Der Befreiphone Wettbewerb ist lustig, also mach ich mal mit.
For the non-german readers: this is a SEO contest where you can win a iPhone if you get ranked 1st for a search on Befreiphone on Google.
This year the videos are available just 6 days (actually just 4) after the congress was over. It kind of extends the congress into the first week of January so you can watch the talks with the congress still fresh in mind. Just great!
Over the weekend I watched nearly every talk that I wanted to see but missed at the congress. Some of the good was were: Deconstructing XBox 360 Security, Elektronische Dokumente, Security Nightmares and Mifare Security.
Contradictory to what I wrote before there was a highlight at this years congress: Mifare Security. These people really reverse engineered a tiny RFID chip (size 1x1mm) using polishing and x500 microscope. Watch the video!
Security Nightmares had a fun part about electronic toy robots and what you could do with them (e.g. eavesdropping). People where asking all sorts of questions about various toys such as the Nabaztag. This is indeed really interesting since all of the newer/fun toys have some kind of network/internet connectivity which could be ab-used for many things. Botnets made from toys?
With this fast video release the Chaos Communication Congress (one of the best events in the hacking area anyway) now set new standards! This is the way to go!
Mmmh somehow I never manage to blog on more then the first day of the congress :-) So here is my personal 24C3 roundup.
First a big thank you to the organizers. It was real fun again! I meet a lot of friends I only see at these kinds of events (C3, Camp, etc) and again I meet a bunch of interesting people I didn't know before.
The talks were quite good all together and I had the impression that the overall quality was better then in the years before. Also I was missing THE high light of the event. Maybe I just missed it?
A couple of people asked for my Home InfoPanel talk which I didn't give so I'm going to keep this in mind for the next conference/meeting that comes up.
As usual I meet with the Bluetooth (Security) people to chat about this and that. Evilgenius Martin has a nice story about some 24C3-Bluetooth-Stuff on his blog. I also briefly meet balle from Datenterroristen.de he is behind Bluediving (a Bluetooth security suite).
As a side note. There seems to be an exploit in the JPEG parser of Nokia Series40 phones which cause the phones to crash when ever trying to read a special kind of JPEG image file. Apparently someone was sending a special crafted file to every mobile phone with Bluetooth switched on at the congress. I heard that there is another mobile phone brand that is also vulnerable to this JPEG and apparently one guy got his phone bricked by this. I'll soon look at this JPEG and post about this issue.
Great time, see you at 25C3.
Lots of fun on the first day of 24C3. I actually managed to see four talks.
Der Bundestrojaner
TOR
Tracker fahrn
DNS Rebinding And More Packet Tricks
All were pretty good (especially Tracker fahrn). I missed Cybercrime 2.0 and Desperate House-Hackers but thats what the streams are for.
Thats it for now, good night :)
I'm ready to leave for 24C3 early tomorrow morning. My DECT number at the congress will be 2761.
Here is one example of how cool the Night Life was at the camp
first of all I had a really great time at the camp so great that I kind of forgot to blog about it. There were some other reasons too like: too much sun/rain and no stable Internet connection (local network was working fine). As usual I meet many friends I only see at these kind of events and of course I meet many new interesting people. For example John Gilmore was camping right next too us.
There were so many cool things going on at the camp. The nights were especially cool since there were hundreds of light installations. Like three really bright sky roses and one quite powerful green laser. There were several disco balls mounted in cool places like trees that created a real good effect. One really cool thing was that the reflection of one of the disco balls were visible on the low hanging clouds - just awesome.
People from various projects I follow online were at the camp so I could take a look at new hardware like the OLPC.The one OLPC I spent some time with seemed to be a newer revision then the one I played with at that last CCC Congress. The rubber keyboard was way more usable from what I remembered. Also the device itself seemed to be of better quality. Seems the project is getting along :-)
OpenMokoI also spent some time at the OpenMoko tent, were Harald was taking his vacation. Anyway I had the chance to look at a disassembled version of the Neo1973 and talk to the developers for a bit. I found that they had again updated the GUI of the device, but it is far from being complete/usable.
Quadrokopter/Mikrokopter/DronesWatching these things fly is just pure fun. I would like to build one my self but I think this would take up all of my spare time (so I wont do it).
Other cool stuff from the camp: Cracking A5/1 (yes the GSM crypto) the talk was really cool; then there were some talks about/using GNU Radio (also used to attack A5/1) which were quite interesting; and last but not least there was David Chaum's idea for a voting system a system that should work on- and off-line and gives you secrecy and a way to check that your vote was counted.
Now I will sort my photos and post some of them online.
the first day was quite fun until now, we saw a few good talks (GPS tracking and Drones). The weather was fine too, also there was some rain but nothing bad. There are many cool light installations like two big spot lights that constantly pan over the camp ground.
Pictures (not taken by me) are available from Flickr
I arrived at the CCCamp at around 18:00, by now we have setup our camp site and started to enjoy the camp. There a still some smaller problems with power but we were told that this will be fixed tomorrow.
earlier today a friend showed me: iPhone: Will it Blend? Tom from Blendtec blends an iPhone. Yea!
Will it Blend? is a really funny way of advertising for blenders. They basically just blend many different things to show how strong the blender is. For me really impressive is: 50 Marbles
Great fun, but don't try this @home :-)
In Episode 21 in Season 18 (about 15 minutes into the show) Bart asks Lisa if he is on a secure line (24 reference), Lisa answers you are on a Bluetooth cellphone the most vulnerable device known to man.
This is way cool!
Thanks to Erik for pointing it out!
Fnordfunk is the radio program from the Chaos Computer Club Mainz. Since today's show was about security of mobile phones they invited me for a quick call-in to talk about my experience with MMS security issues. The show was quite nice and I had a good time.
For those who missed the show no worries they have a archive, a download able version of this particular show should be available soon here.
Four days of fun and little sleep, great event like every year. But the network (internal and external) sucked most of the time, also wireless (especially because of 802.11a) seemed to work better then in the years before.
I didn't see too many talks because of multiple reasons. On the first day I tried to watch the talks via DVB-T but the reception in the basement was too bad. On the second to last day I tried to watch using the streams which worked quite well but not well enough to really enjoy it (network stopped working from time to time). Maybe someone sets up a multicast solution next year (if bandwidth was the problem)? I only saw like two or three talks life mostly because the rooms were way too crowded (there was a new attendee record this year).
One other thing that sucked was the conference bracelet WTF?!? This was the 23rd congress and defcon had this really awesome badges this year, why didn't you guys tried harder?
Anyway I had a great time (even if I complain a lot) and I thank the organizers for running the congress.
Day 1
Nothing really happened yesterday besides the very cool lecture on Drones which included a live demo of a Drone.
Day 2
While having a late breakfast I spotted a guy with an OLPC luckily nobody else spotted him for some time so I could play with it without being interrupted. All in all it looks very cool also most of the interesting parts are still not working/fully implemented like the Ad-Hoc wireless stuff. One thing that really sucked is the keyboard - it is made out of rubber and seems really unusable.
Anyway I still want one.
Day 0 was chaos as usual. Every thing looks good and network was up when I first tried :-)
But who's idea was it to replace badges with the stupid bracelets? This is so cheap!
This year I finally have decided to get myself a DECT phone. My DECT number at the congress will be 4567, call me if you want to meet.
Happy Christmas!
this is a little late ... but what ever. I'm up since 6am to work on some CTF stuff with the others from team shellphish. Still I haven't seen a single talk *ARG* but CTF kept me busy so that I miss all the talks I wanted to see. The third day seems to be less crowded then the first two - are people really leaving that early? The closing event with the award show was really boring, also the statistics were kind of interesting - 7000 attendees *WOW*. But only 6.5Mb Internet? 22C3 had something like 16Gb. All in all it was fun but very different from the European events.
I'm mostly playing in the CTF so I haven't seen much from defcon itself and actually I haven't seen a single talk yet. So nothing much to say...
the slides and the other material for my defcon talk are now available at: my pocketpc section
we arrived at the Riviera the new defcon site and stated setting up our equipment for the CTF. The CTF area is really big and apparently much nicer then last year (I wasn't there last year). Everything looks cool here at defcon besides that now at 11:00am everything seems to be pushed back 2 hours. More later...
I and most of the RSG are just doing the last preparations before leaving for Las Vegas tomorrow morning. It will be my first time at defcon and I'm also giving a talk so I'm pretty excited.
Also I am participating in the CTF (with the other people from the RSG) I'll still try to post from defcon at least once per day.
Finally don't forget to come to my talk Advanced Attacks Against PocketPC Phones since it will be very very cool. I'll post some more details (stuff the abstract doesn't tell you) tomorrow :-P
No comment :-)
found at: fun.drno.de
MC Plus+ Alice and Bob really fun song about crypto: ...I'm encrypting shit like every single day...
update:More songs are available on the website of MC Plus+, also Alice and Bob is probably the best.
found on Bruce Schneier's weblog
if you think about it, open source software really sucks. You just get all this source code and don't know what to do with it, so I decided to buy a MAC, especially since Apple just stopped doing the open source thingy. Now I enjoy a super secure, closed source, nice and shiny computer thingy. I really wouldn't know what to do with out a MAC.
some random Sunday afternoon fun :)
www.mestarrunner.com/sbemail58.html (Flash Video! but very cool)
www.hrwiki.org/index.php/Trogdor
www.hrwiki.org/index.php/Trogdor_%28song%29
I'm doing a small talk about my PocketPC security stuff at CSUCI next week. It will basically be the talk I did at What The Hack! with some minor updates.
Found at: the.taoofmac.com/space
also see Computer Savviness
we didn't do much on the last day. Obviously I attended the Bluetooth talk my fellow trifiniteians did and I saw 3/4 of FX's BlackBerry talk. I always wanted to play with a BlackBerry so the stuff FX and FtR showed was really interesting. The Bluetooth talk was OK but nothing new of course.
USE MORE BANDWIDTH but how? Most of the people come with a laptop and only use the totally overloaded wireless - how should we use all the 16GB/s? I don't know if it really was necessary to have 16GB/s maybe the entrance fee would haven been lower with only 5GB/s?
All in all the congress was fun. Also I think four days is too long, three days was more compact. The only thing I must complain about is the number of chairs and tables in the hackcenter, there where too few. The area in the middle with the couches and mattresses was nice but uncomfortable to sit for longer.
just a quick day review. The bad thing of the day, the only two talks I wanted to see were parallel (semi-parallel) to each other. Ilja's fuzzing talk and Harald's OpenEZX talk. I saw the first part of fuzzing which was interesting and well presented - I'm really disappointed that I didn't see the second part since I switched to over to see Harald's talk.
Later in the evening we went to the Fnord News Show and the Hacker Jeopardy. Both where fun but not amazing.
I went to see five talks, na actually only four :-( First: 3G Investigations, sadly the talk was not very interesting for the ones who did play with stuff them self's. Second: Black Ops of TCP/IP, Dan is just a good speaker the talk was pure fun, also he released a new network traffic visualization tool here at 22C3 (the demo he did was really nice). Third: Anonymous Data Broadcasting by Misuse of Satellite ISPs, was kind of interesting but the first 20 minutes would have been enough for me - nice project anyway! Fourth: Old Skewl Hacking - Infrared updated, I listened to the recording of 21C3 and it was all most the same, but fun anyway. Five: Literarisches Code-Quartett, I think it was a disaster - not even funny.
Any the congress is fun also wireless sucks (I didn't expect anything else anyway). The weather also sucks - its constantly snowing.
PS: did you see that I wasn't paying attention yesterday while writing the blog entry? Tag should have been Day :)
22C3 is fun as long as you are inside BCC because its freezing cold here in Berlin. There are plenty talks and this time I managed to go to three talks on the first day. 1) Hacking Data Rentetion, which I didn't like too much for multiple reasons. 2) Die Technik im ePass, this was very interesting and well presented. 3) RFID - overview of protocols etc.., also very interesting but too much information in the short time.
So tomorrow I'm going to 22C3. Most of the trifinite crew will be there too. Martin, Marcel and Adam are doing their Bluetooth talk like the did in the past - only this time it's more like a show and tell thing with a lot of demos. Also I will properly release a new tool :-)
CU at 22C3
I just flew back to Germany from LAX yesterday. While waiting for my plane I found this half crashed Windoze box with a pop-up from a Matrox driver which complained about something and requested a reboot for fixing it. Since the dialog box was split up amongst two screens I guess one Windoze box runs multi-head.
just thinking about my caffeine addiction ... here is something for yours. Here is a nice list of Caffeine in drinks, I really like Mountain Dew. Also check the Caffeine FAQ. I got Caffeinated Soap as a gift, but I don't think it helps :-(. And last but not least Caffeine at Wikipedia
updated ... just found this:
You Are an Espresso At your best, you are: straight shooting, ambitious, and energetic At your worst, you are: anxious and high strung You drink coffee when: anytime you're not sleeping Your caffeine addiction level: high
another nice link INeedCoffee
here www.not-another-server.net/~jtb/gallery/mrmcd11b are some pictures from the mrmcd11b. Also see
last Friday I attended the mrmcd11b (metarheinmain chaosdays) a event by the CCC groups from the Rhein-Main area (Germany). This time the event was organized by the group of Darmstadt. Also the event was the complete weekend I could only attend on Friday (the setup day).
There were lectures and workshops on all three days. On Saturday there also was a CTF called da.op3n. And the people of EventPhone supplied DECT/GAP phone connectivity.
The only thing I really noticed (on Friday!) was that the wireless network infrastructure was ONLY done with OLSR (a ad-hoc/mesh routing protocol). This was chosen to play and introduce ad-hoc/mesh routing to a bigger audience also normally wireless (802.11) doesn't work at chaos events because all the geeks just overload the accesspoints. I think this was a really good idea.
Anyway I wish I had the time to attend all three days :(
actually I wanted to put some of my own pictures online but since there is such a huge amount of pictures already online I don't see the need for posting any more. Also most of my pictures show either Frank, Simon, Sebastian or myself and therefore I will just give you one link to a best of site made by someone else.
the day started with heavy rain and no network, first we thought the power cable hub got wet and the fuse blew but somebody just unplugged us. We went to listen to two talks which were quite ok. Especially fun was Frank and Fefes FNORD news as known from the CCC congresses.
All together is was a very very nice and cool event. We had a stable and fast Internet connection, working IPv6 (used it every day). The wireless network worked (for me) only on day -1 and 0 but I saw many people using it so maybe this was a local issue.
Anyway the whole thing was a big success!
nothing happened on day 2 ... no not really but I was too lazy :)
Today I held my talk at 12:00am, first I had some ugly X problems which took my first 15 minutes of my time. After that it went quite well. The tent was packed with people (but I guess not all the 1000 seats where taken).
Later Martin and I will we interviewed by Deutschlandfunk. This should be broadcasted somewhere between 16:30 and 18:00 today (live).
day one was really nice, a lot of sun with only one big rain shower at around 21:00. I saw one talk (Symbian Security) which was quite interesting. Pictures are at Simon's blog.
So we arrived at the campsite yesterday. Haven't done much but installing a webcam.
More to come...
I will be giving a talk at What The Hack, the talk will be on the subject of Exploiting PocketPC, this should be great fun. Also I found other very cool talks like: Reverse engineering and unlocking an XDA or Symbian Security, see the list of events.
I finally decided to switch back to Windows on all my desktops and my server. The reason for this are the many recent articles about Linux being very insecure. I'm also sick of installing patches on the day a bug is found. It's so much nicer to just patch all my systems once a month. So come on everybody and switch back to Windows.
so I just tryed Skype with my Bluetooth headset and it just works! Just need to select /dev/dsp1 as audio device.
so I just got my Jabra BT250 (Bluetooth headset). I must say this is a great device and works really nice with Linux (BlueZ). First thing after playing some stupid wav files on it was to point XMMS to it ... works like a charm ;-) Also the range at which this device can receive seems pretty huge.
And yes it also works nicely with my iPAQ h6315.
Last test to still to be done is to get one of the many VoIP applications to run with this (e.g. Skype).
One last thing ... turn your PC into a Bluetooth bullhorn using:arecord -B 1000000 -D plughw:Headset - | aplay
Shortly before Christmas I visited the Computer History Museum in MaintainView California (USA). It is really cool. They have the first Apple with the casing made out of wood, the first Cray and many other cool things. Also I can't post pictures (they ask you to not do this). The museum is completely free so go there and see for your self and buy a t-shirt like I did.
On the last chaosradio show (from German CCC) they played Eric Idle's The FCC Song. It's really funny and sadly true too. Check it out.
all iPod owners already know this but I just bought an iPod (sadly not for myself) and found this nice wrapper around the iPod which says Don't steal music in several languages. Also I bought the device in th US it also had the text printed on it in German ;-)
Do they really think this helps? I don't think so!
Inside Jack is a funny flash animation from SUN microsystems. Simon (got the link from him) says this is old, I like it so here is the link.