Sec, blogmal! - misc - 31c3



Januar '17



Wed, 14 Jan 2015

31c3 Videos

As a reminder to all, the videos from the last CCC Congress are all online available at and there is lots of interesting stuff there.

Many of them were held in English so they should be accessible to most of you, but even those that were held in German usually have a live translation audio stream. That audio stream is NOT available in the web player, but if you download the video from the download tab, those have a second audio channel with the live translation.

(In mplayer, use # to switch audio channels – also don't forget the -af scaletempo trick if you want to speed stuff up)

On each page there is also a small link to below the video which links to that talk's page in the Fahrplan. There you can get more detailed information about the talk, see what language it was held in but also leave feedback on the talk after watching it. Sometimes there are additional links to download the slides or other supplemental info.

In case you find the list overwhelming, I have created a short list of interesting Talks:

Of course CCCongress had many more interesting ones - If I missed your favorite one, maybe leave a comment below.

Obviously the talk I gave together with schneider about receiving and decoding Iridium pager messages – Iridium Pager Hacking – gets the first recommendation. It's only 30 minutes long, so you can probably just watch it now. :-)

I'd be happy to hear your comments about it.

The two talks SS7: Locate. Track. Manipulate. by Tobias Engel and Mobile self-defense by Karsten Nohl about the SS7 protocol problems. The first one is more technical, while the second one is more high-level and what to do to fix it.

On a related note: Wouldn't it be cool if your mobile provider sent you a notification that someone tried to track you – instead of silently blocking those requests? – I wonder why noone implemented that…

Revisiting SSL/TLS Implementations by Sebastian Schinzel may be interesting to you if you are into timing attacks and other problems with SSL/TLS. If you want a complete overview his two older talks from 28c3 (Time is on my Side) and 29c3 (Time is NOT on your Side) might also be of interest.

Less technical, but fun to watch is the talk by starbug Ich sehe, also bin ich ... Du (obviously in German, but you can download it and watch the translated version) which is about biometrics as access control, and why it is broken (and will always be).

A nice introduction if you want to know more about ECC Crypto and Curve design is ECCHacks by djb and Tanja Lange.

If you are into programming languages and buggy code, you might find The Perl Jam: Exploiting a 20 Year-old Vulnerability by Netanel Rubin interesting. Every language has it's pitfalls… In perl it's called list flattening, and while it's really useful, in can bite you.

The real question is: Why would anyone even think of using DBI::quote instead of prepared statements?

If anyone needs to be reminded that a good crypto algorithm is not everything, Nadia Heninger, Julia Angwin, Laura Poitras and Jack Gillum had a session called Crypto Tales from the Trenches with insight on that :)

I hope you have fun watching them and encourage you to leave feedback on talks that you watched via the link – as a speaker myself I know how valuable that is.

– Sec

posted at: 16:28 | Category: /misc | permanent link to this entry | 1 comment (trackback)

Your Comment
URL/Email: [http://... or mailto:you@wherever] (optional)
Title: (optional)
Save my Name and URL/Email for next time
(Note that comments will be rejected unless you enter 42 in the following box: )

powered by blosxom
in 0.00 s