31st Chaos Communications Congress

The 31st annual Chaos Communications Congress (31C3) kicked off today and you’ve already missed some great talks. If you’re not in Hamburg, Germany right now, you can watch the talks as they happen on the live stream. So stop reading this blog post right now, and check out the list of presentations. (But don’t fret if you’ve already missed something that you’d like to see. All the talks are also available after the fact.)

For those of you whose worldview is centered firmly on the You Ess of Ay, you’ll be surprised to learn that the Congresses are essentially the great-grandaddy of the US hacker conventions. If you’re one of the many (old?) US hackers who misses the early days of yore before DEFCON got too slick and professional, you’ll definitely like the CCC. Perhaps it’s the German mindset — there’s more emphasis on the community, communication, and the DIY aesthetic than on “the industry”. It’s more HOPE than DEFCON.

This is not to say that there won’t be some great hacking showcased at 31C3. It is the annual centerpiece of the European hacker scene, after all. Hardware, firmware, or software; it’s all exploited here.

Some of the talks are in German, naturally, but most are in English. If you haven’t attended before, you at least owe it to yourself to check out the live stream. Better yet, if you’re a member of an American hackerspace, you can at least set up local remote viewing for next year. Or maybe you’ll find yourself visiting Germany next Christmas.

[Image: Wikipedia / Tobias Klenze / CC-BY-SA 3.0]

Student Trolls Anti-Arduino Prof With Parasite MCU

Like some of our grouchier readers, [PodeCoet]’s Digital Sub-Systems professor loathes everyone strapping an Arduino onto a project when something less powerful and ten times as complicated will do. One student asked if they could just replace the whole breadboarded “up counter” circuit mess with an Arduino, but, since the class is centered around basic logic gates the prof shot him down. Undeterred, our troll smuggled an MCU into a chip and used it to spell out crude messages.

No Arduino? No problem. It took him 4 tries but [PodeCoet] hollowed out the SN74LS47N display driver from the required circuit and made it the puppet of a PIC16F1503 controller. The PIC emulated the driver chip in every way – as ordered it showed the count up and down – except when left unattended for 15 seconds. Then instead of digits the PIC writes out “HELLO”, followed by three things normally covered by swimsuits and lastly a bodily function.

For such a simple hack it is wonderfully and humorously documented. There are annotated progress/failure pictures and video of the hack working.

It is not as elaborate as the microscopic deception in the infamously impossible 3 LED circuit, but it gets to the point sooner.

Continue reading “Student Trolls Anti-Arduino Prof With Parasite MCU”

Toorcamp is coming!

Hey, I like a good party like anyone else. I’ve been drooling over some of the projects coming out of burning man for years. However, the ratio of “gettin’ crazy” to “build awesome stuff” seems to be slanted in favor of the party experience. There’s absolutely nothing wrong with that. However, when I saw this, my eyes welled up with tears of joy.

ToorCamp is Burning Man with less drugs and more hacking. This summer ToorCamp will take place on the northwest corner of the staggeringly beautiful Olympic Peninsula. Just get yourself out there!

Located at the Hobuck beach resort near Neah Bay WA, Toorcamp is a 4 day event that should pull in roughly 1,000 enthusiastic hackers. There are four “villages” that you can wander through; the lock picking village, the hardware hackers village, the maker’s village, and the crafting village. All should include bountiful talks and hands on workshops. There’s also a quiet camp if you really really want to avoid the inevitable sporadic parties.

Black Hat 2009: Powerline and optical keysniffing

sniff

The 2009 edition of the Black Hat security conference in Las Vegas has just begun. The first interesting talk we saw was [Andrea Barisani] and [Daniele Bianco]’s Sniff Keystrokes With Lasers/Voltmeters. They presented two methods for Tempest style eavesdropping of keyboards.

Continue reading “Black Hat 2009: Powerline and optical keysniffing”

LayerOne coming soon

layerone

Annual hacker conference LayerOne will be held May 23-24th in Anaheim, CA. They’ve completed the speaker lineup and have quite a few interesting talks. [David Bryan] Will be focusing on practical hacking with the GNU Radio. It’s a software defined radio that we’ve covered in the past for GSM cracking. [Datagram] will present lockpicking forensics. While lockingpicking isn’t as obvious as brute force entry, it still leaves behind evidence. He’s launched lockpickingforensics.com as a companion to this talk. LayerOne is definitely worth checking out if you’re in the Los Angeles area.

The 2009 ShmooBall gun

larry

The registration desk hasn’t opened yet at ShmooCon 2009, but we’re already running into old friends. We found [Larry Pesce] and [Paul Asadoorian] from the PaulDotCom Security Weekly podcast showing off their latest ShmooBall gun. ShmooBalls have been a staple of ShmooCon from the very beginning. They’re soft foam balls distributed to each of the attendees who can then use them to pelt the speakers when they disagree. It’s a semi-anonymous way of expressing your dismay physically. [Larry] has been building bigger and better ways to shoot the ShmooBalls for the last couple years. You may remember seeing the 2008 model. This year the goal was to make the gun part much lighter. The CO2 supply is mounted remotely with a solenoid valve and coiled air line. The pistol grip has a light up arming switch and trigger. The gun is fairly easy to transport: the air line has a quick disconnect and the power is connected using ethernet jacks.

Mobile RFID scanning

[Chris Paget] is going to be presenting at ShmooCon 2009 in Washington D.C. this week. He gave a preview of his RFID talk to The Register. The video above demos reading and logging unique IDs of random tags and Passport Cards while cruising around San Francisco. He’s using a Symbol XR400 RFID reader and a Motorola AN400 patch antenna mounted inside of his car. This is industrial gear usually used to track the movement of packages or livestock. It’s a generation newer than what Flexilis used to set their distance reading records in 2005.

The unique ID number on Passport Cards doesn’t divulge the owners private details, but it’s still unique to them. It can be used to track the owner and when combined with other details, like their RFID credit card, a profile of that person can be built. This is why the ACLU opposes Passport Cards in their current form. The US does provide a shielding sleeve for the card… of course it’s mailed to you with the card placed outside of the sleeve.

Technology exists to generate a random ID every time an RFID card is being read. The RFIDIOt tools were recently updated for RANDOM_UID support.

[Thanks Zort]