Slashdot Mirror

German Chaos Computer Club does a radio show (in german) right now (22:00 GMT+1) about.

Infos (and later podcast download):
http://chaosradio.ccc.de/cr132.html

Streams:
        * MP3 128kBit/s VBR Joint Stereo
                    o http://stream.xenim.de:8000/cr_128k_vbr.mp3
                    o http://streams.xenim.de:8000/cr_128k_vbr.mp3.m3u

        * OGG 56kBit/s VBR Stereo
                    o http://stream.xenim.de:8000/cr_56k.ogg
                    o http://streams.xenim.de:8000/cr_56k.ogg.m3u

        * OGG 96kBit/s VBR Stereo
                    o http://stream.xenim.de:8000/cr_96k.ogg
                    o http://streams.xenim.de:8000/cr_96k.ogg.m3u

        * OGG 128kBit/s VBR Stereo
                    o http://stream.xenim.de:8000/cr_128k.ogg
                    o http://streams.xenim.de:8000/cr_128k.ogg.m3u

tune in to chaosradio 56 "GSM Hacking" [1]. (although i doubt that german-speaking slashdot users don't know of chaosradio) [1] http://chaosradio.ccc.de/cre056.html

and i'll bet they won't charge anything.

check out some movie about the GSM state of security [1] and mod me informative. ;)

[1] http://chaosradio.ccc.de/camp2007_m4v_2015.html

fingerprint-faking-HOWTO

Oh no...

  tesla coils, and/or microwave ovens and/or RFID-Zapper.

Let the fun and sparks begin :)

If you speak German this is the presentation http://chaosradio.ccc.de/23c3_m4v_1402.html cheers

See also these talks:

Crouching Powerpoint, Hidden Trojan
An analysis of targeted attacks from 2005 to 2007
http://events.ccc.de/congress/2007/Fahrplan/track/Hacking/2189.en.html

Cybercrime 2.0
Storm Worm
http://events.ccc.de/congress/2007/Fahrplan/track/Hacking/2318.en.html

See also these talks:

Crouching Powerpoint, Hidden Trojan
An analysis of targeted attacks from 2005 to 2007
http://events.ccc.de/congress/2007/Fahrplan/track/Hacking/2189.en.html

Cybercrime 2.0
Storm Worm
http://events.ccc.de/congress/2007/Fahrplan/track/Hacking/2318.en.html

http://www.ccc.de/ -> the CCC currently fights against the use of the german government approved nedap voting machines in several hessian towns during the hessenwahl 2008, the country`s elections. there has been a lot of discussion going on about the matter, the last election was interjected as beeing fraud, but the motion was denied.
this time they attacked up front, ahead of the january 27th election. alsbach-haehnlein, a small 10000 people town, currently is in the line of fire about this, with town officials officially claiming the CCC is LYING about the uselessness of the machines. which they are NOT.

everyone from involved with the upcoming vote in the area please feel free to contact the town government and ask them about the usefullness of these boxes and why they think the people are lying about the election machines. gemeindevorstand (kringel) alsbach-haehnlein (punkt) de or call the prefix of the town and local number 5008 extension zero.

www.alsbach-haehnlein.de http://de.wikipedia.org/wiki/Landtagswahl_in_Hessen_2008
http://de.wikipedia.org/wiki/Wahlmaschine

TIME FOR ACTION ! ASK, VOTE ! Democracy is no gift, its a right to be fought for !

I live in Germany and kept track of the voting machine controversy here. The problem is not that people want voting machines, but that politicians want them (properly because they get money from manufacturer or want to be modern or are impressed by them). When hacker groups (like the CCC) prove that voting machine are hackable, those politicians just insist they are not. They don't even try to argue, they just trust the manufacturer so much.
In this case, they want to use voting machines that the CCC has already proven to be insecure. Luckily this time this is news for mainstream media and not just heise (German slashdot equivalent)

Off Topic: About your German: the word is "schlecht" not "schlect"; and "sagen Sie Nein zum elektronischen Wählen" (say no to electronic voting) not "sagen sie nicht" (say not) :-)

Why link to a crappy Google translator version when a reasonably good english version of TFA is available? There are big flags at the top of the article, one for Germany, and one for English. I suppose the submitter didn't realize that funny blue and red flag was for Great Britain and meant English.

http://ftp.uni-kl.de/24C3/matroska/24c3-2273-en-toying_with_barcodes.mkv

See this website for mirrors, other video formats and the rest of the videos of the 24C3-conference (some of them are really interesting, videos with a 'de' instead of 'en' in the filename are in german). http://events.ccc.de/congress/2007/Conference_Recordings

Happy new year, gentleman/women :-D

The talk this Heise article is about (which was held at 24c3 on friday) is actually available as a full-length download in various formats on mirrors (look for "2273-en-toying with barcodes") and on bittorent along with most of the other talks given at this (totally awesome) event. And it's in english, too.

The talk this Heise article is about (which was held at 24c3 on friday) is actually available as a full-length download in various formats on mirrors (look for "2273-en-toying with barcodes") and on bittorent along with most of the other talks given at this (totally awesome) event. And it's in english, too.

Maybe because their politics at CCC in Indonesia[1] is dooming us all.

[1]not the other one

... but I am as confident as I am that the Sun will rise tomorrow that it will be safe from terrorists. After all, we have the children to think about.

July 12, 2005

Copyright © 2005 Michael David Crawford.

This work is licensed under a Creative Commons Attribution-NoDerivs 2.5 License.

It seems that David Clark, who led the development of the Internet way back in the '70's - did you know there even was a '70's? - wants to create a whole new Internet that will fix many of the problems the current Internet is plagued with. The New Internet's engineers will be much more careful this time around to make sure it works better than the first one did.

I'm afraid, though, that the engineers are not the only ones who will be deciding how our New Internet will work.

If one is able to find any privacy or anonymity in this New Internet, it will be because of some undiscovered security hole, which will be quickly repaired, rather than any kind of conscious design decision. Probably one reason they are accepting proposals before rolling it out is to avoid the sort of accidental security holes that enable pr0n, peer-to-peer filesharing and left-wing political activism.

Microsoft, a leading contributor both to this nation's technology base and to the campaign coffers of its leaders, will embrace this new technology and extend it in such a way that the development and dissemination of Open Source software will be, if not mathematically and physically impossible, at least as intractible as factoring a 2048-bit public key.

Imagine, if you will, Trusted Computing implemented at the router level, in such a way that any packets that go farther than one hop are certified not only to support protocols whose patent licenses are fully paid-up and on file with the legal department in Redmond, but whose content is compliant with the Windows standard. The faintest whisp of a Public License, GNU or otherwise, will result in the dropping not only of the individual packet, not only in the cancellation of the entire file transmission, but, within microseconds, the reporting of the physical location of the offending server to responsible law enforcement personnel. The identities of its rogue administrators will be fetched instantly from the database maintained by the Department of Homeland Security. (You will have to submit fingerprints and DNA samples to obtain a Windows server license, as after all, Internet servers can be used to disseminate explosives r

Duh. That's what encryption is supposed to do.

Screw those nosy spooks. I'd like go to this demonstration tomorrow if I had the time.

UDP or TCP have nothing to do with this. Connections are not tracked and retained.

Actually, the authorities in Denmark are apparently requiring ISPs to retain, in addition to address allocation data, the header data (source and destination address, source and destination port number, transport protocol) of every 500th IP packet.

You may find this PowerPoint file an interesting read. It's from this presentation, which I higly recommend watching (MPEG-4 H.264 video file, 186 MiB).

UDP or TCP have nothing to do with this. Connections are not tracked and retained.

Actually, the authorities in Denmark are apparently requiring ISPs to retain, in addition to address allocation data, the header data (source and destination address, source and destination port number, transport protocol) of every 500th IP packet.

You may find this PowerPoint file an interesting read. It's from this presentation, which I higly recommend watching (MPEG-4 H.264 video file, 186 MiB).

They will come through you house door, not your firewall and install it manually. (At least that's what the police says, the politicians maunder about attachments and the like.) But, whether it will be platform independent and thus run on your FreeBSD Desktop is an unanswered question.

When you strip off all that crackhead talk of the politicians, the police wants a mean to bug your computer just like your phone. It is technically feasible and not crazy. But as far as I am concerned it's politically wrong.

(btw there was a talk about this topic at the CCC's hacker camp this summer.)

The use of this LCD screen as a fingerprint scanner will most likely suffer from the same problems as all fingerprint locks. They rely on the "something you have" principle as an authorization token. Until, that is, someone removes your finger from your hand.

Also, fingerprints are per se not exactly unique. Ask the lawyer who was misidentified as a terrorist for having similar fingerprint features.

And of course, it is not exactly difficult to copy and fake someone else's fingerprint.

BTW: the Chaos Computer Club rocks.

The use of this LCD screen as a fingerprint scanner will most likely suffer from the same problems as all fingerprint locks. They rely on the "something you have" principle as an authorization token. Until, that is, someone removes your finger from your hand.

Also, fingerprints are per se not exactly unique. Ask the lawyer who was misidentified as a terrorist for having similar fingerprint features.

And of course, it is not exactly difficult to copy and fake someone else's fingerprint.

BTW: the Chaos Computer Club rocks.

You don't seem to realize how much effort goes into securing consoles against 3rd party software being run. See http://events.ccc.de/congress/2005/fahrplan/events /559.en.html - there's a video you can search for on google video as well.

...that the Trojan won't actually be realized. (BBC):

Justice Minister Brigitte Zypries, of the Social Democrats (SPD), has voiced concern about the spyware plans, saying they might infringe privacy laws,...

But that depends on a lot of factors. Germany's biggest hacker organization the Chao Computer Club and others are very effectively campaigning against this plans.

In recent news (only german, sorry) the federal police states that it won't be a trojan but what they call "remote forensic software" which they intend to install on the terrorists' computer manually. More like a software version of a bug (in the covert listening device sense).

Papers that leaked from the German Federal Ministry of the Interior state that legal regulation allowing so called remote forensic searches exist
- explicitly in Romania, Cypria, Latvia, Spain, and Switzerland,
- implicitly in Slovenia,
and that a similar approach to establish explicit allowance for remote forensic searches is ongoing in Sweden. At least readers in Sweden should contact their members of parliament and do some lobbyism. The current political discussion in Germany only got that public attention beacause some people started what they call nerd lobbyism.

The German papers are available at http://netzpolitik.org/2007/bundesinnenministerium -beantwortet-fragen-zur-online-durchsuchung/

It is also noteworthy that an also leaked draft of a new law regarding German federal criminal police (c.f. CCC press release at http://www.ccc.de/updates/2007/bkaterror) lists several other new or extended competencies.

Criticism claims that Germany is on it's way to reinstate a secret police, with the last German incarnations being http://en.wikipedia.org/wiki/Stasi and http://en.wikipedia.org/wiki/Gestapo.

The only way to know a chip actually does what it is supposed to do is opening it and looking at it under a really good microscope. if the voting process happens in a black box you cannot know what happens inside . No matter how many scientists are working on it you never will have a secure enough system. even if the hardware isn't programmable you can not trust it: chips can be resoldered, and if it is all put in a big blob of glue you can not validate the hardware any more. this is a security analysis of a voting machine in the netherlands that was abused to play chess http://www.wijvertrouwenstemcomputersniet.nl/image s/9/91/Es3b-en.pdf and here is a podcast in german about that hack: http://chaosradio.ccc.de/cre039.html

Does anyone have a link to a good English translation and legal analysis of the new law? The Phenoelit page translates the law as affecting "computer programs whose aim is to commit a crime". That doesn't cover Nmap, which I designed for security professionals. But of course some blackhats use it too, and I don't want to bet my freedom on being able to convince a technologically illiterate judge in Germany of my intent.

I hope groups like the CCC (which is apparently quite powerful in Germany) are able to get this overturned! If legitimate German admins are afraid to use Nmap and other security tools while the crackers retain full access to them, that won't be a pretty sight!

-Fyodor
Insecure.Org

When the German government came up with the idea that encryption systems (including SSL access to a box) have to include a "police backdoor", the immediate reaction from the Chaos Computer Club was an open letter, effectively saying "Good idea, it's gonna make hacking a heck lot easier".

There is no such thing as a "good backdoor". Information does get out, and the implication is that security that leaves a "legal hole" open is none. Not because you'd fear police, but because there is an unpluggable hole that sooner or later a crook will detect and use.

The paint tools have a set of toggles labeled "Pressure sensitivity". There, next to the check-box "Opacity", is a check-box labeled "Size". If you check that the brush will shrink depending on the pressure you apply.

I added this feature eight years ago at the Chaos Communication Camp. How could you have missed it all that time?

August 8th to 12th, there's the Chaos Communication Camp 2007, camping + geeks + lectures + beer. What more could you want?

This is the presentation, and you can download a video from here.

This is the presentation, and you can download a video from here.

You should see this video (204 MB MPEG4) of a 23C3 Speech/Screening featuring biometric interfaces in SciFi movies.

You should see this video (204 MB MPEG4) of a 23C3 Speech/Screening featuring biometric interfaces in SciFi movies.

Here is a video (speech and presentation) about enhancing conventional senses and adding new ones by implanting magnets.

In some situations one cannot be paranoid enough - civil rights activists, environmentalists - and this talk by Jacob Appelbaum gives some perspective on the inadequacy of most ordinary approaches to encryption when confronted with a truly hostile adversary (such as many/most governments).

Typical the silly chimpanzee Antenna gets all the attention yet the important part is the fact that some bunch of yokels got off there arse and actualy did somthing for them selves. The WOKFI thing is nothing but the TV station is quite a feat and I'm suitably impressed. Hopefully that might inspire someone to do something similar in their area. By the way the CCC have even made their own DVB-T station which you can buy so it's not all that impossible ...best of luck all

http://images.tvnz.co.nz/tvnz_video/windows/one_ne ws/southtv_300107_56k.asx
http://chaosradio.ccc.de/

Along the lines of neutralization, I remember reading something about a talk at the recent CCC along these lines:

    http://events.ccc.de/congress/2006/Fahrplan/events /1597.en.html

Basic idea is to carry around a powered device that can drown out the RFIDs in your vicinity. IIRC, you can also hide specific RFIDs. Of course, the usual battery-operated-device countermeasures would apply.

One of the many good points Rob made during his talk at last year's 23C3 in Berlin was to call the things voting computers as opposed to voting machines. Machine is associated with a simple, understandable and verifiable piece of gear, while computers are very complex, difficult to understand even by experts and unverifiable. Although the commonly used term (in Dutch) was machines, too, they exclusively referred to computers, and within a fairly short period of time everybody called them that way. In a way this was their first major success. Funnily enough, when they - much later - got hold of an actual device, the label on the back said voting computer, too: that's what the manufacturer had called them all along, internally, that is.

http://www.ccc.de/biometrie/fingerabdruck_kopieren .xml?language=en

If you decide to speak out in the future about political indecencies and thousands of people have access to your fingerprint records with sufficient motives to quash your voice, then will you be worried?

Here's a link to the PDF with the rest of the article.

http://events.ccc.de/congress/2006/Fahrplan/attach ments/1158-Subverting_Ajax.pdf#funny=javascript:al ert('Oh my god, they killed Kenny !');

"Inside VMware - How VMware, VirtualPC and Parallels actually work":
http://events.ccc.de/congress/2006/Fahrplan/events /1592.en.html

It was really interesting, though not too deeply (including some hilarious throw-in questions from Dan Kaminsky).
An unofficial recording of it is here: ftp://ftpmirror.sectoor.de/ccc/congress/2006/gropi -mitschnitte/vmware-t4s2.wmv

Official recordings of the streams should come anytime soon (read: when it's done).

More info on Murdochs talk can be found at the congress website.

https://events.ccc.de/congress/2005/wiki/RFID-Zapp er(EN)/
Build your own personal EMP.
Enjoy!

https://events.ccc.de/congress/2005/wiki/RFID-Zapp er(EN)

sorry, germans only ;) https://berlin.ccc.de/index.php/Anti-Wahlcomputer- Petition

According to some Dutch speakers at 22C3, the Netherlands is experiencing the same sort of centralised authoritarian shift as most other western countries, especially in light of the murders of Pim Fortuyn and Theo van Gogh. In fact, this particularly worrying as the Netherlands is frequently seen as a barometer for traditional small-l liberal values. The speakers at 22C3 suggested that it was better to stand and fight for freedom in your own country, rather than bailing out at early signs of oppression, as unless the authoritarians experience resistance, they, they methods and policies will be copied by other states. And by that time, there will be even fewer like-minded international friends to help freedom-lovers with their fight (cf. Niemöller's famouse quotation). Also, if you know you have a viable escape plan, it makes one less inclined to fight vigorously. Finally, as a 'foreigner' in an adopted country, you'll have even less influence if you need to fight authoritarianism in your new country.

The fact that I couldn't become a citizen and I can't speak the language stops me.

From what I've heard, if it's discovered that you speak English, it's hard to get the Dutch to speak Dutch with you. Still, it's polite to be able to speak at least some of the local language before you go, especially if you're planning on settling.

Personally, as a Brit, I'm planning on staying to fight the authoritarians. But, if needs must, then New Zealand is plan A (if I have plenty of time to plan, and move, and I have no family ties), the Republic of Ireland is plan B (particularly if I need to stay in contact with family, at some risk to myself) and Germany otherwise.

My primary criteria have been a) a fairly firm understanding of essential freedoms (Makes me very dubious about Russia, China especially) b) a certain distance from US foreign policy (rules out Canada, Australia) c) a decent tech industry (rules out Italy, France, Spain) d) English-speaking, or a language I think I can learn fairly easily (rules out Scandinavian states, Russia a bit more, China, Japan) e) a cold-to-temperate climate (rules out India). No offence intended to any nationals and residents of the countries I've mentioned, but if I'm going to go to the trouble of leaving my homeland, I want to make sure I'm not doing the same again a couple of years down the line, even if that fear is based on a somewhat distorted outsiders' view of how things are in those countries.

https://events.ccc.de/congress/2005/wiki/RFID-Zapp er(EN)

Germany. (Wireshark is in a gray area, but Nmap will certainly be illegal to have.)