|
Kurvi Tasch posted:Any suggestestions which 35C3 talks to watch?
|
# ¿ Dec 27, 2018 17:39 |
|
|
# ¿ May 8, 2024 13:05 |
|
[pre-watch disclaimer] before i begin going from the schedule i don't expect lots of outstanding talks, or any really bad ones, so don't expect any major criticism. these are my opinions, so make your own assessments and say when a talk's poo poo that i think is good and vice versa [/pre-watch disclaimer] 35c3 day 1 talks: Locked up science by Claudia Frick (@FuzzyLeapfrog) (41:52) - quick runthrough of how academic publication occurs, and advances to encouraging free access to the publications. good watch if you're unfamiliar with the issues involved, but doesn't go that in-depth. q&a is pretty straightforward The Rocky Road to TLS 1.3 and better Internet Encryption by hanno (1:00:38) - audio issues go away a minute in. pretty thorough history lesson on how we got to 1.3 and the vulnerabilities along the way. a familiar email's in there. good q&a Mind the Trap: Die Netzpolitik der AfD im Bundestag by Noujoum (41:10) - deu->eng. good intro to the german parliament, the AfD's leverage as the biggest opposition party, and their current approach to hiding in plain view. doesn't go that in-depth though and q&a is light Going Deep Underground to Watch the Stars by Jost Migenda (47:03) - neutrinos: the talk. good talk to watch covering the design of detectors and future plans. q&a is good as well LibreSilicon by leviathan, hsank and Andreas Westerwick (1:00:13) - advances on the lightning talk from last year. very techncially dense talk. they're making good progress at recreating silicon compilers, and focus a lot more on the process side this time. great talk to watch if you want a refresher on circuit board optimisation. speakers get a bit nervous but given how dense the talk is that's hardly surprising. q&a is pretty good as well Election Cybersecurity Progress Report by J. Alex Halderman (59:39) - expands on the 2016 talk with the same speaker, this time they consider looking past the prior academic vacuum given the data that's came out since. it's worth watching this talk against what the speaker said in 2016 and where the strict denials suddenly vanish. q&a is good First Sednit UEFI Rootkit Unveiled by Frédéric Vachon (40:53) - uefi rookits in the wild! goes through discovery of the initial vector, exploitation and the features of the rootkit. relatively quick talk, good q&a SiliVaccine: North Korea's Weapon of Mass Detection by Mark Lechtik (52:45) - dprk's antivirus. lots of good highlights throughout the talk. strangely doesn't tie into the prior dprk talks. q&a is very short Frontex: Der europäische Grenzgeheimdienst by Matthias Monroy (41:38) - deu->eng light talk covers border security at the mediterranean. mainly focuses on the cooperation between different governments in working this in practice, and libya's involvement. q&a is long Taming the Chaos: Can we build systems that actually work? by Peter Sewell (58:53) - starts as a standard talk about formally defined systems focusing on C. moves onto showing off academic advances in proofing in practice, and progresses to almost functional in the real world. q&a is good and a large chunk of the talk. Censored Planet: a Global Censorship Observatory by Roya Ensafi (56:04) - talk is mostly about rediscovering how to abuse a sequential id in ip packets to infer connectivity between 2 uncontrolled machines. then it moves onto abusing open dns resolvers. certainly some strange ethics tests involved, and seems to be ignoring legal issues. i'd go on but it's strange how for the talk about adversarial research little seems to be done on pitfalls in the data collection and likely poisoning the sources listed. q&a brings this up, but the answers don't inspire confidence. "The" Social Credit System by Toni (1:01:17) - great talk on china's social scoring systems. in-depth on how its seen in china, how it came into existence, and all of the biases inherent in the different models. good q&a as well Scuttlebutt by Zenna / zelf (34:23) - "The decentralized P2P gossip protocol" no don't run away! actually maybe do they missed more buzzwords: blockchain, mesh network, sneakernet, it just goes on. really have a drinking contest for this talk if you dare. they start rediscovering using split shared secrets for recovery. their main talk must have no substance as they then proceed to talk about other projects doing actually interesting work that they must be trying to look competent by vague association? it's a short talk as well so enjoy this trainwreck. i want my time back. q&a is far too polite on trying to get anything technical about how this protocol exists at all. questions about sybil attacks and fake accounts result in pure bullshit in response. Hunting the Sigfox: Wireless IoT Network Security by Florian Euchner (Jeija) (38:03) - good introduction to low energy RF protocols. quick but covers a good amount of ground for newcomers. q&a is good as well Information Biology - Investigating the information flow in living systems by Jürgen Pahle (37:26) - intro to biochemical modelling, good luck live translators. great talk but get ready for lots of stats. q&a covers a lot of ground as well Introduction to Deep Learning by teubi (41:07) - great thorough talk on how deep learning functions that's very accessible. doesn't go in depth on training issues, just how the training functions works. q&a is worthwile to watch How does the Internet work? by Peter Stuge (50:09) - pretty basic intro to the common protocols, honestly not great for an introduction talk as speaker is a bit nervous with a black/white slideshow and talking about all the protocols in a very dry manner. really is about the internet in early 90s compared to now - talk briefly touches on that at the end. q&a is one polite question Compromising online accounts by cracking voicemail systems by Martin Vigo (42:02) - great talk going through automating bruteforcing voicemail attacks to break bad reset flows. lots of practical attacks in the presentation. q&a is really good and informative for carriers in 2018
|
# ¿ Dec 28, 2018 01:04 |
|
anatoliy pltkrvkay posted:eh, i'd expect that concerns over compromising sources and methods is probably overblown as long as they're technical--the adversaries in question are the policy arms of government, and while those will go after identifiable persons under their jurisdiction raising a stink (you, as a government, want to shut up individuals who complain to foreign media about censorship), covering up evidence of that censorship itself is probably a much lower priority. it's not exactly a secret that some governments censor the internet (hell, Roskomnadzor itself very much makes a queriable database of censored items open to the public, albeit through a broken-rear end garbage website), and that researchers can confirm this along with specific details through non-official means probably isn't much concern to the governments in question unless it provides a means of circumventing the block also.
|
# ¿ Dec 28, 2018 15:12 |
|
day 1 continued (i even skipped some talks!): Digital Airwaves by Friederike (46:09) - SDR talk covering how each component functions, the basics of RF, and dives into signal processing. good, but keep in mind its an intro talk. q&a is short but good Space Ops 101 by sven (1:02:16) - great talk on mission planning and engineering. covers real world scenarios and diagnosing faults throughout the process. interesting, and a quarter of the video is devoted to q&a Transmission Control Protocol by Hannes Mehnert (39:13) - a rough intro to TCPIP, cares too much about explaining the minutiae rather than why the choices were made. talk is really about how they made a formal model on TCPIP rather than an introduction to beginners. few polite questions at the end. wallet.fail by Thomas Roth, Dmitry Nedospasov and Josh Datko (1:01:58) - downside: *coin enthusiasts. upside: 4 practical attack vectors on hardware wallets. really well done talk that covers a lot of ground quickly. q&a is alright as well What The Fax?! by Yaniv Balmas and Eyal Itkin (46:55) - must watch talk focusing on attacking all-in-one printers with fax functionality. full of lots of fun easter eggs. q&a is short A Routing Interregnum: Internet infrastructure transition in Crimea after Russian annexation by Xenia (44:38) - must watch citizenlab talk analysing what happened to all the communication infrastructure during the annexation. shows how russia improved their surveillance capabilities in crimea. q&a is long as well Quantum Mechanics by sri (57:30) - accessible crash course in quantum mechanics focusing on the experiments and fundamental equations. well it's accessible for people already extremely familiar with the maths behind quantum mechanics, so good luck. good amount of time for q&a Open Source Firmware by zaolin (49:39) - deu->eng good overview on designing firmware, and the current advances made. no real q&a after the talk Modchips of the State by Trammell Hudson (36:52) - great quick watch. starts off running through the bloomberg claims, and goes into how to build an implant in practice. q&a is relatively lengthy as well. All Your Gesundheitsakten Are Belong To Us by Martin Tschirsich (1:01:41) - deu->eng good talk focusing on health data mobile apps for medical records between doctor and patient. it covers a variety of apps, but fumbles a few times on the danger of specific issues. great other than that, and the sloppy translation. q&a is pretty long but doesn't cover much Inside the AMD Microcode ROM by Benjamin Kollenda, Philipp Koppe (37:21) - must watch reverse engineering talk, should be pretty familiar if you watched last years talks - same speakers on the same subject. lot of interesting advances this year. q&a has nice questions as well SD-WAN a New Hop by Sergey Gordeychik (49:04) - great talk covering software defined WANs, and the security issues across multiple vendors' products. q&a is light and doesn't cover much Day 2 Exploring fraud in telephony networks by Merve Sahin, Aurélien Francillon (1:02:05) - interesting talk. starts trying to classify the classic frauds, then brings in data to show how they work in practice and models some defenses. lots of q&a with good information mixed in A farewell to soul-crushing code by Mike Sperber, Nicole Rauch (1:00:57) - talk has good dynamics, but is effectively a rough intro to functional programming and haskell. 15m of q&a at the end but there isn't anything worthwhile in there Inside the Fake Science Factories by @sveckert, @tillkrause, Peter Hornung (1:01:36) - deu->eng worth watching. investigative journalists look into the other side of academic publishing. goes from publishing papers, to attending the conferences and analysing authors at 5 of the major predatory journals. good q&a Modern Windows Userspace Exploitation by Saar Amar (50:58) - shows off the progress of native mitigations by taking a ctf challenge and exploiting it on win7, 10(TH1), 10(RS5). really good runthrough of the newer protections and older ways of bypassing them. dense with lots of demos so no q&a. SymbiFlow - Finally the GCC of FPGAs! by Tim 'mithro' Ansell (1:02:04) - good talk. aims to make a open source toolchain for fpga development. mostly an overview of the current state of the various replacement attempts, and if you want more info on nextpnr check out the next talk. thorough q&a The nextpnr FOSS FPGA place-and-route tool by Clifford Wolf (46:52) - paired with the last talk. far more technical than the general overview of the last talk. q&a is alright Explaining Online US Political Advertising by Damon McCoy (1:01:22) - must watch talk on analysing the targeting of political ads since the 2016 election. grabs facebook/google/twitter public ads archives, talks about their approaches, and visualises the data. good q&a as well there's a lot more good talks left for day 2, but i've caught up with their archives at the moment, so taking a break Wiggly Wayne DDS fucked around with this message at 00:22 on Dec 29, 2018 |
# ¿ Dec 29, 2018 00:14 |
|
let's continue with day 2 now that the archives are a bit more up to date: Lightning Talks Day 2 by too many people to list (2:06:49) - starts off strong tbh, not going to rate every 5m talk. there's some crazy talks in there but the majority are worth watching. Smart Home - Smart Hack by Michael Steigerwald (51:22) - deu->eng turns out IoT devices are bad?? good talk that goes through multiple devices. includes putting arbitrary firmware on a device, and disabling the cloud features. lots of q&a A Christmas Carol - The Spectres of the Past, Present, and Future by Moritz Lipp, Michael Schwarz, Daniel Gruss, Claudio Canella (1:01:29) - must watch talk on the attacks, mitigations and why they're still not enough. brilliant presentation throughout. q&a is good as well Attacking end-to-end email encryption by Sebastian Schinzel (1:00:38) - really good talk on efail and the variants, the disclosure process that happened and why everything's still hosed. q&a covers a lot more details Jailbreaking iOS by tihmstar (47:58) - rough historical talk on jailbreaking expanding on the talk from 2 years ago. the community's not changed so expect the same issues. the crypto and future work sections are p useless as well. q&a does try and point out that jailbreaking is inherently incompatible with securing the devices Wallet Security by Stephan Verbücheln (35:34) - another *coin enthusiast, joy. the talk is p rough as well, makes the mistake of trying to explain crypto when its not their expertise, nor are they good at explaining old well documented attacks. just watch the hardware wallet talk as it covers all of this but with practical demos as well. q&a is a bit comical as well The Layman's Guide to Zero-Day Engineering by Markus Gaasedelen, Amy (itszn) (57:04) - great intro talk on the realities of researching from scratch, and the non-tech side of building exploits from scratch. recommend it for anyone without experience in researching to get an idea of what happens behind the scenes. actually bothers to talk about cleaning up post-exploit. no q&a - dense talk A deep dive into the world of DOS viruses by Ben Cartwright-Cox (38:13) - must watch talk covering the less well known DOS viruses, how they function and lots of fun examples. q&a is great as well The year in post-quantum crypto by djb, Tanja Lange (1:10:01) - must watch on what's happened in the past year across all of the NIST submissions. check last year's talk for more context. q&a is worth watching that's all the talks for day 2, so let's start with day 3: From Zero to Zero Day by Jonathan Jacobi (48:29) - good talk on getting into security research focusing on JITs. goes a bit too in-depth to be good for beginners, so watch if you're interested in JIT vulns. q&a does a lot to fill in the background of the talk Provable Security by FJW, Lukas (59:06) - good intro to proofs in crypto. uses ElGamal as a basis to show how proofing works in practice. q&a is good Self-encrypting deception by Carlo Meijer (58:43) - must watch talk covering the ssd crypto issues. first demo issue of the conference, but it gets sorted quick. lot of good q&a afterwards Viva la Vita Vida by Yifan Lu, Davee (56:37) - great console hacking talk covering software and hardware. has a great visual explanation of voltage glitching. great Q&AAA Russia vs. Telegram: technical notes on the battle by Leonid Evdokimov (darkk) (40:53) - great talk. covers some prior attempts at censorship, how the blacklist is implemented, and what's happened with the blocking attempts. video doesn't focus enough on the slides sadly. dense in info and a good watch. q&a has some good questions Safe and Secure Drivers in High-Level Languages by Paul Emmerich, Simon Ellmann, Sebastian Voit (1:01:57) - great academic talk expanding on last year. covers a lot of languages, but sadly doesn't talk about the bash implementation. deep dive into the go and rust implementations. great q&a Enclosure-PUF by Christian Zenger, David Holin, Lars Steinschulte (1:01:21) - must watch talk on creating high security physical tamper proofing systems via rf. the concept's came up before but it's good to see it demonstrated. q&a makes sure to tackle as many problems as possible in the timeframe, questionable applicability Truly cardless: Jackpotting an ATM using auxiliary devices. by Olga Kochetova, Alexey Osipov (35:06) - must watch that goes through practical attacks that were previously under nda. q&a is good as well Web-based Cryptojacking in the Wild by Marius Musch (39:26) - good talk, has the best walkthrough of mining so far and in a portion of the time. good runthrough of the impact on the internet, and how much could have been earned. good q&a Attacking Chrome IPC by nedwill (54:13) - great intro talk for getting into fuzzing with no experience. if you're wanting to try into research it's a must watch. q&a is p light Modeling and Simulation of Physical Systems for Hobbyists by (38:17) - really rough intro to how to model and simulate that goes with excel rather than the tools they mentioned? sticks with too basic physics examples, and doesn't go into how to actually do anything beyond visualising the most basic functions. no real q&a The Mars Rover On-board Computer by breakthesystem (43:19) - great talk. focuses on the software side, and how the rover functions in practice. doesn't go very in-depth, and the q&a doesn't give many answers that'll be it for now. lot more talks left for day 3 but the uploads are spotty and they're a bit behind. had to take a few hour pause earlier for them to catch up
|
# ¿ Dec 30, 2018 01:33 |
|
let's continue with day 3: Conquering Large Numbers at the LHC by Carsten Bittrich, Stefanie Todt (41:45) - great talk, unfortunately has audio issues. walks through trimming down what's worth storing, and how to analyse the data. lot of q&a Domain Name System by Hannes Mehnert (42:41) - good intro talk, but keep in mind it's a very basic overview of DNS. q&a covers a lot more detail Circumventing video identification using augmented reality by Jan Garcia (30:51) - must watch talk - turns out some banks think verifying an id over a webcam is fine? goes into a lot of detail on generating the id card. good q&a Internet of Dongs by Werner Schober (32:41) - must watch iot talk. very thorough analysis on off the shelf hardware, but unfortunately doesn't have enough time to talk about all the issues. not a lot of q&a due to this In Soviet Russia Smart Card Hacks You by Eric Sesterhenn (38:16) - must watch talk primarily focusing on open source implementations. the concept of a malicious card seems to have been overlooked by a lot of devs. great q&a and on to day 4: What the flag is CTF? by Andy (41:45) - good intro to participating in CTFs. goes through example challenges and the different styles of CTFs that exist. examples are a lot higher than a beginner would be expected to solve, so don't get dismayed by it at all. Kernel Tracing With eBPF by Jeff Dileo, Andy Olsen (54:08) - must watch talk on improving tracing in linux kernels, or rather trying to make ebpf functional. it, uh, doesn't go well. not much q&a Dissecting Broadcom Bluetooth by jiska, mantz (43:03) - must watch talk focusing on analysing the link layer. tl;dr stop using bluetooth. lots of good q&a and that's the talks. there's still a few left on day 3 but they've not been uploaded yet. any talk suggestions just yell overall the conference was as expected, the intro talks should help people get involved though and 2018 wasn't that crazy a year for the sec community. now someone go run the numbers on # of talks i've watched
|
# ¿ Dec 30, 2018 20:05 |
|
well it seems we have a few talk requests and leftovers: Day 3: How Facebook tracks you on Android by Frederike Kaltheuner, Christopher Weatherhead (43:36) - great talk that goes through how profiles are built off of metadata, how apps use the sdk in practice, and how bad the default config is. tons of q&a (20m) Sneaking In Network Security by Maximilian Burkhardt (1:00:53) - great talk on implementing segmentation on a live network. only of the conference?? tool name collision detected. good q&a
|
# ¿ Dec 31, 2018 15:03 |
|
flakeloaf posted:free apps collect information about me and send it to people who paid them money and the opt-outs tend to just increase the quantity of information sent and only change a flag on whether to store it
|
# ¿ Dec 31, 2018 15:30 |
|
man last year had a lot of issues huh https://twitter.com/ankit_anubhav/status/1079695346094231553
|
# ¿ Jan 2, 2019 00:49 |
|
cinci zoo sniper posted:probably some tier 2 isp problem then. its gone now but i was getting some really odd and consistent hitch around noon someone tried to update something and a domino effect's happened
|
# ¿ Jan 2, 2019 15:00 |
|
domestic is sporadic while mobile is fine
|
# ¿ Jan 2, 2019 15:06 |
|
so same ones who learned you could just print over the internet and decided to do that a month or two back?
|
# ¿ Jan 2, 2019 17:11 |
|
ymgve posted:so does this link enlist your browser in the hacking effort or is it just a benign counter
|
# ¿ Jan 2, 2019 18:22 |
|
Raere posted:What's the consensus on running AV on Macs (for myself)? Do they just increase the attack surface like they tend to do on PCs, or is it actually a useful extra layer of defense? https://twitter.com/patrickwardle/status/1080375413623336961
|
# ¿ Jan 2, 2019 22:14 |
|
BangersInMyKnickers posted:Did they actually sign their code because it would be pretty trivial to kill it if they did and if they didn't then you're going to have to click through a lot of warnings to get it to launch.
|
# ¿ Jan 2, 2019 22:21 |
|
man i wish cert revoc was that effective in practice
|
# ¿ Jan 2, 2019 22:31 |
|
i was thinking about the detection->revoked stage where you go from it being live to blacklisted before it's hit more machines they definitely have a better foundation for minimising risks, but there's always going to be a delay before the revocation goes live. do apple have an auto-revoke mechanism for random third parties to challenge with a signed payload? i'd be p interested in an analysis of the larger CAs revoke process in practice as well. it's very much part of the malware handling process that goes undocumented
|
# ¿ Jan 2, 2019 22:56 |
|
well this went under the radar https://twitter.com/dragosr/status/1080599911110868992 https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf the presentation focuses on steamlink video (russian): https://www.youtube.com/watch?v=Him_Lf5ZJ38
|
# ¿ Jan 3, 2019 22:45 |
|
okay this is where you look past the tweet and at the paper and presentation not involving dragos
|
# ¿ Jan 4, 2019 00:45 |
|
its probably because outside of his random bursts he's well versed and still a good source? there's a difference between other people's research he's highlighting and the times he's digging into something that isn't there now anyone care about that 7 month old bug in a wifi chipset covering a ton of consumer appliances in the wild with no known public patch yet? the one with a private poc for an unauthed rce?
|
# ¿ Jan 4, 2019 06:22 |
|
yes
|
# ¿ Jan 4, 2019 17:22 |
|
all
|
# ¿ Jan 7, 2019 19:06 |
|
well this is a tome of a bug report: https://hackerone.com/reports/409850
|
# ¿ Jan 9, 2019 18:44 |
|
RWC going well so far https://twitter.com/durumcrustulum/status/1083059647211323392 https://twitter.com/durumcrustulum/status/1083060483031269377 https://eprint.iacr.org/2019/016.pdf
|
# ¿ Jan 9, 2019 19:14 |
|
Pile Of Garbage posted:yah this will end well and not be a thing that no one uses: https://github.com/SwiftOnSecurity/OrgKit i was hoping for any settings at all to laugh at, but nope it's all placeholders
|
# ¿ Jan 12, 2019 16:52 |
|
BangersInMyKnickers posted:Cool, I'm seeing something In The Wild attempting to execute a payload against the SEP scanning engine on Windows. SEHOP is killing it, but its only a matter of time before they figure out an evasion.
|
# ¿ Jan 16, 2019 17:34 |
|
i gather you have no experience dealing with people in security outside of professional environments?
|
# ¿ Jan 16, 2019 21:09 |
|
Hexyflexy posted:I wasn't going to write anything, but as it's all here so why not. the post wasn't directed at you, more at any lack of awareness at how a loud portion of the industry acts
|
# ¿ Jan 17, 2019 08:31 |
|
meh, its being blown out of proportion
|
# ¿ Jan 18, 2019 12:11 |
|
didn't know pagancow had twitter
|
# ¿ Jan 19, 2019 12:19 |
|
yeah this isn't the first time http then verify was used, and it causes an argument every time the general use case is to allow transparent caching for large volumes of data though, not a lovely media player
|
# ¿ Jan 19, 2019 19:47 |
|
ozymandOS posted:it seems that if the upgrade can't be verified with the built-in key, vlc downloads a new key from their server
|
# ¿ Jan 19, 2019 23:45 |
|
Bhodi posted:somewhere in that thread she says the management company is installing them in 40,000 units, and if it's considered a success (saves them money somehow) you better believe everyone else will adopt it as well now the right way to tackle this is by tackling energy usage and teaching people how to use their heating device correctly for them. can't wait to see the first housing association to be stupid enough to roll any of these out, because somewhere a vendor is attempting to grift
|
# ¿ Jan 21, 2019 21:34 |
|
well you wanted enterprise security
|
# ¿ Jan 21, 2019 22:01 |
|
vodkat posted:same but smartmeters can already rat you out for having an undeclared guest in the house etc i'm taking a viewpoint from a heavy social housing area where choice of energy supplier is delegated, but advice is available on cutting costs and thtc meters are encouraged. the only parties to see the energy use would be the tenant and energy company to bring this back to secfuckup smart meters were pushed well before the tech was ready to hit milestones on carbon neutral targets. enjoy having smets1 devices in houses for decades as waiting a year wasn't politically viable
|
# ¿ Jan 21, 2019 22:39 |
|
a more thorough analysis: http://watt-logic.com/2018/06/13/smets2/ take note of gb-specific zigbee
|
# ¿ Jan 21, 2019 22:58 |
|
have you considered some sort of distributed ledger to handle this
|
# ¿ Jan 21, 2019 23:10 |
|
Package : apt CVE ID : CVE-2019-3462 Max Justicz discovered a vulnerability in APT, the high level package manager. The code handling HTTP redirects in the HTTP transport method doesn't properly sanitize fields transmitted over the wire. This vulnerability could be used by an attacker located as a man-in-the-middle between APT and a mirror to inject malicous content in the HTTP connection. This content could then be recognized as a valid package by APT and used later for code execution with root privileges on the target machine. Since the vulnerability is present in the package manager itself, it is recommended to disable redirects in order to prevent exploitation during this upgrade only, using: apt -o Acquire::http::AllowRedirect=false update apt -o Acquire::http::AllowRedirect=false upgrade This is known to break some proxies when used against security.debian.org. If that happens, people can switch their security APT source to use: deb http://cdn-fastly.deb.debian.org/debian-security stable/updates main For the stable distribution (stretch), this problem has been fixed in version 1.4.9.
|
# ¿ Jan 22, 2019 14:50 |
|
2019: session management is still a dark art
|
# ¿ Jan 28, 2019 21:20 |
|
|
# ¿ May 8, 2024 13:05 |
|
yeah you can get the video feed as well if the end user hits the power button
|
# ¿ Jan 29, 2019 17:50 |