“The 29th Chaos Communication Congress (29C3) is an annual four-day conference on technology, society and utopia. The Congress offers lectures and workshops on a multitude of topics including (but not limited to) information technology and generally a critical-creative attitude towards technology and the discussion about the effects of technological advances on society.
For 29 years, the congress has been organized by the community and appreciates all kinds of participation. You are encouraged to contribute by volunteering, setting up and hosting hands-on events with the other components of your assembly or presenting your own projects to fellow hackers.” (Source official page)
Have a look at the official Fahrplan.
Besides the fact that my trip to Hamburg was a short one (I got there by some lift), the
check-in process was a little bit… slow! The line was about 400m but that shouldn’t be the first surprise I should experience on that day. Before getting my ticket, I got schocked:
Only cash payment! C’mon! How comes there is no card payment on such a big congress? Anyway, I had to go back to the railway station and withdraw some money. I went back and there it is: My 2nd surprise. Some ugly black-hat (yeah…he was black-hat w000t!) guy won’t let me in!
He: “You should stand in the line! Here’s no entry!” Me: “But I was aleady there. I had to get some money for my ticket.” He: “Yeah, sure!”
[bla bla …] Damn idiot!
Well finally I got in and I’ve visited the first talk on Day #1:
Cyberpeace statt Cyberwar (Cyberpeace beside Cyberwar). Nothing interesting to mention about. I mean we all know there is cyberwar out there, carryied out by big nations like the USA, Russia, Iran and also Germany. I know we should make peace and not war. But there was nothing special related to the talk. Well actually there is sth to mention: I lost my cap in Hall 6.
The 2nd talk was about Setting mobile phones free. There was some dutch guy who spoke about some project in Netherlands called Limesco. A really interesting talk about seeting your own mobile network, legal concerning, pricing modells and all the benefits this should bring to us (hackers).
After some short break I went to the Privay and the car of the future talk. A really funny and informative one! I really wanted to see the most interesting talk of the day Hacking Cisco Phones, but I had to go to the hotel and check in. I heard it was a quite technically talk and I feel sorry I couldn’t see it too.
At the beginning of the day I did some sightseeing along with some cool guy from Australia called Rupert (Hi dude, thanks for your company!). I must admit that Hamburg has very cool and beautiful places worth to see.
At the first talk of the day (In)security of hardware-based encryption I had a lot of fun watching Tilo making fun of the SSDs vendors and their
(in)security. Make sure you watch the PoC videos. I was surprised how easy you can steal/dump data from stolen laptops. I think I should have a closer look at those evil maid attacks (especially on encrypted hard drives)
What came next was about to be the best talk I’ve seen at 29C3. MANY TAMAGOTCHIS WERE HARMED IN THE MAKING OF THIS PRESENTATION! Yeah, indeed! :-) I’ve had a lot of fun watching listening/watching to Natalie Silvanovich who loves tamagotchis and wanted to RE (Reverse Engineer) them. Since I’ve never done RE before, it was a good opportunity for me to get introduced to the whole topic. I was very pleased to know which steps have to be done, in order to get useful information from some piece of hardware. And yes: I do feel sorry for the many tamagotchis harmed during the experiments! :-) @Natalie: I hope you’ll finally get your test programm!
Since I’m very interested in cryptography I HAD to see FactHacks: RSA factorization in the real world. In fact the autors tried to convince us (hackers!) that we should stop using private keys based on RSA. I was surprised how fast such a factorization can be (if you got the proper hardware and the right algos). And by the way: sagemath really rocks! If you have a good understanding of basic maths you should watch the whole presentation. You won’t get disappointed! Lesson of the talk: Don’t try to FUCK A DUCK! :-D
How I met your pointer? What?! Ohh.. Hijacking client software for fuzz and profit. Ahhh..Now I see! Well we had a lot of fun! This guy (Carlos :D) was very hilarious and had a really funny presentation (worth watching it!). Besides that he started to throw small pieces of chocolate at us! Well not randomly.. Every time his question got answered correctly! :-D I really liked the story about his wife (interesting slide btw!) and that bacterium analogy. I didn’t quite get the point but I think I wasn’t the only one.
Not really much to say about this day. I got very disappointed by the first talk Blackhole Exploit Kit Analysis. I don’t really know what the lecturer intended to achieve presenting that…crap! Well I should stop criticizing…
The 2nd and my last talk at 29C3 should be a short one since I had to leave suddenly to get my car lift. Mister Wander from the Duisburg University had a talk about Secure Name Resolution: DNSSec, DNSCurve and Namecoin. I’ll have to watch the whole presentation. At least the beginning was very interesting and quite technical.
Get the streams for offline watching.
I really had a great time at 29C3! There was enough place to stay at and talk to different people. I’ve seen great talks and learned a lot (especially about hardware hacking which is somehow foreign to me). Greetings go to: shift and his crew, Rupert, skier, the nullsecurity.net team and all the other people I’ve talked to.