#25C3 Day 1 overview: A quiet start

Sunday

Day 1 of the 25th Chaos Computer Congress started very quietly. Although there was no long queue just before the opening ceremony, I got quickly in because the ticket sales started the evening before without any problems.

Not many hackers were there for the opening ceremony it seemed. But looks deceived as many arrived just minutes before the presentation. There were some quick laughs when an XP laptop booted on the main screen.

The main theme of the conference was 'Nothing to hide' or data surveillance. Is the benefit really worth the cost? This question would be posed during some of the upcoming talks.

After the opening ceremony, I quickly proceeded to the electronics store to get my DECT phone and have my extension 2123 registered by the Eventphone helpdesk. Kudos to those guys for all their hard work !!!

Next up was the talk "The Trust issue" which would provide an answer to the data surveillance debate. Research has shown that data surveillance really isn't efficient. The cost is not worth the benefit because the real criminals would have been caught by conventional means anyway. The enormous resources for datasurveillance are just a waste of energy and cost us too much. Not just in ways of money but in privacy and way of life. Just have a look at their whitepaper here.

Next up was Mr. Steven J. Murdoch in Security Failures in Smartcard Payments systems. He also gave a talk at 24C3 in which he demonstrated some weaknesses between the cards and the payment terminals. Now he went a bit further and showed some weaknesses in the physical tamperproof mechanisms of smartcards. Or in some cases, the lack off. The PKI keys of the banks would be secure but the PIN number of the card could be retrieved under some circumstances. For more details check out their website for details on the research. Also have a look at this BBC Documentory part 1 and part 2 (Youtube.com)

The third presentation of the day was the panel on international hackerspaces. It was interesting to see how this movement started and continues to grow. They talked about their successes and their setbacks. Immediately after the talk, they continued their discussion in a kind of workshop. Which was really fun to attend. I heard that Hackerspace Brussels was present and hooked up with them afterwards. I had several things to discuss with them and it was very nice to finally meet them.

After a small dinner break, the most interesting presentations of the day were about to start. The first one was hacking the iPhone. I won't go into the technical details because you just can visit their website and their blog for information. The talk was very popular because the room was simply packed to the walls. You could hardly get in.

Next up was the cold boot attack which was covered before on this blog and in the media. Basically, at this moment there are not a lot of good countermeasures against this attack. Don't leave your laptop alone and avoid standby/hibernate as much as possible. A crypto chip directly on the RAM might solve some issues but the dissipation of RAM currently is not fast enough not to be an issue.

Last but not least was Dan Kaminsky's DNS talk. They were not the same slides as Defcon. He focussed not just on the vulnerability which he quickly went over, but he discussed countermeasures and possible solutions. It showed us that he's been working hard with others to provide a final solution. Bravo!

One thing to lookup and read about was the mention of DJB's secure DNS implementation: DNScurve.

That was it for Day 1 of 25C3. There are still 3 more days of fun to come so keep tuned!!!

Here is my Flickr stream of the 25C3 event to get a (visual) feeling of the event.

Previous posts: