I’ve been watching the talks out of 29c3 as they become available online for the last couple days, and these are my favorites with comments. I’ve never come up with an excuse to actually go, but always find that it is the conference with the most things I am excited about every year, and end up watching more recorded sessions than I could have attended had I been present. The ones I picked below were both topics I found interesting and good presentations – there were a couple I hoped would be good but had talks that made me just give up and read the paper that I won’t mention here.
For each talk I mention, the “Blurb” link is to the page on the CCC Fahrplan, the “Video” link is to one of the official mirrors high quality MP4/H264 files, “Torrent” is a torrent to the same, and “Youtube” is to the copy on the the official cccen channel. Because they went up first and youtube has been disgusting me lately (real name? no sort by date? “channel centered”? fuck that.) I torrented everything to the machine hooked up to my TV, but get your fix by your mechanism of choice. Some of the Youtube links are to the shifty streamripped preview videos instead of the well-encoded ones that go up later because that was all that was up when I watched. There are also iThing-suitable MP4s in another directory on the mirrors as well, if you’re into eye strain or something.
Jacob Appelbaum – Not My Department
Blurb | Video | Torrent | Youtube
This was the keynote, and did a good job pointing at important things for us to be thinking about, even if the talk itself was merely OK. There are always accusations that Jacob (and some other similar folks) are attention whores, but I think the humility (surprise at being selected as the keynote speaker, frequent references to others as more important, and frequent self-deprecation of his roles in things) displayed in this talk help clear that charge – he is simply trying to draw attention to things he thinks are important. He may not be terribly good at it, but he’s doing what he can for causes he thinks are important, and I think are important, and we should pay attention to, and gets grief for doing so, and that is worthy of some respect.
Jesselyn Radack, Thomas Drake, William Binney – Enemies of the State: What Happens When Telling the Truth about Secret US Government Power Becomes a Crime
Blurb | Video | Torrent | Youtube
These are the high-profile folks (who are currently able to travel and speak) that have exposed shady things the U.S. government has done in recent years, and had their lives turned upside down for their effort. Some of the things they talk about are a little bit hard to believe, but all the terrible things they say are falsifiable. Binney in particular sounds crazy, but is from a position and has backing evidence that makes it all believable (over the clanking of his solid steel testicles).
Listening to this is pants-shittingly scary, and probably the most important thing that happened at CCC this year.
Natalie Silvanovich – Many Tamagotchis Were Harmed In The Making Of This Presentation
Blurb | Video | Torrent | Youtube
The presenter seems to be a little bit terrified, and a few important details were missing, but it made a great primer on the how and why of tampering with consumer hardware with simple instruments.
Ang Cui,Michael Costello – Hacking Cisco Phones
Blurb | Video | Torrent | Youtube
These are the same folks that did the big HP Printer hack last year, but this is a far more badass incarnation of the same “Let’s 0wn an ubiquitous networked embedded system” concept. The talk itself is fucking great – very polished, with a really clever deck and lots of suitable humor. I might torture one of the phones that have been proliferating around campus just to try it.
Violet Blue – Hackers As A High-Risk Population
Blurb | Video | Torrent | Youtube
It takes
way too long to get to the point, but once she does some important things are said, and the preamble would be useful if you had never been exposed to harm reduction ideas before. The Q&A was largely better than the talk itself. The answer to the first (social construction) question is
really interesting – the idea that hackers are healthy [information] society trying to heal/progress itself (and a ubiquitous, natural phenomena of curiosity), rather than a product of a broken society. The argument in the “treating as a disease” question and some back-and-forth from folks with no background that promptly picked up on the criticisms of harm reduction practices are interesting as well. I think the speaker made some terrible language choices, probably from exposure to psychology jargon, that caused some of the issue. The final question about Hacking
as harm reduction (and its utility as such) is good stuff as well.
Also, it made a nice motion toward grugq’s OPSEC for Hackers” deck that has been floating around for a couple months. I do very little that would benefit from that sort of security, but appreciate that that is a matter of time, habits, place, and luck, that I don’t, so it is an important thing to remain aware of and prepared to side into.
Denis Baranov, Gleb Gritsai, Sergey Gordeychik – SCADA Strangelove
Blurb | Video | Torrent | Youtube
This reminds me of the 27C3 Fail0verflow PS3 talk (which is still one of my favorite talks about anything, ever) in lot of ways – not quite as good, but it is _hilarious_ to the technologically sophisticated viewer, with strangelove references for various snark and things they shouldn’t say under responsible disclosure practice. The topic is also very relevant since many of the serious high-profile infections (suxnet and the like) have been going after SCADA systems, and the industry has historically not handled security on computer-like devices well. Like several talks this year, the content here is really, really scary. I also deeply appreciated one of the questions:
Q: “What do you think about new developments like SCADA in the cloud.”
A: “One Ring.”
bx – The Care And Feeding Of Weird Machines Found In Executable Metadata
Blurb | Video | Torrent | Youtube
I’ve been hearing this idea a lot more in the last year or so, they are the at terribly interesting class of little fuckups. The old special-case of heap smashing is pretty well understood, but the interesting modern issues because of (often poorly designed) tools being composed haphazardly, and all kinds of interesting entities cropping up along the edges. ELF executable headers aren’t exactly a new thing, but they have slowly become more powerful, and make an interesting study. I usually find the interactions between things more interesting than the things themselves, and advocate systematic understanding, so this is all very exciting to me. The talk is a hair rambling, and the demo goes a little bit wrong, but it is all thought provoking. There is also an interesting philosophical issue in that I both disapprove of proliferating special-purpose domain specific languages (and their associated shitty language/parser design), and disapprove of handing inappropriately powerful environments out to subsystems.
Travis Goodspeed – Writing A Thumbdrive From Scratch
Blurb | Video | Torrent | Youtube
Talk is about USB hacking and designing USB devices that violate assumptions, both in general and specifically with regard to storage/block devices. It is presented as a method for antiforensics type security, and alludes to previous work using the technique to break into one’s own consumer electronics, but the techniques and tools and observations are way more interesting to me than the applications.
I suspect a Facedancer (their hardware for creating virtual USB devices, and a Dune reference) would be like my Buspirate (used maybe 3-4 times a year… but those 3-4 things would be fucking impossible without), so if someone starts selling completes (or complete kits, or some means to order it without spending two hours fucking around on vendor sites to source all the parts) for a reasonable price, one will probably appear in my parts bin, just because damn it is cool.
The Lightning Talks (sessions 1/Youtube1 2/Youtube2 and 3/Youtube3)are, as always, a good show, expose you to lots of cool things, and don’t require quite as much attention as the longer talks. There are some really startlingly ambitious things that people walked up and talked about for 5 minutes. Be warned that a few of them are in German, and you will have a “projects to look into” list that could take a week to clear at the end.
And now you have like 12 hours worth of video suggestions that will make you smarter and better instead of dumber.