool the network. For example, by changing a series of pixels which are imperceptible to the human eye, you can render an image recognition model useless. This talk will review the current state of adversarial learning research and showcase some open-source tools to trick the "black box."
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
1:03:22 Chaos Computer Club e.V. English 2017

Don't stop 'til you feel it

This talk will report on my current research in bringing to bear multiple knowledges on problem spaces around the environment and digital culture, and in so doing questioning both the prevailing knowledge hierarchy and the institutionalisation of knowledge production. To connect with the environment, for instance, do we need to connect with how it feels? This talk draws on works exploring both the marine environment and food, using knowledge from science, art, culture, instinct and history to create happenings and instances that break out the border of "me" and "my environment" to create an empathic response linking what we traditionally consider to be inside and outside. This will be demonstrated in the context of two artistic works - The Coral Empathy Device and Vital | Flows.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
55:01 Chaos Computer Club e.V. English 2017

Microarchitectural Attacks on Trusted Execution Environments

Trusted Execution Environments (TEEs), like those based on ARM TrustZone or Intel SGX, intend to provide a secure way to run code beyond the typical reach of a computer’s operating system. However, when trusted and untrusted code runs on shared hardware, it opens the door to the same microarchitectural attacks that have been exploited for years. This talk provides an overview of these attacks as they have been applied to TEEs, and it additionally demonstrates how to mount these attacks on common TrustZone implementations. Finally, we identify new techniques which allow us to peer within TrustZone TEEs with greater resolution than ever before.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
58:57 Chaos Computer Club e.V. English 2017

Are all BSDs created equally?

In this presentation I start off asking the question „How come there are only a handful of BSD security kernel bugs advisories released every year?“ and then proceed to try and look at some data from several sources.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
55:13 Chaos Computer Club e.V. English 2017

Vintage Computing for Trusted Radiation Measurements and a World Free of Nuclear Weapons

Eliminating nuclear weapons will require trusted measurement systems to confirm authenticity of nuclear warheads prior to their dismantlement. A new idea for such an inspection system is to use vintage hardware (Apple IIe/6502) instead of modern microprocessors, reducing the attack surface through simplicity. In the talk, we present and demo a custom open hardware measurement system based on gamma spectroscopy.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
58:18 Chaos Computer Club e.V. English 2017

Decoding Contactless (Card) Payments

This talk will dive into the techniques and protocols that drive contactless card payments at the Point of Sale. We will explore how Apple Pay works on a technical level and why you are able to 'clone' your credit card onto your phone. Building upon previous C3 talks on the topics of EMV and ICC payments, we will learn about different NFC payment options, why legacy will never die and how the individual card brands have specified their payment workflows.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
46:51 Chaos Computer Club e.V. English 2017

Practical Mix Network Design

We shall explain the renewed interest in mix networks. Like Tor, mix networks protect metadata by using layered encryption and routing packets between a series of independent nodes. Mix networks resist vastly more powerful adversary models than Tor though, including global passive adversaries. In so doing, mix networks add both latency and cover traffic. We shall outline the basic components of a mix network, touch on their roles in resisting active and passive attacks, and discuss how the latency impacts reliability, application design, and user experience.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
45:08 Chaos Computer Club e.V. English 2017

SCADA - Gateway to (s)hell

Small gateways connect all kinds of fieldbusses to IP systems. This talk will look at the (in)security of those gateways, starting with simple vulnerabilities, and then deep diving into reverse-engineering the firmware and breaking the encryption of firmware upgrades. The found vulnerabilities will then be demonstrated live on a portable SCADA system.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
1:47:19 Chaos Computer Club e.V. German 2017

Nougatbytes 11₂

Zwei Teams mit rauchenden Köpfen und ein johlendes Publikum raten sich durch unsere dritte Wortspielhölle der IT, Informatik und digitalen Gesellschaft. Wer bei vielschichtigen (Anm. d. R.: „haarsträubenden“!) Assoziazionsbilderrätseln freudiges Synapsenfunkeln und feuchte Augen bekommt oder aber bei Gehirnschmerz und Um-die-Ecke-Denk-Beulen trotzdem feiert, ist bei uns zu Hause.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: German
30:15 Chaos Computer Club e.V. English 2017

“Nabovarme” opensource heating infrastructure in Christiania

Project “Nabovarme” (meaning “neighbour heating”) has transformed private heating necessity into a social experiment build on OpenSource software/hardware and social empowerment by transforming heat consumers into Nabovarme Users and letting them take ownership to infrastructure and consumption.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
47:24 Chaos Computer Club e.V. German 2017

Netzpolitik in der Schweiz

Gleich in drei Gesetzen drohen Netzsperren. Staatstrojaner und Massenüberwachung bis ins WLAN sind mit der Einführung der Überwachungsgesetze BÜPF und NDG vorgesehen. E-Voting soll auf Biegen und Brechen durchgesetzt werden. Nur garantierte Netzneutralität lässt weiter auf sich warten. Im Vortrag versuchen wir, Einsichten in die aktuellen netzpolitischen Auseinandersetzungen in der Schweiz zu geben und Handlungsmöglichkeiten aufzuzeigen.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: German
32:21 Chaos Computer Club e.V. German 2017

Die Sprache der Überwacher

So intensiv wie 2017 wurde der Themenkomplex rund um Sicherheit und Überwachung in Österreich noch nie diskutiert. Das Thema ist in Hauptabendnachrichten und Leitartikeln angekommen. Die Diskussion rund um die geplante Einführung eines Sicherheitspakets, das sich bei näherer Betrachtung als ein reines Überwachungspaket entpuppt, bietet jede Menge Analysematerial: Öffentlich ausgetauschte (Schein-)Argumente, falsche Analogien und unpassende Sprachbilder haben die Debatte geprägt. In diesem Talk werden die Sprache der so genannten Sicherheitspolitiker (es sind in der Tat nur Männer) analysiert und ihre Argumente auf den Prüfstand gestellt.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: German
45:36 Chaos Computer Club e.V. English 2017

1-day exploit development for Cisco IOS

Year 2017 was rich in vulnerabilities discovered for Cisco networking devices. At least 3 vulnerabilities leading to a remote code execution were disclosed. This talk will give an insight on exploit development process for Cisco IOS for two of the mentioned critical vulnerabilities. Both lead to a full takeover of the target device. Both PowerPC and MIPS architectures will be covered. The presentation will feature an SNMP server exploitation demo.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
1:00:06 Chaos Computer Club e.V. English 2017

Policing in the age of data exploitation

What does policing look like in the age of data exploitation? This is the question we at Privacy International have been exploring for the past two years. Our research has focused on the UK where the population has been used as guinea pigs for ever more invasive modern approaches to policing. In this talk we will discuss our findings with you and avenues for change.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
56:49 Chaos Computer Club e.V. English 2017

Console Security - Switch

Nintendo has a new console, and it's more secure than ever.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
35:03 Chaos Computer Club e.V. English 2017

Low Cost Non-Invasive Biomedical Imaging

An open source biomedical imaging project using electrical impedance tomography. Imagine a world where medical imaging is cheap and accessible for everyone! We'll discuss this current project, how it works, and future directions in medical physics.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
31:19 Chaos Computer Club e.V. English 2017

Running GSM mobile phone on SDR

Since SDR (Software Defined Radio) becomes more popular and more available for everyone, there is a lot of projects based on this technology. Looking from the mobile telecommunications side, at the moment it's possible to run your own GSM or UMTS network using a transmit capable SDR device and free software like OsmoBTS or OpenBTS. There is also the srsLTE project, which provides open source implementation of LTE base station (eNodeB) and moreover the client side stack (srsUE) for SDR. Our talk is about the R&D process of porting the existing GSM mobile side stack (OsmocomBB) to the SDR based hardware, and about the results we have achieved.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
33:21 Chaos Computer Club e.V. English 2017

Watching the changing Earth

For a few decades by now, satellites offer us the tools to observe the whole Earth with a wide variety of sensors. The vast amount of data these Earth observations systems collect enters the public discourse reduced to a few numbers, numbers like 3 or even 300. So, how do we know the amount of ice melting in the arctic or how much rain is falling in the Amazon? Are groundwater aquifers stable or are they are being depleted? Are these regular seasonal changes or is there a trend? How can we even measure these phenomena on a global scale? This talk will provide one possible answer: gravity.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
59:24 Chaos Computer Club e.V. German 2017

All Computers Are Beschlagnahmt

Im August 2017 wurde Indymedia linksunten vom Bundesinnenminister verboten. Rechtsanwältin Kristin Pietrzyk berichtet von den Razzien, von der Zusammenarbeit zwischen Polizei und Geheimdiensten und gibt Einblick in das juristische Vorgehen gegen Verbot und Zensur.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: German
32:32 Chaos Computer Club e.V. English 2017

Think big or care for yourself

In German nursing science the dominant position on emergent technologies demands the removal of machines from caring environments („Entmaschinisierung“). In contrast to this, European research policy heavily focus on developing new health and social technologies to solve societal issues like a skill shortage in nursing. Thinking about technology in nursing science cannot but be conflicted. In this talk we first expose requirements for particularly conceptualizing the application of technological systems in care work settings. Further we will give an overview on main arguments against digital technologies in care with an example of a current research project in the field of Augmented Reality in care work.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
30:48 Chaos Computer Club e.V. German 2017

0en & 1en auf dem Acker

Die Dynamik der globalen Agrarmärkte hat sich in den letzten Jahren verstärkt und birgt neue Herausforderungen für die Landwirte. Hoffnungsträger sind ähnlich wie in anderen Branchen auch Sensor- & Datenverarbeitungstechnik sowie das Internet: Produktionsprozesse steuern sich selbst, Anhänger werden halbautomatisch mittels Bilderkennung beladen, Maschinen kommunizieren mittels Maschinen und Fahrzeuge steuern sich weitestgehend schon jetzt autonom.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: German
1:55:44 Chaos Computer Club e.V. German 2017

Methodisch inkorrekt!

Der IgNobelpreis ist eine Auszeichnung, um wissenschaftliche Leistungen zu ehren, die „Menschen zuerst zum Lachen, dann zum Nachdenken bringen“ („to honor achievements that first make people laugh, and then make them think“). Wir erklären die Preisträger 2017 in gewohnter Minkorrekt-Manier.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: German
31:30 Chaos Computer Club e.V. English 2017

WTFrance

France is part of the top countries trying to destroy encryption, especially through backdoor obligations, global interceptions, and effort to get access to master keys. French law already criminalises the use of encryption, imposing heavier penalties on people using it or regarding them as general suspects. How can we oppose this trend? What political role for developers?
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
29:16 Chaos Computer Club e.V. German 2017

Der netzpolitische Wetterbericht

Deutschland hat gewählt, man weiß nur noch nicht, wer regieren wird. Bis Weihnachten könnte ein Koalitionsvertrag verhandelt worden sein, vielleicht auch später. Was sind die zu erwartenden großen Debatten der neuen Legislaturperiode?
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: German
49:10 Chaos Computer Club e.V. English 2017

Electromagnetic Threats for Information Security

For non specialists, Electromagnetic Pulse weapons (EMP) are fantasy weapons in science fiction movies. Interestingly, the susceptibility of electronic devices to electromagnetic interference has been advertised since the 90’s. Regarding the high integration of sensors and digital systems to control power-grids, telecom networks and automation infrastructures (e.g. Smart-grids, Industrial Control Systems), the intrinsic vulnerability of electronic devices to electromagnetic interference is of fundamental interest. In the context of IT Security, few studies have been carried out to understand how the effects may be a significant issue especially in the far-field region (distance between the transmitter’s antenna and the target with regard to the wavelength/central frequency). Most studies in Emanation Security (EMSEC) are related to near-field probing for side-channel and fault injection attacks assuming a close physical access to the targeted devices. In this paper, we propose a methodology to detect, classify and correlate the effect induced during the intentional exposure of analogue and digital systems to electromagnetic interference. Applying this methodology, the implication of the effects for the IT security world will be discussed with regards to the attacker profile needed to set-up a given scenario.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
47:47 Chaos Computer Club e.V. English 2017

Tightening the Net in Iran

How do Iranians experience the Internet? Various hurdles and risks exist for Iranians and including outside actors like American technology companies. This talk will assess the state of the Internet in Iran, discuss things like the threats of hacking from the Iranian cyber army; how the government are arresting Iranians for their online activities; the most recent policies and laws for censorship, surveillance and encryption; and the policies and relationships of foreign technology companies like Apple, Twitter and Telegram with Iran, and the ways they are affecting the everyday lives of Iranians. This talk will effectively map out how the Internet continues to be a tight and controlled space in Iran, and what efforts are being done and can be done to make the Iranian Internet a more accessible and secure space.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
57:18 Chaos Computer Club e.V. English 2017

34C3 Infrastructure Review

In this traditional lecture, various teams provide an inside look at how this Congress‘ infrastructure was planned and built. You’ll learn what worked and what went wrong, and some of the talks may even contain facts! Also, the NOC promises to try and not have the network fail in the middle of the NOC presentation this time.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
1:00:45 Chaos Computer Club e.V. German 2017

Tiger, Drucker und ein Mahnmal

Flüchtlingsfressende Tiger in Berlin, zum Diktatorensturz aufrufende Flugblätter in Istanbul und ein Mahnmal das den Rechtsextremisten Björn Höcker in seinem Thüringer Dorf heimsucht: Viel ist geschehen, seit das Zentrum für Politische Schönheit vor 3 Jahren auf dem Kongress gesprochen hat.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: German
30:27 Chaos Computer Club e.V. English 2017

OONI: Let's Fight Internet Censorship, Together!

How can we take a stand against the increasing shadow of Internet censorship? With OONI Probe you can join us in uncovering evidence of network interference!
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
35:16 Chaos Computer Club e.V. English 2017

Simulating the future of the global agro-food system

How can we feed a growing world population within a resilient Earth System? This session will present results from our cybernetic computer models that simulate how future trends in population growth, diets, technology and policy may change the global land cover, freshwater usage, the nitrogen cycle and the climate system, and how more sustainable pathways can be reached. We want to discuss how our computer models and our data can be made accessible and usable by a broader community, and which new ways exist to visualize key insights and provide decision support to our society. We will also showcase some interactive physical installations that have been developed jointly with a group of art students to visualize future scenarios.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
38:10 Chaos Computer Club e.V. English 2017

Schnaps Hacking

This talk covers the theory, the required tools and how to make them, and the process of turning apples into juice, ferment them, and enrich the alcohol content of the product.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
31:11 Chaos Computer Club e.V. English 2017

Briar

Briar is a peer-to-peer messaging app that is resistant to censorship and works even without internet access. The app encrypts all data end-to-end and also hides metadata by utilizing Tor onion services.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
1:00:01 Chaos Computer Club e.V. English 2017

Implementing an LLVM based Dynamic Binary Instrumentation framework

This talk will go over our efforts to implement a new open source DBI framework based on LLVM. We'll explain what DBI is used for, how it works, the implementation challenges we faced and compare a few of the existing frameworks with our own implementation.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
1:01:29 Chaos Computer Club e.V. English 2017

Holography of Wi-Fi radiation

Holography of Wi-Fi radiation Philipp Holl [1,2] and Friedemann Reinhard [2] [1] Max Planck Institute for Physics [2] Walter Schottky Institut and Physik-Department, Technical University of Munich When we think of wireless signals such as Wi-Fi or Bluetooth, we usually think of bits and bytes, packets of data and runtimes. Interestingly, there is a second way to look at them. From a physicist's perspective, wireless radiation is just light, more precisely: coherent electromagnetic radiation. It is virtually the same as the beam of a laser, except that its wavelength is much longer (cm vs µm). We have developed a way to visualize this radiation, providing a view of the world as it would look like if our eyes could see wireless radiation. Our scheme is based on holography, a technique to record three-dimensional pictures by a phase-coherent recording of radiation in a two-dimensional plane. This technique is traditionally implemented using laser light. We have adapted it to work with wireless radiation, and recorded holograms of building interiors illuminated by the omnipresent stray field of wireless devices. In the resulting three-dimensional images we can see both emitters (appearing as bright spots) and absorbing objects (appearing as shadows in the beam). Our scheme does not require any knowledge of the data transmitted and works with arbitrary signals, including encrypted communication. This result has several implications: it could provide a way to track wireless emitters in buildings, it could provide a new way for through-wall imaging of building infrastructure like water and power lines. As these applications are available even with encrypted communication, it opens up new questions about privacy.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
2:00:12 Chaos Computer Club e.V. German 2017

Hacker Jeopardy

The Hacker Jeopardy is a quiz show.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: German
out of 5 pages
Loading...
Feedback

Timings

  600 ms - page object
  506 ms - search
    7 ms - highlighting
    1 ms - highlighting/34807
    3 ms - highlighting/34830
    4 ms - highlighting/34833
    2 ms - highlighting/34827
    3 ms - highlighting/34815
    2 ms - highlighting/34832
    2 ms - highlighting/34828
    2 ms - highlighting/34813
    2 ms - highlighting/34826
    2 ms - highlighting/34831
    4 ms - highlighting/34793
    3 ms - highlighting/34829
    1 ms - highlighting/34839
    3 ms - highlighting/34823
    4 ms - highlighting/34835
    2 ms - highlighting/34816
    4 ms - highlighting/34794
    4 ms - highlighting/34819
    5 ms - highlighting/34836
    4 ms - highlighting/34814
    4 ms - highlighting/34792
    3 ms - highlighting/34809
    1 ms - highlighting/34820
    0 ms - highlighting/34821
    3 ms - highlighting/34808
    3 ms - highlighting/34817
    1 ms - highlighting/34806
    4 ms - highlighting/34803
    2 ms - highlighting/34812
    3 ms - highlighting/34822
    1 ms - highlighting/34824
    3 ms - highlighting/34825
    2 ms - highlighting/34810
    1 ms - highlighting/34811
    4 ms - highlighting/34802
    3 ms - highlighting/34804

Version

AV-Portal 3.8.0 (dec2fe8b0ce2e718d55d6f23ab68f0b2424a1f3f)