31c3 – A New Dawn

Co-authored by meatwad and adr13n

We attended the 31c3 — a New Dawn conference which took place in Hamburg, Germany from the 27th of December 2014 to the 30th of December 2014.

The conference is still as underground as you expect it to be. A lot of hackerspaces, many 3d printers and an underground geeky atmosphere. Don’t expect bigwigs and other corporations trying to sell you their products, CCC is not about selling and marketing. It’s all about the community, the sharing and above all security in general.

So after some “Club Mate”, we headed to the talks. The following list gives you an overview of the different talks we attended. For a complete list of the talks as well as the schedule, the reader can refer to the links list at the end of this post.

Day 1

After the introduction and the keynotes, we attended the “Trustworthy secure modular operating system engineering” by Hannes and David Kaloper that introduces the concept of modular operating system. The goal is to get rid of unecessary components to reduce the attack surface. An OCaml implementation of TLS is then explained. A good talk for the functional programming heads around here.

We then saw “Reproducible Builds” by Mike Perry, Seth Schoen and Hans Steiner that shows the concept of reproducible builds or how to be sure that a compiled binary corresponds to the source code and has not been tampered with. A concrete example is shown on how it is now used in tor browser using gitian.

SS7. Locate. Track. Manipulate” allowed us to get a glimpse on the insecurity of the roaming infrastructures using SS7 with concrete examples ranging from DoS, to geo tracing and MitM attacks. A very interesting talks ! The next talk “Mobile self-defense” by Karsten Nohl describing the different attacks on GSM/3G/LTE gave us an overview of the in-security of our mobile device. During that talk the author released SnoopSnitch, an android app allowing to analyze your mobile data and warns you about threats targeting your mobile phone.

Even if memory-safe languages are becoming more and more common, we can’t get rid of C/C++ from the python interpreter down to the kernel. With “code pointer integrity” by gannimo, we were introduced with new techniques of memory corruption protections. The idea is to only protect sensitive pointers to greatly reduce the overhead of such processing.

AMD x86 SMU firmware analysis” by Rudolf Marek presented an attack on a firmware used in a controller inside an AMD processor. With firmware almost everywhere from the USB controller to hard drives, we are exposed to flaws in firmwares that are often closed-source binary blobs.

Caspar Bowden presented in his “The cloud conspiracy 2008-2014” talk, the privacy problems with data placed in US clouds by foreigners (e.g., EU citizens) and his recommendations to alert the EU officials to change things.

Day 2

On day 2, we were very impressed by the talk “Forging the USB armory” by Andrea Barisani which describes the whole process of designing and implementing a (complete) open-source flash-drive computer on a USB key. The idea is very sexy and the realisation can be used in many use-cases ranging from password management device to ssh proxy and/or storage. A must have tool for the geeks !

Reconstructing narratives” by Jacob and Laura Poitras gave us new scary revelations on the NSA spying programs. SSH, TLS, IPsec are all protocol suites that may be decrypted by the NSA, awful ! More information on these information is available here.

We then attended the two talks on Heartbleed “The Matter of Heartbleed” by Zakir Durumeric and “Heartache and Heartbleed: The insider’s perspective on the aftermath of Heartbleed” by Nick Sullivan. The former analyzes the timeline of the release of the vulnerability, based on world wide scans. It also gives an interesting analyses of the patching propagation on this specific bug in OpenSSL. The latter gives us the CloudFlare overview of the attacks and what they’ve done first to correct it and then to understand its impact. A must see.

In “Why is GPG damn near unusable?“, Arne Padmos presents the issues with GPG usability, unfortunately without providing us with a solution.

James Bamford’s “Tell no-one” talk presents the history of the NSA from its beginning in the 20th century up to today and why he started to become a whistleblower. A very nice overview of NSA’s actions and implications with telco companies and the government.

Day 3

We started day 3 with Richard Stallman and his talk on “Freedom in your computer and in the net“. He explained why free software (free as in freedom, not as in free beer) is necessary for the freedom of computing.

We had a nice introduction on quantum computer with Andreas Dewes’ “Let’s build a quantum computer” talk. He started with a brief overview on why bruteforcing password is time consuming with traditional computers. Then, explained how quantum processors work and their potential application to password cracking.

Jean-Philippe Aumasson and Philipp Jovanovic provided us with an introduction to the new CAESAR crypto competition followed by a great presentation on NORX, their candidate to the competition. The must-see crypto talk of this edition.

Ange Albertini’s “Funky File Formats” talk nicely presents how file formats can be abused to create polyglot files (files that can contain multiple types of file). He also gives some use-cases for pentesters on how they can be used to bypass/DoS security systems. Proofs of concept and file formats’ posters can be found on his website.

The Enhanced Mitigation Experience Toolkit (EMET) is an utility that helps prevent vulnerabilities in software from being successfully exploited on Windows. “EMET 5.1 – Armor or Curtain” very technical talk by René Freingruber presents the development of an exploitation on Firefox’s Javascript engine. His goal was to make his exploit work with or without EMET on any version of Windows.

Tonimir Kisasondi introduced his tools to analyze passwords during his “UNHash – Methods for better password cracking” talk. He gave good insights on how to create good words lists and presented his tools as well as their use-cases and performances.

Day 4

On day 4 we attended “Let’s encrypt” by Seth Schoen which describes their project on releasing free certificates for helping people encrypt HTTP connection with SSL (while encrypting other services is also possible). They did a fantastic job. Their solution is to come out on Summer 2015 !

Dr Gareth Owen presented “Tor hidden service and deanonymisation“. A great research project on tor and its traffic (or how to deanonymize their users). The study is very scientific and gives very interesting results on the use of tor. Be careful however when interpreting their results, as, in our opinion, censuring tor is definitely not the solution.

We had a great overview of the different challenges encountered by the different teams of the 31c3, be it network, video, power, and so on. The following figures are very interested:

  • Internet uplink:
    * max 16.4G out, 8.6G in (capacity 50G)
    * 25% inbound IPv6 (only 4% outbound)
    * address space: /16 + /19 = 6 IPs per person
  • Wireless:
    * 125 AP deployed
    * peak of 7’800 users with 20’000 unique devices seen
    * only 60% of the clients use encryption
  • Diverse
    * lent hardware 3’000’000€ (insured value) / 1.2 tonnes
    * power consumption for the four days: 53’093 kWh / 9850m cables
    * 34’000 bottle of Club Mate which would build a 476m tower of 20 bottles crates

In “State of the Onion“, Jacob Applebaum and arma presented a review of what happened with tor in 2014, notably:
partnership with the Mozilla foundation
* a new protocol (obfs3) to bypass censorship with tor
* a tool to monitor censorship (onni)
* a history of attacks/myths against the tor service

In an other topic than security, polygon gave us his experience in “Low Cost High Speed Photography“. His goal was to build a cheap studio in his flat to take really fast shots with not so expensive equipment. The results are pretty impressive.

Globally we had a really good time here at the 31c3, really good talks, a very nice atmosphere, much enough beers and a lot of fun. Looking forward for next year !!!

Here are some links for reference:

* Colleague’s experience at 31c3
* The recordings and other streaming videos: http://streaming.media.ccc.de/
* The wiki: https://events.ccc.de/congress/2014/wiki/Static:Main_Page
* Twitter account: @ccc
* The web blog: https://events.ccc.de/
* The calendar: https://events.ccc.de/congress/2014/wiki/Static:Calendar
* youtube playlist: https://www.youtube.com/user/mediacccde

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s