Skip to content

Instantly share code, notes, and snippets.

@johnjohndoe

johnjohndoe/35c3-halfnarp-get-talkpreferences.json

Last active November 23, 2018 08:41
Show Gist options
  • Save johnjohndoe/26682ca282053a391190512728abbd5c to your computer and use it in GitHub Desktop.
Save johnjohndoe/26682ca282053a391190512728abbd5c to your computer and use it in GitHub Desktop.
Download ZIP
Raw
35c3-halfnarp-get-talkpreferences.json
[
{
"event_classifiers": {
"Theory - Practice": 100,
"Hardware": 15,
"Security": 95,
"Novelty": 50,
"Defense - Offense": 100
},
"language": "en",
"title": "In Sowjet Russia Smart Card Hacks You",
"event_id": 9346,
"start_time": null,
"speaker_names": "Eric Sesterhenn",
"track_id": 343,
"room_id": null,
"duration": 2400,
"abstract": "The classic spy movie hacking sequence: The spy inserts a magic smart card provided by the agency technicians into the enemy's computer, … the screen unlocks … What we all laughed about is possible!"
},
{
"event_classifiers": {
"Ethics, Politics + Society": 100,
"Art + Culture": 25
},
"language": "de",
"title": "Chaos im Fernsehrat",
"event_id": 9358,
"start_time": null,
"speaker_names": "Leonhard Dobusch",
"track_id": 339,
"room_id": null,
"duration": 3600,
"abstract": "Seit Juli 2016 darf ich – nominiert unter anderem vom CCC – den Bereich \"Internet\" im Fernsehrat des ZDF vertreten. Nach gut zwei Jahren ist es Zeit für eine Zwischenbilanz: Was macht ein Fernsehrat, was machen öffentlich-rechtliche Angebote im Netz, und was sollten sie eigentlich tun? "
},
{
"event_classifiers": {
"Hardware": 20,
"Theory - Practice": 90,
"Security": 100,
"Defense - Offense": 90,
"Foundations": 60
},
"language": "en",
"title": "Viva la Vita Vida",
"event_id": 9364,
"start_time": null,
"speaker_names": "Yifan Lu, Davee",
"track_id": 343,
"room_id": null,
"duration": 3600,
"abstract": "Since its release in 2012, the PlayStation Vita has remained one of the most secure consumer devices on the market. We will describe the defenses and mitigations that it got right as well as insights into how we finally defeated it. The talk will be broken into two segments: software and hardware. First, we will give some background on the proprietary security co-processor we deem F00D, how it works, and what we had to do to reverse an architecture with minimal public information. Next, we will talk about hardware attacks on a real world secure hardware and detail the setup process and the attacks we were able to carry out. This talk assumes no prior knowledge in hardware and a basic background in system software. Focus will be on the methods and techniques we've developed along the way."
},
{
"event_classifiers": {
"Theory - Practice": 100,
"Science": 75,
"Novelty": 75
},
"language": "en",
"title": "Hacking how we see",
"event_id": 9370,
"start_time": null,
"speaker_names": "Ben Senior",
"track_id": 342,
"room_id": null,
"duration": 3600,
"abstract": "We mostly see with the mind, and the mind is flexible. For the four hundred million people with amblyopia (lazy eye), their brain encountered an installation error when linking both eyes as babies. As a \"Plan B\", their brain switches one eye off.\r\n\r\nI'll talk a bit about how the visual system works, and how our open-source virtual reality software (backed by social impact lab Leipzig and the prototypefund.de) can hack through that suppression and provide a chance to \"re-install\" full sight with two eyes. "
},
{
"event_classifiers": {
"Theory - Practice": 100,
"Foundations": 100,
"Resilience": 95,
"Ethics, Politics + Society": 95
},
"language": "de",
"title": "Repair-Cafés",
"event_id": 9371,
"start_time": null,
"speaker_names": "Fraxinas",
"track_id": 341,
"room_id": null,
"duration": 2400,
"abstract": "Die Repaircafé-Bewegung rollt über unser Land herein. Wie können wir uns daran beteiligen und Synergien nutzen?"
},
{
"event_classifiers": {
"Resilience": 50,
"Ethics, Politics + Society": 100
},
"language": "en",
"title": "Citzens or subjects? The battle to control our bodies, speech and communications",
"event_id": 9372,
"start_time": null,
"speaker_names": "Diego Naranjo (EDRi)",
"track_id": 339,
"room_id": null,
"duration": 3600,
"abstract": "Technology is the solution: What is the problem? This seems to be the motto. Algorithms may be about to control our free speech while tracking technologies could control our bodies and communications. Will we react or stay quiet?"
},
{
"event_classifiers": {
"Foundations": 85,
"Security": 50,
"Ethics, Politics + Society": 50,
"Defense - Offense": 50,
"Entertainment": 80
},
"language": "en",
"title": "SiliVaccine: North Korea's Weapon of Mass Detection",
"event_id": 9375,
"start_time": null,
"speaker_names": "Mark Lechtik",
"track_id": 343,
"room_id": null,
"duration": 3600,
"abstract": "Meet SiliVaccine – North Korea's national Anti-Virus solution. SiliVaccine is deployed widely and exclusively in the DPRK, and has been continuously in development by dedicated government teams for over fifteen years. When we heard of this strange software, we were immediately driven to investigate it: it's not every day that you can catch a glimpse of the malware landscape inside the closed garden of the DPRK's intranet.\r\n\r\nIn this talk, we will describe how we were able to obtain a rare copy of SiliVaccine; how we reverse-engineered it, despite the hair-tearing obstacles; and what surprising discoveries we made about its program architecture – all the way down to the file scanning engine, the system level drivers, the user mode utilities, and the most bizarre and puzzling implementation details. As it turns out, there is plenty going on behind the scenes of this product, away from the public eye.\r\n\r\nHow was SiliVaccine created? Who created it? What was the game plan? We will try to shed light on these questions, and on the sheer effort that must have gone into developing this product. If there is anything we learned from this research, it's that DPRK state-sponsored software is a secretive industry underlied by incredibly shady practices, and that if Kim Jong-Un sends you a free trial of his latest security solution, the correct answer is \"thank you but no thank you\".\r\n\r\nDisclaimer: No significant knowledge in reverse engineering is required to understand the talk. We break down our thought process and methodology to its very basics, so that this talk can relate to both technical and non-technical audiences.\r\n\r\nAnother Disclaimer: We guarantee an entertaining talk. :) "
},
{
"event_classifiers": {
"Theory - Practice": 100,
"Security": 100,
"Novelty": 50,
"Defense - Offense": 100
},
"language": "en",
"title": "Compromising online accounts by cracking voicemail systems",
"event_id": 9383,
"start_time": null,
"speaker_names": "Martin Vigo",
"track_id": 343,
"room_id": null,
"duration": 2400,
"abstract": "Voicemail systems can be compromised by leveraging old weaknesses and top of current technology. The impact goes way beyond having your messages exposed."
},
{
"event_classifiers": {
"Hardware": 100,
"Foundations": 90,
"Theory - Practice": 90,
"Science": 25
},
"language": "en",
"title": "Modeling and Simulation of Physical Systems for Domestic Use",
"event_id": 9385,
"start_time": null,
"speaker_names": "Manuel Aiple",
"track_id": 340,
"room_id": null,
"duration": 2400,
"abstract": "This is a foundations talk about modeling and simulation as tools for development, testing and debugging systems. It requires very little previous knowledge to address all makers and hobbyists interested in creating or modifying hardware that physically interacts with its environment (e.g. robots, drones, etc.). It explains the purpose of modeling and simulation, basic principles, and tips and tricks on a practical level."
},
{
"event_classifiers": {
"Science": 90,
"Entertainment": 65,
"Foundations": 100
},
"language": "en",
"title": "Introduction to Deep Learning",
"event_id": 9386,
"start_time": null,
"speaker_names": "teubi",
"track_id": 342,
"room_id": null,
"duration": 2400,
"abstract": "This talk will teach you the fundamentals of machine learning and give you a sneak peek into the internals of the mystical black box. You'll see how crazy powerful neural networks can be and understand why they sometimes fail horribly."
},
{
"event_classifiers": {
"Theory - Practice": 50,
"Security": 70,
"Resilience": 80,
"Ethics, Politics + Society": 25
},
"language": "en",
"title": "Matrix, the current status and year to date",
"event_id": 9400,
"start_time": null,
"speaker_names": "Ben Parsons from Matrix",
"track_id": 341,
"room_id": null,
"duration": 2400,
"abstract": "Matrix is an open standard for communication over the Internet. I will talk about the matrix standard, both the technical implementation and the reasons for its creation. We will focus on the changes and progress that has been made in the previous year, particularly getting the specification out of beta, and the growth of the ecosystem. Finally, the Matrix environment continues to develop, and we’ll look at the roadmap for the future."
},
{
"event_classifiers": {
"Hardware": 90,
"Science": 80,
"Security": 15,
"Theory - Practice": 100,
"Entertainment": 15
},
"language": "de",
"title": "Die verborgene Seite des Mobilfunks",
"event_id": 9407,
"start_time": null,
"speaker_names": "Peter Schmidt",
"track_id": 342,
"room_id": null,
"duration": 3600,
"abstract": "Der Vortrag beleuchtet die Einflüsse auf den geheimnisvollen Teil des Mobilfunks – Störquellen im Uplink und deren Auswirkungen auf die Mobilfunk-Kommunikation sowie Praktiken zum Aufspüren von HF-Störquellen.\r\n\r\nDie Feldstärke-Balkenanzeige eines Smartphones (die Downlink-Empfangsfeldstärke) ist nur die Hälfte der Wahrheit zur Bewertung einer Mobilfunkversorgung. Die andere Hälfte ist der weithin unsichtbare aber gegen Störeinflüsse hochempfindliche Uplink, die Richtung vom Endgerät zu den Basisstationen. In diesem Vortrag werden Uplink-Störquellen, deren Auswirkungen sowie Mess- und Analysemöglichkeiten erläutert."
},
{
"event_classifiers": {
"Hardware": 90,
"Theory - Practice": 100,
"Security": 10
},
"language": "en",
"title": "LibreSilicon",
"event_id": 9410,
"start_time": null,
"speaker_names": "leviathan, hsank, Andreas Westerwick",
"track_id": 340,
"room_id": null,
"duration": 3600,
"abstract": "While a lot of projects are currently developing their own processors, mostly as open source in Verilog, VHDL or even Chisel, we miss the free process that actually manufactures these chips. So we're developing the \"Libre Silicon\" project, a portable semiconductor manufacturing process and technology, using only free and open source tools: We would like to introduce the project, who we are, what we are doing and where we are now."
},
{
"event_classifiers": {
"Theory - Practice": 80,
"Foundations": 100,
"Novelty": 90,
"Resilience": 90,
"Ethics, Politics + Society": 15
},
"language": "en",
"title": "Sense without sight",
"event_id": 9414,
"start_time": null,
"speaker_names": "Sai",
"track_id": 341,
"room_id": null,
"duration": 3600,
"abstract": "Learn what it's like to see the world without using your eyes — through direct experience. Ever wonder what it's like to navigate the world while blind? Want to learn how to use your everyday senses in ways you don't know you don't know? This is your opportunity to learn.\r\n\r\nIn this talk, I hack *you*; you will (hopefully) come away with permanently enhanced sensory perceptions. To accomplish this, it's very participatory — not just \"sit and listen\". The workshops are even more hands-on (blindfolded w/ cane in hand).\r\n\r\nWorkshop & volunteer signup: https://s.ai/ccc/ws"
},
{
"event_classifiers": {
"Science": 25,
"Security": 25,
"Ethics, Politics + Society": 50
},
"language": "en",
"title": "Explaining Online US Political Advertising",
"event_id": 9419,
"start_time": null,
"speaker_names": "Damon McCoy",
"track_id": 339,
"room_id": null,
"duration": 3600,
"abstract": "Over the summer Facebook, Google, and Twitter have started making transparent United States political ads shown on their platforms. We have been collecting and analyzing these political ads to understand how candidates, elected officials, PACs, non-profits, for-profit companies, and individual citizens are disseminating U.S. political content using these advertising platforms."
},
{
"event_classifiers": {
"Defense - Offense": 80
},
"language": "en",
"title": "SD-WAN New Hop",
"event_id": 9446,
"start_time": null,
"speaker_names": "Sergey Gordeychik",
"track_id": 343,
"room_id": null,
"duration": 3600,
"abstract": "Nowadays software designed networks, especially SD-WAN (software defined wide-area network) becomes \"solution of choice\" in new deployments for traditional and cloud branch office and data-center connectivity infrastructure. The SD-WAN can replace firewalls and other perimeter security tools which makes them attractive targets for attackers. Vendors promises \"on-the-fly agility, security\", many other benefits. But what the \"security\" really mean from hand-on perspective? Traditional network appliances are well-researched while SD-WAN is a \"black box\" from security perspective. Complexity of SDN creates additional security issues and cybersecurity pro should address it before an attack occurs.\r\nThis presentation will introduce SD-WAN design internals, major components, data and control flow. We will discuss typical vulnerabilities, threat model and attacks on SD-WAN-based Enterprise Networks. "
},
{
"event_classifiers": {
"Science": 100
},
"language": "en",
"title": "Simulating Universes",
"event_id": 9451,
"start_time": null,
"speaker_names": "Philipp Busch",
"track_id": 342,
"room_id": null,
"duration": 3600,
"abstract": "In this talk I want to present the computational undertakings in the field of cosmological structure formation and galaxy formation. Here, sometimes gigantic, simulations help us to unravel the processes that led to the Universe that we can see today. I will give a short overview of our current understanding of the evolution of the Universe, the history and techniques of the simulations and their current state and future."
},
{
"event_classifiers": {
"Science": 65,
"Ethics, Politics + Society": 80,
"Foundations": 65
},
"language": "en",
"title": "Hacking Ecology",
"event_id": 9456,
"start_time": null,
"speaker_names": "Theodor Sperlea",
"track_id": 342,
"room_id": null,
"duration": 3600,
"abstract": "As humans have a large negative impact on ecosystems all around the globe, we are approaching a major extinction event in which around 70% of all species will go extinct. This talk will give an introduction to a data-driven and system-based view of ecology."
},
{
"event_classifiers": {
"Hardware": 90,
"Security": 100,
"Novelty": 100,
"Defense - Offense": 100,
"Entertainment": 65
},
"language": "en",
"title": "What The Fax?!",
"event_id": 9462,
"start_time": null,
"speaker_names": "Yaniv Balmas, Eyal Itkin",
"track_id": 343,
"room_id": null,
"duration": 2400,
"abstract": "We all know what FAX is, and for some strange reason most of us need to use it from time to time. Hard to believe its 2018, right?\r\n\r\nBut can FAX be something more than a bureaucratic burden? Can it actually be a catastrophic security hole that may be used to compromise your entire network? Come watch our talk and find out …"
},
{
"event_classifiers": {
"Security": 100,
"Novelty": 50,
"Defense - Offense": 100
},
"language": "en",
"title": "Attacking end-to-end email encryption",
"event_id": 9463,
"start_time": null,
"speaker_names": "Sebastian Schinzel",
"track_id": 343,
"room_id": null,
"duration": 3600,
"abstract": "In this talk, I’ll present several attacks that leak the plaintext of OpenPGP or S/MIME encrypted emails to an attacker. Some of the attacks are technically interesting, i.e. the two different efail attacks, some are somewhat silly, yet effective. Some abuse HTML emails, some also work with plain ASCII emails. Furthermore, I’ll discuss our lessons learned and describe the efail-related changes to mail clients and the OpenPGP and S/MIME standards."
},
{
"event_classifiers": {
"Theory - Practice": 100,
"Security": 100,
"Resilience": 50,
"Defense - Offense": 70
},
"language": "en",
"title": "Web-based Cryptojacking in the Wild",
"event_id": 9483,
"start_time": null,
"speaker_names": "Marius Musch",
"track_id": 343,
"room_id": null,
"duration": 2400,
"abstract": "A cryptojacking website abuses the computing resources of its visitors to covertly mine for cryptocurrencies in the browser. In this talk, we explore this phenomenon and answer, amongst others, the following questions: How does the mining script work under the hood? How common is this attack? How much money do the attackers earn? And how can I defend myself against such attacks?"
},
{
"event_classifiers": {
"Hardware": 85,
"Theory - Practice": 100,
"Entertainment": 100,
"Art + Culture": 80
},
"language": "en",
"title": "Hebocon",
"event_id": 9486,
"start_time": null,
"speaker_names": "honky",
"track_id": 345,
"room_id": null,
"duration": 3600,
"abstract": "We let the technically ungifted build robots and to fight each other for the laughs. \r\n"
},
{
"event_classifiers": {
"Theory - Practice": 60,
"Foundations": 20,
"Security": 70,
"Novelty": 90,
"Hardware": 70
},
"language": "en",
"title": "Sigfox Reverse Engineering",
"event_id": 9491,
"start_time": null,
"speaker_names": "F.",
"track_id": 340,
"room_id": null,
"duration": 2400,
"abstract": "<a href=\"https://www.sigfox.com/\">Sigfox</a> is an emerging low-power wide-area network (LP-WAN) technology for IoT devices, comparable to <a href=\"https://lora-alliance.org/\">LoRa</a>.\r\n\r\nThis talk recounts my reverse engineering work on Sigfox's radio protocol and presents an open reference implementation of an alternative Sigfox protocol stack.\r\n\r\nIt confirms that while Sigfox ensures authenticity and integrity, transmitted payloads are not confidential."
},
{
"event_classifiers": {
"Theory - Practice": 50,
"Science": 50,
"Security": 100,
"Defense - Offense": 50
},
"language": "en",
"title": "Wallet Security",
"event_id": 9492,
"start_time": null,
"speaker_names": "st",
"track_id": 343,
"room_id": null,
"duration": 2400,
"abstract": "This talk will investigate several aspects regarding different methods to store and protect wallet private keys. It will start with a comparison of advantages and disadvantages of different tools (simple desktop software to hardware tokens) and conclude with an sophisticated cryptographic method of hiding secrets in Bitcoin transactions in a way that is provably undetectable."
},
{
"event_classifiers": {
"Hardware": 100,
"Security": 100,
"Novelty": 80
},
"language": "en",
"title": "Dissecting Broadcom Bluetooth",
"event_id": 9498,
"start_time": null,
"speaker_names": "jiska, mantz",
"track_id": 343,
"room_id": null,
"duration": 2400,
"abstract": "Broadcom's Bluetooth firmware on popular devices – such as Nexus 5, Nexus 6P, Raspberry Pi 3, and Raspberry Pi 3+ – shares the same firmware update mechanisms, which allows for local firmware modifications. With InternalBlue we published a framework to change lower Bluetooth layers. In this talk we go even further and demonstrate a remote exploit in the Broadcom firmware."
},
{
"event_classifiers": {
"Entertainment": 100
},
"language": "de",
"title": "Freude ist nur ein Mangel an Information",
"event_id": 9506,
"start_time": null,
"speaker_names": "Nico Semsrott",
"track_id": 345,
"room_id": null,
"duration": 3600,
"abstract": "Nico Semsrott hat in Zeiten des globalen Rechtsrucks den überflüssigsten Job der Welt: Er ist Demotivationstrainer. Mit Powerpointpräsentationen und viel Pessimismus schafft er es, komplexe Themen zu vereinfachen, ohne dabei auf alternative Fakten zurückgreifen zu müssen."
},
{
"event_classifiers": {
"Theory - Practice": 100,
"Ethics, Politics + Society": 100,
"Entertainment": 70
},
"language": "de",
"title": "Transparenz mit der Brechstange",
"event_id": 9507,
"start_time": null,
"speaker_names": "Arne Semsrott",
"track_id": 339,
"room_id": null,
"duration": 3600,
"abstract": "Was für die Breitbandversorgung in Deutschland gilt, gilt auch für Transparenz: Überall Demokratie-Funklöcher, die man stopfen muss, am besten mit Klagen. Wir erzählen, was das Informationsfreiheitsgesetz in diesem Jahr für die Demokratie-Infrastruktur getan hat und was die IFG-Meisterschaften damit zu tun haben."
},
{
"event_classifiers": {
"Hardware": 95,
"Foundations": 75,
"Theory - Practice": 75
},
"language": "en",
"title": "Digital Airwaves",
"event_id": 9508,
"start_time": null,
"speaker_names": "Friederike",
"track_id": 340,
"room_id": null,
"duration": 3600,
"abstract": "Encoding or decoding random radio-waveforms doesn't need incredible expensive hardware anymore which offers new possibilities for building up over-the-air communication systems. There are Software Defined Radios providing affordable cellular radio to remote villages, Community Radios are using SDR to build up digital radio networks and other cool stuff.\r\n\r\nSome basic knowledge what is going on in SDR Hard/Software as the influence of the samplerate, I/Q-data of the math behind the waterfall-diagram is helpful to have fun with SDR. Some theory on modulation techniques helps you to decode or encode your waveforms. "
},
{
"event_classifiers": {
"Foundations": 80,
"Ethics, Politics + Society": 100
},
"language": "de",
"title": "Mind the Trap: Die Netzpolitik der AfD im Bundestag",
"event_id": 9513,
"start_time": null,
"speaker_names": "Noujoum",
"track_id": 339,
"room_id": null,
"duration": 2400,
"abstract": "Die AfD-Bundestagsfraktion wird in der Öffentlichkeit vor allem mit ihren rassistischen Positionen wahrgenommen – mit ihren netzpolitischen Aktivitäten bleibt sie zumeist unter dem Radar. Dieser Talk zeigt, wie die AfD-Fraktion die Netzpolitik dennoch als vermeintlich neutrales Thema nutzt, um für ihre rechtsextreme Partei eine parlamentarische und gesellschaftliche Normalisierung herzustellen. "
},
{
"event_classifiers": {
"Theory - Practice": 20,
"Foundations": 70,
"Security": 100,
"Resilience": 100,
"Defense - Offense": 0
},
"language": "en",
"title": "Provable Security",
"event_id": 9517,
"start_time": null,
"speaker_names": "FJW, Lukas",
"track_id": 343,
"room_id": null,
"duration": 3600,
"abstract": "Modern cryptography is based on security-proofs. We will demonstrate how these work, why they are desirable and what their limitations are."
},
{
"event_classifiers": {
"Hardware": 25,
"Security": 80,
"Entertainment": 100
},
"language": "en",
"title": "Internet of Dongs",
"event_id": 9523,
"start_time": null,
"speaker_names": "Werner Schober",
"track_id": 343,
"room_id": null,
"duration": 2400,
"abstract": "With great pleasure comes great responsibility. A responsibility, which is not taken enough into consideration by the smart sex toy manufacturers as they should, while handling extremely sensitive data. As long as there is no serious breach, there is no problem, right? This was the basis for a research project (Master Thesis) called “Internet of Dildos, a long way to a vibrant future”, dealing with the assessment of smart sex toys and identification of vulnerabilities in those products, including mobile apps, backends and the actual hardware. \r\nAfter the assessment of a selection of multiple smart sex toys an abyss of vulnerabilities was revealed. The identified vulnerabilities range from technically interesting vulnerabilities to vulnerabilities which affect the privacy of the users in extreme and explicit ways.\r\n"
},
{
"event_classifiers": {
"Ethics, Politics + Society": 80,
"Art + Culture": 100
},
"language": "en",
"title": "Never Forgetti",
"event_id": 9526,
"start_time": null,
"speaker_names": "JAN BERGER",
"track_id": 338,
"room_id": null,
"duration": 2400,
"abstract": "Never Forgetti is a didactic live gaming lecture about the deaths of female video game characters and how their framing prevents them from developing any agency to avert their fatal destiny. The performance investigates on power relationships between lecturer and audience to reflect on how models of subjugation work in media and our current social realities."
},
{
"event_classifiers": {
"Foundations": 50,
"Security": 60,
"Resilience": 100,
"Defense - Offense": 75
},
"language": "en",
"title": "Introducing the katzenpost mix network system",
"event_id": 9528,
"start_time": null,
"speaker_names": "David Stainton",
"track_id": 341,
"room_id": null,
"duration": 3600,
"abstract": "Mix networks are a kind of communications network that greatly reduce our metadata leakage and exposure to traffic analysis. Mixnets are suitable for certain low bandwidth message oriented use cases such as encrypted messaging for client to server or peer to peer decentralized systems. The main advantages mixnets offer is location hiding and anonymity properties which are strong enough to resist global adversaries while scaling to hundreds of millions of users.\r\n\r\nI will give an introduction to some basic mixnet theory and concepts. The second half of this talk will discuss the Katzenpost mix network software system we are actively developing; including live demonstrations that showcase various cryptographic network protocols being performed over the mix network such as: a PANDA transaction, a Zcash transaction submission, encrypted chat et cetera."
},
{
"event_classifiers": {
"Hardware": 100,
"Foundations": 90,
"Theory - Practice": 80,
"Art + Culture": 50
},
"language": "en",
"title": "Artistic PCB Design and Fabrication",
"event_id": 9529,
"start_time": null,
"speaker_names": "hammes hacks",
"track_id": 340,
"room_id": null,
"duration": 2400,
"abstract": "When a electrical device needs to be a piece of art or used as a mechanical component, a printed circuit board is more than a piece of fiberglass with wires embedded in it. In chemical engineering applications internal holes which allow fluids to be transported through the PCB need to be placed in complex precise patterns. As art, holes can be used to create positive and negative space, allowing you to see a charlieplexed LED display as a snowflake. Creating complex shapes in PCB design software is difficult to impossible. However, it is easy in CAD software. In this talk I will present the project workflow I use to design and manufacture my PCBs. Additionally, I will discuss the problems I have run into during manufacturing and how these problems were resolved. "
},
{
"event_classifiers": {
"Security": 70,
"Novelty": 35,
"Resilience": 15,
"Defense - Offense": 50,
"Entertainment": 70
},
"language": "en",
"title": "Kernel Tracing With eBPF",
"event_id": 9532,
"start_time": null,
"speaker_names": "Jeff Dileo, Andy Olsen",
"track_id": 343,
"room_id": null,
"duration": 3600,
"abstract": "Have you ever wanted to trace all syscalls or dump all IPC traffic across a Linux system? Until recently, doing so may have required some significant setup involving a half-baked tracing kernel module, a custom kernel module, or even using a kernel debugger. This talk will introduce the eBPF functionality of the Linux kernel and cover practical uses of the technology beyond mere code profiling. We will show how eBPF can be used both defensively and offensively to protect, or compromise, a system.\r\n\r\nThis talk will primarily focus on using eBPF to dynamically instrument kernel functionality and gain deep insight on the workings of both kernel and userspace code across a running system. Attendees will leave with practical knowledge for using eBPF to (performantly) watch every action taken on a running system and make processes reveal their secrets."
},
{
"event_classifiers": {
"Theory - Practice": 90,
"Security": 100,
"Novelty": 95,
"Defense - Offense": 90
},
"language": "de",
"title": "Venenerkennung hacken",
"event_id": 9545,
"start_time": null,
"speaker_names": "starbug, Julian",
"track_id": 343,
"room_id": null,
"duration": 2400,
"abstract": "Die Venenerkennung ist eine der letzten Bastionen biometrischer Systeme, die sich bisher der Eroberung durch Hacker widersetzt hat. Dabei ist sie ein lohnendes Ziel, schützt sie doch Bankautomaten und Hochsicherheitsbereiche. In diesem Talk machen wir die Verteidigungsanlagen dem Erdboden gleich."
},
{
"event_classifiers": {
"Hardware": 50,
"Theory - Practice": 100,
"Security": 50,
"Defense - Offense": 100
},
"language": "en",
"title": "First Sednit UEFI Rootkit Unveiled",
"event_id": 9561,
"start_time": null,
"speaker_names": "Frédéric Vachon",
"track_id": 343,
"room_id": null,
"duration": 2400,
"abstract": "UEFI rootkits have been researched and discussed heavily in the past few years, but sparse evidence has been presented of real campaigns actively trying to compromise systems at this level. Our talk will reveal such a campaign successfully executed by the Sednit group. We will detail the full infection chain showing how Sednit was able to install their custom UEFI module on key targets' computers. Additionally, we will provide an in-depth analysis of their UEFI module and the associated trojanized LoJack agent."
},
{
"event_classifiers": {
"Theory - Practice": 100,
"Hardware": 100,
"Security": 100,
"Defense - Offense": 80
},
"language": "en",
"title": "wallet.fail",
"event_id": 9563,
"start_time": null,
"speaker_names": "Thomas Roth, nedos, Josh Datko",
"track_id": 343,
"room_id": null,
"duration": 3600,
"abstract": "In this presentation we will take a look at how to break the most popular cryptocurrency hardware wallets. We will uncover architectural, physical, hardware, software and firmware vulnerabilities we found including issues that could allow a malicious attacker to gain access to the funds of the wallet. The attacks that we perform against the hardware wallets range from breaking the proprietary bootloader protection, to breaking the web interfaces used to interact with wallets, up to physical attacks including glitching to bypass the security implemented in the IC of the wallet. Our broad look into several wallets demonstrates systemic and recurring issues. We provide some insight into what needs to change to build more resilient hardware wallets.\r\n"
},
{
"event_classifiers": {},
"language": "en",
"title": "Lightning Talks Day 2",
"event_id": 9566,
"start_time": null,
"speaker_names": "gedsic",
"track_id": 344,
"room_id": null,
"duration": 8400,
"abstract": "Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick!"
},
{
"event_classifiers": {},
"language": "en",
"title": "Lightning Talks Day 3",
"event_id": 9567,
"start_time": null,
"speaker_names": "gedsic",
"track_id": 344,
"room_id": null,
"duration": 8400,
"abstract": "Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick!"
},
{
"event_classifiers": {},
"language": "en",
"title": "Lightning Talks Day 4",
"event_id": 9568,
"start_time": null,
"speaker_names": "gedsic",
"track_id": 344,
"room_id": null,
"duration": 8400,
"abstract": "Lightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick!"
},
{
"event_classifiers": {
"Theory - Practice": 20,
"Foundations": 100,
"Science": 85
},
"language": "en",
"title": "A Blockchain Picture Book",
"event_id": 9573,
"start_time": null,
"speaker_names": "Alex Dirksen",
"track_id": 342,
"room_id": null,
"duration": 2400,
"abstract": "Where is the blockchain, how long is it, and what does it have to do with cryptography? And is it really something completely new? I spent a lot of time in pubs explaining to people what this blockchain hype is about. It turned out that the best way to do that is to use images - literally.\r\nThe idea of this talk is to give a rough understanding of the scientific background behind the Blockchain technology."
},
{
"event_classifiers": {
"Entertainment": 70
},
"language": "en",
"title": "35C3 Infrastructure Review",
"event_id": 9576,
"start_time": null,
"speaker_names": "Leon",
"track_id": 344,
"room_id": null,
"duration": 3600,
"abstract": "35C3 is run by teams of volunteers. In this event, they will provide some insight into the challenges they faced while building the GSM, DECT and IP networks, running video streams, or organizing ticket sales. All graphs will be pointing up and to the right."
},
{
"event_classifiers": {
"Theory - Practice": 100,
"Security": 100,
"Defense - Offense": 100
},
"language": "en",
"title": "Attacking Chrome IPC",
"event_id": 9579,
"start_time": null,
"speaker_names": "nedwill",
"track_id": 343,
"room_id": null,
"duration": 3600,
"abstract": "In this talk, I discuss how to reliably find bugs in the Chrome IPC system with the goal of escaping the sandbox. I show how to enumerate the attack surface, how to identify the weak areas, and how to fuzz those areas efficiently to consistently produce bugs."
},
{
"event_classifiers": {
"Ethics, Politics + Society": 100
},
"language": "de",
"title": "Schweiz: Netzpolitik zwischen Bodensee und Matterhorn",
"event_id": 9590,
"start_time": null,
"speaker_names": "Martin Steiger, Patrick \"packi\" Stählin, Kire",
"track_id": 339,
"room_id": null,
"duration": 2400,
"abstract": "Der Kampf um Freiheit und Nachhaltigkeit im digitalen Raum wird auch in der Schweiz intensiver. Es gibt zwar Lichtblicke bei der Netzneutralität, doch gleichzeitig zeigen die neuen Gesetze zur Massenüberwachung Wirkung und Netzsperren breiten sich aus. Der Kampf gegen E-Voting geht in die entscheidende Phase und das Urheberrecht soll unter amerikanischem Druck verschärft werden. Im Vortrag blicken wir auf das netzpolitische Jahr 2018 in der Schweiz zwischen Bodensee und Matterhorn zurück. Weiter zeigen wir, an welchen Schauplätzen wir im neuen Jahr besonders gefordert sein werden. Danach besteht die Möglichkeit für Fragen im Saal (Q&A). Nach dem Vortrag laden wir dazu ein, die Diskussion im Bereich unsere Assembly fortzusetzen."
},
{
"event_classifiers": {
"Foundations": 25,
"Security": 10,
"Resilience": 90,
"Ethics, Politics + Society": 30
},
"language": "en",
"title": "Wind: Off-Grid Services for Everyday People",
"event_id": 9595,
"start_time": null,
"speaker_names": "Hans-Christoph Steiner",
"track_id": 341,
"room_id": null,
"duration": 3600,
"abstract": "The internet has become essential services, and offline methods of sharing data are rapidly disappearing. Other possible networks are often better suited when connectivity is not available or affordable. Radios, sensors, and computing are available in the cheapest of smartphones and routers. Wind is integrating nearby/offline data exchange with the internet services that we all rely on.\r\n"
},
{
"event_classifiers": {
"Theory - Practice": 80,
"Security": 80,
"Novelty": 50,
"Resilience": 100,
"Ethics, Politics + Society": 80
},
"language": "en",
"title": "No evidence of communication and morality in protocols: Off-the-Record protocol version 4",
"event_id": 9596,
"start_time": null,
"speaker_names": "Cherenkov, Jurre van Bergen",
"track_id": 341,
"room_id": null,
"duration": 2400,
"abstract": "OTRv4 is the newest version of the Off-The-Record protocol. It is a protocol where the newest academic research intertwines with real-world implementations. It is also one of the first protocols that comes from the global south which makes the political discussion around protocols an urgency. This newest versions also asks us to revisit our definitions around deniability (online and offline) and how important is it to the world. In this talk we will try to start a discussion around the importance of protocols, its political/moral foundations, the real-world implementation of academic ideas, the importance of securely implementing them, the definition of deniability in the current world and the design of OTRv4."
},
{
"event_classifiers": {
"Hardware": 80,
"Security": 100,
"Resilience": 65,
"Defense - Offense": 20
},
"language": "en",
"title": "Modchips of the State",
"event_id": 9597,
"start_time": null,
"speaker_names": "Trammell Hudson",
"track_id": 343,
"room_id": null,
"duration": 2400,
"abstract": "Hardware implants and supply chain attacks have been in the news recently, but how feasible are they and what can we do about them? In this talk we'll examine the design of a proof of concept SPI bus hardware implant that has similar capabilities to those described in the Bloomberg/Supermicro article as well as some countermeasures that we can use to try to detect these \"modchips\" and increase our trust in our systems."
},
{
"event_classifiers": {
"Art + Culture": 100
},
"language": "en",
"title": "A WebPage in Three Acts",
"event_id": 9598,
"start_time": null,
"speaker_names": "Joana Chicau",
"track_id": 338,
"room_id": null,
"duration": 1800,
"abstract": "A Web Page in Three Acts is a live coding performance which combines principles of choreography within the formal structures of coding. An assemblage of semi-improvised visuals and composition experiments in web environments. The screen becomes an open stage for the hybrid code which links choreography and web programming as well as body and language."
},
{
"event_classifiers": {
"Science": 20,
"Ethics, Politics + Society": 80
},
"language": "en",
"title": "Locked up science",
"event_id": 9599,
"start_time": null,
"speaker_names": "Claudia Frick - @FuzzyLeapfrog",
"track_id": 339,
"room_id": null,
"duration": 2400,
"abstract": "Restricting access to knowledge and science is not beneficial for society. So why are scientific results still locked up behind paywalls? Even though the answer to this question is enlightening, the story is quickly told. Much more important is the knowledge on how to change this."
},
{
"event_classifiers": {
"Theory - Practice": 100,
"Security": 100,
"Defense - Offense": 0
},
"language": "en",
"title": "Sneaking In Network Security",
"event_id": 9603,
"start_time": null,
"speaker_names": "maxb",
"track_id": 343,
"room_id": null,
"duration": 3600,
"abstract": "Highly compartmentalized network segmentation is a long-held goal of most blue teams, but it's notoriously hard to deploy once a system has already been built. We leveraged an existing service discovery framework to deploy a large-scale TLS-based segmentation model that enforces access control while automatically learning authorization rules and staying out of the way of developers. We also did it without scheduling downtime or putting a halt to development. This talk covers how we engineered this, and shares lessons learned throughout the process."
},
{
"event_classifiers": {
"Theory - Practice": 80,
"Defense - Offense": 20,
"Novelty": 85,
"Hardware": 30,
"Foundations": 50,
"Security": 100,
"Ethics, Politics + Society": 20
},
"language": "en",
"title": "The Rocky Road to TLS 1.3 and better Internet Encryption",
"event_id": 9607,
"start_time": null,
"speaker_names": "hanno",
"track_id": 343,
"room_id": null,
"duration": 3600,
"abstract": "Since a few months we have a new version of TLS, the most important encryption protocol on the Internet. From the vulnerabilities that created the need of a new TLS version to the challenges of deploying it due to broken devices this talk will give an overview of the new TLS 1.3."
},
{
"event_classifiers": {
"Hardware": 65,
"Defense - Offense": 0,
"Science": 45,
"Theory - Practice": 100,
"Foundations": 25,
"Security": 100
},
"language": "en",
"title": "Enclosure-PUF",
"event_id": 9611,
"start_time": null,
"speaker_names": "Christian Zenger, David Holin, Lars Steinschulte",
"track_id": 343,
"room_id": null,
"duration": 3600,
"abstract": "We are presenting an innovative technology, which allows verifying the authenticity, integrity and/or the physical state of an item by employing the propagation behaviour of electromagnetic waves. In particular, it enables to check for any tamper attempts for larger structures, such as off-the-shelf computers and their periphery. The technology extends existing tamper proof approaches from the chip/PCB to a system level and is easily retrofittable.\r\nIn this presentation, we are demonstrating exemplary tamper proofing in order to protect secret information without an attack-detection or data-deletion circuit (!), which is a known difficult problem and an imperfect undertaking. Therefore, we demonstrate the simplicity and effectiveness using a very cheap self-made testbed (using alumium foil) to protect standard hardware against invasive attacks, such as needle probing through the case. "
},
{
"event_classifiers": {
"Hardware": 90,
"Theory - Practice": 90,
"Novelty": 45,
"Foundations": 25,
"Science": 75
},
"language": "en",
"title": "The nextpnr FOSS FPGA place-and-route tool",
"event_id": 9612,
"start_time": null,
"speaker_names": "Clifford Wolf",
"track_id": 340,
"room_id": null,
"duration": 3600,
"abstract": "Project IceStorm provides the first end-to-end open source FPGA toolchain, was originally presented at 32c3, and only targetted Lattice iCE40 FPGAs. nextpnr is the next big step for open source FPGA tools, providing a retargetable open source FPGA place-and-route tool that will enable open source flows for many different FPGAs from many different vendors."
},
{
"event_classifiers": {
"Theory - Practice": 80,
"Defense - Offense": 75,
"Entertainment": 60,
"Novelty": 85,
"Hardware": 25,
"Foundations": 25,
"Security": 80
},
"language": "en",
"title": "Inside the AMD Microcode ROM",
"event_id": 9614,
"start_time": null,
"speaker_names": "Benjamin Kollenda, Philipp Koppe",
"track_id": 343,
"room_id": null,
"duration": 2400,
"abstract": "Microcode runs in most modern CPUs and translates the outer instruction set (e.g. x86) into a simpler form (usually a RISC architecture). It is updatable to fix bugs in the silicon (see Meltdown/Spectre), but these updates are encrypted and signed, so no one knows how microcode works on conventional CPUs. We successfully reverse engineered part of the microde semantics of AMD CPUs and are able to write our own programs. We also recovered the mapping between the physical readout (electron microscope) and the \"virtual\" addresses used by microcode itself. In this talk we present background on microcode, our findings, our open source framework to write custom microcode and our custom defensive measures implemented in microcode.\r\n"
},
{
"event_classifiers": {
"Security": 20
},
"language": "en",
"title": "Circumventing video identification using augmented reality",
"event_id": 9616,
"start_time": null,
"speaker_names": "Jan Garcia",
"track_id": 343,
"room_id": null,
"duration": 2400,
"abstract": "Video identification is the process of establishing the identity of a person via video chat. The person to be identified has to show his face as well as her official ID card to the camera. This lecture gives a step-by-step tutorial on how such video streams can be augmented with computer-generated official ID cards, including all visible watermarks."
},
{
"event_classifiers": {
"Foundations": 100,
"Security": 90
},
"language": "en",
"title": "A deep dive into the world of DOS viruses",
"event_id": 9617,
"start_time": null,
"speaker_names": "Ben Cartwright-Cox",
"track_id": 343,
"room_id": null,
"duration": 3600,
"abstract": "It is now 27 years since MS-DOS 5.0 was released. During its day there was the threat of viruses breaking your system or making it act in unpredictable ways. Due to its age and near total lack of consumer use it is safe to assume that all of the viruses for MS-DOS have been written. Using community archives and modern analysis methods we can uncover how they worked and reflect on how things have changed."
},
{
"event_classifiers": {
"Science": 5,
"Security": 100
},
"language": "en",
"title": "Jailbreaking iOS",
"event_id": 9618,
"start_time": null,
"speaker_names": "tihmstar",
"track_id": 343,
"room_id": null,
"duration": 3600,
"abstract": "This talk aims to give a general overview of iOS Jailbreaking by starting at what jailbreaking was back in the days and how it evolved up until today, while also taking a quick look at how it might evolve in future.\r\n \r\nTherefore the following topics are covered:\r\n- Jailbreaking goals (technical)\r\n- Types of jailbreak and it's origins (tethered, untethered, semi-tethered, semi-untethered)\r\n- Exploit mitigations (ASLR, iBoot-level AES, KPP, KTRR, PAC)\r\n- Kernel patches (h3lix)\r\n- Kppless jailbreaks\r\n\r\nThe goal is to give an insight into the jailbreak terminology, exploit mitigations and how these are dealt with in past and modern jailbreaks."
},
{
"event_classifiers": {
"Foundations": 100,
"Ethics, Politics + Society": 15,
"Science": 40
},
"language": "en",
"title": "Augmented Reality: Bridging the gap between the physical and the digital world",
"event_id": 9623,
"start_time": null,
"speaker_names": "preip",
"track_id": 342,
"room_id": null,
"duration": 3600,
"abstract": "There has been a lot of talk about Virtual Reality (VR), but still there are very little applications to enhance our everyday lives outside of entertainment. Augmented Reality (AR), the less known sibling of VR, has the power to have a more profound impact on our lives than VR ever could. Instead of replacing the real world with a virtual one, AR enhances the reality with virtual content. Therefore, AR can be a gateway for people in accessing and understanding todays technology and could provide vast possibilities to support our everyday lives, e.g., for navigation, traveling, or education.\r\nThis talk will give an overview on AR in general and explain its possible benefits and use cases, as well as the issues that may arise, e.g., regarding privacy, data security, as well as psychological and sociological challenges. The talk requires no special knowledge and is suited for people with little exposure to AR and mixed reality, but it will also give insights into current relevant research and development."
},
{
"event_classifiers": {
"Hardware": 85,
"Ethics, Politics + Society": 35
},
"language": "en",
"title": "Snakes and Rabbits",
"event_id": 9629,
"start_time": null,
"speaker_names": "Tim 'mithro' Ansell, bunnie",
"track_id": 340,
"room_id": null,
"duration": 3600,
"abstract": "<p>\r\nThis talk will present a historical narrative of the background behind how the <a href=\"https://kosagi.com/w/index.php/NeTV_Main_Page\">NeTV</a> + Milkymist inspire the <a href=\"hdmi2usb.tv\">HDMI2USB</a> then helped the <a href=\"https://www.crowdsupply.com/alphamax/netv2\">NeTV2</a> projects and how they all became interlinked through events like Congress! From the study of this history, we will attempt to distill a few core lessons learned that can hopefully be applied to other open hardware projects.\r\n</p>"
},
{
"event_classifiers": {
"Hardware": 100,
"Foundations": 25,
"Security": 20
},
"language": "en",
"title": "SymbiFlow - Finally the GCC of FPGAs!",
"event_id": 9631,
"start_time": null,
"speaker_names": "Tim 'mithro' Ansell",
"track_id": 340,
"room_id": null,
"duration": 2400,
"abstract": "The <a href=\"http://symbiflow.github.io\">SymbiFlow project</a> aims to be the \"GCC of FPGAs\" - a fully open source toolchain supporting, multiple FPGAs from different vendors. Allowing compilation from Verilog to bitstream without touching vendor provided tools, it includes support for large modern FPGAs like the Lattice ECP5 and Xilinx 7 series. These FPGAs can be used for things previously out of reach of FOSS tools, things like high resolution video and many gigabit networking. We have also documented the FPGA bitstreams to allow other new tools and a process for replicating this effort on new types of FPGAs!"
},
{
"event_classifiers": {
"Security": 20,
"Resilience": 100,
"Ethics, Politics + Society": 70,
"Art + Culture": 60
},
"language": "en",
"title": "Scuttlebutt",
"event_id": 9635,
"start_time": null,
"speaker_names": "Zenna / zelf",
"track_id": 341,
"room_id": null,
"duration": 2400,
"abstract": "In this talk @zelf invites to the world of Scuttlebutt, the decentralized P2P gossiping protocol, and how it can be transformative for society through decentralization of data and enabling local community development. "
},
{
"event_classifiers": {
"Defense - Offense": 5,
"Science": 50,
"Theory - Practice": 90,
"Foundations": 90,
"Security": 65,
"Resilience": 100,
"Ethics, Politics + Society": 10
},
"language": "en",
"title": "Taming the Chaos: Can we build systems that actually work?",
"event_id": 9647,
"start_time": null,
"speaker_names": "Peter Sewell",
"track_id": 341,
"room_id": null,
"duration": 3600,
"abstract": "We rely on mainstream computer engineering every day, but it's insanely complex, poorly understood, unreliable, and, as CCC reminds us every year, chronically insecure. This talk will explain some ways that we can do better: taming parts of this this chaos with precise understanding - illustrated with disturbing facts and clean models for current architectures and the C language, from the <a href=\"https://www.cl.cam.ac.uk/~pes20/rems/\">REMS</a> project, and principled but pragmatic new alternatives, that build in more hardware and software security protection,as developed in the <a href=\"https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/\">CHERI</a> project."
},
{
"event_classifiers": {
"Hardware": 75
},
"language": "en",
"title": "MicroPython – Python for Microcontrollers",
"event_id": 9648,
"start_time": null,
"speaker_names": "Christine Spindler",
"track_id": 340,
"room_id": null,
"duration": 3600,
"abstract": "MicroPython is a lean and efficient implementation of the Python 3 programming language that includes a small subset of the Python standard library and is optimised to run on microcontrollers and in constrained environments.<br>\r\nThis talk will give an overview about the MicroPython hard- and software and introduces the community."
},
{
"event_classifiers": {
"Resilience": 15,
"Ethics, Politics + Society": 85
},
"language": "en",
"title": "Russia vs. Telegram: technical notes on the battle",
"event_id": 9653,
"start_time": null,
"speaker_names": "Leonid Evdokimov (darkk)",
"track_id": 339,
"room_id": null,
"duration": 2400,
"abstract": "It's time to highlight facts and epic fails that were observed on the wire during attempts to block Telegram in Russia.\r\n"
},
{
"event_classifiers": {
"Art + Culture": 100
},
"language": "en",
"title": "A la recherche de l'information perdue",
"event_id": 9654,
"start_time": null,
"speaker_names": "Coco Sollfrank",
"track_id": 338,
"room_id": null,
"duration": 3600,
"abstract": "Performance lecture by Cornelia Sollfrank that makes a (techno-)feminist comment on the entanglements of gender, technology and information politics exemplified by the case of Julian Assange and Wikileaks. The artist takes us in her text assemblage on an adventurous trip into the realm of zeros and ones, of data and pure information, of ciphers, signifiers and figures. On the other side of reality we encounter suspected heroes, leaks and phreaks, engineers of escape who control our secret desires. Rape can be performed in many ways. In a state of total transparency: what shall we eat, when society feeds upon the repressed? Knowing yourself means knowing what to look for."
},
{
"event_classifiers": {
"Theory - Practice": 90,
"Foundations": 100,
"Security": 100,
"Defense - Offense": 85
},
"language": "en",
"title": "From Zero to Zero Day",
"event_id": 9657,
"start_time": null,
"speaker_names": "j0nathanj",
"track_id": 343,
"room_id": null,
"duration": 3600,
"abstract": "In this talk I will share my story of how in a little over a year, a high school student with almost zero knowledge in security research found his first RCE in Edge."
},
{
"event_classifiers": {
"Foundations": 90,
"Novelty": 80,
"Ethics, Politics + Society": 100
},
"language": "de",
"title": "Computer, die über Asyl (mit)entscheiden",
"event_id": 9658,
"start_time": null,
"speaker_names": "Anna Biselli",
"track_id": 339,
"room_id": null,
"duration": 3600,
"abstract": "Welchen Dialekt spricht eine Geflüchtete aus Syrien? Was verrät das Handy eines Asylsuchenden aus dem Irak darüber, wo er herkommt? Und ist der Name Wasef eigentlich typisch für Afghanistan? Über diese Fragen entscheiden im Bundesamt für Migration und Flüchtlinge (BAMF) zunehmend Computer. Sie spucken Wahrscheinlichkeiten für Herkunftsländer aus, die entscheidend dafür sind, ob Geflüchtete Asyl bekommen - oder nicht. Kurz: Menschliche Schicksale hängen von Maschinen ab. Diese Maschinen wissen nichts darüber, ob einem Menschen in seiner alten Heimat Verfolgung, Folter und Tod drohen. Mitarbeiter des BAMF verlassen sich auf diese Ergebnisse, auch wenn sie falsch sein können. Recherchen und bisher unveröffentlichte Dokumente zeigen, warum das schiefgehen muss und welche schweren Folgen für Schutzsuchende das haben kann.\r\n"
},
{
"event_classifiers": {
"Theory - Practice": 90,
"Foundations": 30,
"Security": 100,
"Defense - Offense": 60
},
"language": "en",
"title": "Modern Windows Userspace Exploitation",
"event_id": 9660,
"start_time": null,
"speaker_names": "Saar Amar",
"track_id": 343,
"room_id": null,
"duration": 3600,
"abstract": "In this talk we will go through the different mitigations in Windows 10 and see how they affect modern userspace exploitation. We will explain the primary ones and the different ways to bypass them. Finally, we will demo a cool exploit that achieves code execution."
},
{
"event_classifiers": {
"Science": 100
},
"language": "en",
"title": "How light in the Antarctic Ice unveiled the first cosmic particle accelerator",
"event_id": 9664,
"start_time": null,
"speaker_names": "Anni",
"track_id": 342,
"room_id": null,
"duration": 3600,
"abstract": "On September 17th 2017 the blazar TXS0506+056, a gigantic particle accelerator driven by the super-massive black hole at the center of its host galaxy, emitted a large number of weakly interacting elementary particles, known as neutrinos. One of these particles found its way to Earth and interacted with water molecules in the South-Antarctic Ice Sheet. Fortunately, the IceCube Observatory, a cubic kilometer of instrumented ice recorded a track of light that pointed directly back to its origin, unlike many other neutrinos captured in the past. This event, called IceCube-170922A writes history, since for the first time a concrete astrophysical object can be associated to the origin of this neutrino and thus the presence of strongly accelerated, interacting matter. A second look at the data recorded in 2014-2015 confirmed that the blazar has indeed periods of high-neutrino emission, strengthening the confidence in the 2017 event to be a real discovery and great success for Multi-Messenger Astrophysics."
},
{
"event_classifiers": {
"Foundations": 90,
"Ethics, Politics + Society": 95
},
"language": "de",
"title": "Desinformation und Fake News - Bekämpfung und Verifizierung leicht gemacht",
"event_id": 9667,
"start_time": null,
"speaker_names": "Robert Clausen",
"track_id": 339,
"room_id": null,
"duration": 2400,
"abstract": "Für Journalisten bieten soziale Netzwerke eine Vielzahl von Quellen und Informationen, in einem Ausmaß, das vor Jahren unvorstellbar war. Doch damit steigt auch das Risiko immer weiter, auf Manipulationen und „Fake News“ hereinzufallen. In Zeiten von „Lügenpresse“-Rufen stellt das Journalisten vor neue Herausforderungen. Der Vortrag zeigt, wie die Verifizierung von Bildmaterial bei großen Medienhäusern abläuft – und warum auch normale Nutzer diese Möglichkeiten kennen und benutzen sollten. "
},
{
"event_classifiers": {
"Theory - Practice": 90,
"Entertainment": 50,
"Science": 20,
"Novelty": 90,
"Hardware": 50,
"Foundations": 60,
"Security": 80,
"Resilience": 100
},
"language": "en",
"title": "Safe and Secure Drivers in High-Level Languages",
"event_id": 9670,
"start_time": null,
"speaker_names": "Paul Emmerich",
"track_id": 341,
"room_id": null,
"duration": 3600,
"abstract": "Drivers are usually written in C for historical reasons, this can be bad if you want your driver to be safe and secure. We show that it is possible to write low-level drivers for PCIe devices in modern high-level languages.\r\nWe are working on super-fast user space network drivers for the Intel 82599ES (ixgbe) 10 Gbit/s NIC in Rust, C#, go, OCaml, Haskell, Python, Swift, Java, Scala, and Javascript. All of them are written from scratch and require no additional kernel code.\r\n\r\nCheck out <a href=\"https://github.com/ixy-languages/ixy-languages\">our GitHub page</a> with links to all implementations, performance measurements, and publications for further reading."
},
{
"event_classifiers": {},
"language": "en",
"title": "Self-encrypting deception",
"event_id": 9671,
"start_time": null,
"speaker_names": "Carlo Meijer",
"track_id": 343,
"room_id": null,
"duration": 3600,
"abstract": "<p>We have analyzed the hardware full-disk encryption implementation of several Self-Encrypting Drives (SEDs) from Samsung and Crucial (Micron) by reverse engineering their firmwares. The vendors combined cover a majority of the market share of SEDs sold today.</p>\r\n\r\n<p>In theory, the security guarantees offered by hardware encryption are similar to those of software implementations. In reality, we found that many hardware implementations have critical security weaknesses, for many models allowing for complete recovery of the data without knowledge of any secret.</p>\r\n\r\n<p>BitLocker, the encryption software built into Microsoft Windows will rely exclusively on hardware full-disk encryption if the drive advertises supported for it. Thus, for these drives, data protected by BitLocker is also compromised.</p>\r\n\r\n<p>This challenges the view that full-disk encryption implemented in hardware is preferable over software. We conclude that one should not rely solely on hardware encryption offered by SEDs.</p>"
},
{
"event_classifiers": {
"Foundations": 90,
"Security": 45,
"Resilience": 45,
"Science": 45
},
"language": "en",
"title": "Domain Name System",
"event_id": 9674,
"start_time": null,
"speaker_names": "hannes",
"track_id": 343,
"room_id": null,
"duration": 2400,
"abstract": "Whenever you enter a name into your computer, it resolves it to a numerical IP address. This resolution uses the Domain Name System (DNS), which is a hierarchical decentralised naming system used on the Internet. DNS is organised in a way that top-level domain (e.g. .com, .org) are delegated to registrars, which delegate subdomains (e.g. foo.com). This delegation is done as well via the DNS protocol via nameserver (NS) records. Since different types of data are kept in DNS, it can as well be seen as a distributed (and cached!) key-value store - which is fault-tolerant.\r\n\r\nI will explain the basic usage of DNS, including stub and recursive resolver, server, various protocol extensions (zone transfer, dynamic updates, authentication, notifications, ...), privacy extensions (query path minimisation, DNS-over-TLS), provisioning let's encrypt certificates. I will talk about attacks (poisoning, amplification, ...) and implementation pitfalls (not get stuck in the recursive resolver). I implemented DNS with above mentioned extensions as minimized MirageOS unikernels over past years."
},
{
"event_classifiers": {
"Foundations": 100,
"Security": 50,
"Science": 50
},
"language": "en",
"title": "Transmission Control Protocol",
"event_id": 9675,
"start_time": null,
"speaker_names": "hannes",
"track_id": 342,
"room_id": null,
"duration": 2400,
"abstract": "TCP/IP is the most widely used protocol on the Internet for transmitting data. But how does it work in detail? This talk will explain the TCP protocol, from handshake over established to teardown in detail - and elaborate a bit on protocol adjustments over time and congestion control."
},
{
"event_classifiers": {
"Ethics, Politics + Society": 100
},
"language": "de",
"title": "Österreich: Überwachungsstaat oder doch nur Digitalisierung für Anfänger?",
"event_id": 9680,
"start_time": null,
"speaker_names": "Thomas Lohninger, Angelika Adensamer",
"track_id": 339,
"room_id": null,
"duration": 2400,
"abstract": "In Österreich regiert seit einem Jahr eine Koalition aus der rechtskonservativen ÖVP und der rechtsextremen FPÖ. Eine ihrer ersten Maßnahmen war eine vollkommen überzogene Verschärfung von Überwachungsbefugnissen: Bundestrojaner, Anlassdatenspeicherung, verstärkte Videoüberwachung, Straßenüberwachung. Registrierungspflicht für SIM-Karten, etc. Zugleich wurde versucht, die Datenschutzgrundverordnung (DSGVO) zu untergraben. Betroffenenrechte wurden ausgeschlossen, weite Ausnahmen geschaffen und Strafen sollen am besten gleich gar nicht angewendet werden. In diesem Talk geben wir ein Update über die netzpolitische Lage in Österreich. "
},
{
"event_classifiers": {
"Hardware": 70,
"Theory - Practice": 50,
"Resilience": 75,
"Entertainment": 70
},
"language": "de",
"title": "Butterbrotdosen-Smartphone",
"event_id": 9681,
"start_time": null,
"speaker_names": "bücherratten",
"track_id": 340,
"room_id": null,
"duration": 2400,
"abstract": "Ich möchte euch zeigen, wie ich mir aus einem Raspberry PI ein Smartphone baue. Auf welche Probleme und Schwierigkeiten ich dabei gestoßen bin und welche Lösungen ich gefunden habe. Das Projekt ist noch nicht abgeschlossen, es fehlen noch ein paar Kleinigkeiten. Trotzdem will ich euch schon mal mein Smartphone in der praktischen Butterbrotdose zeigen und euch erzählen wie es entstanden ist."
},
{
"event_classifiers": {
"Ethics, Politics + Society": 70,
"Entertainment": 30
},
"language": "de",
"title": "Security Nightmares 0x13",
"event_id": 9685,
"start_time": null,
"speaker_names": "frank, Ron",
"track_id": 344,
"room_id": null,
"duration": 3600,
"abstract": "Was hat sich im letzten Jahr im Bereich IT-Sicherheit getan? Welche neuen Entwicklungen haben sich ergeben? Welche neuen Buzzwords und Trends waren zu sehen?"
},
{
"event_classifiers": {
"Theory - Practice": 20,
"Science": 100,
"Ethics, Politics + Society": 20,
"Foundations": 95
},
"language": "de",
"title": "Die dreckige Empirie",
"event_id": 9686,
"start_time": null,
"speaker_names": "Aiko ",
"track_id": 342,
"room_id": null,
"duration": 3600,
"abstract": "Kann man empirischen Studien trauen oder nicht? Wie kann ich gute Studien von schlechten unterscheiden? Und was mache ich, wenn es zu einem Thema Studien mit gegensätzlichen Befunden gibt? Der Vortrag soll helfen, Antworten auf diese Fragen zu finden und empirische Studien besser zu verstehen."
},
{
"event_classifiers": {
"Hardware": 15,
"Foundations": 90,
"Resilience": 25,
"Ethics, Politics + Society": 50
},
"language": "en",
"title": "Planes and Ships and Saving Lives",
"event_id": 9695,
"start_time": null,
"speaker_names": "Trollofix",
"track_id": 341,
"room_id": null,
"duration": 3600,
"abstract": "The death rate at Europes seaborder reached a historical record: One out of five trying for Europe drowned this September: Main reason is the crackdown on sea rescue by European authorithies who barely pass any information on distress cases to competent rescue workers. The hope of those trying to escape torture, slavery hunger and other forms of violence therefore soleyly lies on the efforts of the civil rescue fleet. \r\nIn the future, a civil society run maritime rescue coordination center could help to significantly reduce the death rate at sea. This talk will focus on the software and hardware components used on the aerial and nautical assets of the civil rescue fleet. \r\nWe´ll talk about the difficulties installing sat com on a moving ship or even an aircraft, how the camera system of the Sea-Watch 3 recorded the evidence that is now challenging the Italian state at the European Court of human rights, how important data is secured if the state challenges you as in the case of the LIFELINE and about a software that will help to join forces in the near future to coordinate rescues in an efficient way. Help is still needed to tear down Europes wall. "
},
{
"event_classifiers": {
"Hardware": 50,
"Science": 100
},
"language": "de",
"title": "SuperMUC-NG",
"event_id": 9703,
"start_time": null,
"speaker_names": "Dieter Kranzlmueller",
"track_id": 342,
"room_id": null,
"duration": 3600,
"abstract": "Der nationale Höchstleistungsrechner SuperMUC-NG unterstützt die öffentliche Wissenschaft in Deutschland. Wie ist er aufgebaut, was kann man damit tun, und wo steht er im Vergleich mit den schnellsten Supercomputern der Welt."
},
{
"event_classifiers": {
"Defense - Offense": 0,
"Entertainment": 100,
"Theory - Practice": 100,
"Foundations": 100,
"Security": 100,
"Resilience": 100
},
"language": "de",
"title": "Hacken ist einfach – du darfst dich nur nicht erwischen lassen.",
"event_id": 9716,
"start_time": null,
"speaker_names": "Linus Neumann, Thorsten Schröder",
"track_id": 343,
"room_id": null,
"duration": 3600,
"abstract": "Schon Wladimir Wladimirowitsch Putin wusste: \"Hacker, das sind freie Menschen, so wie Künstler.\" Wie wollen dafür sorgen, dass es so bleibt."
},
{
"event_classifiers": {
"Security": 50,
"Ethics, Politics + Society": 95
},
"language": "de",
"title": "Frontex: Der europäische Grenzgeheimdienst",
"event_id": 9720,
"start_time": null,
"speaker_names": "Matthias Monroy",
"track_id": 339,
"room_id": null,
"duration": 2400,
"abstract": "Die EU-Grenzagentur Frontex nimmt eine Reihe neuer Überwachungsmethoden im Mittelmeer in Betrieb. Die Fähigkeiten zur Beobachtung des sogenannten Grenzvorbereichs gehören zum Grenzüberwachungssystem EUROSUR, das die Europäische Union vor fünf Jahren gestartet hat. "
},
{
"event_classifiers": {
"Hardware": 40,
"Security": 90,
"Ethics, Politics + Society": 45
},
"language": "de",
"title": "Smart Light - Smart Hack",
"event_id": 9723,
"start_time": null,
"speaker_names": "Michael Steigerwald",
"track_id": 343,
"room_id": null,
"duration": 3600,
"abstract": "Eine Analyse vieler verschiedener smarter Glühbirnen und per App schaltbaren Steckdosen aus dem Tiefpreissegment hat gezeigt, dass oft die gleiche Cloud verwendet wird. Das Analysieren der Hardware, Auslesen und Disassemblieren der Software hat verschiedene Angriffspunkte für Hacker und auch konzeptionelle Fehler aufgezeigt.\r\nDer Vortrag stellt die Funktionsweise smarter Geräte im Zusammenhang mit derer Cloud dar und zeigt ein Proof of Concept verschiedener Angriffsszenarien."
},
{
"event_classifiers": {
"Ethics, Politics + Society": 95
},
"language": "de",
"title": "Netzpolitischer Wetterbericht 2018",
"event_id": 9727,
"start_time": null,
"speaker_names": "Markus Beckedahl",
"track_id": 339,
"room_id": null,
"duration": 2400,
"abstract": "Das Jahr 2018 bietete weider zahlreiche Beispiele für einen netzpolitischen Wetterbericht. Die Große Koalition lief sich mit der Bundesregierung warm und am Ende des Jahres droht man den Überblick über zahlreiche Kommissionen und Arbeitsgruppen zur Digitalisierung zu verlieren.\r\n\r\nDie gute Nachricht ist: Netzpolitik ist angekommen und geht nicht mehr so schnell weg. Die schlechte Nachricht ist: Beispiele für eine bessere Netzpolitik, Wert auf den Schutz und Ausbau von Grund- und Verbraucherrechte legt, gibt es leider eher weniger.\r\n\r\n"
},
{
"event_classifiers": {
"Theory - Practice": 30,
"Foundations": 70,
"Ethics, Politics + Society": 80,
"Science": 30
},
"language": "de",
"title": "Was schützt eigentlich der Datenschutz?",
"event_id": 9733,
"start_time": null,
"speaker_names": "Rainer Rehak",
"track_id": 339,
"room_id": null,
"duration": 2400,
"abstract": "Beim Datenschutz geht es mitnichten um Privatsphäre, um das eigene Schlafzimmer oder um das Teilen privater Daten bei Facebook. Es geht gleichermaßen um den Erhalt einer demokratischen Gesellschaftsordnung wie um den Erhalt von individuellen Handlungsalternativen im digitalen Zeitalter. Wir dürfen also nicht so sehr über Einzelpersonen und ihre höchst subjektiven Privatheitswünsche sprechen, sondern müssen viel mehr von Machtasymmetrien, Durchsetzungsmacht, sowie „starken“ und „schwachen“ Akteuren. Erst dann können wir politischen Nebelkerzen wie \"Selbst-Datenschutz\" und \"Algorithmen-Ethik\" etwas entgegensetzen, die zunehmend als Lösung für Verdatung der Gesellschaft angeboten werden. Doch wir müssen uns strukturell und auch theoretisch mit dem Problem der Informationsmacht großer Organisationen (Behörden, Firmen) beschäftigen, wenn wir einer grundrechtsorientierten digitalen Gesellschaft leben wollen. Datenreichtumsbefürworter und Datenschutzverächter, die derartige Probleme wie so oft dem Individuum aufbürden wollen, haben nämlich keinen theoretischen Unterbau."
},
{
"event_classifiers": {
"Science": 100
},
"language": "en",
"title": "Information Biology - Investigating the information flow in living systems",
"event_id": 9734,
"start_time": null,
"speaker_names": "Jürgen Pahle",
"track_id": 342,
"room_id": null,
"duration": 2400,
"abstract": "<p>How to apply Shannon's information theory to biology.</p>"
},
{
"event_classifiers": {
"Science": 30,
"Novelty": 30,
"Ethics, Politics + Society": 100,
"Entertainment": 30
},
"language": "en",
"title": "Inside the Fake Science Factories",
"event_id": 9744,
"start_time": null,
"speaker_names": "@sveckert, @tillkrause, Peter Hornung",
"track_id": 342,
"room_id": null,
"duration": 3600,
"abstract": "This talk investigates fake science factories; international twilight companies whose sole purpose is to give studies an air of scientific credibility while cashing in on millions of dollars in the process. We present the findings, outcomes and methodology from a team of investigative journalists, hackers and data scientists who delved into the parallel universe of fraudulent pseudo-academic conferences and journals. The story was published in Germany (ARD and Süddeutsche Zeitung Magazin) in mid of July and then went around the world. How did it begin? What did we learn in the process? And: What happened since the story got published?"
},
{
"event_classifiers": {
"Foundations": 90,
"Science": 100
},
"language": "en",
"title": "Hacking the Human Microbiome",
"event_id": 9758,
"start_time": null,
"speaker_names": "LorenzAdlung",
"track_id": 342,
"room_id": null,
"duration": 2400,
"abstract": "The human microbiome is a diverse community of bacteria that lives inside us. Their contribution towards our personal well-being or sickness is controversially discussed within the scientific world and, likewise, in our society. First attempts to rationally (reverse-)engineer the human microbiome are hyped in medicine and within the DIY biohacking scene. The implications of these endeavours potentially concern several aspects of our life: eating habits, fitness state, susceptibility for infections, aging, and cancer. But what about ethical aspects of hacking the human microbiome? How can biosafety be maintained? Are there any data security issues? I will seriously discuss the state-of-the-art and future directions of the research to show whether actual hacking of the human microbiome is rather science or fiction."
},
{
"event_classifiers": {
"Security": 100
},
"language": "en",
"title": "Truly cardless: Jackpotting an ATM using auxiliary devices.",
"event_id": 9761,
"start_time": null,
"speaker_names": "Olga Kochetova, Alexey Osipov",
"track_id": 343,
"room_id": null,
"duration": 2400,
"abstract": "Pursuit of “good customers’ experience“ not only leads to new customers, but also attract criminals of all sorts. Presentation will give overview of current security situation of ATMs with different auxiliary devices allowing cardless transactions. Cardless is new sexy for criminals."
},
{
"event_classifiers": {
"Theory - Practice": 40,
"Ethics, Politics + Society": 40,
"Art + Culture": 80
},
"language": "en",
"title": "The Urban Organism",
"event_id": 9762,
"start_time": null,
"speaker_names": "mp_ttaa",
"track_id": 338,
"room_id": null,
"duration": 3600,
"abstract": "This talk will engage the practises and protocols of hacking in the context of Hong Kong, drawing parallels from the stigmergic responses of the city (consensus network organisation) and the peer-production (or attempt) of the hackerspace, Dim Sum Labs.\r\n\r\nPerspectives on this will also draw from the publication, The Field Guide to Hacking (_TFGTH), a collection of (project and essay) snapshots generated from the hackerspace and its surrounding community."
},
{
"event_classifiers": {
"Hardware": 80,
"Resilience": 80,
"Ethics, Politics + Society": 50
},
"language": "de",
"title": "Remo2hbo -Robustes und reparierbares Vitalparametermonitoring",
"event_id": 9765,
"start_time": null,
"speaker_names": "Dagmar Krefting",
"track_id": 341,
"room_id": null,
"duration": 3600,
"abstract": "Moderne Medizintechnik ist teuer und wenn sie kaputt geht, dann kann man sie normalerweise nur durch Servicetechnikerinnen austauschen lassen. Designkriterien orientieren sich an den Gesundheitsversorgung reicher Länder. Wir stellen ein System zur Messung der wichtigsten Vitalparameter vor, das nicht nur open source und frei, sondern auch für den off-road Einsatz ausgelegt ist, wenn die Servicehotline nicht erreichbar ist. "
},
{
"event_classifiers": {
"Ethics, Politics + Society": 80
},
"language": "de",
"title": "Der NSU-Komplex heute",
"event_id": 9766,
"start_time": null,
"speaker_names": "Caro Keller (NSU-Watch)",
"track_id": 339,
"room_id": null,
"duration": 3600,
"abstract": "Sieben Jahre lang musste den Behörden jedes Stück der versprochenen Aufklärung des NSU-Komplexes abgerungen werden. Das Urteil im ersten NSU-Prozess zeigt: Deutschland ist nur sehr eingeschränkt bereit, rechtem Terror entgegenzutreten und ihn aufzuarbeiten, den Betroffenen, Geschädigten und Überlebenden zuzuhören und ihnen Schutz zu garantieren. Das zu leisten ist unsere Aufgabe: die Aufgabe der Gesellschaft, die Aufgabe einer antifaschistischen und antirassistischen Linken. "
},
{
"event_classifiers": {
"Hardware": 50,
"Science": 20,
"Theory - Practice": 100,
"Art + Culture": 100
},
"language": "de",
"title": "Open Source Orgelbau",
"event_id": 9768,
"start_time": null,
"speaker_names": "Benjamin Wand",
"track_id": 340,
"room_id": null,
"duration": 3600,
"abstract": "Spaß und ein kleines Bisschen Wissenschaft mit 3D-gedruckten Orgelteilen"
},
{
"event_classifiers": {
"Theory - Practice": 10,
"Novelty": 10,
"Art + Culture": 80
},
"language": "en",
"title": "Radical Digital Painting",
"event_id": 9774,
"start_time": null,
"speaker_names": "Jeffrey Scudder",
"track_id": 338,
"room_id": null,
"duration": 2400,
"abstract": "Radical Digital Painting groups and presents several ideas and artifacts related to contemporary painting and contextualizes its connection to historical processes and digital technology. It is inspired by and is a continuation of Radical Computer Music.\r\n\r\nThrough demonstrative, interactive performance lectures, American artist and educator Jeffrey Alan Scudder presents homegrown software inventions and new theories about painting and picture making. "
},
{
"event_classifiers": {
"Science": 65,
"Ethics, Politics + Society": 35
},
"language": "en",
"title": "The discovery of the sex in medicine",
"event_id": 9775,
"start_time": null,
"speaker_names": "Sophie Hiltner",
"track_id": 342,
"room_id": null,
"duration": 3600,
"abstract": "Men with osteoporosis or depression, women with heartattacks - these are examples of diseases where medicine still shows a gender bias. Assuming that men and women have the same bodies, except when it comes to the reproductive organs still causes maltreatment upto death. In the past few years sex- and gender-sensitive medicine has discovered that the assumption of the same body has lead to the unnecessary death of patients and needs to be challenged.\r\nThis is a brief introduction into the paradigm shifting realm of sex- and gender-sensitive medicine showing how and where the sexes differ, that there are actually more than two sexes and that your gender also plays a role in how you are being treated by medical professionals."
},
{
"event_classifiers": {
"Hardware": 10,
"Theory - Practice": 60,
"Security": 20,
"Foundations": 80,
"Entertainment": 10
},
"language": "de",
"title": "Open Source Firmware",
"event_id": 9778,
"start_time": null,
"speaker_names": "zaolin",
"track_id": 340,
"room_id": null,
"duration": 3600,
"abstract": "Open Source firmware ist ein Begriff seit 1999 wo LinuxBIOS (coreboot) und u-boot als Projekt starteten. Heute nach fast 20 Jahren ist endlich Open Source firmware bei den Herstellern von Hardware angekommen:\r\n\r\nGoogle Chromebooks - coreboot\r\nFacebook Open Compute Hardware - coreboot / LinuxBoot\r\nPurism Laptops - coreboot\r\nMicrosoft Olympus - TianoCore\r\nMicrosoft Surface - TianoCore\r\nIBM Power 9 - Hostboot / Skiboot\r\nARM Hardware - ARM Trusted Firmware\r\nIntel Minnowboard - TianoCore, coreboot\r\nA lot embedded hardware - u-boot\r\n\r\nIn diesem Vortrag werden wir uns den Weg der Open Source firmware Entwicklung von der Vergangeheit bis in die Gegenwart anschauen. Dabei werden wir ein Schwerpunkt auf neue Technologien in der Firmware Entwicklung und eine Einführung in bestehende Konzepte legen. Teil des Vortrags werden auch Sicherheitstechnologien und Konzepte der Firmware sein. Zum Schluss werden wir einen Ausblick auf die Zukunft und damit verbundenen Ideen uns anschauen."
},
{
"event_classifiers": {
"Hardware": 55,
"Foundations": 50,
"Resilience": 45,
"Entertainment": 85
},
"language": "en",
"title": "The Mars Rover On-board Computer",
"event_id": 9783,
"start_time": null,
"speaker_names": "breakthesystem",
"track_id": 340,
"room_id": null,
"duration": 2400,
"abstract": "Mars Rover Curiosity is one of the most sophisticated pieces of hardware ever launched into space. Because of the communication delay from Earth to Mars, it needs to accomplish most of its tasks completely autonomously: landing, navigation, exploration and singing birthday songs to itself. To do all this, it only has one central onboard computer. Let's look at that computer and the software it runs in detail. "
},
{
"event_classifiers": {
"Theory - Practice": 90,
"Foundations": 85,
"Security": 100,
"Resilience": 20,
"Defense - Offense": 5
},
"language": "en",
"title": "Memsad",
"event_id": 9788,
"start_time": null,
"speaker_names": "Ilja van Sprundel",
"track_id": 343,
"room_id": null,
"duration": 3600,
"abstract": "This presentation will start off with a simple problem (how do you clear memory that holds sensitive content). It explores numerous possible solutions, and presents real live facts and figures. bugs in common applications will be shown. "
},
{
"event_classifiers": {
"Security": 100,
"Ethics, Politics + Society": 100
},
"language": "en",
"title": "The Surveillance State limited by acts of courage and conscience",
"event_id": 9791,
"start_time": null,
"speaker_names": "Robert Tibbo",
"track_id": 339,
"room_id": null,
"duration": 3600,
"abstract": "An update on the circumstances of the Snowden Refugees will be provided at the 35C3 event and venue in December 2018. "
},
{
"event_classifiers": {
"Foundations": 90,
"Science": 70
},
"language": "en",
"title": "Quantum Mechanics",
"event_id": 9792,
"start_time": null,
"speaker_names": "sri",
"track_id": 342,
"room_id": null,
"duration": 3600,
"abstract": "An (almost) self-contained introduction to the basic ideas of quantum mechanics. The theory and important experimental results will be discussed."
},
{
"event_classifiers": {
"Theory - Practice": 90,
"Foundations": 85,
"Novelty": 90,
"Resilience": 90,
"Entertainment": 50
},
"language": "en",
"title": "Analyze the Facebook algorithm and reclaim data sovereignty ",
"event_id": 9797,
"start_time": null,
"speaker_names": "Claudio Agosti",
"track_id": 341,
"room_id": null,
"duration": 3600,
"abstract": "Facebook monopoly is an issue, but looking for replacements it is not enough. We want to develop critical judgment on algorithms, on why data politics matter and educate, raise awareness for a broad audience. With <a href=\"https://facebook.tracking.exposed\">our tool</a>, we enable an individual to collect evidence and see how Facebook's algorithm truly shares their data. Not data about themselves, but the bias of facebook treats data, re-shares certain content over other content. Collectively we can analyze the algorithm, understand Facebooks agendas and show how little agency users have."
},
{
"event_classifiers": {
"Theory - Practice": 100,
"Foundations": 80,
"Resilience": 50
},
"language": "en",
"title": "How to teach programming to your loved ones",
"event_id": 9800,
"start_time": null,
"speaker_names": "Mike Sperber",
"track_id": 340,
"room_id": null,
"duration": 2400,
"abstract": "Teaching beginners how to program is often <i>hard</i>. We love building programs, and seeing our loved ones struggle with this is painful. Showing them how to copy-paste a few example programs and change a few parameters is easy, but bridging from there to building substantial programs is a different game entirely. This talk is about how to teach programming successfully, through comprehensible <i>design recipes</i>, which anyone can follow, using languages and tools designed for beginners. This approach is probably different from how you learned how to program, or how you're used to teaching. It is more effective, however, as it teaches more material successfully to a broader spectrum of people. It is also more enjoyable.\r\n"
},
{
"event_classifiers": {
"Ethics, Politics + Society": 100
},
"language": "de",
"title": "Die Häuser denen, die darin wohnen!",
"event_id": 9804,
"start_time": null,
"speaker_names": "Elke Manz, fuzzle/fr, Schmidt, wuschl, Lina, Alexander Steines",
"track_id": 339,
"room_id": null,
"duration": 2400,
"abstract": "Wir wenden uns gegen Gentrifizierung, Luxussanierung und Spekulation mit Häusern. Das Mietshäuser Syndikat ist ein bundesweiter Verbund linker, selbstverwalteter Hausprojekte mit dem Ziel der Initiierung und dauerhaften Erhaltung von gemeinschaftlich genutztem und bezahlbarem Wohn- und Gewerberaum. Der Grundgedanke: Gemeineigentum wird geschaffen und dauerhaft dem Markt entzogen. Die Mieter*innen sind zugleich Besitzer*innen ohne private Gewinnerzielungsabsichten, sie transferieren Knowhow und oft auch Direktkredite an andere Hausprojekte."
},
{
"event_classifiers": {
"Theory - Practice": 90,
"Foundations": 100,
"Novelty": 10,
"Resilience": 50,
"Ethics, Politics + Society": 100
},
"language": "de",
"title": "Datenschutz für Neulandbürger",
"event_id": 9809,
"start_time": null,
"speaker_names": "Beata Hubrig",
"track_id": 339,
"room_id": null,
"duration": 2400,
"abstract": "Der Datenschutz ist als erst relativ frisch erkämpftes Abwehrrecht von Bürgern gegen Firmen und Staat ein wichtiges, aber häufig missverstandenes Rechtsgebiet. Zuletzt ist es durch die Grundverordnung auf europäischer Ebene in den Blick der Netzöffentlichkeit geraten.\r\n\r\nDieser Vortrag soll einen niedrigschwelligen Einstieg in den Datenschutz geben und aus Perspektive einer Datenschützerin mit zehnjähriger Erfahrung im Gebiet die aufregenden Aspekte und Herausforderungen aufzeigen, dem Bürgerrecht Leben einzuhauchen."
},
{
"event_classifiers": {
"Theory - Practice": 80,
"Foundations": 60,
"Resilience": 80,
"Entertainment": 50
},
"language": "en",
"title": "A farewell to soul-crushing code",
"event_id": 9812,
"start_time": null,
"speaker_names": "Mike Sperber, Nicole Rauch",
"track_id": 341,
"room_id": null,
"duration": 3600,
"abstract": "A major part of software development is maintenance, i.e. tinkering with software that should already be completed but still somehow does not work as it should. Software developed by tinkering is the antithesis to resilient technology, and a growing threat to our profession and our lives. Working on this kind of software crushes the soul. Yet this is exactly how most IoT devices (and computers in general) are programmed these days. We need to replace the dead technology-oriented objects of the past with supple models enriching our domains and our souls. This talk shows how it is done.\r\n"
},
{
"event_classifiers": {
"Ethics, Politics + Society": 0
},
"language": "en",
"title": "Privately owned Borders and Passports",
"event_id": 9836,
"start_time": null,
"speaker_names": "Katharin Tai",
"track_id": 339,
"room_id": null,
"duration": 2400,
"abstract": "Many of the fights over data protection are concerned with laws passed by governments - but what if it was companies who ultimately decided which data protection regime applies to you? Bad news: we already live in that world."
},
{
"event_classifiers": {
"Science": 100,
"Novelty": 75,
"Ethics, Politics + Society": 40,
"Foundations": 100
},
"language": "de",
"title": "Genom-Editierung mit CRISPR/Cas",
"event_id": 9838,
"start_time": null,
"speaker_names": "_Adora_Belle_, André Lampe, KaLeiMai",
"track_id": 342,
"room_id": null,
"duration": 2400,
"abstract": "CRISPR/Cas hat die Genforschung revolutioniert und könnte bald in großem Stil gentechnisch eingesetzt werden. Aber was ist CRISPR und wie funktioniert es? Kurz gesagt: Teile des adaptiven Immunsystems von Bakterien werden genutzt, um Gene zu verändern. Und das funktioniert präziser als mit jedem anderen Werkzeug zuvor und offenbar in allen Tier- und Pflanzenarten. Damit ist CRISPR anders als die herkömmlichen Methoden der Gentechnik. Es ist einfach anzuwenden, preiswert, schnell, extrem vielseitig und damit in jedem Biologielabor erhältlich. BioHacker haben sogar begonnen, CRISPR zu Hause zu nutzen. CRISPR wird bereits eingesetzt, um mehr über Genfunktionen und -dysfunktionen zu erfahren. So könnte es realistischerweise zur Behandlung einiger Krankheiten eingesetzt werden. Aber welche Hürden gibt es noch und welche ethischen Fragen würden sie mit sich bringen? Wie kann (oder sollte?) CRISPR in der Landwirtschaft eingesetzt werden, wenn der Klimawandel die Erträge verringert und die Biodiversität gefährdet? \r\nUnser Vortrag gibt einen Überblick darüber, was mit dem CRISPR/Cas-System möglich ist. Wir möchten genügend Informationen liefern, um zwischen Pseudowissenschaften und dem, was tatsächlich möglich ist, unterscheiden zu können.\r\n"
},
{
"event_classifiers": {
"Science": 0
},
"language": "en",
"title": "Conquering Large Numbers at the LHC",
"event_id": 9851,
"start_time": null,
"speaker_names": "Carsten Bittrich, Stefanie Todt",
"track_id": 342,
"room_id": null,
"duration": 2400,
"abstract": "We are going to outline the ingredients necessary to perform measurements at the LHC, starting from an ordinary bottle of hydrogen. Let us take you on a journey following the path of the protons from this bottle to being ready for collisions in one of the detectors. Once the collisions are recorded we show the approaches and tools on how to extract the metaphorical needle in the haystack."
},
{
"event_classifiers": {
"Foundations": 100,
"Security": 100,
"Defense - Offense": 0,
"Entertainment": 40
},
"language": "en",
"title": "Exploring fraud in telephony networks",
"event_id": 9852,
"start_time": null,
"speaker_names": "Merve Sahin, Aurélien Francillon",
"track_id": 343,
"room_id": null,
"duration": 3600,
"abstract": "Telephone networks form the oldest large scale network that has grown to\r\ntouch over 7 billion people. Telephony is now merging many complex\r\ntechnologies (PSTN, cellular and IP networks) and enabling numerous\r\nservices that can be easily monetized. However, security challenges for\r\ntelephony are often neither well understood, nor well addressed. As a\r\nresult, telephone networks attract a lot of fraud. In this talk, we will\r\nsystematically explore the fraud in telephone networks, focusing on\r\nvoice telephony. We will present a taxonomy of fraud, and analyze two\r\nprevalent fraud schemes in more detail: looking into the ecosystem of\r\nInternational Revenue Share Fraud (IRSF), and discussing a new\r\ncountermeasure to the well-known problem of voice spam."
},
{
"event_classifiers": {
"Foundations": 100,
"Ethics, Politics + Society": 100
},
"language": "de",
"title": "Archäologische Studien im Datenmüll",
"event_id": 9858,
"start_time": null,
"speaker_names": "Letty, Katharina Nocun",
"track_id": 339,
"room_id": null,
"duration": 2400,
"abstract": "Jeder Nutzer hat das Recht bei seinen Dienstanbietern eine Kopie seiner Daten anzufordern. Doch wer macht das schon? Wir haben genau das getan. Das Ergebnis waren nicht nur intensive und emotionale Brieffreundschaften mit den Datenschutz-Abteilungen von Netflix, Amazon und der DeutschlandCard. Das Ganze hat auch sehr viel Datenmüll zu Tage befördert."
},
{
"event_classifiers": {
"Security": 15,
"Ethics, Politics + Society": 85
},
"language": "en",
"title": "A Routing Interregnum: Internet infrastructure transition in Crimea after Russian annexation ",
"event_id": 9864,
"start_time": null,
"speaker_names": "Xenia",
"track_id": 339,
"room_id": null,
"duration": 2400,
"abstract": "This lecture tells the story of Internet infrastructure transformations in Crimea, the peninsula disputed between Russia and Ukraine between 2014 and 2018. It is based on an extensive year-long study involving network measurements and interviews with key players. Crimea has become a \"laboratory\" where we can observe, in just 4 years, a rapid and profound transition of infrastructure, that deeply impacted the Internet Service Provider market, routing trajectories, Internet censorship practices in the region. Annexation has transformed the way Crimea is plugged to the \"outer world\" - in terms of peering and transit relations between various autonomous systems, creating a much more centralized infrastructure and monopolized market. This, in its turn, had an important impact for Crimean end-users - in terms of quality, speed, price of Internet service, as well as in terms of Internet censorship and various traffic anomalies that they experience. Moreover, server-side geoblocking by online payment platforms, Google Play, Apple and other important services, is imposed on Crimean users, because of international sanctions that have a controversial impact, including a risk of overblocking, further isolation of Crimean civil society and reinforcing a more general trend towards \"balkanization\" of the Internet(s). [1]"
},
{
"event_classifiers": {},
"language": "en",
"title": "All Creatures Welcome",
"event_id": 9873,
"start_time": null,
"speaker_names": "Sandra Trostel, Thies Mynther",
"track_id": 344,
"room_id": null,
"duration": 7200,
"abstract": "\"All Creatures Welcome sketches a utopian image of society in the digital era. Accompanied by the appeal to “use hacking as a mindset,” the viewers immerse themselves, together with the filmmaker, in a documentary adventure game and explore the world of digital communities at the events held by the Chaos Computer Club; a real-world reflection of the virtual spectrum.\" – after the rough cut screening at the 34c3 we will show now the final version. \r\nJoin us and be part of the moment when we put the movie online and make it freely available under a creative commons license at the beginning of the screening!"
},
{
"event_classifiers": {
"Science": 30,
"Security": 85,
"Resilience": 100,
"Ethics, Politics + Society": 70
},
"language": "en",
"title": "Censored Planet: a Global Censorship Observatory ",
"event_id": 9877,
"start_time": null,
"speaker_names": "Roya Ensafi",
"track_id": 341,
"room_id": null,
"duration": 3600,
"abstract": "Six years ago the idea behind CensoredPlanet started, that is now launched at censoredplanet.org. We had a simple (yet essential) guiding principle: measurements that may be politically sensitive should be done without volunteer participation. In this talk, besides a detailed scientific overview of the techniques and the current state of CensoredPlanet, I plan to talk about my experience in developing the project from the ground up.\r\n\r\nDespite the pervasive nature of Internet censorship and the continuous evolution of how and where censorship is applied, measurements of censorship remain comparatively sparse. Current censorship projects, including OONI, depend on participants within countries to help them collect measurements. While these projects are valuable, we have empirically seen that there are issues relating to continuity in terms of measurement, coverage of the geographical area, and ethical dilemmas when user participation is a requirement. Censored Planet use tens of thousands of *remote infrastructural and organizational vantage points* from over 170 countries to conduct it’s measurements, thereby removing the need for user participation. This allows us to regularly measure Internet disruptions over a longer period of time in significantly more countries in a safer way. \r\n\r\nThe research we conduct at Censored Planet provides unique insights and data points on Internet disruptions. This information is extremely valuable to researchers in diverse fields from political science to computer science as well as to activists and journalists living and operating in countries where Internet disruptions are prevalent. By making our data easily accessible to the public, we aim to encourage future research in the field. Link to our data: https://censoredplanet.org/data/raw."
},
{
"event_classifiers": {
"Resilience": 95,
"Ethics, Politics + Society": 85
},
"language": "en",
"title": "The foodsaving grassroots movement",
"event_id": 9882,
"start_time": null,
"speaker_names": "Tilmann Becker, Nick sellen, Janina Abels",
"track_id": 341,
"room_id": null,
"duration": 2400,
"abstract": "When you're fighting for a cause, you need tools that reflect your values. While venture capital-backed tools are seductive, especially at the beginning of your movement, they can be harmful in the long-term. This session shows how co-operatively owned, non-hierarchically built Free and Open Source Software (FOSS) provides a more sustainable, and equitable, solution."
},
{
"event_classifiers": {
"Security": 100,
"Novelty": 50,
"Defense - Offense": 50
},
"language": "en",
"title": "A Christmas Carol - The Spectres of the Past, Present, and Future",
"event_id": 9893,
"start_time": null,
"speaker_names": "Moritz Lipp, Michael Schwarz, Daniel Gruss, Claudio Canella",
"track_id": 343,
"room_id": null,
"duration": 3600,
"abstract": "With the beginning of last year, two major security vulnerabilities have been disclosed: Meltdown and Spectre. While mitigations in software and hardware have been rolled out right away, new variants have been continuously released in the following months. With all those confusing names, how can you possibly still have a clear overview of all those vulnerabilities (SpectreV1, SpectreV2, Meltdown, Spectre-NG, SpectreRSB, L1TF, Foreshadow, ...)? With this talk, we present a novel classification that will ease the naming complexity of the current jungle of variants. Along with all different attacks, we will give an overview of all proposed mitigations and show how an attacker still can mount an attack despite the presence of implemented countermeasures. Furthermore, we will present new variants of the Meltdown attack, exploiting different parts of the CPU."
},
{
"event_classifiers": {
"Theory - Practice": 65,
"Security": 75,
"Novelty": 70,
"Ethics, Politics + Society": 80,
"Entertainment": 60
},
"language": "de",
"title": "Mehr schlecht als Recht: Grauzone Sicherheitsforschung",
"event_id": 9898,
"start_time": null,
"speaker_names": "domenukk",
"track_id": 339,
"room_id": null,
"duration": 2400,
"abstract": "Reverse Engineering zum Aufspüren von Schwachstellen ist gängige Praxis. Umso überraschender kam für 2 Forschungsteams die Abmahnung durch Rechtsanwälte eines Herstellers. Sie hatten Schwachstellen aufgedeckt und damit, so der Hersteller, seine Rechte verletzt. Vorwurf? Vom Verstoß gegen das Urheberrecht bis zum Verrat von Geschäftsgeheimnissen war alles dabei.\r\nNach hunderten Seiten an Schriftsätzen, einem zurückgehaltenen Paper sowie 7 Stunden Marathon-Prozess konnte ein Vergleich geschlossen werden, bei dem wir mit einer Verpflichtung zum Responsible Disclosure davon kamen - die Kernfragen bleiben jedoch offen: Welche Teile des Reverse Engineering sind rechtswidrig? Verstößt Reversing auch zum Zwecke der IT-Sicherheitsforschung gegen das Urheberrechtsgesetz? Was schützt in Zukunft Sicherheitsforscher vor rechtlichen Schritten des Herstellers? Wie können sich Unternehmen verhalten und welche Abwägungen müssen vor der Veröffentlichung getroffen werden? \r\nWir berichten vom Ablauf eines solchen Prozesses inklusive Anekdoten, weisen auf die Unklarheiten in geltendem Recht hin und schaffen ein Bewusstsein für die Problematik."
},
{
"event_classifiers": {
"Security": 100
},
"language": "en",
"title": "Exploiting Kernel Memory Corruptions on Microsoft Windows 10 RedStone 5",
"event_id": 9903,
"start_time": null,
"speaker_names": "Nikita Tarakanov",
"track_id": 343,
"room_id": null,
"duration": 3600,
"abstract": "This talk is about new challenges in exploiting kernel memory corruptions on brand new Microsoft Windows RedStone 5."
},
{
"event_classifiers": {
"Theory - Practice": 40,
"Science": 80,
"Ethics, Politics + Society": 75,
"Entertainment": 20
},
"language": "en",
"title": "\"The\" Social Credit System",
"event_id": 9904,
"start_time": null,
"speaker_names": "Toni",
"track_id": 339,
"room_id": null,
"duration": 3600,
"abstract": "The Chinese Social Credit System (SCS) has been discussed a lot in Western media. However, we do not know currently how the system that is supposed to take nationwide effect by 2020 will look like, as there are more than 70 pilot projects currently undertaken. These pilots rank from commercial royalty and rewards programs (Sesame Credit) to an Orwellian system, where each action has a predetermined associated score (Rongcheng). In-between, there’s nebulous algorithmic systems that basically act as a Black Box (Honesty Shanghai). This talk, therefore, looks at some of these pilots and their implementation details, and through an agent-based modeling framework, discusses the likely effects of different implementations. In doing so, it shows that most of the systems currently being tested are prone to manipulation by leaders from all levels of government, and that the ostensible goal of allocating scarce resources more efficiently is unlikely to be served by the new system(s)."
},
{
"event_classifiers": {
"Foundations": 75,
"Resilience": 70,
"Ethics, Politics + Society": 70
},
"language": "de",
"title": "Updates von der europäischen Außengrenze",
"event_id": 9909,
"start_time": null,
"speaker_names": "Nico, Nina Gassmann",
"track_id": 339,
"room_id": null,
"duration": 2400,
"abstract": "Als Organisation für Menschenrechtsbeobachtungen geben wir Euch einen Überblick der aktuellen Entwicklungen an der EU-Außengrenze auf dem Mittelmeer."
},
{
"event_classifiers": {
"Entertainment": 90
},
"language": "de",
"title": "Chaos Communication Slam",
"event_id": 9911,
"start_time": null,
"speaker_names": "Thorben Dittmar",
"track_id": 345,
"room_id": null,
"duration": 5400,
"abstract": "Chaos meets Poetry Slam. \r\nDer humoristische Dichterwettstreit mit Informatikhintergrund. Mitmachen ausdrücklich erwünscht. "
},
{
"event_classifiers": {
"Theory - Practice": 50,
"Science": 100
},
"language": "en",
"title": "Going Deep Underground to Watch the Stars",
"event_id": 9913,
"start_time": null,
"speaker_names": "Jost Migenda",
"track_id": 342,
"room_id": null,
"duration": 3600,
"abstract": "Neutrinos are “ghost-like” elementary particles that can literally go through walls. They can bring information from places that are impossible to observe through other means.\r\nThis talk provides a glimpse behind the scenes of a next-generation neutrino detector called Hyper-Kamiokande – a cylindrical water tank the size of a high-rise building. I will describe some of the problems you encounter when planning a subterranean detector of this size. I will then explain how this detector helps us figure out why the sun shines and how giant stars explode."
},
{
"event_classifiers": {
"Hardware": 50,
"Science": 25,
"Theory - Practice": 85
},
"language": "de",
"title": "Projekt Hannah",
"event_id": 9915,
"start_time": null,
"speaker_names": "Matthias Kubisch, Felix Just",
"track_id": 340,
"room_id": null,
"duration": 3600,
"abstract": "Um das Entwickeln von eigenen Laufrobotern zu erleichtern, brauchen wir offene Alternativen zu bestehenden Plattformen. Am Beispiel unseres Projektes \"Hannah\" stellen wir euch Möglichkeiten vor, wie Open Source in Robotik-Hardware praktisch eingesetzt werden kann."
},
{
"event_classifiers": {
"Security": 50,
"Ethics, Politics + Society": 50
},
"language": "en",
"title": "Election Cybersecurity Progress Report",
"event_id": 9917,
"start_time": null,
"speaker_names": "J. Alex Halderman",
"track_id": 339,
"room_id": null,
"duration": 3600,
"abstract": "Recent attacks against elections in the U.S. and Europe demonstrate that nation-state attackers are becoming more aggressive, even as campaigning and voting are becoming increasingly reliant on computers. How much has changed since 2016, when the U.S. experienced unprecedented attacks on its election infrastructure? What has to happen to ensure that the 2020 presidential election is secure? In this talk, I'll give a progress report on election security in the U.S. and around the world, informed by results from my own research and my work with legislators and election officials over the past two years. I'll also hold a mock election with a current U.S. voting machine to demonstrate how cyberattacks on election infrastructure could potentially change the results of national elections. Finally, I'll explain what everyone can do to get involved and help safeguard the foundations of democracy.\r\n"
},
{
"event_classifiers": {
"Science": 80
},
"language": "en",
"title": "Space Ops 101",
"event_id": 9923,
"start_time": null,
"speaker_names": "sven",
"track_id": 342,
"room_id": null,
"duration": 3600,
"abstract": "After launching a spacecraft into orbit the actual work for mission control starts. Besides taking care of the position and speed of the spacecraft this includes e.g. detailed modeling of the power usage, planning of ground station contacts, payload operations and dealing with unexpected anomalies. In this talk we will see many examples of problems particular to space crafts and how they influence the way space craft mission operations works."
},
{
"event_classifiers": {
"Theory - Practice": 0,
"Foundations": 95,
"Entertainment": 40,
"Art + Culture": 15,
"Science": 100
},
"language": "en",
"title": "Let's reverse engineer the Universe and explore the dark",
"event_id": 9925,
"start_time": null,
"speaker_names": "Sara Konrad",
"track_id": 342,
"room_id": null,
"duration": 3600,
"abstract": "Spoiler: There is four times more dark matter and over fifteen times more dark energy than regular matter in the universe. And we have absolutely no idea what these invisible dark substances might be."
},
{
"event_classifiers": {
"Theory - Practice": 70,
"Security": 100,
"Novelty": 15,
"Defense - Offense": 25
},
"language": "en",
"title": "The year in post-quantum crypto",
"event_id": 9926,
"start_time": null,
"speaker_names": "djb, Tanja Lange",
"track_id": 343,
"room_id": null,
"duration": 3600,
"abstract": " The world is finally catching on to the urgency\r\n of deploying post-quantum cryptography:\r\n cryptography designed to survive attacks by quantum computers.\r\n NIST's post-quantum competition is in full swing,\r\n and network protocols are exploring post-quantum extensions.\r\n This talk will take the audience on a journey\r\n through selected recent highlights\r\n from the post-quantum world."
},
{
"event_classifiers": {
"Entertainment": 40,
"Novelty": 20,
"Ethics, Politics + Society": 30,
"Art + Culture": 100
},
"language": "en",
"title": "DISNOVATION.ORG",
"event_id": 9939,
"start_time": null,
"speaker_names": "DISNOVATION.ORG",
"track_id": 338,
"room_id": null,
"duration": 2400,
"abstract": "Through the hacking of surveillance techniques, machine learning, and big-data analytics, DISNOVATION.ORG’s trilogy of internet bots is uncovering and repurposing some of the influential and opaque operating systems of our online environment. "
},
{
"event_classifiers": {
"Ethics, Politics + Society": 80
},
"language": "en",
"title": "Shadow profiles, GDPR nightmares and third party tracking in Android",
"event_id": 9941,
"start_time": null,
"speaker_names": "Frederike Kaltheuner, Christopher Weatherhead",
"track_id": 339,
"room_id": null,
"duration": 2400,
"abstract": "<p>Not on Facebook? Well Facebook could still have created a shadow profile for you!</p>\r\n\r\n<p>Privacy International has been analysing the potential ways in which Facebook can profile individuals who are not Facebook users (so called shadow profiles), including through Android apps which implement the Facebook SDK.</p>"
},
{
"event_classifiers": {
"Ethics, Politics + Society": 80
},
"language": "de",
"title": "Investigating (Sub-)Culture and new forms of antifascistic activism: #afdwegbassen",
"event_id": 9943,
"start_time": null,
"speaker_names": "Reclaim Club Culture",
"track_id": 339,
"room_id": null,
"duration": 3600,
"abstract": "In May 2018, Reclaim Club Culture (RCC) initiated a protest against a march of the AfD (right wing party in Germany) in Berlin. Supported by more than 150 techno clubs, festivals and cultural activist groups, we organised a demonstration against facism and right-wing politics with over 50.000 protesters within only 2 weeks. One of the many supporters of the action was the CCC. Soon after the \"big bang\" - this massive demonstration in Berlin - we started our reflexion and working on aspects of organisation, infrastructure, communication, networking and security for upcoming activities. Some of the questions that appeared are still unanswered.\r\n"
},
{
"event_classifiers": {
"Security": 20,
"Ethics, Politics + Society": 75
},
"language": "en",
"title": "It Always Feels Like the Five Eyes Are Watching You",
"event_id": 9951,
"start_time": null,
"speaker_names": "Kurt Opsahl",
"track_id": 339,
"room_id": null,
"duration": 3600,
"abstract": "This talk will discuss all about the Five Eyes, the espionage alliance between Australia, Canada, New Zealand, the United Kingdom and the United States. It is one of the largest intelligence operations in the world, which monitors billions of communications around the globe in the name of security. Yet the Five Eyes propose to weaken security, privacy and eroded the possibility of secure systems."
},
{
"event_classifiers": {
"Foundations": 100,
"Resilience": 100
},
"language": "en",
"title": "Cat & Mouse: Evading the Censors in 2018",
"event_id": 9964,
"start_time": null,
"speaker_names": "kmc",
"track_id": 341,
"room_id": null,
"duration": 3600,
"abstract": "The deepening of global Internet infrastructure comes accompanied with an invigorated capacity and intent by adversaries to control the information that flows across it. Inextricably, political motivations and embedded power structures underlie the networks through which we interpret and understand our societies and our world - censorship threatens the integrity of the public sphere itself. The increasing technical sophistication of information controls deployed by censors in adversarial network environments around the world can be uniquely viewed and researched by circumvention tool providers, whose work continues to preserve access to the open Internet for all communities. Through this presentation, we endeavour to share insights gained from the front lines of this technical contest."
},
{
"event_classifiers": {
"Ethics, Politics + Society": 100
},
"language": "en",
"title": "What is Good Technology?",
"event_id": 9965,
"start_time": null,
"speaker_names": "Yann Leretaille",
"track_id": 339,
"room_id": null,
"duration": 3600,
"abstract": "The last years, we all have felt the impact of applying technologies like machine learning, social networks and data-driven decision making on a massive scale to our societies. Yet all that technology has been developed by engineers like us. It's become clear that we have to do more than chase the ever evolving technological challenges and start to assume responsibility for our creations - or we too will wake up one day to the realization that technology we helped develop has done more harm than good. \r\nWe want to present practical, every day guidelines and principles that can help engineers and organizations to build technology that not only serves the application and business purpose, but also minimizes negative long-term effects on society and the people that use it."
},
{
"event_classifiers": {
"Hardware": 100,
"Theory - Practice": 75,
"Novelty": 50,
"Ethics, Politics + Society": 30
},
"language": "en",
"title": "The Critical Making Movement",
"event_id": 9971,
"start_time": null,
"speaker_names": "Regina M. Sipos, Saad Chinoy, Ricardo Ruiz",
"track_id": 340,
"room_id": null,
"duration": 3600,
"abstract": "Critical Thinking + Making = Critical Making. Around the world, academics and grassroots communities alike are engaging in critical making. With roots in critical design and critical engineering, etc., the point is to re-politicise making, help people understand that it needs to be more than printing cheap plastic knickknacks and can be used for activism and social innovation to improve peoples' lives. "
},
{
"event_classifiers": {
"Theory - Practice": 70,
"Resilience": 50,
"Ethics, Politics + Society": 100
},
"language": "de",
"title": "Überwachung für alle: Funkzellenabfragen",
"event_id": 9972,
"start_time": null,
"speaker_names": "Ulf Buermeyer, Andre Meister",
"track_id": 339,
"room_id": null,
"duration": 3600,
"abstract": "Polizeibehörden sammeln per „Funkzellenabfrage“ Tag für Tag Millionen von Standort-Daten. Netzbetreiber liefern den Behörden regelmäßig Datensätze aller Mobilfunknummern, die zu einem bestimmten Zeitpunkt in bestimmten Funkzellen waren. Entgegen der gesetzlichen Bestimmungen erfahren Betroffene nicht davon.\r\n\r\nDieser Talk macht deutlich, was diese Form der Massenüberwachung aus bürgerrechtlicher Sicht bedeutet. Danach stellen die Speaker das Berliner Funkzellenabfragen-Transparenz-System vor, das zumindest ein wenig Licht ins Dunkel dieser Überwachungsmaßnahmen bringen kann."
},
{
"event_classifiers": {
"Resilience": 100,
"Ethics, Politics + Society": 100
},
"language": "de",
"title": "Freedom needs fighters!",
"event_id": 9973,
"start_time": null,
"speaker_names": "Ulf Buermeyer, Nora Markard",
"track_id": 339,
"room_id": null,
"duration": 3600,
"abstract": "Der Talk gibt einen Überblick über die Arbeit der Gesellschaft für Freiheitsrechte (GFF): Wir klagen, um Grund- und Menschenrechte vor Gesetzgebern und Behörden zu schützen."
},
{
"event_classifiers": {
"Foundations": 50,
"Ethics, Politics + Society": 100,
"Entertainment": 50
},
"language": "de",
"title": "Jahresrückblick des CCC 2018",
"event_id": 9975,
"start_time": null,
"speaker_names": "Linus Neumann, Constanze Kurz, frank",
"track_id": 344,
"room_id": null,
"duration": 7200,
"abstract": "Biometrische Videoüberwachung, Hausdurchsuchungen, Polizeiaufgabengesetze, Staatstrojaner und ganz viel Cyber: Wir geben einen Überblick über die Themen, die den Chaos Computer Club 2018 beschäftigt haben."
},
{
"event_classifiers": {
"Foundations": 75,
"Security": 75
},
"language": "en",
"title": "The Layman's Guide to Zero-Day Engineering",
"event_id": 9979,
"start_time": null,
"speaker_names": "Markus Gaasedelen, Amy (itszn)",
"track_id": 343,
"room_id": null,
"duration": 3600,
"abstract": "There's a certain allure to zero-day exploits. At the apex of the security industry, these elusive technologies are engineered by a persistent few to open doors of software systems that were never meant to exist. We go behind-the-scenes to provide an inside look at the zero-day development lifecycle, breaking common misconceptions regarding this increasingly difficult tradecraft."
},
{
"event_classifiers": {},
"language": "en",
"title": "Opening Cermony",
"event_id": 9985,
"start_time": null,
"speaker_names": "rufus, rixx",
"track_id": 344,
"room_id": null,
"duration": 1800,
"abstract": ""
},
{
"event_classifiers": {},
"language": "en",
"title": "Closing Ceremony",
"event_id": 9986,
"start_time": null,
"speaker_names": "rufus, rixx",
"track_id": 344,
"room_id": null,
"duration": 3600,
"abstract": ""
},
{
"event_classifiers": {
"Foundations": 100,
"Security": 100
},
"language": "en",
"title": "What the flag is CTF?",
"event_id": 9989,
"start_time": null,
"speaker_names": "Andy",
"track_id": 343,
"room_id": null,
"duration": 2400,
"abstract": "Every year since 2011 on the 28C3 we organize a Capture the Flag contest for people on the Congress and from all over the world. This year we want to give you an overview about what a CTF is, the challenges, the players, the community and how much fun it is to play (not only our) CTF."
},
{
"event_classifiers": {
"Theory - Practice": 65,
"Security": 100,
"Ethics, Politics + Society": 30
},
"language": "de",
"title": "All Your Gesundheitsakten Are Belong To Us",
"event_id": 9992,
"start_time": null,
"speaker_names": "Martin Tschirsich",
"track_id": 343,
"room_id": null,
"duration": 3600,
"abstract": "Plötzlich geht alles ganz schnell: Online-Behandlungen und elektronische Gesundheitsakten sind dieses Jahr für Millionen Krankenversicherte Wirklichkeit geworden. Zu einem hohen Preis: Bereits einfache Angriffe lassen das Sicherheitskonzept der Apps und Plattformen zusammenbrechen. Warum das so ist, welche kritischen Fehler Vivy & Co. gemacht haben und wie das möglicherweise verhindert werden kann, das soll dieser Vortrag zeigen - denn in spätestens drei Jahren sollen auch die Gesundheitsdaten aller übrigen Versicherten zentral gespeichert und online abrufbar sein."
},
{
"event_classifiers": {
"Foundations": 100,
"Art + Culture": 100
},
"language": "en",
"title": "WeMaMoNoAr",
"event_id": 9998,
"start_time": null,
"speaker_names": "Régine Debatty, Régine Débatty",
"track_id": 338,
"room_id": null,
"duration": 3600,
"abstract": ""
},
{
"event_classifiers": {
"Foundations": 50,
"Novelty": 100,
"Ethics, Politics + Society": 100,
"Art + Culture": 100
},
"language": "en",
"title": "The Enemy ",
"event_id": 9999,
"start_time": null,
"speaker_names": "Karim Ben Khelifa",
"track_id": 338,
"room_id": null,
"duration": 3600,
"abstract": "The Enemy brings you face-to-face with combatants from three conflict zones: with the Maras in Salvador, in the Democratic Republic of the Congo, and in Israel and Palestine. Their testimonies and confessions about their lives, experiences, and perspectives on war will allow you to better understand their motivations… and their humanity."
},
{
"event_classifiers": {
"Foundations": 100,
"Resilience": 50,
"Ethics, Politics + Society": 50
},
"language": "en",
"title": "How does the Internet work?",
"event_id": 10005,
"start_time": null,
"speaker_names": "Peter Stuge",
"track_id": 341,
"room_id": null,
"duration": 3600,
"abstract": "This Foundations talk explains the systems and protocols that make up the Internet, starting from a laptop with a Wi-Fi connection. No particular technical knowledge required."
},
{
"event_classifiers": {
"Art + Culture": 100
},
"language": "en",
"title": "Afroroutes: Africa Elsewhere",
"event_id": 10009,
"start_time": null,
"speaker_names": "Sélim Harbi",
"track_id": 338,
"room_id": null,
"duration": 2400,
"abstract": "Let's think \"Beyond Slavery\": Afroroutes is a one-of-a-kind VR experience conceived as a journey through 3 displaced African heritages, immersing users in Rituals and Ceremonies to experience that well-conserved memory form, but also to feel the power of Music as a strong anthropological tool. Connecting Afro-diasporic narratives: alterity and heritage transcendence within the digital era, Afroroutes is a trigger to open a crucial debate about diasporic identity.\r\n"
},
{
"event_classifiers": {
"Ethics, Politics + Society": 95
},
"language": "de",
"title": "Die EU und ihre Institutionen ",
"event_id": 10010,
"start_time": null,
"speaker_names": "Dustin Hoffmann",
"track_id": 339,
"room_id": null,
"duration": 3600,
"abstract": "Ein kurzer Grundlagenabriss über die Institution der Europäischen Union, insbesondere zur Funktionsweise und Zusammenarbeit"
},
{
"event_classifiers": {
"Foundations": 100,
"Ethics, Politics + Society": 100
},
"language": "de",
"title": "Hackerethik - eine Einführung",
"event_id": 10011,
"start_time": null,
"speaker_names": "frank",
"track_id": 339,
"room_id": null,
"duration": 2400,
"abstract": "Die Hackerethik ist die Grundlage für den Umgang mit den diversen ethischen Problemen, die sich beim schöpferisch-kritischen Umgang mit Technologie (auch \"hacking\" genannt) stellen. "
},
{
"event_classifiers": {
"Hardware": 80,
"Theory - Practice": 50,
"Novelty": 65,
"Science": 60,
"Art + Culture": 85
},
"language": "en",
"title": "Transhuman Expression",
"event_id": 10012,
"start_time": null,
"speaker_names": "Liat_Grayver",
"track_id": 338,
"room_id": null,
"duration": 3600,
"abstract": "The meeting point of art and science as a place of inspiration, exchange of knowledge and creation is the main focal point of the talk. Together with Prof. Oliver Deussen, the PhD candidate Marvin Guelzow, and Liat Grayver we will discuss both the technical challenges and innovation aspects in the development of the e-David robot, alongside the the social and artistic practice its offers. Topics as such “paradigms of creativity” under the title “New Materialism / Anthropocentrism / Posthumanism” will be presented with the goal to position and understand machine-assisted creative interfaces within the broader field of media art and painting traditions."
},
{
"event_classifiers": {
"Ethics, Politics + Society": 90
},
"language": "de",
"title": "Polizeigesetze",
"event_id": 10015,
"start_time": null,
"speaker_names": "Marie Bröckling, Constanze Kurz",
"track_id": 339,
"room_id": null,
"duration": 3600,
"abstract": "Nicht nur Noch-Heimatminister Horst Seehofer plant ein „Musterpolizeigesetz“. Aber bei den zahlreichen Neuregelungen der Polizeigesetze in den Bundesländern: Welche Vorlage wird es denn sein? Und was steht in den neuen Gesetzen?"
},
{
"event_classifiers": {
"Foundations": 100,
"Ethics, Politics + Society": 100
},
"language": "en",
"title": "Internet, the Business Side",
"event_id": 10019,
"start_time": null,
"speaker_names": "swaio",
"track_id": 339,
"room_id": null,
"duration": 3600,
"abstract": "Net neutrality, a big buzzword in the last years. It is not only a buzzword? There are economic reasons why it is a stake. This talk tries to give an overview and explain how money is made in the \"internet\" and how it is related to net neutrality."
},
{
"event_classifiers": {
"Art + Culture": 100
},
"language": "en",
"title": "Nigeria’s first Virtual Reality creation lab",
"event_id": 10022,
"start_time": null,
"speaker_names": "Judith Okonkwo",
"track_id": 338,
"room_id": null,
"duration": 3600,
"abstract": "coming..."
},
{
"event_classifiers": {},
"language": "de",
"title": "Stalking, Spy Apps, Doxing: Digitale Gewalt gegen Frauen",
"event_id": 10023,
"start_time": null,
"speaker_names": "Anne Roth",
"track_id": 344,
"room_id": null,
"duration": 3600,
"abstract": "Digitale Formen von Gewalt gegen Frauen sind keine eigenständigen Phänomene, sondern in der Regel Weiterführungen oder Ergänzungen von anderen Gewaltformen. Stalking, Kontrolle, Bedrohung, Erpressung, Beleidigung, Überwachung sind altbekannte Aspekte häuslicher Gewalt. Für alle diese Phänomene gibt es digitale Entsprechungen, allerdings ist wenig darüber bekannt, wie oft sie ausgeübt werden, wann und von wem. Das macht es für die Betroffenen schwer, sich zu wehren, auch weil Politik und Justiz hier genauso verständnislos reagieren wie bei anderen digitalen Entwicklungen. "
},
{
"event_classifiers": {
"Theory - Practice": 80,
"Ethics, Politics + Society": 100,
"Art + Culture": 100
},
"language": "en",
"title": "Tactical Embodiment",
"event_id": 10024,
"start_time": null,
"speaker_names": "Angela Washko",
"track_id": 338,
"room_id": null,
"duration": 3600,
"abstract": "During her talk “Tactical Embodiment,” artist and activist Angela Washko will present several different strategies for performing, participating in and transforming online environments that are especially hostile toward women. She will introduce her long-term performative intervention “The Council on Gender Sensitivity and Behavioral Awareness in World of Warcraft” alongside several interventions, interviews, performances, written works and video games works she has created with the manosphere and online men’s seduction communities. In addition to walking the audience through her research, Washko will screen excerpts from her interview with a seduction coach who has been dubbed “The Web’s Most Infamous Misogynist” and highlight instructional DVDs, books, and hidden-camera videos created by a community of pick-up artists who teach men how to interact with and seduce women. The talk will close with an audience-participation based performative play-through of her most recent project “The Game: The Game,” a dating simulator video game presenting the practices of several infamous pick-up artists."
},
{
"event_classifiers": {
"Science": 100,
"Ethics, Politics + Society": 100,
"Foundations": 100
},
"language": "de",
"title": "(Cyber-)Stalking: Wenn Grenzen verschwimmen",
"event_id": 10027,
"start_time": null,
"speaker_names": "Jan Kalbitzer, Dr. Korina Winter ",
"track_id": 339,
"room_id": null,
"duration": 2400,
"abstract": "<p>Von unerwünschten Nachrichten über Bedrohungen bis hin zum Intimizid. Allein im Jahr 2017 wurden rund 18.483 Fälle von Stalking polizeilich erfasst, die Dunkelziffer wird auf 600.000-800.000 Betroffene geschätzt. Unter dem Begriff Stalking wird allgemein das „wiederholte, widerrechtliche Verfolgen und Belästigen eines Menschen, so dass dessen Sicherheit bedroht und er/sie in seiner/ihrer Lebensgestaltung schwerwiegend beeinträchtig wird“ verstanden. Die Ausführungsformen und Intensität des Stalkings oder Cyberstalkings sind sehr heterogen, sodass sich oft die Frage nach der Grenze zur Strafbarkeit stellt.<\\p>"
},
{
"event_classifiers": {
"Ethics, Politics + Society": 100
},
"language": "en",
"title": " Feminist Perspectives",
"event_id": 10028,
"start_time": null,
"speaker_names": "Geraldine de Bastion, Em O'Sullivan, Lena Mohr, Hong Phuc Dang, Le RESET, feminist hackerspace",
"track_id": 339,
"room_id": null,
"duration": 6000,
"abstract": "A variety of initiatives aims at encouraging female engagement in the hacker and maker scene. We present there some promising approaches and key learnings in a joint panel discussion."
},
{
"event_classifiers": {
"Science": 90,
"Ethics, Politics + Society": 90,
"Art + Culture": 90
},
"language": "en",
"title": "The Ghost in the Machine",
"event_id": 10030,
"start_time": null,
"speaker_names": "Joscha",
"track_id": 338,
"room_id": null,
"duration": 3600,
"abstract": "Artificial Intelligence started out as an attempt to understand the mind by teaching a computer how to think, perceive, feel and reflect. Today, AI is mostly concerned with theoretical and practical engineering of data processing solutions, yet it remains our best bet to understand the nature of our minds. Here, we will use the AI perspective to address some of the most interesting philosophical questions of all: how does consciousness arise in a computational system? What is the self? What is the difference between ourselves and a rational agent?"
}
]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment