Show filters Hide filters

Refine your search

Publication Year
1-12 out of 167 results
Change view
  • Sort by:
56:38 Chaos Computer Club e.V. English 2017

Type confusion: discovery, abuse, and protection

Type confusion, often combined with use-after-free, is the main attack vector to compromise modern C++ software like browsers or virtual machines. Typecasting is a core principle that enables modularity in C++. For performance, most typecasts are only checked statically, i.e., the check only tests if a cast is allowed for the given type hierarchy, ignoring the actual runtime type of the object. Using an object of an incompatible base type instead of a derived type results in type confusion. Attackers have been abusing such type confusion issues to compromise popular software products including Adobe Flash, PHP, Google Chrome, or Firefox, raising critical security concerns. We discuss the details of this vulnerability type and how such vulnerabilities relate to memory corruption. Based on an LLVM-based sanitizer that we developed, we will show how to discover such vulnerabilities in large software through fuzzing and how to protect yourself against this class of bugs.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
53:47 Chaos Computer Club e.V. English 2017

Deep Learning Blindspots

In the past decade, machine learning researchers and theorists have created deep learning architectures which seem to learn complex topics with little intervention. Newer research in adversarial learning questions just how much “learning" these networks are doing. Several theories have arisen regarding neural network “blind spots” which can be exploited to fool the network. For example, by changing a series of pixels which are imperceptible to the human eye, you can render an image recognition model useless. This talk will review the current state of adversarial learning research and showcase some open-source tools to trick the "black box."
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
1:03:22 Chaos Computer Club e.V. English 2017

Don't stop 'til you feel it

This talk will report on my current research in bringing to bear multiple knowledges on problem spaces around the environment and digital culture, and in so doing questioning both the prevailing knowledge hierarchy and the institutionalisation of knowledge production. To connect with the environment, for instance, do we need to connect with how it feels? This talk draws on works exploring both the marine environment and food, using knowledge from science, art, culture, instinct and history to create happenings and instances that break out the border of "me" and "my environment" to create an empathic response linking what we traditionally consider to be inside and outside. This will be demonstrated in the context of two artistic works - The Coral Empathy Device and Vital | Flows.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
55:01 Chaos Computer Club e.V. English 2017

Microarchitectural Attacks on Trusted Execution Environments

Trusted Execution Environments (TEEs), like those based on ARM TrustZone or Intel SGX, intend to provide a secure way to run code beyond the typical reach of a computer’s operating system. However, when trusted and untrusted code runs on shared hardware, it opens the door to the same microarchitectural attacks that have been exploited for years. This talk provides an overview of these attacks as they have been applied to TEEs, and it additionally demonstrates how to mount these attacks on common TrustZone implementations. Finally, we identify new techniques which allow us to peer within TrustZone TEEs with greater resolution than ever before.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
58:57 Chaos Computer Club e.V. English 2017

Are all BSDs created equally?

In this presentation I start off asking the question „How come there are only a handful of BSD security kernel bugs advisories released every year?“ and then proceed to try and look at some data from several sources.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
55:13 Chaos Computer Club e.V. English 2017

Vintage Computing for Trusted Radiation Measurements and a World Free of Nuclear Weapons

Eliminating nuclear weapons will require trusted measurement systems to confirm authenticity of nuclear warheads prior to their dismantlement. A new idea for such an inspection system is to use vintage hardware (Apple IIe/6502) instead of modern microprocessors, reducing the attack surface through simplicity. In the talk, we present and demo a custom open hardware measurement system based on gamma spectroscopy.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
58:18 Chaos Computer Club e.V. English 2017

Decoding Contactless (Card) Payments

This talk will dive into the techniques and protocols that drive contactless card payments at the Point of Sale. We will explore how Apple Pay works on a technical level and why you are able to 'clone' your credit card onto your phone. Building upon previous C3 talks on the topics of EMV and ICC payments, we will learn about different NFC payment options, why legacy will never die and how the individual card brands have specified their payment workflows.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
46:51 Chaos Computer Club e.V. English 2017

Practical Mix Network Design

We shall explain the renewed interest in mix networks. Like Tor, mix networks protect metadata by using layered encryption and routing packets between a series of independent nodes. Mix networks resist vastly more powerful adversary models than Tor though, including global passive adversaries. In so doing, mix networks add both latency and cover traffic. We shall outline the basic components of a mix network, touch on their roles in resisting active and passive attacks, and discuss how the latency impacts reliability, application design, and user experience.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
45:08 Chaos Computer Club e.V. English 2017

SCADA - Gateway to (s)hell

Small gateways connect all kinds of fieldbusses to IP systems. This talk will look at the (in)security of those gateways, starting with simple vulnerabilities, and then deep diving into reverse-engineering the firmware and breaking the encryption of firmware upgrades. The found vulnerabilities will then be demonstrated live on a portable SCADA system.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
1:47:19 Chaos Computer Club e.V. German 2017

Nougatbytes 11₂

Zwei Teams mit rauchenden Köpfen und ein johlendes Publikum raten sich durch unsere dritte Wortspielhölle der IT, Informatik und digitalen Gesellschaft. Wer bei vielschichtigen (Anm. d. R.: „haarsträubenden“!) Assoziazionsbilderrätseln freudiges Synapsenfunkeln und feuchte Augen bekommt oder aber bei Gehirnschmerz und Um-die-Ecke-Denk-Beulen trotzdem feiert, ist bei uns zu Hause.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: German
30:15 Chaos Computer Club e.V. English 2017

“Nabovarme” opensource heating infrastructure in Christiania

Project “Nabovarme” (meaning “neighbour heating”) has transformed private heating necessity into a social experiment build on OpenSource software/hardware and social empowerment by transforming heat consumers into Nabovarme Users and letting them take ownership to infrastructure and consumption.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
47:24 Chaos Computer Club e.V. German 2017

Netzpolitik in der Schweiz

Gleich in drei Gesetzen drohen Netzsperren. Staatstrojaner und Massenüberwachung bis ins WLAN sind mit der Einführung der Überwachungsgesetze BÜPF und NDG vorgesehen. E-Voting soll auf Biegen und Brechen durchgesetzt werden. Nur garantierte Netzneutralität lässt weiter auf sich warten. Im Vortrag versuchen wir, Einsichten in die aktuellen netzpolitischen Auseinandersetzungen in der Schweiz zu geben und Handlungsmöglichkeiten aufzuzeigen.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: German
out of 14 pages
Loading...
Feedback
AV-Portal 3.5.0 (cb7a58240982536f976b3fae0db2d7d34ae7e46b)

Timings

  542 ms - page object
   70 ms - search
   12 ms - highlighting
    1 ms - highlighting/34792
    1 ms - highlighting/34794
    1 ms - highlighting/34793
    1 ms - highlighting/34819
    1 ms - highlighting/34827
    1 ms - highlighting/34833
    1 ms - highlighting/34826
    1 ms - highlighting/34829
    1 ms - highlighting/34823
    1 ms - highlighting/34832
    1 ms - highlighting/34831
    1 ms - highlighting/34830