Posted by Tim
Filed under: News
23C3: Day 3
The third day was this year not the last day. Great! We started with the talk about Unlocking FileVault. It seems that for now you can use it as long as you do not hibernate your laptop and you use a strong password. The guy from day 2 FPGA brute force talk was there to demonstrate how easy it is to break this thing then.
Not much of new information was provided by the talk "The worst part of censorship is XXXXX". The guy did some empirical experiments about blocked internet sites in China and about the methods used (DNS poisoning, connection sniffing for particular keywords, connection resets). The methods he used to circumvent this thing was the naive approach: use some kind of tunnel like SSH.
A lot of fun was the "Bluetooth Hacking Revisited" talk. Every year the Bluetooth talks are a lot of fun because it shows how unsecure you are when turning on BT. Another reason why it is a good idea to have UMTS (or GPRS or whatever) directly integrated into your laptop (if you want to use it) and not using the mobile as a modem via BT. He had a Yagi antenna combined with a toy looking like a science fiction gun which he used for long-range attacks (much like the ones from last year). This was the reason for not flying to Berlin but getting there by car.
The worst talk of this congress was the Nintendo DS talk. It's a pitty if they do not have enough real information so that they start to explain the games that you can buy. Of course this became especially obvious because Tob was sitting next to me and after virtually after each paragraph he whispered to me what they forgot or that they stopped after half of the way just before the interesting information. They didn't even show Tob's Nitrotracker which already gained some momentum in the Nintendo DS homebrew scene as it seems. But they didn't tell us much about the homebrew stuff anyway. No single word about development environments and things to consider. No information about how someone opened the DS to actually be able to use it "right". This hour was wasted time.
The next thing got my attention because of having something remotely to do with FPGAs. In the DVB-T - From Pixeldata to COFDM Transmission talk they showed the DVB-T system that they setup for the congress broadcasting all talks. I probably would have found this to be more interesting if I'd have an receiver or if they would actually have shown how they did it, not only what they did. After all it seemed to be more a marketing thing.
The best speech this day was definitely "On Free, and the Differences between Culture and Code" held by Lawrence Lessig. A very inspiring talk about why we need the Creative Commons licenses. Last year I attended a few lectures and a workshop about this topic already. Since then I didn't really think about it. I thought about a content license for some of my university stuff that I published where I finally chose the GFDL, mainly because my software is already licensed under the GPL. But this talk convinced by about some of the benefits of the CC licenses. Next time I need a license for some content I'll have to think again about it.
If you had a look at the congress FTP server there was of course a lot of pr0n on the machine. So the talk about Pornography and Technology hit the nerves of many at the congress. Thus the room was as full as it could be. The author described how pornography and technology influenced each other. She was pretty cool which was a perfect match for that topic. Some nice pieces of information were delivered like the influence of pornography on the VHS- vs. Betamax tapes issue.
Besides the Lessig speech Tob's workshop Nintendo hacking teatime was another highlight. He brought Earl Grey tea that Buck, Phil and I prepared for all attendees. The room was full, which was great. Tob mentioned all the stuff the others had forgotten during the day earlier that day. He gave a detailed introduction to DS hacking and demonstrated his applications. Unfortunately there was no time left afterwards for discussion since there was another workshop. But as Tob told me there was a lot of talking after the workshop outside the room.
I left earlier to meet a guy from the Informatiktage 2006 (April) in Bonn. We talked about our different projects in a bar not far away from the congress center. On the way there (just about ten minutes by feet) three prostitutes tried to intercept us. That didn't even happen on the Reeperbahn where I was with a couple of other SoC coders after visiting Google in Hamburg. Phil, Tob and Buck joined us later on telling us the same story. We had a great time with some inter-state communication starting with Kölsch and ending with Berliner Pilsner until the bar closed its doors...
Posted by Tim
Filed under: News
23C3: Day 2
The day started with the CCC report for 2006. The presented what has happened this year around the CCC. Besides thinking that I would like to be able to spend some time on this there was one story that is worth telling. The German Verfassungsschutz was talking on a conference in Switzerland about how they run a service to collect used paper from suspects. Andy pointed out that the trashcan in front of the house where the CCC resides is the only one in that area that gets it collected in the early morning on Saturday morning...
This day I took some time for breathing, writing blog entries and checking out websites of a few cool projects that I heard about up to then.
A particularly intersting talk was about the Tor network. Robert Dingledine presented some new approaches that are being discussed to minimize the risk that suppressors of any kind can just block access to the Tor network. Basically they want a big bunch of bridges that act as an entry point to the Tor network for on (or a very few) nodes. These bridges will only sparsely be given to clients with a bunch of different methods to make it harder for adversaries to adapt to this.
After a longer break at our favorite restaurant near the Alex I attended the RFID Hacking talk. The guy presented a really nice hack. By recording transmitted data via a notebook and playing it back with an iPod connected to a matching antenna he opened a door in his university. Ah, great RFID usage and it makes everything so secure!
The Console Hacking talk was fun as every year. The presented findings about the new consoles. Sony seems to have done quite a good job in making their console open enough so that it does not tease anybody to hack it free... Nintendo seems to have copied over many bugs from the Gamecube to the Wii while making it harder for now to run real homebrew software. Let's see what happens here. Tob got a Wii for christmas and we are playing it every night when back home. It's a really great console. I have never owner any console, but this thing could finally make me buy one. If I could even use this to have some fun with homebrew software it would make it definitely even more attractive (so I guess I'm going to wait for a month or two to see what happens in that direction).
The Black Ops 2006 Viz Edition talk was interesting in many regards. Basically two talks were given, a small teaser introducing a few tools to discover who is blocked for what traffic by which firewall for network reconnaissance. Then he started over to present a new way to visualize data files and their content to be able to see structures in the file to better decide what to fuzz with. I definitely have to read over his paper again.
The last talk I heard yesterday was Faster PwninG Assured. And although I'm like a broken CD playing the same over and over again I have to say that this was very interesting! Especially since I have to work with FPGAs next year as part of my diploma thesis I was impressed to see how mighty these little things are! He was basically showing that he could speed up various dictionary attacks on stuff like WPA, WEP and Bluetooth by factors beween 20x and 250x! Great stuff, I'm really looking forward playing with this.
Several people have posted photos on Flickr with the 23C3 Flickr tag.
Posted by Tim
Filed under: News
23C3: Day 1
Yesterday was a great first day of 23C3. The opening was fun as always and the first keynote speech was given by John Perry Marlow, one of the founders of EFF. The talk had a philosophical touch about defining and individual in its context making this a mean how to sort out "bad" people from a community. For my taste he raised his finger a little bit too high, although there is of course a lot of truth in his words saying that we have to ban these malicious people throwing viruses out to the world, capturing machines to relay spam, phishers etc. from our community.
After this I had to run to buy Sputniks for us. This is a RFID-based tracking system. They put up receivers all around the area and you can see live-tracking of a tag in a 3D-Visualization. Hey, you are concerned about security, why the hell do you allow them to track you? First, they don't know my number. Next, this is an experiment. All the data can be downloaded by everyone and we have to demonstrate how malicious this is and what you really can do with this stuff and how dangerous it is! There was a talk about this later during the day which showed the system used. It's rather simple architecture especially designed for this purpose which can be used for different stuff by re-programming the open source firmware. If I had some time...
The next talk was about the new laws on so-called hacker tools in Germany. Instead of making the world better it makes it less secure since essential tools to test the protection of your machines cannot be tested. Besides that debugging network code that you wrote becomes a lot more difficult if you cannot use a tool like Wireshark.
The BigBrother award show was more a big commercial and very loose collection of random information. I would have wished to get some more sorted facts over during that hour. The lightning talk had some interesting content. Besides the obligatory CAcert talk someone also introduced Compiz. It was actually quite good to show that the desktop is heavily evolving since most speakers this year seem to have Apple notebooks! One where we still lack though is easy usage of beamers with a useful resolution. Switching to 640x480 is not helpful if you want to show your all-new and fancy app, not showing anything since the VGA port is disabled isn't that good either though.
Another interesting thing was the talk about drones (UAVs to be precise). This one was quite similar to the ones we saw in Bremen during RoboCup 2006. Although at the moment quite expensive and thus not available for general research these things are getting cheaper and cheaper. A smaller drone was shown that can be home-built for less than 1000€. The big drone has a camera mounted below it that can transmit images as a live stream. The quality should suffice to do basic detection tasks (claim is that faces can be recognized on 10m distance). With a DB cam mounted to the drone one can record quite impressive videos which should provide excellent material for (offline) processing. The sensor set of the robot is impressive: accelerometer, gyroscope, [wikipedia=GPS]GPS[/exturl] and the camera. That would be fun to play with!
Later starbug demonstrated how Thinkpad fingerprint readers can be hacked. He used (previously) produced artificial fingerprints to fake authentication which the laptop accepted. Doh! Just before I'm about to buy one with that fingerprint reader. So the bottom line is to use it for convenience, not for security.
The most impressive talk this day was We don't trust voting computers held by Rop Gonggrijp. He talked about their campaign in the Netherlands for verifiable voting computers, how they hacked the current system and how they are about to win. Last year he was one of the two giving the really depressing talk about the lost war on privacy. Now he has choosen a new battle that can be won - and in the end will be as it seems today. It's good to see that when smashed down to the floor hackers can get up on their feet again!
Posted by Tim
Filed under: Personal
Still alive
Although I did not blog for quite a while I'm still around. There are also some entries in my other blog at the AllemaniACs' website.
The last weeks were quite busy developing a new basic software system for our upcoming new robots besides evaluating what has to be done for the next generation vision system (which part of will be my thesis). On the fun part I created a Hackergotchi for me. I did this initially for Mugshot which is a very interesting communication tool to keep track of what's going on in open source communities.
Today I went to Berlin with my friends (Tob, Buck, Helgar and Medha) to visit Phil and to attend 23th Chaos Communication Congress (23C3) which will be a lot of fun. More about the attended talks and all the new triggers later.
Posted by Tim
Filed under: Geek
In the sky above Africa
I'm currently on my flight back from South Africa that I blogged about earlier. Since we are on a fancy Lufthansa flight we have an Internet connection on-board! After a nice gin tonic I couldn't resist and just had to get online. Being online at 11000m is just special... We are currently above the Mediterranean Sea just beyond Africa.
Since we fly economy class it is not comfortable enough for hacking, but sleeping is probably the better option anyway when flying during the night, and it worked pretty well.
The connection is fast enough for regular usage. Ping times have a large deviation and transfer rates went up to 16 KB/sec but connection was disrupted after 400 KB when I tried it the first time.
--- 80.242.132.20 ping statistics ---
151 packets transmitted, 145 received, 3% packet loss, time 150553ms
rtt min/avg/max/mdev = 569.769/1061.603/4115.453/739.177 ms, pipe 6
Now have to check the news. More about INSITE 2006 next time.
