The 25th Chaos Communication Congress is underway in Berlin. One of the first talks we dropped in on was [script]’s Solar-powering your Geek Gear. While there are quite a few portable solar products on the market, we haven’t seen much in the way of real world experience until now.
With another hacker conference looming in front of us, it’s time to start thinking about hardware security. Hacker conventions have the most hostile network you’ll ever encounter. [Security4all] points out that 25C3 already has an extensive page on securing your hardware. It starts from the ground up with physical security, BIOS passwords, and locking down bootloaders. There’s a section on securing your actual OS and session. Finally, they cover network usage. It mentions using SSH for dynamic forwarding, which we feel is a skill everyone should have. We’ve used it not just for security, but for bypassing brainless bandwidth restrictions too. There’s also the more trick transparent version. Every piece of data you bring with you, you risk losing, so they actually recommend just wiping your iPhone and other devices before attending. It’s important to remember that it’s not just your own data at risk, but everyone/thing you communicate with as well.
Capture the Flag (CTF) is a long running tradition at hacker conventions. It pits teams of security researchers against each other on the same network. Every team gets an identical virtual machine image. The VM has a set of custom written services that are known to be vulnerable. The teams work to secure their image while simultaneously exploiting services on the machines of other teams. A scoring server monitors the match as it progresses and awards points to teams for keeping their services up and also for stealing data from their competitors.
The Chaos Communication Congress in Berlin December 27-30, 2008 will host a CTF competition. Most CTF matches are done head to head in the same room. While 25C3 will have local teams, it will also be wide open for international teams to compete remotely. Remote teams will host their own images on a VPN with the other competitors. Now is a good time to register and familiarize yourself with the scoring system. It will certainly be interesting to see how this competition plays out now that teams that can’t make the trip can still compete.
To appease people waiting for the iPhone 3G unlock, iphone-dev team member [MuscleNerd] did a live video demo this afternoon. The video shows him removing the AT&T SIM and putting in a T-Mobile SIM. After the switch, the phone shows no connectivity. He then runs “yellosn0w” in an SSH session with the phone. The phone then unlocks without needing to be rebooted and the signal bars appear. The final test shows the phone receiving a call.
The target for this release is New Year’s Eve and it doesn’t support the most recent baseband. Well be attending the 25C3 talk hosted by [MuscleNerd] and other team members. The VNC screen you see in the video is thanks to [saurik]’s Veency.
The 25C3 team has a post highlighting some of the hardware workshops that will be happening at Chaos Communication Congress this year. Our own [Jimmie Rodgers] will be in the microcontroller workshop area building kits with many others. The folks from mignon will be bringing several of their game kits for another workshop. We saw quite a few quadcopters at CCCamp and the team from Mikrokopter will be back to help you construct your own drone. They say it only takes five hours for the full build, but space is limited.
The team behind 25C3 has published the first draft of this year’s schedule. The annual Chaos Communication Congress is happening December 27th to 30th in Berlin, Germany. There are plenty of interesting talks already in place. We’re spotting things we want to attend already: The conference starts off with how to solar power your gear, which is followed by open source power line communication. A TOR-based VPN, an open source BIOS, rapid prototyping, holographic techniques, and running your own GSM network are on the bill too.
We’ll have at least three Hack a Day contributors in attendance. Last year featured two of our favorite conference talks: [Drew Endy]’s Biohacking and the MiFare crypto1 RFID crack. We hope to see you there.
It looks like it’s time to update our event list. Here are some hacking related events happening through the rest of the year.
Did we miss anything?
