The DROWN Attack (33c3)
We present DROWN, a novel cross-protocol attack on TLS that uses a server supporting SSLv2 as an oracle to decrypt modern TLS connections. Using Internet-wide scans, we find that 33% of all HTTPS...
View ArticleWhat could possibly go wrong with ? (33c3)
Hardware is often considered as an abstract layer that behaves correctly, just executing instructions and outputting a result. However, the internal state of the hardware leaks information about the...
View ArticleBootstraping a slightly more secure laptop (33c3)
Heads is an open source custom firmware and OS configuration for laptops and servers that aims to provide slightly better physical security and protection for data on the system. Unlike Tails, which...
View ArticleZwischen Technikbegeisterung und kritischer Reflexion: Chaos macht Schule (33c3)
Die Lebenswelt von Kindern und Jugendlichen sowie die der Schulen könnte in Bezug auf die Digitalisierung kaum gegensätzlicher sein: Schülerinnen und Schüler leben und entfalten sich begeistert in der...
View ArticlePredicting and Abusing WPA2/802.11 Group Keys (33c3)
We analyze the generation and management of WPA2 group keys. These keys protect broadcast and multicast Wi-Fi traffic. We discovered several issues and illustrate their importance by decrypting all...
View ArticleCheck Your Police Record! (33c3)
Polizeibehörden und Geheimdienste sammeln Daten der Bürger – mehr als je zuvor. Der Bestand an unterschiedlichen Datenbanken ist enorm gewachsen und geradezu unübersichtlich geworden. Aufgrund...
View ArticleThe Nibbletronic (33c3)
The NibbleTronic is a MIDI wind controller that features a novel user interface resulting in a unique tonal range. The standard configuration allows to precisely play a bit more than four full octaves...
View ArticleLaw Enforcement Are Hacking the Planet (33c3)
In early 2015, the Federal Bureau of Investigation hacked computers in Austria, Denmark, Chile, Colombia, Greece, and likely the United Kingdom and Turkey too. In all, the agency used a Tor Browser...
View ArticleAnthropology for kids - What is privacy? (33c3)
I would like to present my project called Anthropology for kids and a specific book, that I am working on in the larger framework of this project. This book will look like an ordinary school notebook...
View ArticleShut Up and Take My Money! (33c3)
FinTechs increasingly cut the ground from under long-established banks’ feet. With a "Mobile First" strategy, many set their sights on bringing all financial tasks—checking the account balance, making...
View ArticleKampf dem Abmahnunwesen (33c3)
Im Spannungsfeld zwischen der Vorderfront der Computertechnik und einem Spezialbereich des Urheberrechts hat sich eine Industrie eine Nische geschaffen, in der sie durch Hochspezialisierung und...
View ArticlePegasus internals (33c3)
This talk will take an in-depth look at the technical capabilities and vulnerabilities used by Pegasus. We will focus on Pegasus’s features and the exploit chain Pegasus used called Trident. Attendees...
View ArticleRouterzwang und Funkabschottung (33c3)
Nach drei Jahren wurde endlich die nutzerunfreundliche Praxis des Routerzwangs („Compulsory Routers“) gesetzlich für unzulässig erklärt, und aktuell treibt uns die EU-Funkabschottung („Radio Lockdown...
View ArticleA Story of Discrimination and Unfairness (33c3)
Artificial intelligence and machine learning are in a period of astounding growth. However, there are concerns that these technologies may be used, either with or without intention, to perpetuate the...
View ArticleGeolocation methods in mobile networks (33c3)
This talk presents the results of the technical analysis for the German Parliamentary Committee investigating the NSA spying scandal on geolocation methods in mobile networks. about this event:...
View ArticleMake the Internet Neutral Again (33c3)
After three years the EU has for the first time new Net Neutrality rules. What do they mean in practice? Which commercial practices by ISPs are allowed and which have to be punished by the telecom...
View ArticleBonsai Kitten waren mir lieber - Rechte Falschmeldungen in sozialen...
Auf der Hoaxmap werden seit vergangenem Februar Gerüchte über Geflüchtete und deren Widerlegungen gesammelt, sortiert und in Kartenform präsentiert. Die Themen sind dabei so vielfältig wie die...
View ArticleA Data Point Walks Into a Bar (33c3)
tl;dr: Mother Teresa said "If I look at the mass I will never act. If I look at the one, I will." I'll present ways that make us act when looking at the mass. about this event:...
View ArticleKeys of Fury (33c3)
Keys Of Fury is a brutalist storytelling about technology and keystrokes where text is used unadorned and roughcast, like concrete. I define my practice as KYBDslöjd (drawing by Type In) who uses the...
View ArticleUntrusting the CPU (33c3)
It is a sad fact of reality that we can no longer trust our CPUs to only run the things we want and to not have exploitable flaws. I will provide an proposal for a system to restore (some) trust in...
View Article