Archive

Posts Tagged ‘CCC’

33C3 CfP

September 1st, 2016 No comments

2194299784Der Chaos Computer Club (CCC) veröffentlicht heute den Call for
Participation zum 33. Chaos Communication Congress (33C3), der dieses
Jahr nochmals im Congress Center Hamburg (CCH) [1] stattfindet. Wie in
den vergangenen Jahren werden zum weltweit größten nicht-kommerziellen
Hackertreffen zwischen dem 27. und 30. Dezember 2016 mehr als 11.000
Nerds aller Interessensgebiete zum Erfahrungsaustausch, zum Hacken,
Basteln, Feiern und Kennenlernen zusammenkommen.

Call for Papers (deadline: 30st September 2016)

31c3

December 28th, 2014 No comments

IMG_1978

IMG_1977

IMG_1976

IMG_1975

Categories: Technology Tags: , ,

CCC proudly announces honorary members Chelsea Manning and Edward Snowden

August 24th, 2014 No comments

Congratulations, CCC!

Chaos Computer Club supports Chelsea Manning and Edward Snowden
2014-08-24 00:52:00, 46halbe

Since its founding more than thirty years ago, the Chaos Computer Club (CCC) holds strong beliefs in the freedom of information. Consequentially, freedom fighters and whistleblowers deserve our utmost respect and support. For this reason we will help the European legal team of Edward Snowden financially.

Asylum, legal counsel and protection are costly. This is why we decided to support Snowden’s six European lawyers with 36.000 Euro to cover their expenses. Earlier this year, the CCC general assembly also decided to offer Edward Snowden the honorary membership, which he accepted gladly.

“The long lasting dedication of the CCC and others for citizen’s rights and against mass surveillance paved the road for a broad public debate after Edward Snowden’s revelations”, said Snowden’s German lawyer, Wolfgang Kaleck. “Both the commitment as well as the support for Snowden require perseverance. The financial support provided will help sustain these efforts.”

Edward Snowden is the source of many leaks about the so-called Intelligence Community and their hacking and surveillance operations, which made news headlines all over the world. He ignited the necessary global discussion by informing journalists about how much and how deeply we are being spied on by the NSA and their partners, how they infiltrate telecommunication and Internet service providers. One of our central claims and part of our hacker ethics is: “Public data should be utilized, private data should be protected.” Edward Snowden had the guts to live by our principles.

Undoubtedly, Chelsea Manning’s courageous actions also stand in line with these values of ours. To express our support and respect, the CCC bi-annual general assembly unanimously voted for offering her the honorary membership. She agreed to accept our offer. Needless to say, it is an outstanding honor for us to count Chelsea Manning as one of us!

The former US private Chelsea Manning, stationed in Iraq in 2009 and 2010, was sentenced for violations of the Espionage Act and other offences in August 2013. Allegedly, she transferred hundreds of thousands of military and U.S. State Department documents and the infamous “collateral murder” video to Wikileaks. Detained as a political prisoner in 2010 under unduly harsh conditions without minimal standards of humane treatment and stripped of her clothing in custody every night, Manning is now serving a 35-year sentence for her courageous acts. [1]

Links:
[1] Alexa O’Brien at the 30th Chaos Communication Congress (30c3) reporting on the secret trial of Chelsea Manning
[2] Edward Snowden Interview Transcript

Brave! – Become a CCC member yourself today!

Swiss Lawful Intercept Report 2014

March 16th, 2014 No comments

Die Digitale Gesellschaft veröffentlicht heute einen Report zu den Überwachungsaktivitäten der Kantone und des Dienstes Überwachung Post-
und Fernmeldeverkehr (Dienst ÜPF). Der Swiss Lawful Intercept Report
2014 besteht aus mehreren Teilen:

  • Der Rückblick über die letzten Jahre zeigt den steten Anstieg der Überwachungsmassnahmen.
  • Die Statistik 2013 beleuchtet die Überwachungsmassnahmen nach Delikten und zeigt signifikante kantonale Unterschiede auf.
  • Ein Kapitel widmet sich der Gewichtung schwerer Straftaten, mit welchen immer wieder für Überwachung argumentiert wird, und zeigt auf,dass diese Straftaten nur einen geringen Teil an der Gesamtmenge an Überwachungen ausmachen.

Eine politische Einschätzung beleuchtet die Totalrevision des BÜPF (Bundesgesetzes betreffend der Überwachung des Post- und Fernmeldeverkehrs).

Der Swiss Lawful Intercept Report 2014 (PDF) steht online zur Verfügung.

Source

Violations on users PIM

January 19th, 2014 No comments

While Apple Computers decided to violate users rights once more, ceasing the capability to synchronise PIM (personal information management) data locally with OS X Mavericks 10.9 (argueing they should store their data in their iCloud. – Bwahahahaha!1!!) there are too many PIM solutions for GNU/Linux users, whereas none of them are really feasible for users who want to switch to Free Software.

While many complain that there are too few GNU/Linux Desktop users and Linus Torvalds claims this to be his “personal failure” the GNU/Linux community fails to offer a seamless integration of GUI (graphical user interface) PIM into their OS. (Which is really sad, as fiddling around with SoGo-connector, lightning etc. does not offer a sustainable solution…)

So here is my solution:
Get DAViCal, install it on your server and get mutt, pycarddav and khal for your desktop(s), get a Jolla and you will have a beautiful and seamless PIM solution using the “good olde command line”.

khal

“Arbeitsfrei”

October 14th, 2013 No comments

Arbeitsfrei UmschlagHeute erschien das Buch “Arbeitsfrei” von Frank Rieger und Constanze Kurz

Was kommt nach den Maschinen?

Wie werden wir morgen arbeiten? Diese Frage bewegt immer mehr Menschen, und doch wissen wir viel zu wenig darüber, wie die Arbeitswelt heute und in Zukunft tatsächlich aussieht. Das archaischste und ursprünglichste aller Lebensmittel, unser Brot, kann als Paradebeispiel für Automatisierung gelten. Hier zeigen sich viele Mechanismen und Technologiewellen, die in anderen Branchen erst noch kommen werden. Von der industriellen Landwirtschaft über die Produktion der Landmaschinen, die Backfabriken bis zur durchdigitalisierten Lieferlogistik – Menschen spielen dabei eine immer untergeordnetere Rolle. Wenn die Maschinerie läuft und den Takt vorgibt, sind sie nur noch Handlanger in Niedriglohnberufen.

Welche Umbrüche und Verwerfungen kommen auf uns zu? Sind wir Menschen zwangsläufig die Verlierer in der Maschinenwelt, oder haben wir die Chance, neue, positive Lebensbedingungen zu gestalten?

… bestellen, lesen!

30C3

September 29th, 2013 No comments

“ZEIT Online” Interview with Starbug

September 26th, 2013 No comments

Starbug-TouchID“The matter for Apple was comfort, not Security”

For Jan Krissler (aka Starbug) it wasn’t a struggle to bypass the fingerprint scanner of the iPhone 5s. In an interview he explains why passwords mostly are more secure than biometry.

ZEIT ONLINE: You did hack the fingerprint scanner of the iPhone 5s, why?

Jan Krissler: Since 10 years I deal with security of biometric systems, especially how to override them. From time to time, when a new product emerges, I look at it and check if the old techniques of bypassing still work, or if there are new challenges. With the TouchID sensor I assumed challenges but unfortunately was disappointed.

ZEIT ONLINE: Are fingerprints qualified at all to secure a telephone, a door or other things?

Jan Krissler: As with all biometric systems one must ask, what data or things you want to protect with it. If their value exceeds the effort to crack a system, the choice of an easily bypassable biometric system might not be the best choice.

ZEIT ONLINE: Which means that biometry is easier to overcome than a password for example?

Krissler: That depends on the password and how the user deals with it and, of course, also the biometric system. At least I assume my passwords to be more secure than my fingerprint. The problem is that one leaves fingerprints everywhere, that faces can be photographed unnoticed. My password is in my head and if I’m careful typing, I will remain the only one who knows it.

ZEIT ONLINE: Which biometric data would be appropriate to establish access control?

Krissler: There are certain characteristics that are better and characteristics which are less suitable. The better ones include those which you do not leave anywhere, or the ones that cannot be taken off easily and unnoticed. Which means, characteristics that you can actually only be read with an appropriate sensor. The vein pattern is a good example. I had assumed that Apple would apply something of the kind. After all at the launch of the iPhone it was announced that the scanner will have a sub-epidermal finger recognition, i.e. one that not only relies on finger ridges on the surface. Frankly spoken, I was shocked by how easy it was to bypass it.

But also in other processes such as vein patterns it must be clear: if someone gets access to such a characteristic, he will find a way to replicate it and thereafter to overcome the system.

ZEIT ONLINE: So why is biometry presently so highly touted as a security mechanism?

Krissler: As there is a big industry behind it and because biometry also is capable of identifying people.

ZEIT ONLINE: But isn’t it that biometry works fine to clearly identify someone, but not as good to have something secured?

Krissler: One can customize systems quite well, as long as they only need to distinguish people from each other. In this case the error rate is quite low. But once you have the whole of humanity, or in this case all iPhone users as a target group, things get quite impossible. Simply because its characteristics vary greatly. Biometry just also has its weaknesses. Unlike passwords that are either right or wrong, there is always a certain probability of match. Therefore the TouchID scanner isn’t really a security method, but a comfortable method. Had Apple made the mechanism more secure, too many people would have struggled turning on their iPhone and too many people would have been rejected too often.

Many don’t use any passcode on their smartphone at all, whereas using a fingerprint is still better than nothing – as Apple said at the launch. But it’s obviously about convenience and ease of use, not about security. Therefore I would not even want to rate TouchID associated with security practices.

ZEIT ONLINE: The iPhone has a fairly high status, many find it great. Is it a problem if such a popular device relies on biometry, and thus spread a, shall we say, problematic security method to be used?

Krissler: This has already begun with the fingerprints in the German identification card and the passport. Thus, methods that were actually intended to identify criminals, carried out to the general public. This of course is problematic. On one hand, because data is gathered that would not have to be captured and could be abused for other things. On the other hand because this way everyone is getting used to biometry and then use it for all sorts of applications. The best example for this is Hamburg, where at one school all students had to submit their fingerprints to get their lunch.

The interview was conducted in written via Jabber.

Original Interview (in German) by Kai Biermann (with kind permission for publication of my english translation).

Links:
ZEIT Online Article
Chaos Computer Club
Raumfahrtagentur
Neusprech

[Update 1st of October 2013]
Dustin Kirkland, a GNU/Linux Ubuntu Developer writes:

But biometrics cannot, and absolutely must not, be used to authenticate an identity. For authentication, you need a password or passphrase. Something that can be independently chosen, changed, and rotated. I will continue to advocate this within the Ubuntu development community, as I have since 2009.

read Fingerprints are Usernames, not Passwords

TouchID hacked by CCC

September 21st, 2013 No comments

Hackern des Biometrie-Teams des Chaos Computer Clubs (CCC) ist es gelungen, die biometrischen Sicherheitsfunktionen des Apple TouchID mit einfachsten Mitteln zu umgehen. Dazu genügte den Hackern ein Fingerabdruck, welchen sie von einer Glasoberfläche abfotgoraphierten, um einen künstlichen Finger zu erzeugen. Damit waren sie in der Lage, ein iPhone 5s zu entsperren, welches mit TouchID geschützt war. Damit demonstrierten die Hacker wieder einmal, daß biometrische Daten zur Verhinderung eines unberechtigten Zugriffs vollkommen ungeeignet sind. […]

Source

=^.^= … here’s your alternative: order Jolla phone

[Update]
Go to Minute 0:46 in the video, grab the fingerprint of Starbug and reproduce it 😎

[Update]
Starbug just published another video how to deploy the respective hack:

FaaS – Fuckup as a Service

August 19th, 2013 No comments

whistle.im-logo-bigAllegedly “save” and “secure” e-mail services nowadays start popping up all over the net. – Here’s the latest Fuckup called whistle.im which was revealed by CCC Hannover:

Seit uns die Snowden-Enthüllungen gezeigt haben, dass die NSA und das UK nicht nur in der Lage sind, alle Verbindungen, die die Grenze passieren mitzulesen, sondern dies auch tun, ist eine deutliche Steigerung des Interesses an Verfahren für die Verschlüsselung von Kommunikation im Internet zu erkennen. Dieses begrüßenswerte Phänomen entwickelt jedoch zunehmend einen bitteren Beigeschmack durch neu entstehende Projekte, die aus Marketingzwecken grade jetzt aus dem Boden gestampft werden. Diese Projekte spielen mit dem gesteigerten Problembewusstsein der Bevölkerung, ohne dass sie einen wirklichen Schutz liefern.

Neben der “E-Mail Made in Germany” brüstet sich ein Projekt von zwei Studenten namens whistle.im damit, sichere Ende-zu-Ende-Verschlüsselung anzubieten. Auch sie legen Wert auf den lächerlichen “Made in Germany”-Slogan. […]

Source

Categories: Technology Tags: , , , ,