anatoliy pltkrvkay posted:

https://fahrplan.top/congress/2017/Fahrplan/events/9070.html was a fun trip into the financial system being completely terrible and unaccountable in edge cases. you too can be denied a bank account due to someone posting about you on stormfront!

Wiggly Wayne DDS posted:

Wiggly Wayne DDS posted:

reminder that i don't have a monopoly on talking about 34c3, if you watch a talk then talk about its pros/cons and feel free to disagree with me

large chunk from day 1 of 34c3, i may have low barred that 50 figure if this is a trend:
Forensic Architecture by Eyal Weizman (43:34)
- tech issues turn this into an improv presentation where the presenter works off of his website. good talk that goes into visually reconstructing bombings in conflict zones and representing conflicting narratives in kidnappings. q&a is great and full of actually good questions

Demystifying Network Cards by Paul Emmerich (31:29)
- good fast dense talk focused on optimising networking performance mainly aimed at driver development. only a brief mention of security where the presenter hopes dropping priviledges is perfect, but not the main point of the talk. light q&a

eMMC hacking, or: how I fixed long-dead Galaxy S3 phones by oranav (56:07)
- good technical talk starting from reversing patches, abusing backdoors to dump firmware then finally patching. no hardware mods necesary. worth a watch. q&a has some nice gems

Uncovering British spies’ web of sockpuppet social media personas by Mustafa Al-Bassam (31:31)
- alt names: "my first day on irc", "the day i learned what sigint actually does", pretty naive analysis throughout. only thing of value was gchq being lazy with timing tweets (mon-fri 9-5 gmt). other than that just a rehash of leaks and the presenter going "well this would be a good place to research, right??". q&a also useless given the source is of questionable value for opsec advice given the indictment

Squeezing a key through a carry bit by Sean Devlin, Filippo Valsorda (50:02)
- alt name: "not obviously exploitable", leveraging a rare carry bug (~2^32) to full key recovery. crash course on ecc then p straightforward crypto talk on the bug itself then optimising it to a feasible attack. no real q&a though

Unleash your smart-home devices: Vacuum Cleaning Robot Hacking by Dennis Giese and DanielAW (31:15)
- audio troubles for 5m. focuses on xiaomi devices. homebrewing presentation that talks around the rooting aspect but does a good job with what they have to work with. q&a is good. alright watch to see what's stored on the device and functionality available to the manufacturer

How risky is the software you use? by Tim Carstens and Parker Thompson (58:50)
- alt name: "producing a consumer-friendly security advisory notice at-scale". pretty bad talk that's more about imposing archaic guidelines post-release than improving the dev process. For all the talk comparing to EPCs the speaker's against giving risk-based advice on improving score, but prefers an adversarial approach to improving standards. Speaker hopes a bayesian stats approach will lead to devs implementing secure practices, not just getting enough boxes ticked for implementing x irrelevant feature. Even dumber is this approach leads to score dilution where thousands of irrelevant secure programs are loaded on with manufacturer's own dumb program to make the overall product look better. their analytic pipeline could do with angr rather than remaking the wheel for the nth time (it's almost as if it's the same problem field...). i could keep yelling but this is a lot of stats nerds trying to show the grant money was spent well. bad sales pitch disguised as a talk. q&a is good as the speaker accidentally tears down their own talk, then misunderstands threat models

BBSs and early Internet access in the 1990ies by LaForge (61:41)
- a good nostalgia talk, extremely brave speaker for giving a live demo to look at random unvetted bbs images. worth watching. q&a is mostly worthless though

Science is broken by hanno (30:45)
- alright talk, doesn't add much if you're familiar with different scientific field study practices though. mostly poking at generic iteration flaws and publication bias. q&a is good

Tightening the Net in Iran by Mahsa Alimardani (47:47)
- a very strange start to a talk. takes a bit to get going but a good overview of how iran are going about limiting internet access in the country. speaker is defensive of telegram (takes the common stance of "it's popular so let's fix it rather than saying use signal/tor"), bit of an odd choice for a privacy standpoint. good watch though, if oddly ignorant of telegram's issues. q&a is alright but mistakes a single person as a perfect source of info for a country

1-day exploit development for Cisco IOS by Artem Kondratenko (45:36)
- good talk on rebuilding a snmp buffer overflow vuln into a reliable rce. spends a lot of time on refinding rop chains though. if you want to know more about exploiting cisco generically i'd read through this.

Inside Intel Management Engine by Maxim Goryachy (51:46)
- an unfortunately rough talk as the speaker isn't that confident. great on the technical aspects though so worth watching. q&a try to salvage the talk

iOS kernel exploitation archaeology by argp (54:56)
- focuses on reverse engineering a kernel exploit from a late 2013 jailbreak to figure out the exploit techniques. alright talk but it meanders a lot and ultimately turns into how the speaker reimplemented the exploit than how it was originally designed.

Lets break modern binary code obfuscation by Tim Blazytko and Moritz Contag (60:02)
- two parts: first treads a lot of ground on common commercial obfuscation methods before focusing on vm approaches and common hardening techniques. second dives into probabilistically modeling functions to work around the obfuscation arms race. demo with toolset, p good talk with no real downtime. q&a is alright

anatoliy pltkrvkay posted:

A selection of cool things so far:

Ecstasy 10x yellow Twitter 120mg Mdma by !Mediengruppe Bitnik (29:33)
- MDMA is legal if you buy it in small quantities for an art project! Also some physical glitch art and script injection into fun places

Financial surveillance by Jasmin Klofta and Tom Wills (59:05)
- Thomson Reuters pays people to do mindless data entry jobs where they review questionable sources (apparently Stormfront is a valid source of information!), compile dossiers from them, and sell them to banks at considerable markup to prevent money laundering and terrorist acts by middle-aged peaceful protestors in pink sweatshirts

Deconstructing a Socialist Lawnmower by Darsha Hewitt (no video yet)
- Introducing iMower. Made in Leipzig. Designed by Apple in the German Democratic Republic.

Phone posted:

yesterday i watched (stealin' wiggly's format):

dprk consumer technology by Will Scot and Gabe Ewards (31:27)
- the latest in the series of looking at the dprk's fairly robust computer science and personal electronics sectors; high level talk about what's available and what it looks like (it's android). super breezy and definitely worth a watch if only to have another view into the dprk that isn't through the lens of the american propaganda arm.

bgp and the rule of custom by Caleb James Delisle (31:11)
- if you don't know what bgp is or how the internet's hierarchy is structured, it's not bad? totally worth skipping; the highlight was in the q&a session where some swede pulled a "well actually" and the moderator was like "do you have a question?"

Lutha Mahtin posted:

so did ccc fix their rape problem yet, or

apseudonym posted:

Are they still hosting/supporting Appelbaum?

I don't know why that guy still gets the amount of support he gets

maskenfreiheit posted:

maybe he has dirt. I could see him going “why am I excluded when...”

[insert list of rapists here]

anthonypants posted:

if only it were the ccc's problem to fix

cheese-cube posted:

who would post in gbs lol

Avenging_Mikon posted:

Masken’s the prime poster in the r/relationships mock thread.

cis autodrag posted:

More like ccc, like your gbs posting, doesn't understand any type of sexual assault beyond "pinned them down"

maskenfreiheit posted:

Was it this thread or another where I saw you question someone who pointed out Zoe Quinn has been accused of abusing trans folks?

maskenfreiheit posted:

i'm not sure i understand how requesting consent and being granted it is rape?

if you're using body language/volume/blocking the door, it's consent given under duress. any idiot knows thats not valid just like "gently caress me or ill shoot you" is not valid.

maybe i'm misreading what you're saying but "can we have sex? no? pleeeeeaase? yes." is not a transcription of an assault

Truga posted:

https://twitter.com/officialmcafee/status/946154726307127298

spit on my clit posted:

good god can we not do this garbage here

mrmcd posted:

Lol of course masken is a Zoe Quinn obsessed gamer gater.

spit on my clit posted:

good god can we not do this garbage here

mrmcd posted:

Lol of course masken is a Zoe Quinn obsessed gamer gater.

spit on my clit posted:

shut UUUUUUUUUP

maskenfreiheit posted:

fine

maskenfreiheit posted:

i;m the idea it's manslaughter if you call the police and they shoot someone, but not manslaughter if you are the police who shoot someone

420 SWAGLORD posted:

In a security fuckup far below the scope usually covered in this entertaining and engaging thread, the apartment building I have burrowed into the basement of is using those lil wifi nannycam deals as a "security system" and all of them are viewable to anyone on the building wifi. I stream one of the outdoor cams to a tv in my corner of the basement so it feels like I have a window. Also their routers all still use default logins so I prioritized my poo poo. I'm a coolguy hacker now right? Like Mr. Robot?