Speaker: Gregor Hackmack
In the Free City of Hamburg, which is one of 16 German states, a coalition of hackers, activists and other players of civil society have drafted the most revolutionary Freedom of information law in the world.
The law obliges the state to proactively publish all important public information (such as contracts, studies, construction permits) in an OpenData format on the Internet. After the start of a referendum campaign, the law was passed unanimously by the state parliament in June 2012 to avoid a public vote on it.
Gregor Hackmack, Co-Founder of ParliamentWatch and one of the initiators of the Hamburg transparency law will present the law, its implications and most importantly how the campaign was started and why it succeeded.
He will also briefly talk about ParliamentWatch, a transparency website running in Germany with partner projects in Luxemburg, Ireland and Tunisia and its impact on politicians.
I know what I'm looking for
The first part of the talk provides a brief history of Storm Worm focusing on the actual propagation phase. Afterwards we describe the network communication of the bot in detail and show how we can learn more about the botnet.
Tom Scott explains the insecure ways in which some websites deal with passwords.
The “European Great Firewall” was the way that European civil rights organizations has addressed the proposal to create a “single European cyberspace”. This lecture will describe a vulnerability that the proposal reveals in the power structures of the European and world governance.
This talk ends the myth of unbreakable SIM cards and illustrates that the SIM cards are plagued by implementation and configuration bugs.
Although many companies claim to care about end-user privacy, none seem to be willing to compete on the extent to which they assist or resist the government in its surveillance activities. This talk will pierce the veil of secrecy surrounding these practices.
The talk uses fresh examples of application cryptography successes and failures, and also incorporates the new OWASP ESAPI.
The details of reversing software running on Android is a scarce. This talk will explore the filesystem, memory, and reverse engineering techniques in-depth.
In the Free City of Hamburg a coalition of hackers, activists and other players of civil society have drafted the most revolutionary Freedom of information law in the world.
This talk will is intended to understand where and how the digital conflicts are conducted today but we will dig deeply into the future.
Privacy International, Agentura.Ru and Citizen Lab have joined forces to launch a new project ‘Russia’s Surveillance State’. The project aims to undertake research and investigation into surveillance practices in Russia.
This talk introduces Trabbler, the first highly versatile “cross site scripting Trojan”. In the talk, we will discuss Trabbler ́s architecture and code and give practical examples of its application.
We will describe the process of setting up the test network we operate at 29C3, what legal and technical challenges we have faced, and we will describe the actual installation at the CCH.
Ben Smith presents new malicious abuses of printers as well as some fun new uses for old attacks.
In this talk, the technology and capabilities of US-VISIT will be explained in detail; weaknesses in the system will be explored, and the consequences of such a system will be considered.
In several European countries proposals for vast expansion of the powers of law enforcement in the digital realm are floating about. The panel focuses on the pros and cons of such powers.
After a short introduction on the differences of IPv4 to IPv6, the weaknesses in IPv6 will be shown. Highlight of the talk is the presentation of the THC-IPV6 Attack Toolkit.
This talk will discuss the past methods used for XSS defence that were only partially effective. Learning from these lessons, will also discuss present day defensive methodologies that are effective, but place an undue burden on the developer.
This presentation will delve into the science and process behind secure code review and will continue to discuss a simplified approach to secure code review
Many websites mix secure and insecure content on the same page this makes it possible to steal all the data entered on such a page easily, using Moxie Marlinspike’s new SSLstrip tool. I will give a brief explanation and demonstration of the technique.
This talk details how we have abused some of the most popular and recommended Firefox addons, with previously unreleased vulnerabilities. Demos will cover remote code execution, local file disclosure and other tailored Firefox Addon exploits.
This is a talk about the struggles of becoming a Private Investigator and what the laws are for computer forensics going forward.
Using Linux and a device with 2 network cards, I will demonstrate how to configure an undetectable transparent bridge to inject a rogue device onto a wired network that is secured via 802.1x using an existing authorized connection.
Johnny Long reveals basic and advanced search techniques, basic and advanced hacking techniques, multi-engine attack query morphing, and zero-packet target foot printing and recon techniques.
This talk will focus on building a phishing framework on top of Metasploit that pentesters can use to automate phishing and increase their overall capabilities.
I will demonstrate both local and remote attacks on ATMs, and I will reveal a multi-platform ATM rootkit. Finally, I will discuss protection mechanisms that ATM manufacturers can implement to safeguard against these attacks.
Short demo using the passthrough option of Pyrit which eliminates the need for giant tables taking up all your hard drive space.