30 Dec 2009

26C3 Day 3

Submitted by blizzz
Today was a seat fighting day, because the year reviews (especially the Fnord) as well as the lectures about DECT and PKI are hot spots, which also lead to the strategic decision to go to the Manufacturing-talk and save a seat for Fnord (absolutely wise decision).

Review of 2009, Part I

Todays upbeat was the review of the passing year 2009 in Chaos Computer Club's point of view. Andy Müller-Maguhn, Constanze Kurz, Frank Rieger and Martin Haase gave a chronological overview of the remarkable events of this year. Besides events as Hacking at Random and the first performance of SIGINT in Cologne, many law topics has been pointed at, e.g. the adjudgement regarding voting machines or the enactment regarding the voting pen of Hamburg. Another sad point, which did not affect CCC directly, was the dramatic suicide of the 20year old, who crawled publicy available data from schuelerVZ. In this case some background details have been mentioned.

Security in DECT phones

Erik Tews gave a follow up on the security in the DECT standard, which is a wireless technqiue that a wide variety of home phones uses. He gave a basic introduction of what has been said the year before, but also went further in explaining the DECT Standard Cipher, which now has been reenigneered, and showed approaches have attacks can be executed. The details will be published in January.

Furthermore he reported about how manufacturers reacted to the reveal, and indeed action has been taken. The DECT Forum, manfuctureres and i think other parties, too, will overhaul the standard and introduce a mandatory encryption (currently, encryption is optional) and above all public specifications. Additionally, a certification will be established, so customers can identify secure phones.

Botnets and Online Communities

Danger from the deep, decayed internet! Well, not that alarming. Rodent gave a lecture about DDoS and Botnet menace towards online communities. A bit disappointing was, that his talk stayed quite facile. Actually he pointed some requirements and recommandations and also mentioned the three options you have: Defend, Monitor and Report and Hack Back. You made out that he is experienced in this field, but the outcome of his talk are primarily advices which are clear, unfortunately.

We are Borg

This was another rather philosophical but in some degree also founded talk about, well, us. Christiane Ruetten first explained neural networks (flashback to AI lessons, againg) and then mapped its concepts to information systems and finally more precisely to new media, Web 2.0, social networks or how you like to call it. We are borg.

Basically, she compared how we like neutrons build up our networks, her favorite example was twitter. We connect to those information sources which appeal us in terms of interest, character and likes. Therefore we kind of build whole units with somewhat of its own identity; identity also compared to e.g. corporations, which act in an uniform way, at least ideally. Subsequently, we, borg, that formed unit by connecting to other neurons/people, have each 100 eyes and ears and stuff and finally build a collective intelligence. Hence we act such a way, for example in our fight against censorship.

Actually, in those networks is a lot of nuisance going on, which does naturally so, as she says, calling it noise. This is not bad or too disturbing, because we filter out the information which is relevant to us (also remember weighting factors and the threshold in a neuron). We do this by connecting to the right people, and furthermore by tools.

We also connected before the social web, in instutions like corporations, clubs, unions and like. The difference, she says, is that men and women take part in equal parts, whereas traditionally men were the driving factors in, let's say, "old-style" networks. (I got it right?). Also, social media has not a static and hierarchiel structure, but is very dynamic. However, this whole point is expandable.

Of course, she brought some more aspects, so if you are interested in the topic you want to see her slides or the stream when the recording is available. I have some thoughts running around it, but have no complete picture, yet.

3D printing and manufacturing stuff

Creative and productive hardware filled this slot. Bre showed us his and others wonderful machines, which print things in 3D by layering plastics (MakerBot), scanning things and other load of stuff. He brought pictures illustrating produced things like dragons and heads, New York Toast and cupcakes and what not. It was interesting to see what you can produce with comparably low efforts. He share his achievements under public domain, and could estabish an business on it. Great!

Review of 2009, Part II

believe in global warmingThe second review was the famous and traditional Fnord Jahresrückblick held by Felix von Leitner and Frank Rieger. And traditionally it is an amusing, some times ironic and some times sarcastic review of past events, mainly from a politically and/or social point of view. This is not easy to explain as picutres are the main medium and you get whole loads of impressions which makes it hard to remember and sort all things. This lecture was held in german, but it was also translated into english, so i guess recordings will be put online, former or later. It's recommandable.

Kaminsky and X.509, DNS and DNSSEC

The last talk today was focused on PKI in our todays internet. It is late, so i will summerize the things, i get together. In general, he stated the we rely on X.509 certificates, nowadays, because internet is based on DNS. As DNS does not account security or authentication measures we have that extra layer. Then, Kaminsky went on and on and on showing difficulties, problems and bad specifications of X.509 (e.g. no definite statement which CN is to be checked of more than one are provided), but also pointed to issues within implementations in IE, OpenSSL and others.

After it was exceedingly clear that dealing with X.509 certificates is most painful, he claimed that he want to be able to write only one line of code to either get a PGP key or anything. Therefore he praised upcoming DNSSEC and this is why convinced of DNSSEC what he was not before.

Another great day at 26c3 has passed, and tomorrow is the final one. The sands are running out fast!

Read also: Day 1, Day 2, Day 3, Day 4

Add new comment